1.4. Reflection Checkpoint

Key Takeaways

Before proceeding, ensure you can:

• Explain the tradeoff between connectivity, isolation, and performance in network design
• Apply the longest prefix match rule to determine which route wins
• Describe why defense in depth provides better security than any single control
• Distinguish between control plane and data plane operations

Connecting Forward

In Phase 2, you'll apply these principles to Azure Virtual Networks—designing address spaces, configuring DNS, and implementing routing. The first principles you've learned here will help you understand why Azure's networking services work the way they do.

Self-Check Questions

1. A route table has entries for 10.0.0.0/16 (next hop: VNet), 10.0.0.0/24 (next hop: NVA), and 0.0.0.0/0 (next hop: Internet). Where does traffic to 10.0.0.100 go? Why?

2. Why might you implement both NSGs and Azure Firewall in the same architecture? What does each provide that the other doesn't?