Designing and Implementing Azure for AWS Professionals — Question 9

A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

Answer options

• A. Enable the public endpoint for the FlowLog1 storage account.
• B. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
• C. Enable FlowLog1 in a network security group associated with the network interface of VM1.
• D. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.

Correct answer: C

Explanation

The correct answer is C because enabling FlowLog1 in the NSG associated with VM1's network interface allows the flow log to capture traffic related to that specific VM. Options A and B are irrelevant to the connectivity issue, and option D pertains to VNet2, which is not directly involved with the FlowLog1 configuration for monitoring traffic from the gateway subnet.