You administer an Azure solution that uses a virtual network named FabVNet. FabVNet has a single subnet
named Subnet-1.
You discover a high volume of network traffic among four virtual machines (VMs) that are part of Subnet-1.
You need to isolate the network traffic among the four VMs. You want to achieve this goal with the least amount
of downtime and impact on users.
What should you do?
A.
Create a new subnet in the existing virtual network and move the four VMs to the new subnet.
B.
Create a site-to-site virtual network and move the four VMs to your datacenter.
C.
Create a new virtual network and move the VMs to the new network.
D.
Create an availability set and associate the four VMs with that availability set.
Explanation:
To isolate the VMs, we could use Windows Firewall or Network Security Groups (NSG) but they’re not options
here.
If we move the VMs to a new subnet in the same virtual network, traffic can still flow to VMs on the other
subnet. We would still need additional security such as an NSG; therefore, answer A is incorrect.
The answer is to create a new virtual network and move the VMs to the new network. This would provide therequired isolation without the need for additional security such as an NSG.
I have the same question in my MeasureUp testing and they said the answer is A.
It says it accomplishes the same as C but requires “less effort”
Creating a new virtual network involves creating a subnet, too. Why create a new VNet when you can isolate the four machines in a different subnet, isolated from the traffic of other machines?!