ExamGecko
Search Search Login
Home Home / Microsoft / AZ-700

Microsoft AZ-700 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have an Azure subscription that contains the route tables and routes shown in the following table. The subscription contains the subnets shown in the following table. The subscription contains the virtual machines shown in the following table. There is a Site-to-Site VPN connection to each local network gateway. For each of the following statements, select Yes of the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have art Azure subscription that contains the resources shown in the following table. You need to restrict access to storage1 and sqI1 by using service endpoints. The solution must meet the following requirements: * Allow access from Subnet1 to SQIDB1 * Implement service endpoint policies to restrict access to supported resources. * Allow access from Subnet1 to storage1 and the read-only replica of storage1 in the paired Azure region. What is the minimum number of service endpoints and service endpoint policies you should create? To answer, select the appropriate options m the answer area. NOTE: Each correct selection is worth one point.
You have two Azure App Service instances that host the web apps shown the following table. You deploy an Azure application gateway that has one public frontend IP address and two backend pools. You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers. What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. You have the NAT gateway shown in the NATgateway1 exhibit, (Click the NATgateway1 tab) You have the virtual machine shown in the VM1 exhibit, (Click the VM1 tab) Subnet1 is configured as shown in the Subnet1 exhibit, (Click the Subnet1 tab) For each of the following statements, select Yes if the statement is true. Otherwise, select No
HOTSPOT You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. You have the NAT gateway shown in the NATgateway1 exhibit. You have the virtual machine shown in the VM1 exhibit. Subnet1 is configured as shown in the Subnet1 exhibit. For each of the following statements, select Yes of the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements. Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure subscription that contains an app named Appl. App1 is hosted on the Azure App Service instances shown in the following table. You need to implement Azure Traffic Manager to meet the following requirements: • App1 traffic must be assigned equally to each App Service instance in each Azure region. • App1 traffic from North Europe must be routed to the Appl instances in the North Europe region. • App1 traffic from North America must be routed to the Appl instances in the East US Azure region.
You have an Azure subscription that contains a user named Admin1 and a resource group named RG1. RG1 contains an Azure Network Watcher instance named NW1. You need to ensure that Admin1 can place a lock on NW1. The solution must use the principle of least privilege. Which role should you assign to Admin1?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL of the application gateway. You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error. You need to ensure that the URL is accessible through the application gateway. Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24. Does this meet the goal?
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements. What should you use to configure the default route?

Question 81

Report
Export
Collapse

HOTSPOT

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements. What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 81
Correct answer: Question 81

Explanation:

Box 2: One NSG

The minimum requirement is one NSG. You could attach the NSG to VMScaleSet1 and restrict outbound traffic, or you could attach the NSG to VMScaleSet2 and restrict inbound traffic. Either way you would need two custom NSG rules. Box 1: Two custom rules

With the NSG attached to VMScaleSet2, you would need to create a custom rule blocking all traffic from VMScaleSet1. Then you would need to create another custom rule with a higher priority than the first rule that allows traffic on port 443.

The default rules in the NSG will allow all other traffic to VMScaleSet2.

Question 82

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table.

Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:

Priority: 100

Port: Any

Protocol: Any

Source: Any

Destination: Storage Action: Deny

You create a private endpoint that has the following settings:

Name: Private1

Resource type: Microsoft.Storage/storageAccounts

Resource: storage1

Target sub-resource: blob

Virtual network: Vnet1 Subnet: Subnet1

For each of the following statements, select Yes of the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 82
Correct answer: Question 82

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy

Question 83

Report
Export
Collapse

HOTSPOT

You have an Azure firewall shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.


Question 83
Correct answer: Question 83

Explanation:

Box 1:

If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet. Forced tunneling can only be enabled during the creation of the firewall. It cannot be enabled after the firewall has been deployed. Box 2:

The “Visit Azure Firewall Manager to configure and manage this firewall” link in the exhibit shows that the firewall is managed by Azure Firewall Manager.

Question 84

Report
Export
Collapse

HOTSPOT

You have an Azure application gateway named AppGW1 that provides access to the following hosts: www.adatum.com www.contoso.com www.fabrikam.com AppGW1 has the listeners shown in the following table.

You create Azure Web Application Firewall (WAF) policies for AppGW1 as shown in the following table.

For each of the following statements, select Yes of the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 84
Correct answer: Question 84

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/per-site-policies

Question 85

Report
Export
Collapse

HOTSPOT

You have the Azure App Service app shown in the App Service exhibit.

The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.

The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.

For each of the following statements, select Yes of the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 85
Correct answer: Question 85

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

Question 86

Report
Export
Collapse

DRAG DROP

You have an Azure virtual network named Vnet1 that connects to an on-premises network.

You have an Azure Storage account named storageaccount1 that contains blob storage.

You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:

Ensure that all on-premises users can access storageaccount1 through the private endpoint. Prevent access to storageaccount1 from being interrupted. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 86
Correct answer: Question 86

Explanation:

168.63.129.16 is the IP address of Azure DNS which hosts Azure Private DNS zones. It is only accessible from within a VNet which is why we need to forward on-prem DNS requests to the VM running DNS in the VNet. The VM will then forward the request to Azure DNS for the IP of the storage account private endpoint.

Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints

Question 87

Report
Export
Collapse

HOTSPOT

You have the Azure environment shown in the Azure Environment exhibit.

The settings for each subnet are shown in the following table.

The Firewalls and virtual networks settings for storage1 are configured as shown in the Storage1 exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 87
Correct answer: Question 87

Explanation:

Box 1: Yes

The firewall allows VNet1\Subnet1 through the service endpoint.

Box 2: No

The firewall does not allow VNet1\Subnet2 through the service endpoint.

Box 3: No

The firewall allows 132.124.53.0/26 which means it allows all IP addresses between 132.124.53.0 and 132.124.53.63. The public IP of VM3 is 132.124.53.76 which is outside the allowed range.

Question 88

Report
Export
Collapse

HOTSPOT

You have the network topology shown in the Topology exhibit. (Click the Topology tab.)

You have the Azure firewall shown in the Firewall 1 exhibit. (Click the Firewall tab.)

You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 88
Correct answer: Question 88

Question 89

Report
Export
Collapse

You have an Azure virtual network named Vnet1 and an on-premises network.

The on-premises network has policy-based VPN devices. In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.

You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.

You need to ensure that the on-premises network can connect to the route-based GW1. What should

you do before you create the connection?

A.
Set Use Azure Private IP Address to Enabled
A.
Set Use Azure Private IP Address to Enabled
Answers
B.
Set IPsec / IKE policy to Custom.
B.
Set IPsec / IKE policy to Custom.
Answers
C.
Set Connection Mode to ResponderOnly
C.
Set Connection Mode to ResponderOnly
Answers
D.
Set BGP to Enabled
D.
Set BGP to Enabled
Answers
Suggested answer: A

Question 90

Report
Export
Collapse

You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?

A.
Azure Virtual Network NAT
A.
Azure Virtual Network NAT
Answers
B.
virtual network peering
B.
virtual network peering
Answers
C.
service endpoints
C.
service endpoints
Answers
D.
private endpoints
D.
private endpoints
Answers
Suggested answer: A
Total 236 questions
Go to page: of 24
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms