Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Exam Practice Test

Demo: 60 questions
Total 322 questions

Get AZ-700 Full Access Download AZ-700 PDF

Designing and Implementing Microsoft Azure Networking Solutions Questions and Answers

Question 1

You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Question 2

You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?

Options:

AzureFrontDoor.FirstParty

AzureFrontDoor.Infra

AzureFrontDoor.Backend

AzureFrontDoor.Frontend

Question 3

You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.

What should you do first?

Options:

Add a custom domain to FD1.

Add a security policy to FD1.

Request a certificate from a trusted root CA.

Export the TLS certificate and the private key from App2.

Question 4

You ate configuring the DNS forwarding luleset for DNSR1

You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.

Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 5

You need to configure a custom rule for APPGWI-WAFPolicy to allow only connections that originate from FD1. The solution must support the planned changes.

Which Match type and Match variable should you select?

Options:

String and RequestCookies

IP address and RemoteAddr

String and RequestHeaders

Geo location and RemoteAddr

Question 6

You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?

Options:

Add a route table to SUBNET-PL

Enable a network policy for SUBNET-PE.

From Azure Virtual Network Manager, create a security admin configuration.

From Azure Viitual Network Manager, create a network group that has Member type set to Subnet

Question 7

You need to plan the deployment of LBGW1. The solution must support the planned changes.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 8

You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Question 9

You need to configure the P2S VPN to meet the connectivity requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 10

You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?

Options:

From the SSL settings, upload a TLS client certificate that is issued by the internal root CA and includes the full certificate chain.

From the Backend settings, upload a wildcard TLS certificate that has a private key issued by the internal root CA

From the Backend settings, upload the internal root CA certificate.

From the SSL settings, upload a TLS client certificate that is issued by the internal root CA.

Question 11

You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements

What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Question 12

You have an Azure subscription that contains the following resources:

A virtual network named Vnet1

Two subne ts named subnet1 and AzureFirewallSubnet

A public Azure Firewall named FW1

A route table named RT1 that is associated to Subnet1

A rule routing of 0.0.0.0/0 to FW1 in RT1

After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.

You need to ensure that the virtual machines can be activated.

What should you do?

Options:

Deploy an application security croup mat allows outbound traffic to 1688.

Deploy an Azure Standard Load Balancer that has an outbound NAT rule

On fW1.configure a DNAT rule for port 1688.

Add an internet route to RI1 for the Azure Key Management Service (KMS).

Question 13

You configure a route table named RT1 that has the routes shown in the following table.

You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.

You have the resources shown in the following table.

Vnet1 connects to an ExpressRoute circuit. The on-premises router advertises the following routes:

* 0.0.0.0/0

* 10.0.0.0/16

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Options:

Question 14

You have an Azure subscription.

You plan to deploy Azure Firewall Premium, enable all the Premium features, and configure both network and application rules.

Which type of rule will the firewall process first?

Options:

infrastructure

network

threat intelligence

application

Question 15

You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.

You need to configure a rate limit for incoming requests to AFD1.

Solution: You add a rule to the rule set of AFD1.

Does this meet the goal?

Options:

Yes

Question 16

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly.

Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.

You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.

What should you include in the solution?

Options:

a service tag

a private endpoint

a subnet delegation

an application security group

Question 17

You have an Azure subscription that contains an Azure App Service app. The app uses a URL of https://www.contoso.com.

You need to use a custom domain on Azure Front Door for www.contoso.com. The custom domain must use a certificate from an allowed certification authority (CA).

What should you include in the solution?

Options:

an enterprise application in Azure Active Directory (Azure AD)

Active Directory Certificate Services (AD CS)

Azure Key Vault

Azure Application Gateway

Question 18

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have on Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1.

Hub! has a security status of Unsecured.

You need to ensure that the security status of Hub1 is marked as Secured.

Solution: You implement Azure NAT Gateway.

Does this meet the requirement?

Options:

Yes

Question 19

Note: This question is pa rt of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solutio n.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two Azure virtual networks named Vnet1 and Vnet2.

You have a Windows 10 device named Client 1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.

You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.

You discover that Client1 cannot communicate with Vnet2.

You need to ensure that Client1 can communicate with Vnet2.

Solution: You download and reinstall the VPN client configuration.

Does this meet the goal?

Options:

Yes

Question 20

You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.

You have a network security group (NSG) named NSG1 associated to each subnet.

When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.

You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:

• Ensure that only the monitoring virtual machines receive a c onnection from 131.107.1.15.

• Minimize changes to NSG1 when a new subnet is created.

What should you use as the destination in the inbound security rule?

Options:

a virtual network

an IP address

an application security group

a service tag

Question 21

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 22

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 23

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 24

You are implementing the virtual network requirements for VM Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 25

You need to meet the network security requirements for the NSG flow logs.

Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 26

You are implementing the Virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 27

You create NSG10 and NSG11 to meet the network security requirements.

For each of the following statements, select Yes it the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 28

In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 29

You need to configure GW1 to meet the network security requirements for the P2S VPN users.

Which Tunnel type s hould you select in the Point-to-site configuration settings of GW1?

Options:

IKEv2 and OpenVPN (SSL)

IKEv2

IKEv2 and SSTP (SSL)

OpenVPN (SSL)

SSTP (SSL)

Question 30

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

Options:

a private endpoint

a virtual network peering

a private link service

a routing table

a service endpoint

Question 31

You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.

Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Question 32

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 33

You need to i mplement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 34

You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 35

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution mus t meet the virtual networking requirements.

What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Ite rule for the

Options:

Question 36

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Question 37

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.

Which connectivity method should you use?

Options:

a service endpoint

a private endpoint

Azure Firewall

Azure Front Door

Question 38

You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

Options:

route filters

BGP route exchange

a user-defined route assigned to GatewaySubnet in Vnet1

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

Question 39

You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

On the peerings from Vnet2 and Vnet3, select Use remote gateways.

On the peering from Vnet1, select Allow forwarded traffic.

On the peering from Vnet1, select Use remote gateways.

On the peering from Vnet1, select Allow gateway transit.

On the peerings from Vnet2 and Vnet3, select Allow gateway transit.

Question 40

You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.

What should you include in the solution?

Options:

a service endpoint

Azure Front Door

a private endpoint

Azure Traffic Manager

Question 41

You have an Azure subscription that contains 20 virtual machines and a virtual network named VNetl.

You plan to provide access to the virtual machines by using Azure Bastion.

You need to configure a subnet for Azure Bastion. The solution must minimize the number of IP addresses required for the subnet

How should you configure the subnet? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 42

You have an Azure subscription that contains multiple virtual networks.

From Microsoft Defender for Cloud, you select Regulatory Compliance and view the following compliance controls:

• NS-2. Secure cloud services with network controls

• NS-8 Detect and disable insecure services and protocols

• NS-9. Connect on-premises or cloud network privately

You need to recommend remediations for the controls.

What should you include in the recommendation for each control? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 43

You have an on-premises VPN appliance named GW1.

You have an Azure subscription that contains an Azure VPN gateway named VPNGW1. VPNGW1 connects to GW1.

You need to modify the IKEv2 encryption algorithm used by VPNGW1 and GW1.

Which PowerShell cmdlet should you run? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

Options:

Question 44

Task 11

You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.

The on-premises network has the following configurations:

• Internal address range: 10.10.0.0/ 16.

• Firewall 1 internal IP address: 10.10.1.1.

• Firewall1 public IP address: 131.107.50.60.

BGP is NOT used.

You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.

Options:

Question 45

Task 7

You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.

You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.

Options:

Answer:

See the Explanation below for step by step instructions.

Explanation:

To minimize the risk of SNAT port exhaustion for your 100 virtual machines in subnet4-1, while ensuring minimal administrative effort, you can use an Azure NAT Gateway . This service provides scalable and resilient outbound connectivity for virtual networks, dynamically allocating SNAT ports to avoid exhaustion.

Navigate to the Azure Portal .

Search for “NAT gateways” and select it.

Click on “Create” .

Enter the following details :

Subscription : Select your subscription.

Resource Group : Select an existing resource group or create a new one.

Name : Enter a name for the NAT gateway (e.g., NATGateway-Subnet4-1 ).

Region : Select the region where your virtual network is located.

Click on “Next: Outbound IP” .

Choose whether to use existing public IP addres ses or create new ones .

If creating new ones, click on “Add new” and configure the new public IP addresses.

Click on “Next: Subnet” .

Click on “Associate subnet” .

Select the virtual network that contains subnet4-1.

Select subnet4-1 from the list of subnets.

Click on “OK” .

Review your settings to ensure everything is correct.

Click on “Review + create” and then “Create” .

Azure NAT Gateway : This service provides outbound connectivity for virtual networks, dynamically allocating SNAT ports across all VM instances within a subnet. This dynamic allocation helps prevent S NAT port exhaustion, especially in scenarios with high outbound connection volumes 1 2 .

Dynamic S NAT Port Allocation : Unlike static allocati on methods, NAT Gateway dynamically allocates SNAT ports based on demand, ensuring efficient use of availab le ports and reducing the risk of exhaus tion 2 .

Step-by-Step Solution Step 1: Create a NAT Gateway Step 2: Configure Outbound IP Addresses Step 3: Associate the NAT Gateway with Subnet4-1 Step 4: Review and Create Explanation By following these steps, you can ensure that your 100 virtual machines in subnet4-1 can make the necessary API calls without running into SNAT port exhaustion, all while minimizing administrative effort.

Question 46

Task 5

You need to archive all the metrics of VNET1 to an existing storage account.

Options:

Question 47

Task 10

You plan to deploy several virtual machines to subnet1-2.

You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.

Options:

Answer:

See the Explanation below for step by step instructions.

Explanation:

To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet 1-2, you can use a Network Security Group (NSG) . This solution is straightforward and minimizes administrative effort.

Step-by-Step Solution

Step 1: Create a Network Security Group (NSG)

Navigate to the Azure Portal .

Search for “Network security groups” and select it.

Click on “Create” .

Enter the following details :

Subscription : Select your subscription.

Resource Group : Select an existing resource group or create a new one.

Name : Enter a name for the NSG (e.g., NSG-Subnet1-2).

Region : Select the region w here your virtual network is located.

Click on “Review + create” and then “Create” .

Step 2: Create an Inbound Security Rule

Navigate to the newly created NSG .

Select “Inbound security rules” from the left-hand menu.

Click on “Add” to create a new rule.

Ent er the following details :

Source : Select Service Tag .

Source Service Tag : Select VirtualNetwork .

Source port ranges : Leave as *.

Destination : Select IP Addresses .

Destination IP addresses/CIDR ranges : Enter the IP range of subnet1-2 (e.g., 10.1.2.0/24).

Destination port ranges : Enter 5585.

Protocol : Select TCP .

Action : Select Deny .

Priority : Enter a priority value (e.g., 100).

Name : Enter a name for the rule (e.g., Deny-TCP-5585).

Click on “Add” to create the rule.

Step 3: Associate the NSG with Subnet1-2

Navigate to the virtual network that contains subnet1-2.

Select “Subnets” from the left-hand menu.

Select subnet1-2 from the list of subnets.

Click on “Network security group” .

Select the NSG you created (NSG-Subnet1-2).

Click on “Save” .

Explanation

Netwo rk Security Group (NSG) : NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network. They contain security rules tha t allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and pr otocol 1 .

Inbound Security Rule : By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port.

Association with Subnet : Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet.

By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.

Question 48

You have an on-premises datacenter named DC1 that contains two routers

You have an Azure subscription. The subscription contains a virtual network named VNet1 and a zone-redundant ExpressRoute virtual network gateway named GW1 that uses the ErGw3Az SKU. GW1 is attached to VNet1.

DO is connected to VNet1 by using an ExpressRoute Standard circuit named Circuits The DC1 routers are configured as endpoints for Circuit1. Circuit1 traffic traverses two physical links.

During a link outage, the connection takes three minutes to fail over

You need to ensure that failovers between the links take less than one second

What should you do?

Options:

For Circuit1, select FastPath

For GW1. set Active-active mode to Enabled

On the routers, configure Bidirectional Forwarding Detection (BFD).

For GW1, change SKU to UrtraPerformance

Question 49

You have 50 on-premises networks. Each network contains a server that runs Windows Server.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a database server named DB1.

You plan to deploy an app named App1 that will be hosted on the on-premises servers and will connect to DB1 by using Azure Network Adapter.

What should you use to support the Azure Network Adapter connections to VNet1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 50

Task 4

You need to ensure that the owner of VNET3 receives an alert if an administrative operation is performed on the virtual network.

Options:

Answer:

See the Explanation below for step by step instructions.

Explanation:

To ensure that the owner of VNET3 receives an alert whenever an administrative operation is performed on the virtual network, you can set up an Activity Log Alert in Azure Monitor. Here’s how you can do it:

Step-by-Step Solution

Step 1: Create an Activity Log Alert

Navigate to the Azure Portal .

Search for “Monitor” and select it.

In the Monitor blade , select “Alerts” from the left-hand menu.

Click on “New alert rule” .

Step 2: Configure the Alert Rule

Select the Scope :

Click on “Select resource” .

Choose “Virtual Network” as the resource type.

Select VNET3 from the list of virtual networks.

Define the Condition :

Click on “Add condition” .

In the “Signal type” dropdown, select “Activity Log” .

Choose “Administrative” as the category.

Select the specific operations you want to monitor (e.g., Microsoft.Network/virtualNetworks/write for any write operations on the virtual network).

Set the Alert Details :

Enter a name for the alert rule (e.g., VNET3 Admin Operations Alert).

Provide a description if needed.

Configure the Action Group :

Click on “Add action group” .

Enter a name for the action group.

Select the action type (e.g., Email/SMS/Push/Voice).

Enter the details of the recipient (e.g., the email address of the owner of VN ET3).

Review and Create :

Review the alert rule settings.

Click on “Create alert rule” .

Explanation

Activity Log Alerts : These alerts notify you when specific operations are performed on your Azure resources. By setting up an alert for administrative operations, you ensure that any changes to VNET3 are promptly reported.

Action Groups : These define the actions to take when an alert is triggered. You can configure notifications via email, SMS, or other methods to ensure the owner of VNET3 is informed im mediately.

Administrative Operations : Monitoring these operations helps in tracking changes and maintaining the security and integrity of your virtual network.

By following these steps, you can ensure that the owner of VNET3 receives timely alerts for any administrative operations performed on the virtual network, helping to maintain oversight and security.

Question 51

You have an Azure subscription that contains the resources shown in the following table.

You need to control access to storage1 by using NSG1 What should you configure first?

Options:

the Azure Private Link service

an application security group

a private endpoint network policy

a service endpoint

Question 52

Your company has an Azure subscription that contains a virtual network named VNet1 and an Azure VPN gateway named vGW1. The company has 50 users that have Windows 11 devices.

You need to ensure that the users can access the resources on VNet1. The solution must meet the following requirements:

• Ensure that the users can establish Point-to-Site (P2S) VPN connections to vGW1.

• Ensure that the users can authenticate by using only their Microsoft Entra credentials

Which type of tunnel should you configure, and which VPN client should you configure on the users ' devices? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 53

Task 4

You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1. 1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.

Options:

Answer:

See the Explanation below for step by step instructions.

Explanation:

Here are the steps and explanations for ensuring that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name stor-age34280945.pnvatelinlcblob.core.windows.net:

To allow access from a specific IP address range, you need to configure the Azure Storage firewall and virtual network setti ngs for your storage account. You can do this in the Azure port al by selecting your storage account and then sele cting Networking under Settings 1 .

On the Networking page, sele ct Firewall s and virtual networks, and then select Selected networks under Allow access from 1 . This will block all access to your storage account except from the networks or resources that you specify.

Under Firewall, select Add rule, and then enter 10. 1.1.0/24 as the IP address or range. You can also enter an option al rule name and description 1 . This will allow access from any IP address in the 10.1.1.0/24 range.

Sele ct Save to apply your changes 1 .

To map a custom domain name to your storage accou nt, you need to create a CNAME record with your domain provider that points to your s torage account endpoint 2 . A CNAME record is a type of DNS record that maps a source domain name to a desti nation domain name.

Create a CNAME record with the following information 2 :

Source domain name: stor-age34280945.pnvatelinlcblob.core.windows.net

Destination domain name: stor-age34280945.pnvatelinlcblob.core.windows.ne t

Save your changes a nd wait for the DNS propagation to take e ffec t 2 .

To register the custom domain name with Azure, you need to go back to the Azure portal and select you r storage account. Then select Custom domain under Blob service 2 .

On the Custom domain page, enter stor-age34280945.pnvatelinlcblob.core.windows .net as the custom domain name and select Save 2 .

Question 54

You have an Azure subscription that contains virtual networks, network security groups (NSGs), and virtual machines. You need to perform the following actions:

• Identify unknown traffic between the resources.

• Check the network connectivity between the virtual machines.

What should you use to perform each action? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 55

Task 9

You plan to use VNET4 for an Azure API Management implementation.

You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.

Options:

Answer:

See the Explanation below for step by step instructions.

Explanation:

To configure a policy in Azure API Management that can be used by an Azure Application Gateway to protect against known web attack vectors and only allow requests from IP addresses in Canada, follow these steps:

Step-by-Step Solution

Step 1: Create or Access Your API Management Instance

Navigate to the Azure Portal .

Search for “ API Management services” and select your API Management instance.

Step 2: Configure the Policy

In the API Management instance , go to the “APIs” section.

Select the API you want to apply the policy to.

Go to the “Design” tab .

Select “All operations” if you want to apply the policy to all operations, or select a specific operation.

Step 3: Add the Inbound Policy

In the Inbound processing section , click on “+ Add policy” .

Select “IP filter” from the list of policies.

Add the IP address ranges for Canada . You c an find the IP ranges for Canada from a reliable source or use a service that provides this information.

Here is an example of the XML configuration for the policy:

< inbound >

< ip-filter action= " allow " >

< address-range from= " 24.0.0.0 " to= " 24.255.255.255 " / >

< address-range from= " 47.0.0.0 " to= " 47.255.255.255 " / >

< !-- Add other Canadian IP ranges as needed -- >

< /ip-filter >

< ip-filter action= " deny " >

< address-range from= " 0.0.0.0 " to= " 255.255.255.255 " / >

< /ip-filter >

< /inbound >

Save the policy to apply the changes.

Explanation

IP Filter Policy : This policy allows you to filter incoming requests based on their IP addresses. By specifying the IP ranges for Canada, you ensure that only requests originating from these IPs are allowed.

Inbound Processing : Applying the policy in the inbound section ensures that the requests are filtered before they reach your API.

By following these steps, you can configure a polic y in Azure API Management that res tricts a ccess to your API to only those requests ori ginating from IP ad dresses in Canada, thereby enhancing security and compliance

Question 56

You have an Azure subscription that contains a virtual network. The virtual network contains two subnets named Subnet1 and Subnet2. You have an instance of Azure Application Gateway v2 named AppGw1 that is connected to Subnet 1.

You need to move AppGw1 to Subnet2. The solution must minimize downtime.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 57

Task 1

You need to ensure that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure. The solution must ensure that the virtual machines on VNET1 and VNET2 can resolve the names of the virtual machines on either virtual network.

Options:

Answer:

See the Explanation below for step by step instructions.

Explanation:

To achieve the task of ensuring that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure, and that they can resolve the names of the virtual machines on either virtual network, you can follow these steps:

Step-by-Step Solution

Step 1: Create a Private DNS Zone

Navigate to the Azure Portal .

Search for “Private DNS zones” in the search bar and select it.

Click on “Create” .

Enter the DNS zone name as contoso.azure.

Select the appropriate subscription and resource group.

Click on “Review + create” and then “Create” .

Step 2: Link VNET1 and VNET2 to the DNS Zone

Go to the newly created DNS zone (contoso.azure).

Select “Virtual network links” from the left-hand menu.

Click on “Add” .

Enter a name for the link (e.g., VNET1-link).

Select the subs cription and virtual network (VNET1) .

Enable auto-registration to ensure that VMs are automatically registered in the DNS zone.

Click on “OK” .

Repeat the process for VNET2.

Step 3: Configure DNS Settings for VNET1 and VNET2

Navigate to VNET1 in the Azure P ortal.

Select “DNS servers” under the “Settings” section.

Ensure that the DNS server is set to “Default (Azure-provided)” .

Repeat the process for VNET2.

Step 4: Verify Name Resolution

Deploy a virtual machine in VNET1 and another in VNET2.

Connect to the v irtual machines using Remote Desktop Protocol (RDP) or Secure Shell (SSH).

Test name resolution by pinging the VM in VNET2 from the VM in VNET1 using its hostname (e.g., ping < VM-name > .contoso.azure).

Explanation

Private DNS Zone : This allows you to manage and resolve domain names in a private network without exposing them to the public internet.

Virtual Network Links : Linking VNET1 and VNET2 to the DNS zone ensures that VMs in these networks can register their DNS records automatically.

Auto-registration : This feature automatically registers the DNS records of VMs in the linked virtual networks, simplifying management.

DNS Settings : Using Azure-provided DNS ensures that the VMs can resolve each other’s names without additional configuration.

By following these steps, you ensure that virtual machines on VNET1 and VNET2 are included automatically in the DNS zone contoso.azure and can resolve each other’s names seamlessly.

Question 58

You have an Azure subscription that contains a web app named App1 and an Azure Web Application Firewall (WAF) on Azure Front Door instance named FD1. FD1 manages traffic for App1.

You solution high levels of traffic to App1, the traffic is detected and blocked automatically. The solution must minimize administrative effort.

What should you include in the solution?

Options:

an IP restriction rule

a WAF exclusion list

a bot protection rule set

a rate limiting rule

Question 59

You have an Azure subscription that contains two virtual machines.

You monitor traffic between the virtual machines by using NSG flow logs.

You have a network security group (NSG) flow log that has the following entries.

You need to identify the following metrics from the log entries:

• The total number of packets transferred between the virtual machines

• The total amount of bytes transferred between the virtual machines

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 60

Task 11

You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.

Options:

Answer:

See the Explanation below for step by step instructions.

Explanation:

To ensure that only hosts on VNET1 can access the slcnage42150372 storage account and that access occurs over the Azure backbone network, you can use Azure Private Endpoints . This method secures the connection by assigning a private IP address from your virtual network to the storage account, ensuring that traffic does not traverse the public internet.

Step-by-Step Solution

Step 1: Create a Private Endpoint for the Storage Account

Navigate to the Azure Portal .

Search for “Storage accounts” and select the slcnage42150372 storage account.

In the storage account blade , select “Networking” under the “Security + networking” section.

Under “Private endpoint connections” , click on “Add private endpoint” .

Enter the following details :

Name : Enter a name for the private endpoint (e.g., PrivateEndpoint-VNET1).

Region : Select the same region as your virtual network (VNET1).

Click on “Next: Resource” .

Step 2: Configure the Resource

Select “Target sub-resource” : Choose the storage service you want to connect to (e.g., blob, file, queue, table).

Click on “Next: Virtual network” .

Step 3: Select the Virtual Network and Subnet

Select the virtual n etwork : Choose VNET1.

Select the subnet : Choose the appropriate subnet within VNET1.

Click on “Next: Configuration” .

Step 4: Configure DNS Integration (Optional)

Configure DNS settings if needed to ensure proper name resolution within your virtual network.

Click on “Next: Tags” , add any tags if necessary, and then click on “Review + create” .

Review your settings and click on “Create” .

Step 5: Restrict Public Network Access

Navigate back to the storage account .

Select “Networking” under the “Security + networking” section.

Under “Firewalls and virtual networks” , select “Selected networks” .

Ensure that only VNET1 is listed under the virtual networks section.

Click on “Save” .

Explanation

Private Endpoints : These provide secure connectivity to Azure services by assigning a private IP address from your VNet to the service, ensuring that traffic stays wit hin the Azure backbone ne twork 1 2 .

Firewall and Virtual Networks : Configuring the storage account to allow access only from selected networks (VNET1) ensures that no other network can access the s torage account 3 .

By following these steps, you can ensure that only hosts on VNET1 can access the slcnage42150372 storage account, and that all access occurs over the secure Azure backbone network.

Load More AZ-700 Questions

Demo: 60 questions
Total 322 questions

Get AZ-700 Full Access Download AZ-700 PDF

Pre-Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Exam Practice Test

Designing and Implementing Microsoft Azure Networking Solutions Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options: