Microsoft Cybersecurity Architect Expert SC-100

Get started today

Ultimate access to all questions.

Your company plans to migrate all on-premises virtual machines to Azure. A network engineer has proposed the following Azure virtual network (VNet) design:

VNet Address Range
Hub VNet 10.0.0.0/16
VNet1 10.1.0.0/16
VNet2 10.2.0.0/16
VNet3 10.3.0.0/16

You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on this virtual network design and the following requirements, determine how many Azure Bastion subnets are necessary:

The peered networks Hub VNet, VNet1, and VNet2 require one Bastion collectively.

VNet3 requires a separate Bastion host on its own.

Note:

Azure Bastion requires a dedicated subnet named AzureBastionSubnet. This subnet must be created in the same virtual network where you want to deploy the Azure Bastion.

VNet peering allows multiple Bastion hosts across peered virtual networks. By default, a user sees the Bastion host deployed in the same virtual network as the VM. However, users can select from multiple Bastion hosts across peered networks via the Connect menu.

No other Azure resources can be deployed in the AzureBastionSubnet, as it is reserved exclusively for the Azure Bastion resource.

How many Azure Bastion subnets are required based on the information provided?

VNet	Address Range
Hub VNet	10.0.0.0/16
VNet1	10.1.0.0/16
VNet2	10.2.0.0/16
VNet3	10.3.0.0/16

Exam-Like

Explanation:

The correct answer is B. VNet peering allows a Bastion host deployed in one virtual network to provide secure remote access to VMs in peered virtual networks. In this scenario, you need one Bastion host for the peered network containing Hub VNet, VNet1 and VNet2, and another Bastion host for the peered network containing VNet3 and VNet4. Thus, only 2 Bastion subnets are required.