AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Questions and Answers

You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?

You are implementing the virtual network requirements for VM Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Task 6

You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.

Task 1

You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.

You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.

You have an Azure subscription that contains multiple virtual networks.

From Microsoft Defender for Cloud, you select Regulatory Compliance and view the following compliance controls:

• NS-2. Secure cloud services with network controls

• NS-8 Detect and disable insecure services and protocols

• NS-9. Connect on-premises or cloud network privately

You need to recommend remediations for the controls.

What should you include in the recommendation for each control? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have 50 on-premises networks. Each network contains a server that runs Windows Server.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a database server named DB1.

You plan to deploy an app named App1 that will be hosted on the on-premises servers and will connect to DB1 by using Azure Network Adapter.

What should you use to support the Azure Network Adapter connections to VNet1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to i mplement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

You need to configure GW1 to meet the network security requirements for the P2S VPN users.

Which Tunnel type s hould you select in the Point-to-site configuration settings of GW1?

You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.

Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.

What should you include in the solution?

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.

Which connectivity method should you use?

Task 7

You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.

You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.

You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?

You are implementing the Virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?

You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution mus t meet the virtual networking requirements.

What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Ite rule for the

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.

What should you do first?

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.

You plan to deploy the resources shown in the following table.

You need to deploy two load balancers to manage the traffic for VMSS1, VM1. and VM2. The solution must meet the following requirements:

• Either VM1 or VM2 must inspect all the traffic from the internet to App1.

• All user connections from the internet to App1 must be load balanced.

• Costs must be minimized.

Which load balancer SKU should you include in the solution? To answer, drag the appropriate SKUs to the correct resources. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

You need to configure the P2S VPN to meet the connectivity requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements

What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to plan the deployment of LBGW1. The solution must support the planned changes.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to meet the network security requirements for the NSG flow logs.

Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your company, named Contoso, Ltd, has an Azure subscription that contains the resources show in the following table.

You plan to deploy Azure Front Door. The solution must meet the following requirement:

• Requests to a URL of https://co ntoso.a zurefd .net/uk must be routed to App1uk.

• Requests to a URL of https://contoso.azurefd.net/us must be routed to App1us.

• Requests to a URL of https://contoso .azurefd.net/images must be routed to the storage account closest to the user.

What is the minimum number of backend pools and routing rule s you should create? To answer, the appropriate number to the correct component. Each number may be used once, more than once, or not at all. You may need to drag the spilt bar between panes scroll to view content:

Note: Each correct selection is worth one point.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an internal Basic Azure Load Balancer named LB1 That has two frontend IP addresses. The backend pool of LB1 contains two Azure virtual machines named VM1 and VM2.

You need to configure the rules on LB1 as shown in the following table.

What should you do for each rule?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have on Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1.

Hub! has a security status of Unsecured.

You need to ensure that the security status of Hub1 is marked as Secured.

Solution: You implement Azure NAT Gateway.

Does this meet the requirement?

You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.

You configure the listener for HTTPS by uploading an enterprise signed certificate.

You need to ensure that the application gateway can provide end-to-end encryption for App1. What should you do?

You have art Azure subscription.

You plan to deploy Azure Front Door with Azure Web Application Firewall (WAF).

You plan to implement custom rules and managed rules that meet the following requirements:

• Block malicious bots.

• Throttle client IP addresses that exceed 100 connections per minute.

You need to identify which Front Door SKU to configure, and which type of rule to configure for each requirement. The solution must minimize administrative effort and costs.

What should identify? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each cor rect selection is worth one point.

You have an Azure subscription that contains the resources shown in the following table.

You need to control access to storage1 by using NSG1 What should you configure first?

You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.

The links have auto registration enabled.

You create the virtual machines shown in the following table.

You manually add the following entry to the contoso.com zone:

Name: VM1

IP address: 10.1.10.9

For each of the following statements, select Yes of the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains two virtual machines.

You monitor traffic between the virtual machines by using NSG flow logs.

You have a network security group (NSG) flow log that has the following entries.

You need to identify the following metrics from the log entries:

• The total number of packets transferred between the virtual machines

• The total amount of bytes transferred between the virtual machines

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have the Azure resources shown in the following table.

You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.

You need to ensure that you can use the service endpoint to connect to the read-only endpoint of storage1 in the paired Azure region.

What should you do first?

You have an Azure subscription tha t contains an app named Appl. App1 is deployed to the Azure App Service apps show in the following table.

You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the availab le worker instances.

What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an on-premises network named Site1.

You have an Azure subscription that contains a virtual network named VNet1 and a storage account named storage1.

Site1 and VNet1 are connected by using a Site-to-Site (S2S) VPN.

You need to ensure that the servers in Site! can connect to storage! by using the S2S VPN The solution must minimize administrative effort.

What should you create on VNet1?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You create a WAF policy exclusion request headers that contain 137.135.10.24.

Does this meet the goat?

You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly.

Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.

You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.

What should you include in the solution?

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription that contains an app named Appl. App1 is hosted on the Azure App Service instances shown in the following table.

You need to implement Azur e Traffic Manager to meet the following requirements:

• App1 traffic must be assigned equally to each App Service instance in each Azure region.

• App1 traffic from North Europe must be routed to the Appl instances in the North Europe region.

• App1 traffic from North America must be routed to the Appl instances in the East US Azure region.

You have an Azure subscription that contains 20 virtual machines and a virtual network named VNetl.

You plan to provide access to the virtual machines by using Azure Bastion.

You need to configure a subnet for Azure Bastion. The solution must minimize the number of IP addresses required for the subnet

How should you configure the subnet? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure virtual network named Vnet1.

You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.

Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains 200 virtual machines

You need to use Azure Network Watcher to identify which virtual machines generate the most network traffic. The solution must minimize administrative effort.

Which prerequisites should you deploy for Network Watcher, and which Network Watcher feature should you use to identify the virtual machines? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure application gateway named AG1 and two Azure App Service apps named App1 and App2 that have the following configurations:

• Both apps are accessible by using HTTP and HTTPS.

• HTTP host headers are used to route requests to the appropriate apps.

• Both apps are hosted in a single App Service Environment in the West Europe Azure region.

You need to publish the apps by using AG1. The solution must ensure that AG1 provides both HTTP and HTTPS access.

What is the minimum number of resources required for AG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that VM1 and VM2 can connect only to storage1. The solution must meet the fo llowing requirements:

• Prevent VM1 and VM2 from accessing any other storage accounts.

• Ensure that storage1 is accessible from the internet.

What should you use?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and re ceive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You create a WAF policy exclusion for request headers that contain 137.135 .10.24.

Does this meet the goal?

You have an Azure subscription that contains a user named Admin1 and a resource group named RG1.

RG1 contains an Azure Network Watcher instance named NW1.

You need to ensure that Admin1 can place a lock on NW1. The solution must use the principle of least privilege.

Which role should you assign to Admin1?

You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1 You need to deploy Azure Firewall to RG1. The solution must minimize administrative effort What should you do first?