ExamGecko
Search Search Login
Home Home / Microsoft / AZ-700

Microsoft AZ-700 Practice Test - Questions Answers, Page 17

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have an Azure subscription that contains the route tables and routes shown in the following table. The subscription contains the subnets shown in the following table. The subscription contains the virtual machines shown in the following table. There is a Site-to-Site VPN connection to each local network gateway. For each of the following statements, select Yes of the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have art Azure subscription that contains the resources shown in the following table. You need to restrict access to storage1 and sqI1 by using service endpoints. The solution must meet the following requirements: * Allow access from Subnet1 to SQIDB1 * Implement service endpoint policies to restrict access to supported resources. * Allow access from Subnet1 to storage1 and the read-only replica of storage1 in the paired Azure region. What is the minimum number of service endpoints and service endpoint policies you should create? To answer, select the appropriate options m the answer area. NOTE: Each correct selection is worth one point.
You have two Azure App Service instances that host the web apps shown the following table. You deploy an Azure application gateway that has one public frontend IP address and two backend pools. You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers. What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. You have the NAT gateway shown in the NATgateway1 exhibit, (Click the NATgateway1 tab) You have the virtual machine shown in the VM1 exhibit, (Click the VM1 tab) Subnet1 is configured as shown in the Subnet1 exhibit, (Click the Subnet1 tab) For each of the following statements, select Yes if the statement is true. Otherwise, select No
HOTSPOT You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. You have the NAT gateway shown in the NATgateway1 exhibit. You have the virtual machine shown in the VM1 exhibit. Subnet1 is configured as shown in the Subnet1 exhibit. For each of the following statements, select Yes of the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements. Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure subscription that contains an app named Appl. App1 is hosted on the Azure App Service instances shown in the following table. You need to implement Azure Traffic Manager to meet the following requirements: • App1 traffic must be assigned equally to each App Service instance in each Azure region. • App1 traffic from North Europe must be routed to the Appl instances in the North Europe region. • App1 traffic from North America must be routed to the Appl instances in the East US Azure region.
You have an Azure subscription that contains a user named Admin1 and a resource group named RG1. RG1 contains an Azure Network Watcher instance named NW1. You need to ensure that Admin1 can place a lock on NW1. The solution must use the principle of least privilege. Which role should you assign to Admin1?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL of the application gateway. You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error. You need to ensure that the URL is accessible through the application gateway. Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24. Does this meet the goal?
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements. What should you use to configure the default route?

Question 161

Report
Export
Collapse

DRAG DROP

You have an Azure subscription that contains the resources shown in the following table.

You need to associate Gateway 1 with Subnet1. The solution must minimize downtime on VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 161
Correct answer: Question 161

Explanation:

Diassociate PIP1 from NIC1.

Change Assignment to Dynamic for PIP1.

Associate PIP1 to NIC1.


Question 162

Report
Export
Collapse

HOTSPOT

You have an Azure application gateway.

You need to create a rewrite rule that will remove the origin port from the HTTP header of incoming requests that are being forwarded to the backend pool.

How should you configure each setting? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 162
Correct answer: Question 162

Question 163

Report
Export
Collapse

HOTSPOT

Your on-premises network contains the subnets shown in the following table.

The network contains a firewall named FW1 that uses a public IP address of 131.107.100.200.

You have an Azure subscription that contains the resources shown in the following table.

You plan to configure a Site-to-Site (S2S) VPN named VPN1 that will connect GW1 to FW1.

You need to configure LNG1 to support VPN1. The solution must meet the following requirements:

* Ensure that the resources on Subnet1 and Subnet2 can communicate with the resources on VNe1l.

* Minimize administrative effort.

How should you configure LNG1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 163
Correct answer: Question 163

Question 164

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.

You need to configure a rate limit for incoming requests to AFD1.

Solution: You configure a managed rule for WAF1.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Question 165

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.

You need to configure a rate limit for incoming requests to AFD1.

Solution: You modify the policy settings of WAF1.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Question 166

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAFT.

You need to configure a rate limit for incoming requests to AFD1.

Solution: You configure a custom rule for WAF1.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Question 167

Report
Export
Collapse

LAB 1

You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.

You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.

A.
See the Explanation below for step by step instructions
A.
See the Explanation below for step by step instructions
Answers
Suggested answer: A

Explanation:

To deploy a firewall to subnetl-2, you need to create a network virtual appliance (NVA) in the same virtual network as subnetl-2.An NVA is a virtual machine that performs network functions, such as firewall, routing, or load balancing1.

To create an NVA, you need to create a virtual machine in the Azure portal and select an image that has the firewall software installed.You can choose from the Azure Marketplace or upload your own image2.

To assign the IP address of 10.1.2.4 to the NVA, you need to create a static private IP address for the network interface of the virtual machine.You can do this in the IP configurations settings of the network interface3.

To ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the NVA, you need to create a user-defined route (UDR) table and associate it with subnetl-1.A UDR table allows you to override the default routing behavior of Azure and specify custom routes for your subnets4.

To create a UDR table, you need to go to the Route tables service in the Azure portal and select + Create.You can give a name and a resource group for the route table5.

To create a custom route, you need to select Routes in the route table and select + Add.You can enter the following information for the route5:

Destination: 192.168.10.0/24

Next hop type: Virtual appliance

Next hop address: 10.1.2.4

To associate the route table with subnetl-1, you need to select Subnets in the route table and select + Associate.You can select the virtual network and subnet that you want to associate with the route table5.

Question 168

Report
Export
Collapse

LAB 2

You need to create an Azure Firewall instance named FW1 that meets the following requirements:

* Has an IP address from the address range of 10.1.255.0/24

* Uses a new Premium firewall policy named FW-pohcy1

* Routes traffic directly to the internet

A.
See the Explanation below for step by step instructions
A.
See the Explanation below for step by step instructions
Answers
Suggested answer: A

Explanation:

To create an Azure Firewall instance, you need to go to the Azure portal and select Create a resource. Type firewall in the search box and press Enter.Select Firewall and then select Create1.

To assign an IP address from the address range of 10.1.255.0/24 to the firewall, you need to select a public IP address that belongs to that range.You can either create a new public IP address or use an existing one1.

To use a new Premium firewall policy named FW-policy1, you need to select Premium as the Firewall tier and create a new policy with the name FW-policy12.A Premium firewall policy allows you to configure advanced features such as TLS Inspection, IDPS, URL Filtering, and Web Categories3.

To route traffic directly to the internet, you need to enable SNAT (Source Network Address Translation) for the firewall.SNAT allows the firewall to use its public IP address as the source address for outbound traffic4.

Question 169

Report
Export
Collapse

LAB 3

You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.

You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.

A.
See the Explanation below for step by step instructions
A.
See the Explanation below for step by step instructions
Answers
Suggested answer: A

Explanation:

Here are the steps and explanations for creating a policy that can be linked to the planned application gateway and block connections from IP addresses in the 131.107.150.0/24 range:

To create a policy, you need to go to the Azure portal and selectCreate a resource.Search forWAF, selectWeb Application Firewall, then selectCreate1.

On theCreate a WAF policypage,Basicstab, enter or select the following information and accept the defaults for the remaining settings:

Policy for: Regional WAF (Application Gateway)

Subscription: Select your subscription name

Resource group: Select your resource group

Policy name: Type a unique name for your WAF policy

On theCustom rulestab, selectAdd a ruleto create a custom rule that blocks connections from IP addresses in the 131.107.150.0/24 range2. Enter or select the following information for the custom rule:

Rule name: Type a unique name for your custom rule

Priority: Type a number that indicates the order of evaluation for this rule

Rule type: Select Match rule

Match variable: Select RemoteAddr

Operator: Select IPMatch

Match values: Type 131.107.150.0/24

Action: Select Block

On theReview + createtab, review your settings and selectCreateto create your WAF policy1.

To link your policy to the planned application gateway, you need to go to theApplication Gatewayservice in the Azure portal and select your application gateway3.

On theWeb application firewalltab, select your WAF policy from the drop-down list and selectSave

Question 170

Report
Export
Collapse

LAB 4

You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.

A.
See the Explanation below for step by step instructions
A.
See the Explanation below for step by step instructions
Answers
Suggested answer: A

Explanation:

Here are the steps and explanations for ensuring that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name stor-age34280945.pnvatelinlcblob.core.windows.net:

To allow access from a specific IP address range, you need to configure the Azure Storage firewall and virtual network settings for your storage account.You can do this in the Azure portal by selecting your storage account and then selecting Networking under Settings1.

On the Networking page, select Firewalls and virtual networks, and then select Selected networks under Allow access from1. This will block all access to your storage account except from the networks or resources that you specify.

Under Firewall, select Add rule, and then enter 10.1.1.0/24 as the IP address or range.You can also enter an optional rule name and description1. This will allow access from any IP address in the 10.1.1.0/24 range.

Select Save to apply your changes1.

To map a custom domain name to your storage account, you need to create a CNAME record with your domain provider that points to your storage account endpoint2. A CNAME record is a type of DNS record that maps a source domain name to a destination domain name.

Sign in to your domain registrar's website, and then go to the page for managing DNS settings2.

Create a CNAME record with the following information2:

Source domain name: stor-age34280945.pnvatelinlcblob.core.windows.net

Destination domain name: stor-age34280945.pnvatelinlcblob.core.windows.net

Save your changes and wait for the DNS propagation to take effect2.

To register the custom domain name with Azure, you need to go back to the Azure portal and select your storage account.Then select Custom domain under Blob service2.

On the Custom domain page, enter stor-age34280945.pnvatelinlcblob.core.windows.net as the custom domain name and select Save2.

Total 236 questions
Go to page: of 24
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms