Your company's Microsoft Azure infrastructure team asks you for help in designing a traffic control solution for their deployment.
The deployment consists of a single virtual network (VNet) that has the following topology:
* edge subnet: Linux-based network virtual appliance (NVA) running enterprise firewall software with IP forwarding enabled
* data1 subnet: 4 Windows Server virtual machines (VMs)
* data2 subnet: 4 Ubuntu Linux VMs
You need to recommend a solution to the infrastructure team so that all outbound Azure VM traffic must pass through the NVA on the edge subnet.
What two actions should you perform? Each correct answer presents part of the solution.
You should create a route table with a next-hop IP address. The route table resource allows you to override the Azure-provided system routes that automatically route traffic into, within, and out of an Azure VNet. A route table contains a "next hop" default route that Azure uses when VMs within a subnet attempt to reach resources beyond that subnet. The available next hop types are:
* Virtual appliance
* Virtual network
* Virtual network gateway
You should also bind the route table resource to each subnet. In this scenario, you would create a route table that defines a next hop to your NVA, and then bind the single route table to every subnet in the VNet.
You should not create an NSG with an outbound rule. NSGs are software firewall resources used to selectively allow or block inbound and/or outbound traffic. You cannot define next hop routing with NSGs.
You should not bind the resource to each VM vNIC. Route tables can be bound only to the subnet resource. By contrast, NSGs can be bound to subnet and/or vNIC resources.
You should not deploy two internal load balancers between the three subnets. Load balancers are used to distribute user requests equitably among two or more back-end VMs and are not used to enforce next hop routing logic.