Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Exam Practice Test
Designing and Implementing Microsoft Azure Networking Solutions Questions and Answers
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type s hould you select in the Point-to-site configuration settings of GW1?
You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?
You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to configure a custom rule for APPGWI-WAFPolicy to allow only connections that originate from FD1. The solution must support the planned changes.
Which Match type and Match variable should you select?
You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?
You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?
You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements
What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You ate configuring the DNS forwarding luleset for DNSR1
You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.
Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to plan the deployment of LBGW1. The solution must support the planned changes.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure the P2S VPN to meet the connectivity requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.
What should you do first?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1.
Hub1 has a security status of Unsecured.
You need to ensure that the security status of Hub1 is marked as Secured.
Solution: You implement Azure Web Application Firewall (WAF).
Does this meet the requirement?
Note: This question is pa rt of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solutio n.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client 1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You download and reinstall the VPN client configuration.
Does this meet the goal?
You have an Azure subscription that contains an Azure Firewall Premium policy named FWP1.
To FWP1, you plan to add the rule collections shown in the following table.
Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than o nce, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription tha t contains an app named Appl. App1 is deployed to the Azure App Service apps show in the following table.
You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the availab le worker instances.
What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an on-premises network.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 is connected to an Azure Virtual WAN hub named Hub1.
You need to enable connectivity between the on-premises network and VNet1 by using Hub1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. You have the NAT gateway shown in the NATgateway1 exhibit, (Click the NATgateway1 tab)
You have the virtual machine shown in the VM1 exhibit, (Click the VM1 tab)
Subnet1 is configured as shown in the Subnet1 exhibit, (Click the Subnet1 tab)
For each of the following statements, select Yes if the statement is true. Otherwise, select No
You have an Azure subscription that contains an Azure Front Door named FD1. FD1 is configured as shown in the following exhibit.
You need to enable Azure Private Link for FD1.
What should you do first?
You have the Azure firewall shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Your company has 10 instances of a web service. Each instance is hosted in a different Azure region and is accessible through a public endpoint.
The development department at the company is creating an application named App1. Every 10 minutes. App1 will use a list of end points and connect to the first available endpoint.
You plan to use Azure Traffic Manager to maintain the list of endpoints.
You need to configure a Traffic Manager profile that will minimize the impact of DNS caching.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure load balancer that has the following configurations:
• Name:LB1
• Location: East US 2
• SKU: Standard
• Private IP address: 10.3.0.7
• Load balancing rule: rule! (Tcp/80)
• Health probe: probe1 (Http: 80)
• NAT rules; 0 inbound
The backend pool of LB1 has the following configurations:
• Name: backend I
• Virtual network: Vnet1
• Backend pool configuration: NIC
• IP version: IPv4
• Virtual machines: VM1.VM2. VM3 :
You have an Azure virtual machine named VM4 that has the following network configurations:
• Network interface: vm49Sl
• Virtual network/subnet: Vnet3/Subnet3
• NIC private IP address: 10.4.0.4
• Accelerated networking: Enabled
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You plan to deploy an app named App1 to meet the following requirements.
• External users must be able to access App1 from the internet.
• App1 will be load balanced across all the virtual machines.
• App1 will be hosted on VM1, VM2. VM3. and VM4.
• App1 must be available if an Azure region fails.
• Costs must be minimized.
You need to implement a global load balancer solution for App.
What should you configure? To answer, select the appropriate options in the answer area
NOTE: Bach correct answer is worth one point.
You need to connect an on-premises network and an Azure environment. The solution must use ExpressRoute and support failing over to a Site-to-Site VPN connection if there is an ExpressRoute failure.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an on-premises DNS server named Server1 that hosts a primary DNS zone named fabrikam.com.
You have an Azure subscription that contains the resources shown in the following table.
Users on the on-premises network access resources on all the virtual networks by using a Site-to-Site (S2S) VPN. You need to deploy an Azure DNS Private Resolver solution that meets the following requirements:
• Resources connected to the virtual networks must be able to resolve DNS names for fabrikam.com.
• Server1 must be able to resolve the DNS names of the resources in contoso.com.
• The solution must minimize costs and administrative effort.
What is the minimum number of resolvers you should deploy?
You have an Azure subscription that contains a virtual network gateway named VNetGwy1. VNetGwy1 has a public IP address of 20.25.32.214.
You need to query the health probe of VNetGwy1,
How should you complete the URI? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company, named Contoso, Ltd, has an Azure subscription that contains the resources show in the following table.
You plan to deploy Azure Front Door. The solution must meet the following requirement:
• Requests to a URL of https://co ntoso.a zurefd .net/uk must be routed to App1uk.
• Requests to a URL of https://contoso.azurefd.net/us must be routed to App1us.
• Requests to a URL of https://contoso .azurefd.net/images must be routed to the storage account closest to the user.
What is the minimum number of backend pools and routing rule s you should create? To answer, the appropriate number to the correct component. Each number may be used once, more than once, or not at all. You may need to drag the spilt bar between panes scroll to view content:
Note: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You configure the firewall on storage1 to only accept connections from Vnet1.
Does this meet the goal?
You have two on-premises datacenters.
You have an Azure subscription that contains four virtual networks named VNet1 VNet2, VNet3, and VNet4
You create an Azure virtual WAN named VWAN1. VWAN1 contains a single virtual hub that is connected to both on-premises datacenters and all the virtual networks in a full mesh topology.
You create a route table named RT1.
You need to configure VWAN1 to meet the following requirements:
• Connectivity between VNet1 and VNet2 and both on-premises datacenters must be allowed.
• Connectivity between VNet3 and VNet4 and both on-premises datacenters must be allowed.
• VNet1 and VNet2 must be isolated from VNet3 and VNet4.
How should you configure routing for VNet1 and VNet2 and for both on-premises datacenters? To answer, drag the appropriate route tables and route table propagation to the correct requirements. Each route table and route table propagation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have the Azure resources shown in the following table.
You need to link VNei2 to Circuit1
What should you create in each subscription? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct soluti on, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure F ront Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAFT.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You configure a custom rule for WAF1.
Does this me et the goal?
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly.
Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.
You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.
What should you include in the solution?
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
You need to i mplement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use?
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution mus t meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Ite rule for the 
You have an Azure subscription.
You need to deploy an App Service web app named App1 that will use an Azure application gateway. The estimated usage for App1 is 250,000 persistent connections.
What is the minimum number of app instances you should configure?
You have an Azure subscription that is linked to a Microsoft Entra tenant.
The subscription contains a virtual network named VNet1, a storage account named storage1, an Azure App Service web app named Appl. and an Azure SQL database named DB1. VNet1 contains two subnets named Subnet1 and Subnet2. Subnet 1 and Subnet2 each has a subnet mask of 255.255.255.224.
You plan to perform the following actions:
• On Subnet1. configure a service endpoint to connect to storage1 and a service endpoint to connect to the Microsoft Entra tenant.
• On Subnet2. configure a private endpoint to connect to App1 and a private endpoint to connect to DB1
How many IP addresses will be available on each subnet once the planned actions are complete? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
You have an Azure subscription that contains a virtual network named VNet1.
Your on-premises network connects to VNet1 by using a Site-to-Site (S2S) VPN connection.
You need to ensure that Azure Network Watcher generates an alert if the VPN connection fails.
Which Network Watcher feature should you use to generate the alert, and which data source should the feature query? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an on-premises datacenter named DC1 that contains two routers
You have an Azure subscription. The subscription contains a virtual network named VNet1 and a zone-redundant ExpressRoute virtual network gateway named GW1 that uses the ErGw3Az SKU. GW1 is attached to VNet1.
DO is connected to VNet1 by using an ExpressRoute Standard circuit named Circuits The DC1 routers are configured as endpoints for Circuit1. Circuit1 traffic traverses two physical links.
During a link outage, the connection takes three minutes to fail over
You need to ensure that failovers between the links take less than one second
What should you do?
Task 5
You need to archive all the metrics of VNET1 to an existing storage account.
Task 2
You need to create an Azure Firewall instance named FW1 that meets the following requirements:
• Has an IP address from the address range of 10.1.255.0/24
• Uses a new Premium firewall policy named FW-pohcy1
• Routes traffic directly to the internet
Task 2
You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.
Task 11
You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.
The on-premises network has the following configurations:
• Internal address range: 10.10.0.0/ 16.
• Firewall 1 internal IP address: 10.10.1.1.
• Firewall1 public IP address: 131.107.50.60.
BGP is NOT used.
You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.
Your company has an Azure subscription that contains a virtual network named VNet1 and an Azure VPN gateway named vGW1. The company has 50 users that have Windows 11 devices.
You need to ensure that the users can access the resources on VNet1. The solution must meet the following requirements:
• Ensure that the users can establish Point-to-Site (P2S) VPN connections to vGW1.
• Ensure that the users can authenticate by using only their Microsoft Entra credentials
Which type of tunnel should you configure, and which VPN client should you configure on the users ' devices? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
