Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
Think of this section like a pilot's pre-flight checklist—quick lookups for the most common decision points you'll face on the exam. Without these mental shortcuts, you'll waste precious exam time re-deriving answers from first principles.
What breaks without quick reference:
- You spend 5 minutes on a "which load balancer" question that should take 30 seconds
- You confuse VPN Gateway tiers and pick the wrong throughput
- You forget the exact subnet name Azure Firewall requires and eliminate the correct answer
Use these tables to build instant pattern recognition. The exam rewards speed on straightforward questions so you have time for complex scenarios.
Load Balancing Decision Matrix
| Requirement | Solution |
|---|
| Layer 4, regional, internal | Internal Load Balancer |
| Layer 4, regional, public | Public Load Balancer |
| Layer 4, global | Cross-region Load Balancer |
| Layer 7, regional | Application Gateway |
| Layer 7, global | Front Door |
| DNS-based global | Traffic Manager |
| Transparent NVA insertion | Gateway Load Balancer |
VPN vs ExpressRoute
| Aspect | VPN | ExpressRoute |
|---|
| Path | Internet | Private |
| Bandwidth | Up to 10 Gbps (VpnGw5) | Up to 100 Gbps |
| Latency | Variable | Consistent |
| Setup time | Minutes | Weeks |
| Cost | Lower | Higher |
| Encryption | Built-in (IPsec) | Optional |
Private Endpoint vs Service Endpoint
| Aspect | Private Endpoint | Service Endpoint |
|---|
| IP used | Private IP in VNet | Service public IP |
| On-premises access | Yes (via DNS) | No |
| Cost | Per endpoint | Free |
| DNS changes | Required | None |
| Scope | Global | Regional |
NSG vs Azure Firewall vs WAF
| Capability | NSG | Azure Firewall | WAF |
|---|
| Layer | 3-4 | 3-7 | 7 |
| FQDN filtering | No | Yes | No |
| TLS inspection | No | Premium only | Yes |
| Threat intel | No | Yes | Yes |
| Centralized | No | Yes | Per instance |
| Cost | Free | ~$900+/month | Per App GW/FD |
Key Port Numbers
| Port | Service |
|---|
| 22 | SSH |
| 53 | DNS |
| 80 | HTTP |
| 443 | HTTPS |
| 500 | IKE (VPN) |
| 1433 | SQL Server |
| 3389 | RDP |
| 4500 | IPsec NAT-T |
Required Subnet Names
| Subnet Name | Service |
|---|
| GatewaySubnet | VPN/ExpressRoute Gateway |
| AzureFirewallSubnet | Azure Firewall |
| AzureFirewallManagementSubnet | Firewall forced tunneling |
| AzureBastionSubnet | Azure Bastion |
| RouteServerSubnet | Azure Route Server |
Connectivity Decision Tree
Private Access Decision Tree
