Skip to main content
Cert DevPro
  1. Home
  2. >
  3. Azure
  4. >
  5. AZ-305
  6. >
  7. This article

Azure AZ-305 Drill: Hybrid Networking - ExpressRoute and VM Network Traffic Analysis

·740 words·4 mins·
Architecture Drills Microsoft Azure AZ-305 Azure CAF Governance Azure Monitor
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | Multi-Cloud Architect & Strategist.
Jeff's Architecture Insights
Go beyond static exam dumps. Jeff’s Insights is engineered to cultivate the mindset of a Production-Ready Architect. We move past ‘correct answers’ to dissect the strategic trade-offs and multi-cloud patterns required to balance reliability, security, and TCO in mission-critical environments.
Table of Contents

While preparing for the AZ-305 Microsoft Azure Solutions Architect Expert exam, many candidates struggle with hybrid networking diagnostics, especially when integrating ExpressRoute with Azure VM workloads. In the enterprise world, effective network traffic analysis balances operational visibility with governance and performance overhead. Let’s drill into a simulated hybrid connectivity troubleshooting scenario.

The Scenario
#

Tailspin Manufacturers is a multinational industrial equipment company with a long-running on-premises datacenter footprint hosting hundreds of Windows and Linux virtual machines (VMs). As part of their cloud adoption strategy aligned with the Microsoft Cloud Adoption Framework (CAF), they established an ExpressRoute private connection to Azure to enable hybrid operations and replication of several key workloads.

Recently, several Azure-based VMs tied to critical manufacturing processes have reported intermittent network connectivity issues. Tailspin’s IT team needs to analyze the network traffic to identify whether packets are allowed or denied at the network or host level to facilitate rapid troubleshooting and ensure stringent reliability targets are met.

Key Requirements
#

Design a monitoring solution that provides deep network traffic analysis on all Azure VMs connected over ExpressRoute, to confirm if traffic flows are permitted or blocked, supporting operational governance and compliance.

The Options
#

  • A) Install and configure the Azure Monitor Agent and the Dependency Agent on all Azure VMs, then use VM Insights within Azure Monitor to analyze traffic flows.
  • B) Configure Azure Network Watcher NSG Flow Logs for all subnets, then query logs in Azure Storage or Log Analytics.
  • C) Use Azure Firewall logs to analyze inbound and outbound packet flow for the VMs.
  • D) Enable Packet Capture using Azure Network Watcher on target VMs for real-time packet inspection.

Correct Answer
#

A.

The Architect’s Analysis
#

Correct Answer
#

Option A

Step-by-Step Winning Logic
#

Installing the Azure Monitor Agent combined with the Dependency Agent on every VM allows collecting VM Insights data, including network packet flow telemetry. This enables precise analysis of whether network traffic is allowed or denied at the guest OS and Azure networking layers. This approach aligns with the CAF’s Operational Excellence pillar by enabling proactive monitoring and diagnostics that are scalable and centralized. It supports hybrid cloud scenarios by gathering detailed telemetry despite the complex ExpressRoute connection.

The Traps (Distractor Analysis)
#

  • Option B: NSG Flow Logs provide subnet-level traffic data, but they don’t include VM process-level correlation needed to validate if the VM accepts or denies traffic. Also, NSG Flow Logs don’t inspect traffic within the VM OS itself.
  • Option C: Azure Firewall logs only capture traffic flowing through Azure Firewall resources. If VMs are communicating via ExpressRoute or other paths bypassing Firewall, logs are incomplete.
  • Option D: Packet Capture is useful for deep troubleshooting but isn’t scalable across hundreds of VMs and does not provide continuous monitoring or aggregated insights for governance.

The Architect Blueprint
#

  • Mermaid Diagram illustrating deployment of monitoring agents and flow of telemetry to Azure Monitor.
graph TD OnPremDatacenter -->|ExpressRoute| AzureVNet(VNet with VMs) AzureVNet --> VM1[Azure VM1] AzureVNet --> VM2[Azure VM2] VM1 -->|Azure Monitor Agent + Dependency Agent| AzureMonitor VM2 -->|Azure Monitor Agent + Dependency Agent| AzureMonitor AzureMonitor -->|Analyze VM Insights| ITTeam[Operations Team] style AzureVNet fill:#0078D4,stroke:#333,color:#fff style AzureMonitor fill:#5C2D91,stroke:#333,color:#fff
  • Diagram Note: VM agents send network telemetry through Azure Monitor, enabling operational teams to analyze traffic and troubleshoot connectivity over ExpressRoute.

The Decision Matrix
#

Option Est. Complexity Est. Monthly Cost Pros Cons
A) Azure Monitor Agent + Dependency Agent Medium Moderate (per VM telemetry charges) Granular VM-level network insights, integrated monitoring, scalable across hybrid Requires installation on all VMs, ongoing agent updates
B) NSG Flow Logs Low Low (storage + Log Analytics) Easy to enable at subnet level, no VM changes needed Lacks VM process-level details, limited for traffic allowed/denied inside VM
C) Azure Firewall Logs Medium Higher (Firewall SKU + logs) Centralized logging for firewall-controlled traffic Only captures traffic passing through firewall, may miss ExpressRoute traffic
D) Network Watcher Packet Capture High Low to moderate (storage) Deep packet captures for detailed debugging Not scalable for hundreds of VMs, manual analysis needed

Real-World Practitioner Insight
#

Exam Rule
#

For the AZ-305 exam, always prefer Azure Monitor Agent with Dependency Agent and VM Insights when you need granular VM network traffic telemetry and holistic monitoring.

Real World
#

In an actual enterprise hybrid environment, agents provide detailed diagnostics that complement subnet NSG logs and firewall monitoring — a layered approach that supports long-term governance and incident response aligned with CAF’s Monitoring and Governance disciplines.

Related Articles

Weekly Azure AZ-305 Drills: Architect Solutions

Design identity, governance, and monitoring solutions. Master Azure infrastructure and data storage.