3.5. Reflection Checkpoint

Key Takeaways

Before proceeding, ensure you can:

• Explain when to choose VPN vs. ExpressRoute vs. Virtual WAN based on requirements
• Configure active-active VPN with zone-redundancy for production workloads
• Describe the three P2S authentication methods and their protocol requirements
• Compare ExpressRoute private peering vs. Microsoft peering use cases
• Design a Virtual WAN deployment with secured hubs and routing intent

Connecting Forward

In Phase 4, you'll learn how to deliver applications at scale using Azure Load Balancer, Application Gateway, and Azure Front Door—services that sit in front of your workloads to distribute traffic and provide security.

Self-Check Questions

1. A company needs 5 Gbps connectivity to Azure with predictable latency. They're concerned about data exiting via the public internet for compliance reasons. Which service meets these requirements, and what's the minimum circuit SKU?

2. You're troubleshooting a S2S VPN that shows "Connected" but traffic doesn't flow. What's the most likely cause, and how would you verify?

3. An organization wants remote workers to authenticate to P2S VPN using their Azure AD credentials with MFA. What tunnel type must you configure, and why?