Technical Lab: Azure Network Adapter β Requirements and Specification
Questionsβ
Question 1 β Multiple Choiceβ
A network engineer needs to connect an on-premises virtual machine to an Azure virtual network without configuring a complete VPN Gateway or an ExpressRoute circuit. After researching, he identifies the Azure Network Adapter as a solution. What is the Azure component that Azure Network Adapter automatically provisions on the cloud side to establish this connectivity?
A) An additional network interface (NIC) associated with a public subnet of the VNet
B) An Azure Virtual WAN Hub with point-to-point connectivity
C) A VPN gateway with Point-to-Site (P2S) connection in the target VNet
D) An Azure Bastion configured in native tunnel mode
Question 2 β Technical Scenarioβ
An administrator tries to install the Azure Network Adapter on an on-premises physical server with Windows Server 2019. He opens Windows Admin Center (WAC), navigates to the target server and doesn't find the option to add the Azure Network Adapter. After checking, he confirms that WAC is on the latest version. What is the most likely cause for the missing option?
A) The on-premises server is not registered in Microsoft Entra ID as a hybrid device
B) The on-premises server was not registered in Azure Arc before configuration by WAC
C) WAC is not connected to an Azure account with the Azure management extension activated
D) The server's operating system does not meet the minimum Windows Server version requirement
Question 3 β True or Falseβ
The Azure Network Adapter can be installed directly on a virtual machine hosted in Azure to extend its connectivity to a second VNet in another region, eliminating the need for VNet Peering.
Question 4 β Technical Scenarioβ
An on-premises server with Windows Server 2022 has been successfully integrated with Azure Network Adapter. The server now has a virtual interface that routes traffic to VNet 10.10.0.0/16. The administrator reports that he can ping VMs in subnet 10.10.1.0/24, but cannot access resources in subnet 10.10.2.0/24, which was added to the VNet after the adapter was configured. No Network Security Group blocks the traffic. What is the most likely cause?
A) Azure Network Adapter creates a P2S connection with a fixed address pool that doesn't include subnets added after initial configuration
B) Subnet 10.10.2.0/24 requires separate peering to be accessible via P2S connection
C) Static routes on the on-premises server were not updated to include the 10.10.2.0/24 prefix
D) The VPN Gateway used by Azure Network Adapter does not support multiple subnets in the same VNet
Question 5 β Multiple Choiceβ
When specifying requirements for deploying Azure Network Adapter in a corporate environment, which of the following statements correctly describes an inherent limitation of this solution compared to a Site-to-Site (S2S) connection?
A) Azure Network Adapter does not support certificate-based authentication, requiring exclusive use of Microsoft Entra ID
B) The solution is restricted to a single server per VNet, making it impossible to connect multiple servers to the same VNet
C) Connectivity is established per individual server, not extending network reach to other hosts in the on-premises subnet
D) Azure Network Adapter requires a dedicated public IP address on the on-premises server to establish the tunnel
Answer Key and Explanationsβ
Answer Key β Question 1β
Answer: C
Azure Network Adapter functions as an automation mechanism that, when configured by Windows Admin Center, automatically provisions a VPN Gateway with Point-to-Site (P2S) connection in the target VNet in Azure. The on-premises server receives a virtual interface that represents the P2S tunnel endpoint. This is the fundamental architecture of the solution: it abstracts the complexity of manually configuring a P2S Gateway, but the underlying component is exactly that.
Alternatives A and D represent misconceptions about the network layer involved. Azure Bastion is a secure RDP/SSH access service, unrelated to network extension. Virtual WAN is an enterprise-scale connectivity solution, incompatible with the individual scope of Azure Network Adapter.
Answer Key β Question 2β
Answer: C
For the Azure Network Adapter option to appear in Windows Admin Center, WAC needs to be connected to an Azure account with the Azure management extension activated. WAC acts as an orchestrator that authenticates to Azure and provisions resources in the VNet. If this Azure connection is not configured in WAC, the functionality simply is not displayed in the interface.
Azure Arc (alternative B) is relevant for hybrid server management in other scenarios, but is not a prerequisite for Azure Network Adapter. Registration in Microsoft Entra ID as a device (alternative A) is an identity concept without direct relation to network provisioning. Alternative D is a plausible distractor, but Windows Server 2019 meets the solution's minimum requirements.
Answer Key β Question 3β
Answer: False
Azure Network Adapter was designed exclusively to connect on-premises servers to Azure VNets through a P2S connection. Its use case is to extend the local network to Azure, not interconnect resources already hosted within Azure. For connectivity between VNets in Azure, the appropriate mechanisms are VNet Peering, VNet-to-VNet VPN, or Azure Virtual WAN. Applying Azure Network Adapter to Azure VMs is not a supported scenario nor does it make architectural sense, since Azure VMs already belong to Azure's network infrastructure.
Answer Key β Question 4β
Answer: C
When Azure Network Adapter is configured, it installs static routes on the on-premises server for the VNet address prefixes known at the time of configuration. Subnets added to the VNet later do not generate automatic updates of these routes on the server. The administrator needs to manually add the static route for 10.10.2.0/24 pointing to the Azure Network Adapter's virtual interface.
Alternative A reflects a common misconception: the P2S address pool is for clients (the on-premises server itself), not for accessible destinations. Alternative D is incorrect because P2S VPN Gateway supports all subnets of a VNet, as long as the client routes are configured.
Answer Key β Question 5β
Answer: C
This is the most important architectural limitation of Azure Network Adapter: being based on Point-to-Site, the tunnel is established individually for each server where the adapter is installed. Unlike a Site-to-Site connection, which routes traffic from an entire on-premises subnet to Azure (including any host in that subnet), Azure Network Adapter does not propagate connectivity to other devices on the same local network. Each server that needs to access the VNet must have the adapter installed individually.
Alternative A is false because Azure Network Adapter supports certificate authentication. Alternative B is incorrect: multiple servers can connect to the same VNet, each with its own P2S connection. Alternative D is incorrect because the solution does not require a public IP on the on-premises server; the tunnel is initiated from inside out.