New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Exam Practice Test

Page: 1 / 26
Total 258 questions

Designing and Implementing Microsoft Azure Networking Solutions Questions and Answers

Question 1

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the resources shown in the following table.

Question # 1

You need to publish App1 by using AG1 and a URL of https://app1.contoso.com. The solution must meet the following requirements:

• TLS connections must terminate on AG1.

• Minimize the number of targets in the backend pool of AG1.

• Minimize the number of deployed copies of the SSL certificate of App1.

How many locations should you import to the certificate, and how many targets should you add to the backend pool of AG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 1

Options:

Question 2

You have an Azure subscription

You plan to use Azure Virtual WAN.

You need to deploy a virtual WAN hub that meets the following requirements:

• Supports 4 Gbps of Site-to-Site (S2S) VPN traffic

• Supports 8 Gbps of ExpressRoute traffic

• Minimizes costs

How many scale units should you configure? To answer select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

Question # 2

Options:

Question 3

You have an Azure subscription that contains the resources shown in the following table.

Question # 3

The virtual network topology is shown in the following exhibit.

Question # 3

Firewall1 is configured as shown in following exhibit.

Question # 3

FirewallPolicy1 contains the following rules:

• Allow outbound traffic from Vnet1 and Vnet2 to the internet.

• Allow any traffic between Vnet1 and Vnet2.

No custom private endpoints. service endpoints. routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Question # 3

Options:

Question 4

You have an Azure subscription that contains the resources shown in the following table.

Question # 4

You need to ensure that network traffic is routed over the Azure backbone network for the following scenarios:

• Traffic from SQIMI1 to storage1

• Traffic from domain joined servers on VNet2 to storage1

The solution must minimize costs.

What should you configure for each scenario? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 4

Options:

Question 5

You have two Azure App Service instances that host the web apps shown the following table.

Question # 5

You deploy an Azure application gateway that has one public frontend IP address and two backend pools.

You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.

What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 5

Options:

Question 6

You have an Azure subscription. The subscription contains multiple Azure SQL Database resources and a virtual network named VNet1 that has five subnets. All the subnets are associated with a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic, unless specifically allowed by a rule.

Each subnet contains 50 virtual machines. Multiple virtual machines host instances of SQL Server on Virtual Machines and will be configured to replicate with the Azure SQL Database resources.

You need to configure a new outbound rule in NSG1 to allow the SQL Server on Virtual Machines instances to connect to the Azure SQL Database resources. The solution must meet the following requirements:

• Minimize modifications to NSG1 when additional instances of SQL Server on Virtual Machines are deployed.

• Ensure that only SQL Server on Virtual Machines instances can connect to the Azure SQL Database resources.

How should you configure each setting for the new outbound rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 6

Options:

Question 7

You have an Azure Web Application Firewall (WAF) v2 tier named AG1 on an Azure application gateway. AG1 has a policy named Policy 1.

You need to add a custom rule to Policy 1. The rule must block all requests from IP addresses in a specific IP address range.

Which four PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

Question # 7

Options:

Question 8

You have a computer named CLIENT! that runs Windows 11 and has the Azure VPN Client installed.

You have an Azure virtual network gateway named VPNGW1.

You need to ensure that you can connect CLIENT1 to VPNGW1. The solution must support Microsoft Entra authentication.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 8

Options:

Question 9

You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFW1. You plan to enable the following:

• TLS inspection

• Threat intelligence

• A network intrusion detection and prevention system (IDPS)

What can you enable by using AzFW1?

Options:

A.

TLS inspection only

B.

threat intelligence only

C.

TLS inspection and the IDPS only

D.

threat intelligence and the IDPS only

E.

TLS inspection, threat intelligence, and the IDPS

Question 10

You have an Azure subscription that contains the virtual machines shown in the following table.

Question # 10

Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:

    Priority: 100

    Port: Any

    Protocol: Any

    Source: Any

    Destination: Storage

    Action: Deny

You create a private endpoint that has the following settings:

    Name: Private1

    Resource type: Microsoft.Storage/storageAccounts

    Resource: storage1

    Target sub-resource: blob

    Virtual network: Vnet1

    Subnet: Subnet1

For each of the following statements, select Yes of the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 10

Options:

Question 11

You have an Azure subscription that contains the Azure app service web apps show in the following table:

Question # 11

You need to deploy Azure Traffic Manager. The solution must meet the following requirements:

• Traffic to https//www.fabrikam.com must be directed to App1eu.

• If App1eu becomes unresponsive, all the traffic to https://www.fabrikam.com must be directed to App1us. You need to implement Traffic Manager to meet the requirements.

Which two resources should you create? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

a Traffic Manager profile that uses the priority routing method

B.

a Traffic Manager profile that uses the geographic routing method

C a CNAME record in a DNS domain named fabrikam.com

C.

a TXT record in a DNS domain named tabrikam.com

D.

a real user measurements key in Traffic Manager

Question 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1. Hub1 has a security status of Unsecured.

You need to ensure that the security status of Hub1 is marked as Secured.

Solution: You implement an Azure Front Door profile.

Does this meet the requirement?

Options:

A.

Yes

B.

No

Question 13

You have an Azure application gateway named AppGW1 that balances requests to a web app named App1.

You need to modify the server variables in the response header of App1.

What should you configure on AppGW1?

Options:

A.

HTTP settings

B.

rewrites

C.

rules

D.

listeners

Question 14

You have two Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.

You are implementing peering between Hub1 and Spoke1.

You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.

How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Question # 14

Options:

Question 15

You have an Azure subscription that contains an Azure key vault named Vaultl and an app registration for an Azure AD app named App1.

You have a DNS domain named contoso.com that is hosted by a third-party DNS provider.

You plan to deploy App1 by using Azure App Service. App1 will have the following configurations:

• App1 will be hosted across five App Service apps.

• Users will access App1 by using a URL of https://app1.contoso.com.

• The user traffic of App1 will be managed by using Azure Front Door.

• The traffic between Front Door and the App Service apps will be sent by using HTTP.

• App1 will be secured by using an SSL certificate from a third-party certificate authority (CA).

You need to support the Front Door deployment.

Which two DNS records should you create, and to where should you import the SSL certificate for App1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 15

Options:

Question 16

Your company, named Contoso, Ltd, has an Azure subscription that contains the resources show in the following table.

Question # 16

You plan to deploy Azure Front Door. The solution must meet the following requirement:

• Requests to a URL of https://contoso.azurefd .net/uk must be routed to App1uk.

• Requests to a URL of https://contoso.azurefd.net/us must be routed to App1us.

• Requests to a URL of https://contoso .azurefd.net/images must be routed to the storage account closest to the user.

What is the minimum number of backend pools and routing rules you should create? To answer, the appropriate number to the correct component. Each number may be used once, more than once, or not at all. You may need to drag the spilt bar between panes scroll to view content:

Note: Each correct selection is worth one point.

Question # 16

Options:

Question 17

You have an on-premises network that includes the sites shown in the following table.

Question # 17

Each site is connected to the Internet by a firewall. All sites are connected to an SD-WAN. Each site is configured to propagate routes by using BGP.

You have an Azure subscription that includes a virtual network named Vnet1 that contains a Virtual Network Gateway named Gateway 1.

You create a local network gateway with the configuration shown in the gateway exhibit (Click the Gateway tab.)

Question # 17

You create a Site-to-Site (S2S) connection with the configuration shown in connection exhibit. (Click the Connection tab)

Question # 17

For each of the following statements, select Yes if the statement is true Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 17

Options:

Question 18

You have an on-premises network.

You have an Azure subscription that contains the resources shown in the following table.

Question # 18

You need to implement an ExpressRoute circuit to access the resources in the subscription. The solution must ensure that the on-premises network connects to the Azure resources by using the ExpressRoute circuit.

Which type of peering should you use for each connection? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 18

Options:

Question 19

You create NSG10 and NSG11 to meet the network security requirements.

For each of the following statements, select Yes it the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 19

Options:

Question 20

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 20

Options:

Question 21

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 21

Options:

Question 22

You need to configure GW1 to meet the network security requirements for the P2S VPN users.

Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

Options:

A.

IKEv2 and OpenVPN (SSL)

B.

IKEv2

C.

IKEv2 and SSTP (SSL)

D.

OpenVPN (SSL)

E.

SSTP (SSL)

Question 23

You are implementing the virtual network requirements for VM Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 23

Options:

Question 24

You need to meet the network security requirements for the NSG flow logs.

Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 24

Options:

Question 25

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 25

Options:

Question 26

You are implementing the Virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 26

Options:

Question 27

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

Options:

A.

a private endpoint

B.

a virtual network peering

C.

a private link service

D.

a routing table

E.

a service endpoint

Question 28

In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 28

Options:

Question 29

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.

What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 29

Options:

Question 30

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 30

Options:

Question 31

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.

Which connectivity method should you use?

Options:

A.

a service endpoint

B.

a private endpoint

C.

Azure Firewall

D.

Azure Front Door

Question 32

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

Options:

A.

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

B.

a user-defined route assigned to GatewaySubnet in Vnet1

C.

BGP route exchange

D.

route filters

Question 33

You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.

Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 33

Options:

Question 34

You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 34

Options:

Question 35

You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

On the peerings from Vnet2 and Vnet3, select Use remote gateways.

B.

On the peering from Vnet1, select Allow forwarded traffic.

C.

On the peering from Vnet1, select Use remote gateways.

D.

On the peering from Vnet1, select Allow gateway transit.

E.

On the peerings from Vnet2 and Vnet3, select Allow gateway transit.

Question 36

You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.

What should you include in the solution?

Options:

A.

a service endpoint

B.

Azure Front Door

C.

a private endpoint

D.

Azure Traffic Manager

Question 37

Task 10

You plan to deploy several virtual machines to subnet1-2.

You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.

Options:

Question 38

Task 2

You need to create an Azure Firewall instance named FW1 that meets the following requirements:

• Has an IP address from the address range of 10.1.255.0/24

• Uses a new Premium firewall policy named FW-pohcy1

• Routes traffic directly to the internet

Options:

Question 39

Task 5

You need to ensure that requests for wwwjelecloud.com from any of your Azure virtual networks resolve to frontdoor1.azurefd.net.

Options:

Question 40

Task 1

You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.

You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.

Options:

Question 41

Task 7

You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.

Options:

Question 42

Task 11

You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.

Options:

Question 43

Task 6

You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com.

You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de contoso.com. All other traffic must be routed to ny.contoso.com.

Options:

Question 44

Task 3

You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.

Options:

Question 45

Task 4

You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.

Options:

Question 46

Task 9

You plan to use VNET4 for an Azure API Management implementation.

You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.

Options:

Question 47

Task 3

You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.

You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.

Options:

Question 48

Task 10

You need to configure VNET1 to log all events and metrics. The solution must ensure that you can query the events and metrics directly from the Azure portal by using KQL.

Options:

Question 49

Task 8

You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1

Options:

Question 50

Task 1

You need to ensure that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure. The solution must ensure that the virtual machines on VNET1 and VNET2 can resolve the names of the virtual machines on either virtual network.

Options:

Question 51

Task 11

You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.

The on-premises network has the following configurations:

• Internal address range: 10.10.0.0/16.

• Firewall 1 internal IP address: 10.10.1.1.

• Firewall1 public IP address: 131.107.50.60.

BGP is NOT used.

You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.

Options:

Question 52

Task 7

You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.

You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.

Options:

Question 53

Task 2

You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.

Options:

Question 54

Task 5

You need to archive all the metrics of VNET1 to an existing storage account.

Options:

Page: 1 / 26
Total 258 questions