A company has a hub virtual network that contains a custom DNS server at 10.20.0.4. A new spoke virtual network is peered to the hub. VMs in the spoke can reach other resources in Azure, but they cannot resolve internal names such as app01.corp.local. What should the administrator configure to fix name resolution for the spoke VMs?

Add a user-defined route that sends DNS traffic to the hub virtual network.

Routes control packet forwarding, but they do not tell Azure which DNS server to use for name resolution.

Create an NSG rule that allows UDP port 53 from the spoke subnet to the hub subnet.

An NSG can permit DNS traffic, but it does not configure which DNS server the VMs should query.

Enable gateway transit on the hub peering so name resolution flows through the VPN gateway.

Gateway transit is for shared gateway routing to on-premises networks, not for selecting a DNS server in Azure.

What does this AZ-104 question test?

CIDR notation defines the prefix length.

What is the correct answer to this question?

The correct answer is: Set the spoke virtual network's custom DNS server to 10.20.0.4. — The spoke VNet must be configured to use the custom DNS server IP so its VMs know where to send name resolution requests. Peering does not automatically inherit DNS settings, and Azure-provided DNS will not know about internal corporate zones. Setting the spoke VNet's DNS server to 10.20.0.4 is the standard fix when a hub hosts authoritative internal name resolution. Why others are wrong: A user-defined route cannot change DNS server selection. NSG rules can permit or block the DNS port, but they do not provide name resolution configuration. Gateway transit helps spokes use the hub's VPN or ExpressRoute gateway for routed connectivity to on-premises networks; it does not make Azure resolve names through the gateway.

What should I do if I get this AZ-104 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.