Microsoft AZ-700 Practice Test - Questions Answers, Page 22

You have two Azure virtual networks named VNet1 and VNet2 that are peered with each other. VNet1 hosts 10 virtual machines that contain web servers. VNet2 hosts five virtual machines that contain database servers.

You need to configure a security solution that meets the following requirements:

* Ensures that the database servers can accept connections only from the web servers

* Ensures that the web servers can initiate connections only to the database servers

* Ensures that all network security groups (NSGs) are associated only with subnets

* Use application security groups to implement the solution

What is the minimum number of application security groups required?

HOTSPOT

You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You plan to deploy Azure virtual machines and Azure Bastion to VNet1.

You need to recommend an IP subnetting configuration for VNet1. The solution must maximize the number of IP addresses that can be assigned to the virtual machines

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an Azure Virtual Desktop host pool named Pool1.

You need to implement Azure Firewall and TLS inspection for all the outbound traffic from Pool1.

Which two resources should you configure? Each correct answer present part of the solution.

NOTE: Each correct answer is worth one point

DRAG DROP

You have two on-premises datacenters.

You have an Azure subscription that contains four virtual networks named VNet1 VNet2, VNet3, and VNet4

You create an Azure virtual WAN named VWAN1. VWAN1 contains a single virtual hub that is connected to both on-premises datacenters and all the virtual networks in a full mesh topology.

You create a route table named RT1.

You need to configure VWAN1 to meet the following requirements:

* Connectivity between VNet1 and VNet2 and both on-premises datacenters must be allowed.

* Connectivity between VNet3 and VNet4 and both on-premises datacenters must be allowed.

* VNet1 and VNet2 must be isolated from VNet3 and VNet4.

How should you configure routing for VNet1 and VNet2 and for both on-premises datacenters? To answer, drag the appropriate route tables and route table propagation to the correct requirements. Each route table and route table propagation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

DRAG DROP

Your on-premises network uses an IP address space of 10.0.0.0/20.

You have an Azure subscription that contains the resources shown in the following table.

The on-premises network is connected to HubVnet by using a Site-to-Site (S2S) VPN.

You deploy an Azure firewall named AZFW1 to HubVNet.

You need to ensure that AZFW1 can inspect all the traffic between the on-premises network and SpokeVNet.

What should you do in RT1? To answer, drag the appropriate destination to the correct route. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

DRAG DROP

You have an Azure Web Application Firewall (WAF) v2 tier named AG1 on an Azure application gateway. AG1 has a policy named Policy 1.

You need to add a custom rule to Policy 1. The rule must block all requests from IP addresses in a specific IP address range.

Which four PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFW1. You plan to enable the following:

* TLS inspection

* Threat intelligence

* A network intrusion detection and prevention system (IDPS)

What can you enable by using AzFW1?

You have an on-premises DNS server named Server1 that hosts a primary DNS zone named fabrikam.com.

You have an Azure subscription that contains the resources shown in the following table.

Users on the on-premises network access resources on all the virtual networks by using a Site-to-Site (S2S) VPN. You need to deploy an Azure DNS Private Resolver solution that meets the following requirements:

* Resources connected to the virtual networks must be able to resolve DNS names for fabrikam.com.

* Server1 must be able to resolve the DNS names of the resources in contoso.com.

* The solution must minimize costs and administrative effort.

What is the minimum number of resolvers you should deploy?

HOTSPOT

You have two Azure subscriptions.

You need to perform the following actions in the East US Azure region of each subscription:

* Deploy 50 virtual machines to availability zone 1.

* Deploy 50 virtual machines to availability zone 2.

* Deploy 50 virtual machines to availability zone 3.

What is the minimum number of virtual networks and /25 subnets you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.