Which THREE components are required to implement a secure hybrid network with Azure using a site-to-site VPN?
Required for the Azure side of the VPN connection.
Why this answer
A route-based VPN gateway (option C) is required for site-to-site VPN connections because it uses dynamic routing (BGP) and supports IKEv2, enabling automatic failover and policy-based traffic selectors. This is essential for secure hybrid networking as it allows Azure to route traffic to on-premises networks via the VPN tunnel without static route limitations.
Exam trap
The trap here is that candidates confuse the VPN gateway (the Azure resource) with the Virtual Network Gateway (the parent resource type), or mistakenly think a public IP is a separate component when it is actually a property of the VPN gateway, leading them to select option A instead of recognizing that the three required components are the VPN gateway, Virtual Network Gateway, and Local Network Gateway.