AZ-700 Exam - Designing and Implementing Microsoft Azure Networking Solutions

NEW QUESTION 1

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

You have an Azure virtual network named Vnet1 and an on-premises network.
The on-premises network has policy-based VPN devices. In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.
You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.

You need to ensure that the on-premises network can connect to the route-based GW1. What should you do before you create the connection?

• A. Set Use Azure Private IP Address to Enabled
• B. Set IPsec / IKE policy to Custom.
• C. Set Connection Mode to ResponderOnly
• D. Set BGP to Enabled

Answer: A

NEW QUESTION 3

You have the Azure environment shown in the exhibit.

VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool. NAT Gateway uses a public IP address named IP3 that is associated to SubnetA. VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?

• A. IP1
• B. IP2
• C. IP3
• D. IP4

Answer: A

NEW QUESTION 4

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You configure the firewall on storage1 to only accept connections from Vnet1. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 5

You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel. Which diagnostic log should you review?

• A. IKEDiagnosticLog
• B. GatewayDiagnosticLog
• C. TunnelDiagnosticLog
• D. RouteDiagnosticLog

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics IKEDiagnosticLog = The IKEDiagnosticLog table offers verbose debug logging for IKE/IPsec. This is very
useful to review when troubleshooting disconnections, or failure to connect VPN scenarios.
GatewayDiagnosticLog = Configuration changes are audited in the GatewayDiagnosticLog table. TunnelDiagnosticLog = The TunnelDiagnosticLog table is very useful to inspect the historical connectivity
statuses of the tunnel.
RouteDiagnosticLog = The RouteDiagnosticLog table traces the activity for statically modified routes or routes received via BGP.
P2SDiagnosticLog = The last available table for VPN diagnostics is P2SDiagnosticLog. This table traces the activity for Point to Site.
https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics

NEW QUESTION 6

You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. an allow rule that has the IP address range of Vnet1 as the source and destination of Sql.EastUS
• B. a deny rule that has a source of VirtualNetwork and a destination of Sql
• C. a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
• D. a deny rule that has the IP address range of Vnet1 as the source and destination of Storage

Answer: CD

NEW QUESTION 7

You have the Azure load balancer shown in the Load Balancer exhibit.

LB2 has the backend pools shown in the Backend Pools exhibit.

You need to ensure that LB2 distributes traffic to all the members of VMSS1.
What should you do?

• A. Add a network interface to VMSS1.
• B. Configure a health probe.
• C. Add a public IP address to each member of VMSS1.
• D. Add a load balancing rule.

Answer: D

NEW QUESTION 8

You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway. Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 10

You have an Azure subscription that contains the public IPv4 addresses shown in the following table.

You plan to create a load balancer named LB1 that will have the following settings:
* Name: LB1
* Location: West US
* Type: Public
* SKU: Standard
Which public IPv4 addresses can be used by LB1?

• A. IP1 and IP3 only
• B. IP3 only
• C. IP3 and IP5 only
• D. IP2only
• E. IP1, IP2. IP3. IP4. and IP5
• F. IP1, IP3, IP4, and 1P5 only

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-public-ip-address
This is because "Load balancer and the public IP address SKU must match when you use them with public IP addresses" https://docs.microsoft.com/en-us/azure/load-balancer/skus
Standard SKU Load Balancer routes traffic within and across regions, and to Availability Zones for high resiliency.

NEW QUESTION 11

You have an Azure Traffic Manager parent profile named TM1. TM1 has two child profiles named TM2 and TM3.
TM1 uses the performance traffic-routing method and has the endpoints shown in the following table.

TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table.

TM3 uses priority traffic-routing method and has the endpoints shown in the following table.

The App2, App4, and App6 endpoints have a degraded monitoring status.
To which endpoint is traffic directed? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12

You have the Azure App Service app shown in the App Service exhibit.

The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.

The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 13

You have the hybrid network shown in the Network Diagram exhibit.

You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.

You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14

You have an Azure subscription that contains the public IP addresses shown in the following table.

You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1?

• A. IP3 and IP5 only
• B. IP5 only
• C. IP1, IP3, and IP5 only
• D. IP3 only
• E. IP2 and IP4 only

Answer: D

Explanation:
Only static IPv4 addresses in the Standard SKU are supported. IPv6 doesn’t support NAT. Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview

NEW QUESTION 15

You have two Azure App Service instances that host the web apps shown the following table.

You deploy an Azure application gateway that has one public frontend IP address and two backend pools. You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP
host headers.
What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2. and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You create a network security group (NSG). You configure a service tag for MicrosoftStorage and link the tag to Subnet1.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 17

You have an Azure application gateway named AppGW1 that provides access to the following hosts:
* www.adatum.com
* www.contoso.com
* www.fabrikam.com
AppGW1 has the listeners shown in the following table.

You create Azure Web Application Firewall (WAF) policies for AppGW1 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 18

You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. You have the NAT gateway shown in the NATgateway1 exhibit.

You have the virtual machine shown in the VM1 exhibit.

Subnet1 is configured as shown in the Subnet1 exhibit.

For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 19

You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance.
You need to configure the policy to meet the following requirements:
Log all connections from Australia.
Deny all connections from New Zealand.
Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute.
What is the minimum number of objects you should create?

• A. three custom rules that each has one condition
• B. one custom rule that has three conditions
• C. one custom rule that has one condition
• D. one rule that has two conditions and another rule that has one condition

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview

NEW QUESTION 20

You have an Azure Virtual Desktop deployment that has 500 session hosts. All outbound traffic to the internet uses a NAT gateway.
During peak business hours, some users report that they cannot access internet resources. In Azure Monitor, you discover many failed SNAT connections.
You need to increase the available SNAT connections. What should you do?

• A. Add a public IP address.
• B. Bind the NAT gateway to another subnet.
• C. Deploy Azure Standard Load Balancer that has outbound rules.

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource

NEW QUESTION 21
......