AZ-700 Questions and Answers

Question # 6

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly.

Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.

You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.

What should you include in the solution?

a service tag

a private endpoint

a subnet delegation

an application security group

Full Access

Question # 7

Your company has offices in London, Tokyo, and New York.

The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.

In Asia, you plan to deploy an additional endpoint that will host an updated version of App1. You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testi What should you configure in Traffic Manager?

one profile and five endpoints

two profiles and four endpoints

three profiles and four endpoints

two profiles and five endpoints

Full Access

Question # 8

You have the Azure resources shown in the following table.

You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.

You need to ensure that you can use the service endpoint to connect to the read-only endpoint of storage1 in the paired Azure region.

What should you do first?

Configure the firewall settings for storage1.

Fail over storage1 to the paired Azure region.

Create a virtual network in the paired Azure region.

Create another service endpoint.

Full Access

Question # 9

You have an on-premises network

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway named Gateway 1.

You need to implement an ExpressRoute solution from a third-party provider named Fabrikam, Inc. The solution must ensure that devices on the on-premises network can connect to the Azure resources on VNet1.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access

Question # 10

You have an Azure subscription that contains the resources shown in the following table.

Each virtual network contains 20 virtual machines and a subnet that has an IP address space of /24.

You need to ensure that you can access the virtual machines from the internet by using Azure Bastion.

What is the minimum number of bastion subnets you should deploy, and what is the smallest supported IP address space for each bastion subnet? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 11

You have the on-premises networks shown in the following table.

You have an Azure subscription that contains an Azure virtual WAN named VWAN1 and a virtual network named VNet1 VWAN1 is connected to the on-premises networks and VNet1 in a full mesh topology. The virtual hub routing preference for VWAN1 is AS Path.

You need to route traffic from VNet1 to 10.61.1.5.

Which path will be used?

the ExpressRoute connection to Branch2

the ExpressRoute connection to Branch3

the VPN connection to Branch1

the VPN connection to Branch2

Full Access

Question # 12

You have an on premises web server that hosts a web app named App1 and has the following configurations:

• IP address 131.107.50.60

• FQDN server1.contoso.com

You have an Azure subscription.

You need to publish App1 by using Azure Front Door. The solution must meet the following requirements:

• Ensure that internet users can connect to App1 by using an FQDN of appl.contoso.com.

• Minimize the changes required to the configuration of Front Door if Server 1 is migrated to Azure.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 13

You are implementing the virtual network requirements for VM Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 14

Your on-premises network contains two subnets named Subnet1 and Subnet2. Subnet2 contains a Hyper-V host that contains two virtual machines named VM1 and VM2. VM1 and VM2 are connected to Subnet2.

You have an Azure virtual network named VNet1 that contains GatewaySubnet and a subnet named VSubnet1. VNet1 is connected to the on-premises network by using a Site-to-Site (S2S) VPN connection.

You plan to migrate VM1 to VNet1 and maintain the existing IP address of VM1. VM2 will remain on Subnet2.

You need to prepare the environment to ensure that VM1 can communicate with VM2 once the migration is complete.

Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.’

Full Access

Question # 15

You need to configure GW1 to meet the network security requirements for the P2S VPN users.

Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

IKEv2 and OpenVPN (SSL)

IKEv2

IKEv2 and SSTP (SSL)

OpenVPN (SSL)

SSTP (SSL)

Full Access

Question # 16

You create NSG10 and NSG11 to meet the network security requirements.

For each of the following statements, select Yes it the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access

Question # 17

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access

Question # 18

In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 19

You are implementing the Virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 20

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 21

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access

Question # 22

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access

Question # 23

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access

Question # 24

You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.

What should you include in the solution?

a service endpoint

Azure Front Door

a private endpoint

Azure Traffic Manager

Full Access

Question # 25

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 26

You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

On the peerings from Vnet2 and Vnet3, select Use remote gateways.

On the peering from Vnet1, select Allow forwarded traffic.

On the peering from Vnet1, select Use remote gateways.

On the peering from Vnet1, select Allow gateway transit.

On the peerings from Vnet2 and Vnet3, select Allow gateway transit.

Full Access

Question # 27

You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 28

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.

What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 29

You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 30

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.

Which connectivity method should you use?

a service endpoint

a private endpoint

Azure Firewall

Azure Front Door

Full Access

Question # 31

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

a user-defined route assigned to GatewaySubnet in Vnet1

BGP route exchange

route filters

Full Access

Question # 32

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

a user-defined route assigned to GatewaySubnet in Vnet1

BGP route exchange

route filters

Full Access

Question # 33

Task 9

You plan to use VNET4 for an Azure API Management implementation.

You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.

Full Access

Question # 34

You have an Azure subscription that contains virtual networks, network security groups (NSGs), and virtual machines. You need to perform the following actions:

• Identify unknown traffic between the resources.

• Check the network connectivity between the virtual machines.

What should you use to perform each action? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 35

Task 4

You need to ensure that the owner of VNET3 receives an alert if an administrative operation is performed on the virtual network.

Full Access

Answer:

See the Explanation below for step by step instructions.

Explanation:

To ensure that the owner of VNET3 receives an alert whenever an administrative operation is performed on the virtual network, you can set up an Activity Log Alert in Azure Monitor. Here’s how you can do it:

Step-by-Step Solution

Step 1: Create an Activity Log Alert

Navigate to the Azure Portal.

Search for “Monitor” and select it.

In the Monitor blade, select “Alerts” from the left-hand menu.

Click on “New alert rule”.

Step 2: Configure the Alert Rule

Select the Scope:

Click on “Select resource”.

Choose “Virtual Network” as the resource type.

Select VNET3 from the list of virtual networks.

Define the Condition:

Click on “Add condition”.

In the “Signal type” dropdown, select “Activity Log”.

Choose “Administrative” as the category.

Select the specific operations you want to monitor (e.g., Microsoft.Network/virtualNetworks/write for any write operations on the virtual network).

Set the Alert Details:

Enter a name for the alert rule (e.g., VNET3 Admin Operations Alert).

Provide a description if needed.

Configure the Action Group:

Click on “Add action group”.

Enter a name for the action group.

Select the action type (e.g., Email/SMS/Push/Voice).

Enter the details of the recipient (e.g., the email address of the owner of VNET3).

Review and Create:

Review the alert rule settings.

Click on “Create alert rule”.

Explanation

Activity Log Alerts: These alerts notify you when specific operations are performed on your Azure resources. By setting up an alert for administrative operations, you ensure that any changes to VNET3 are promptly reported.

Action Groups: These define the actions to take when an alert is triggered. You can configure notifications via email, SMS, or other methods to ensure the owner of VNET3 is informed immediately.

Administrative Operations: Monitoring these operations helps in tracking changes and maintaining the security and integrity of your virtual network.

By following these steps, you can ensure that the owner of VNET3 receives timely alerts for any administrative operations performed on the virtual network, helping to maintain oversight and security.

Question # 36

Task 7

You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.

Full Access

Answer:

See the Explanation below for step by step instructions.

Explanation:

Here are the steps and explanations for ensuring that hosts on VNET2 can access hosts on both VNET1 and VNET3, but hosts on VNET1 and VNET3 cannot communicate through VNET2:

To connect different virtual networks in Azure, you need to use virtual network peering. Virtual network peering allows you to create low-latency, high-bandwidth connections between virtual networks without using gateways or the internet1.

To create a virtual network peering, you need to go to the Azure portal and select your virtual network. Then select Peerings under Settings and select + Add2.

On the Add peering page, enter or select the following information:

Name: Type a unique name for the peering from the source virtual network to the destination virtual network.

Virtual network deployment model: Select Resource manager.

Subscription: Select the subscription that contains the destination virtual network.

Virtual network: Select the destination virtual network from the list or enter its resource ID.

Name of the peering from [destination virtual network] to [source virtual network]: Type a unique name for the peering from the destination virtual network to the source virtual network.

Configure virtual network access settings: Select Enabled to allow resources in both virtual networks to communicate with each other.

Allow forwarded traffic: Select Disabled to prevent traffic that originates from outside either of the peered virtual networks from being forwarded through either of them.

Allow gateway transit: Select Disabled to prevent either of the peered virtual networks from using a gateway in the other virtual network.

Use remote gateways: Select Disabled to prevent either of the peered virtual networks from using a gateway in the other virtual network as a transit point to another network.

Select Add to create the peering2.

Repeat the previous steps to create peerings between VNET2 and VNET1, and between VNET2 and VNET3. This will allow hosts on VNET2 to access hosts on both VNET1 and VNET3.

To prevent hosts on VNET1 and VNET3 from communicating through VNET2, you need to use network security groups (NSGs) to filter traffic between subnets. NSGs are rules that allow or deny inbound or outbound traffic based on source or destination IP address, port, or protocol3.

To create an NSG, you need to go to the Azure portal and select Create a resource. Search for network security group and select Network security group. Then select Create4.

On the Create a network security group page, enter or select the following information:

Subscription: Select your subscription name.

Resource group: Select your resource group name.

Name: Type a unique name for your NSG.

Region: Select the same region as your virtual networks.

Select Review + create and then select Create to create your NSG4.

To add rules to your NSG, you need to go to the Network security groups service in the Azure portal and select your NSG. Then select Inbound security rules or Outbound security rules under Settings and select + Add4.

On the Add inbound security rule page or Add outbound security rule page, enter or select the following information:

Source or Destination: Select CIDR block.

Source CIDR blocks or Destination CIDR blocks: Enter the IP address range of the source or destination subnet that you want to filter. For example, 10.0.1.0/24 for VNET1 subnet 1, 10.0.2.0/24 for VNET2 subnet 1, and 10.0.3.0/24 for VNET3 subnet 1.

Protocol: Select Any to apply the rule to any protocol.

Action: Select Deny to block traffic from or to the source or destination subnet.

Priority: Enter a number between 100 and 4096 that indicates the order of evaluation for this rule. Lower numbers have higher priority than higher numbers.

Name: Type a unique name for your rule.

Select Add to create your rule4.

Repeat the previous steps to create inbound and outbound rules for your NSG that deny traffic between VNET1 and VNET3 subnets. For example, you can create an inbound rule that denies traffic from 10.0.1.0/24 (VNET1 subnet 1) to 10.0.3.0/24 (VNET3 subnet 1), and an outbound rule that denies traffic from 10.0.3.0/24 (VNET3 subnet 1) to 10.0.1.0/24 (VNET1 subnet 1).

To associate your NSG with a subnet, you need to go to the Virtual networks service in the Azure portal and select your virtual network. Then select Subnets under Settings and select the subnet that you want to associate with your NSG5.

On the Edit subnet page, under Network security group, select your NSG from the drop-down list. Then select Save5.

Repeat the previous steps to associate your NSG with the subnets in VNET1 and VNET3 that you want to isolate from each other.

Question # 37

You have an Azure subscription. The subscription contains an Azure application gateway that has the following configurations:

• Name: AppGW1

• Tier Standard V2

• Autoscaling: Disabled

You create a user named User1.

You need to ensure that User1 can change the tier of AppGW1. The solution must use the principle of least privilege.

Which role should you assign to User1. and to which tiers can AppGW1 be changed? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 38

You have an Azure subscription that contains a virtual network named VNetl and the resources shown in the following table.

You need to implement a solution for the traffic onginating from VNetl. The solution must meet the following requirements:

• Perform transparent proxying to external web servers.

• Inspect all outbound TLS traffic.

• Minimize costs.

Which resource should you include in the solution?

FD1

FW1

AG1

FW2

Full Access

Question # 39

Task 5

You need to archive all the metrics of VNET1 to an existing storage account.

Full Access

Question # 40

You register a DNS domain with a third-party registrar.

You need to host the DNS zone on Azure.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access

Question # 41

You need to plan the deployment of LBGW1. The solution must support the planned changes.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 42

You ate configuring the DNS forwarding luleset for DNSR1

You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.

Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 43

You need to configure the P2S VPN to meet the connectivity requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 44

You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?

AzureFrontDoor.FirstParty

AzureFrontDoor.Infra

AzureFrontDoor.Backend

AzureFrontDoor.Frontend

Full Access

Question # 45

You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Full Access

Question # 46

You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?

From the SSL settings, upload a TLS client certificate that is issued by the internal root CA and includes the full certificate chain.

From the Backend settings, upload a wildcard TLS certificate that has a private key issued by the internal root CA

From the Backend settings, upload the internal root CA certificate.

From the SSL settings, upload a TLS client certificate that is issued by the internal root CA.

Full Access

Question # 47

You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?

Add a route table to SUBNET-PL

Enable a network policy for SUBNET-PE.

From Azure Virtual Network Manager, create a security admin configuration.

From Azure Viitual Network Manager, create a network group that has Member type set to Subnet

Full Access

Question # 48

You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.

What should you do first?

Add a custom domain to FD1.

Add a security policy to FD1.

Request a certificate from a trusted root CA.

Export the TLS certificate and the private key from App2.

Full Access

Question # 49

You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access

Question # 50

You need to configure a custom rule for APPGWI-WAFPolicy to allow only connections that originate from FD1. The solution must support the planned changes.

Which Match type and Match variable should you select?

String and RequestCookies

IP address and RemoteAddr

String and RequestHeaders

Geo location and RemoteAddr

Full Access

Question # 51

You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements

What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Full Access

Question # 52

You have an on-premises DNS server named Server1 that hosts a primary DNS zone named fabrikam.com.

You have an Azure subscription that contains the resources shown in the following table.

Users on the on-premises network access resources on all the virtual networks by using a Site-to-Site (S2S) VPN. You need to deploy an Azure DNS Private Resolver solution that meets the following requirements:

• Resources connected to the virtual networks must be able to resolve DNS names for fabrikam.com.

• Server1 must be able to resolve the DNS names of the resources in contoso.com.

• The solution must minimize costs and administrative effort.

What is the minimum number of resolvers you should deploy?

Full Access

Question # 53

You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy an app named App1 to meet the following requirements.

• External users must be able to access App1 from the internet.

• App1 will be load balanced across all the virtual machines.

• App1 will be hosted on VM1, VM2. VM3. and VM4.

• App1 must be available if an Azure region fails.

• Costs must be minimized.

You need to implement a global load balancer solution for App.

What should you configure? To answer, select the appropriate options in the answer area

NOTE: Bach correct answer is worth one point.

Full Access

Question # 54

You have an internal Basic Azure Load Balancer named LB1 That has two frontend IP addresses. The backend pool of LB1 contains two Azure virtual machines named VM1 and VM2.

You need to configure the rules on LB1 as shown in the following table.

What should you do for each rule?

Enable Floating IP.

Disable Floating IP.

Set Session persistence to Enabled.

Set Session persistence to Disabled

Full Access

Question # 55

You have an Azure firewall shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access

Question # 56

You plan to deploy Azure Virtual WAN.

You need to deploy a virtual WAN hub that meets the following requirements:

Supports 10 sites that will connect to the virtual WAN hub by using a Site-to-Site VPN connection

Supports 8 Gbps of ExpressRoute traffic

Minimizes costs

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 57

You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1 You need to deploy Azure Firewall to RG1. The solution must minimize administrative effort What should you do first?

Create a secured virtual hub named AzureFirewallHub.

Create a new resource group named AzureFirewallResourceGroup.

Create a new virtual network named AzureFirewallNetwork.

On VNet1, create a virtual subnet named AzureFirewallSubnet.

Full Access

Big Cyber Monday Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

DumpsTool Header

dumpstool logo

AZ-700 Questions and Answers

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Quick Links

Why Us