Designing and Implementing Azure for AWS Professionals — Question 11

A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.

Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.

You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.

You discover that FlowLog1 is not reporting outbound flow traffic.

You need to resolve the issue with FlowLog1.

What should you do?

Answer options

• A. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
• B. Configure FlowLog1 for version 2.
• C. Create the storage account for FlowLog1 as a premium page blob.
• D. Enable FlowLog1 in a network security group associated with the subnet of VM1.

Correct answer: D

Explanation

The correct answer is D because FlowLog1 needs to be enabled in the NSG associated with the subnet of VM1 to capture outbound traffic related to VM1. Options A and B do not directly address the flow logging issue, and option C is irrelevant as the storage account type does not influence the NSG flow logs.