Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You enable BGP on the gateway of Vnet1.
Does this meet the goal?
You have the Azure environment shown In the Azure Environment exhibit. (Click the Azure Environment tab.) The settings for each subnet are shown in the following table.
The Firewalls and virtual networks settings for storage1 are configured as shown in the Storage1 exhibit. (Click the Storage1 tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
The IP Addresses settings for Vnet1 are configured as shown in the exhibit.
You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. You have the NAT gateway shown in the NATgateway1 exhibit, (Click the NATgateway1 tab)
You have the virtual machine shown in the VM1 exhibit, (Click the VM1 tab)
Subnet1 is configured as shown in the Subnet1 exhibit, (Click the Subnet1 tab)
For each of the following statements, select Yes if the statement is true. Otherwise, select No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2. and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You create a network security group (NSG). You configure a service tag for MicrosoftStorage and link the tag to Subnet1.
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You add a rewrite rule for the host header.
Does this meet the goal?
You have an Azure subscription that contains a virtual network gateway named VNetGwy1. VNetGwy1 has a public IP address of 20.25.32.214.
You need to query the health probe of VNetGwy1,
How should you complete the URI? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network named Vnet1 and an on-premises network.
The on-premises network has policy-based VPN devices. In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.
You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.
You need to ensure that the on-premises network can connect to the route-based GW1. What should you do before you create the connection?
You have an Azure subscription that contains a user named Admin1 and a resource group named RG1.
RG1 contains an Azure Network Watcher instance named NW1.
You need to ensure that Admin1 can place a lock on NW1. The solution must use the principle of least privilege.
Which role should you assign to Admin1?
You have five virtual machines that run Windows Server. Each virtual machine hosts a different web app.
You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.corn and a different URL path for each web app, for example: https://www.contoso.com/app1.
You need to control the flow of traffic based on the URL path.
What should you configure?
You have an Azure subscription that contains a virtual network name Vnet1. Vnet1 contains a virtual machine named VM1 and an Azure firewall named FW1.
You have an Azure Firewall Policy named FP1 that is associated to FW1.
You need to ensure that RDP requests to the public IP address of FW1 route to VM1.
What should you configure on FP1?
You have an Azure subscription that contains an Azure Firewall Premium policy named FWP1.
To FWP1, you plan to add the rule collections shown in the following table.
Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You have an Azure Front Door instance that has a single frontend named Frontend1 and an Azure Web Application Firewall (WAF) policy named Policy1. Policy1 redirects requests that have a header containing "string1" to https://www.contoso.com/redirect1. Policy1 is associated to Frontend1.
You need to configure additional redirection settings. Requests to Frontend1 that have a header containing "string2" must be redirected to https://www.contoso.com/redirect2.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Task 6
You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
Task 2
You need to create an Azure Firewall instance named FW1 that meets the following requirements:
• Has an IP address from the address range of 10.1.255.0/24
• Uses a new Premium firewall policy named FW-pohcy1
• Routes traffic directly to the internet
You have an Azure subscription that contains the resources shown in the following table.
You establish BGP peering between NVA1 and Hub1.
You need to implement transit connectivity between VNet1 and VNet3 via Hub1 by using BGP peering. The solution must minimize costs.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Task 9
You need to ensure that subnet4-3 can accommodate 507 hosts.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1
You deploy an instance of Azure Application Gateway v2 named AppGw1 to Subnet1. You create a network security group (NSG) named NSG1 and link NSG1 to Subnet1.
You need to ensure that AppGw1 will only load balance traffic that originates from VNet1. The solution must minimize the impact on the functionality of AppGw1.
What should you add to NSG1?
Task 5
You need to ensure that requests for wwwjelecloud.com from any of your Azure virtual networks resolve to frontdoor1.azurefd.net.
Task 8
You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1
Task 3
You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
Task 11
You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.
The on-premises network has the following configurations:
• Internal address range: 10.10.0.0/16.
• Firewall 1 internal IP address: 10.10.1.1.
• Firewall1 public IP address: 131.107.50.60.
BGP is NOT used.
You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.
Task 10
You need to configure VNET1 to log all events and metrics. The solution must ensure that you can query the events and metrics directly from the Azure portal by using KQL.
Task 7
You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.
Task 1
You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.
You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.
Task 4
You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.