Microsoft AZ-700 Practice Test - Questions Answers, Page 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24.

Does this meet the goal?

You have a website that uses an FQDN of www.contoso.com. The DNS record for www. contoso.com resolves to an onpremises web server. You plan to migrate the website to an Azure web app named Web1. The website on Web1 will be published by using an Azure Front Door instance named ContosoFD1. You build the website on Web1.

You plan to configure ContosoFD1 to publish the website for testing.

When you attempt to configure a custom domain for www.contoso.com on ContosoFD1, you receive the error message shown in the exhibit. (Click the Exhibit tab.) You need to test the website and ContosoFD1 without affecting user access to the on-premises web server.

Which record should you create in the contoso.com DNS domain?

You have the Azure load balancer shown in the Load Balancer exhibit.

LB2 has the backend pools shown in the Backend Pools exhibit.

You need to ensure that LB2 distributes traffic to all the members of VMSS1.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You have an Azure virtual network that contains the subnets shown in the following table.

You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall. You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com. What should you do?

You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance. You need to configure the policy to meet the following requirements:

Log all connections from Australia.

Deny all connections from New Zealand.

Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute. What is the minimum number of objects you should create?

You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics.

Which two resources should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct answer selection is worth one point.

You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure.

You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an onpremises virtual machine. What should you use?

You have an Azure subscription that contains the following resources:

A virtual network named Vnet1

Two subnets named subnet1 and AzureFirewallSubnet A public Azure Firewall named FW1 A route table named RT1 that is associated to Subnet1 A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.

You need to ensure that the virtual machines can be activated.

What should you do?

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly. Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.

You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB. What should you include in the solution?