AZ 700
Your company has an on-premises network and three Azure subscriptions named Subscription1, Subscription2, and Subscription3.The departments at the company use the Azure subscriptions as shown in the following table. [IMAGE] All the resources in the subscriptions are in either the West US Azure region or the West US 2 Azure region.You plan to connect all the subscriptions to the on-premises network by using ExpressRoute.What is the minimum number of ExpressRoute circuits required?
1
You have an Azure subscription.You plan to implement Azure Virtual WAN as shown in the following exhibit. [IMAGE] What is the minimum number of route tables that you should create?
2
You have two Azure virtual networks in the East US Azure region as shown in the following table. Name: IP address space Vnet1 192.168.0.0/20 Vnet2 10.0.0.0/20 The virtual networks are peered to one another. Each virtual network contains four subnets. You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks. What is the minimum number of IP addresses that you must assign to VM1?
2
You have an Azure subscription that contains the resources shown in the following table. [IMAGE] You plan to deploy an Azure Virtual Network NAT gateway named Gateway1. The solution must meet the following requirements: • VM1 will access the internet by using its public IP address. • VM2 will access the internet by using its public IP address. • Administrative effort must be minimized. You need to ensure that you can deploy Gateway1 to Vnet1. What is the minimum number of subnets required on Vnet1?
4
HOTSPOT - You have an Azure Front Door instance that provides access to a web app. The web app uses a hostname of www.contoso.com.You have the routing rules shown in the following table. [IMAGE] Which rule will apply to each incoming request? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one pointHot Area:
ANSWER AREA www.contoso.com/abc/def: RuleA www.contoso.com/default.htm: RuleC www.contoso.com/abc/def/default.htm: RuleD
DRAG DROP You have an Azure subscription that contains the resources shown in the following table. [IMAGE] The IP Addresses settings for Vnet1 are configured as shown in the exhibit. [IMAGE] You need to ensure that you can integrate WebApp1 and Vnet1.Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: [IMAGE]
Actions: Create a service endpoint Add a private endpoints Answer Area: Modify the address space of Vnet1 Deploy a VPN gateway Configure a Point-to-Site (P2S) VPN
DRAG DROP - You register a DNS domain with a third-party registrar. You need to host the DNS zone on Azure.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:
Actions: Identify the IP addresses of the name servers Modify the SOA records for the domain Answer Area: Create public DNS zone Identify the FQDNS of the name servers Modify the NS records for the domain
DRAG DROP - You have three on-premises sites. Each site has a third-party VPN device. You have an Azure virtual WAN named VWAN1 that has a hub named Hub1. Hub1 connects two of the three on-premises sites by using a Site-to-Site VPN connection. You need to connect the third site to the other two sites by using Hub1. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
Actions: In a Hub1, create a VPN gateway Answer Area: In a Hub1, create a VPN site In a Hub1, create a connection to the VPN site Download the VPN configuration file from VWAN1 Configure the VPN device.
You have an Azure application gateway named AGW1 that has a routing rule named Rule1. Rule 1 directs traffic for http://www.contoso.com to a backend pool named Pool1. Pool1 targets an Azure virtual machine scale set named VMSS1. You deploy another virtual machine scale set named VMSS2. You need to configure AGW1 to direct all traffic for http://www.adatum.com to VMSS2. The solution must ensure that requests to http://www.contoso.com continue to be directed to Pool1. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Add a backend pool Add a listener. Add a rule.
You have an Azure Virtual Desktop deployment that has 500 session hosts. All outbound traffic to the internet uses a NAT gateway. During peak business hours, some users report that they cannot access internet resources. In Azure Monitor, you discover many failed SNAT connections. You need to increase the available SNAT connections. What should you do?
Add a public IP address
You have an Azure subscription that contains the following resources: A virtual network named Vnet1 Two subnets named subnet1 and AzureFirewallSubnet A public Azure Firewall named FW1 A route table named RT1 that is associated to Subnet1 A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
Add an internet route to RT1 for the Azure Key Management Service (KMS).
DRAG DROP - You have Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection. You are implementing peering between Hub1 and Spoke1. You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1. How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.Select and Place:
AllowGatewayTransit UseRemoteGateways
HOTSPOT - You have an Azure subscription that contains a single virtual network and a virtual network gateway.You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD).What should you configure? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Hot Area: Azure AD Configuration: P2S VPN Tunnel Type:
Azure AD Configuration: an enterprise application P2S VPN Tunnel Type: Open VPN (SSL)
You plan to deploy Azure virtual network.You need to design the subnets. Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Azure Bastion Azure Application Gateway v2 VPN gateway
You have an Azure subscription that contains an Azure App Service app. The app uses a URL of https://www.contoso.com. You need to use a custom domain on Azure Front Door for www.contoso.com. The custom domain must use a certificate from an allowed certification authority(CA). What should you include in the solution?
Azure Key Vault
Your company has 40 branch offices that are linked by using a Software-Defined Wide Area Network (SD-WAN). The SD-WAN uses BGP. You have an Azure subscription that contains 20 virtual networks configured as a hub and spoke topology. The topology contains a hub virtual network named Vnet1. The virtual networks connect to the SD-WAN by using a network virtual appliance (NVA) in Vnet1. You need to ensure that BGP route advertisements will propagate between the virtual networks and the SD-WAN. The solution must minimize administrative effort. What should you implement?
Azure Route Server
You are configuring two network virtual appliances (NVAs) in an Azure virtual network. The NVAs will be used to inspect all the traffic within the virtual network. You need to provide high availability for the NVAs. The solution must minimize administrative effort. What should you include in the solution?
Azure Standard Load Balancer
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports. You install App1 on 10 Azure virtual machines. You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules. What should you include in the solution?
Azure Standard Load Balancer that has high availability (HA) ports enabled
You have an Azure subscription mat contains tour virtual networks named VNet1, VNet2, VNet3, and VNet4. You plan to deploy a hub and spoke topology by using virtual network peering. You need to configure VNet1 as the hub network. The solution must meet the following requirements: • Support transitive routing between spokes .• Maximize network throughput. What should you include in the solution?
Azure VPN Gateway
You have an Azure subscription that contains the resources shown in the following table. [IMAGE] You create a virtual network named Vnet2 in the West US region. You plan to enable peering between Vnet1 and Vnet2. You need to ensure that the virtual machines connected to Vnet2 can connect to VM1 and VM2 via LB1. What should you do?
Change the SKU of LB1.
You have an Azure application gateway configured for a single website that is available at https://www.contoso.com. The application gateway contains one backend pool and one rule. The backend pool contains two backend servers. Each backend server has an additional website that is available on port 8080 .You need to ensure that if port 8080 is unavailable on a backend server, all the traffic for https://www.contoso.com is redirected to the other backend server. What should you do?
Create a health probe
HOTSPOT -Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20. Vnet1 contains a subnet named Subnet1 that uses anIP address space of 192.168.0.0/24. You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48. You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:
Create an IPV6 subnet that uses a CIDR suffix of: /64 For each virtual machine, create an additional: IP Configuration
SIMULATION- [IMAGE] Username and password- Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected] Password: xxxxxxxxxx If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall1. The on-premises network has the following configuration: • internal address range: 10.10.0.0/16 • Firewall1 internal IP address: 10.10.1.1 • Firewall public IP address: 131.107.50.60 BGP is NOT used. You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task. To complete this task, sign in to the Azure portal.
Create local network gateway Under "Basics" tab Subscription: Content development Resource group: TestRG1 Instance details Region: East US Name: Site1 Endpoint: IP Address IP Address: 4.3.2.1 Address Space: 20.0.0.0/24 When you finished specifying the values, select Review+create at the bottom of the page to validate the page Select Create to create the local network gateway object
Your company has five offices. Each office has a firewall device and a local internet connection. The offices connect to a third-party SD-WAN. You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains a virtual network gateway named Gateway1. Each office connects to Gateway1 by using a Site-to-Site VPN connection. You need to replace the third-party SD-WAN with an Azure Virtual WAN. What should you include in the solution?
Delete Gateway1
You have an internal Basic Azure Load Balancer named LB1 that has two frontend IP addresses. The backend pool of LB1 contains two Azure virtual machines named VM1 and VM2. You need to configure the rules on LB1 as shown in the following table. [IMAGE] What should you do for each rule?
Enable Floating IP.
Your company has offices in New York and Amsterdam. The company has an Azure subscription. Both offices connect to Azure by using a Site-to-Site VPN connection.The office in Amsterdam uses resources in the North Europe Azure region. The office in New York uses resources in the East US Azure region.You need to implement ExpressRoute circuits to connect each office to the nearest Azure region. Once the ExpressRoute circuits are connected, the on-premises computers in the Amsterdam office must be able to connect to the on-premises servers in the New York office by using the ExpressRoute circuits.Which ExpressRoute option should you use?
ExpressRoute Global Reach
Your company has a single on-premises datacenter in Washington DC. The East US Azure region has a peering location in Washington DC.The company only has Azure resources in the East US region.You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.Which type of ExpressRoute circuits should you create?
ExpressRoute Local
HOTSPOT - You have on-premises datacenters in New York and Seattle.You have an Azure subscription that contains the ExpressRoute circuits shown in the following table. You need to ensure that all the data sent between the datacenters is routed via the ExpressRoute circuits. The solution must minimize costs.How should you configure the network? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
ExpressRoute configuration: Global Reach Peering: Private
You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone. Vnet1 connects to an on-premises datacenter by using ExpressRoute. You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
For FW1, enable DNS proxy On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.
DRAG DROP- Your on-premises network contains an Active Directory Domain Services (AD DS) domain named contoso.com that has an internal certification authority (CA). You have an Azure subscription.You deploy an Azure application gateway named AppGwy1 and perform the following actions: • Configure an HTTP listener • Associate a routing rule with the listener You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
From AppGwy1, create a frontend IP Configuration From AppGwy1, create an SSL profile From an on-premises computer, upload a certificate to AppGwy1. From AppGwy1, add an HTTP listener and associate the listener to the SSL profile.
HOTSPOT-You have an Azure virtual network and an on-premises datacenter that connect by using a Site-to-Site VPN tunnel.You need to ensure that all traffic from the virtual network to the internet is routed through the datacenter.How should you complete the PowerShell script to configure forced tunneling? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. [IMAGE]
Get-AzLocalNetworkGateway Set-AzVirtualNetworkGatewayDefaultSite
You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network.You need to troubleshoot what prevents you from establishing the IP sec tunnel.Which diagnostic log should you review?
IKEDiagnosticLog
VM1 is a virtual machine that has an instance-level public IP address (ILPIP). Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool. NAT Gateway uses a public IP address named IP3 that is associated to SubnetA. VNet1 has a virtual network gateway that has a public IP address named IP4. When initiating outbound traffic to the internet from VM1, which public address is used?
IP3
You have an Azure subscription that contains the public IP addresses shown in the following table. [IMAGE] You plan to deploy a NAT gateway named NAT1. Which public IP addresses can be used as the public IP address for NAT1?
IP3 only
You have an Azure subscription that contains the public IPv4 addresses shown in the following table [IMAGE] You plan to create a load balancer named LB1 that will have the following settings: ✑ Name: LB1 ✑ Location: West US ✑ Type: Public ✑ SKU: Standard Which public IPv4 addresses can be used by LB1?
IP3 only
HOTSPOT- You have two Azure App Service instances that host the web apps shown the following table. [IMAGE] You deploy an Azure 2 that has one public frontend IP address and two backend pools. You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers. What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
Listeners: 2 Routing rules: 2
HOTSPOT - You have two Azure virtual networks named VNet1 and VNet2 in an Azure region that has three availability zones. You deploy 12 virtual machines to each virtual network, deploying four virtual machines per zone. The virtual machines in VNet1 host an app named App1. The virtual machines in VNet2 host an app named App2. You plan to use Azure Virtual Network NAT to implement outbound connectivity for App1 and App2. You need to identify the minimum number of subnets and Virtual Network NAT instances required to meet the following requirements: ✑ A failure of two zones must NOT affect the availability of either App1 or App2. ✑ A failure of two zones must NOT affect the outbound connectivity of either App1 or App2. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:
Minimum number of subnets: 2 Minimum number of Virtual Network NAT instances:2
HOTSPOT-Your on-premises network contains a VPN device.You have an Azure subscription that contains a virtual network and a virtual network gateway.You need to create a Site-to-Site VPN connection that has a custom cryptographic policy.How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. [IMAGE]
New-AzIpsecPolicy New-AzVirtualNetworkGatewayConnection
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have two Azure virtual networks named Vnet1 and Vnet2. You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2.Solution: You reset the gateway of Vnet1. Does this meet the goal?
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL of the application gateway. You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error. You need to ensure that the URL is accessible through the application gateway from any IP address. Solution: You configure a custom cookie and an exclusion rule. Does this meet the goal?
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have two Azure virtual networks named Vnet1 and Vnet2. You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You resize the gateway of Vnet1 to a larger SKU. Does this meet the goal?
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have two Azure virtual networks named Vnet1 and Vnet2.You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2.Solution: You enable BGP on the gateway of Vnet1. Does this meet the goal?
No
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL of the application gateway.You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error. You need to ensure that the URL is accessible through the application gateway from any IP address. Solution: You add a rewrite rule for the host header. Does this meet the goal?
No
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements. Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
On the peering from Vnet1, select Allow for Traffic forwarded from remote virtual network. On the peerings from Vnet2 and Vnet3, select Use the remote virtual network's gateway or Route Server.
You have a hub-and-spoke topology. The topology includes multiple on-premises locations that connect to a hub virtual network in Azure via ExpressRoute circuits. You have an Azure Application Gateway named GW1 that provides a single point of ingress from the internet. You plan to migrate the hub-and-spoke topology to Azure Virtual WAN. You need to identify which changes must be applied to the existing topology. The solution must ensure that you maintain a single point of ingress from the internet. Which three changes should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Replace the user-defined routes used by the current topology. Create virtual network connections. Remove the existing virtual network peerings.
Your company has four branch offices and an Azure subscription. The subscription contains an Azure VPN gateway named GW1. The branch offices are configured as shown in the following table. [IMAGE] The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1. The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources. You need to ensure that the Branch1 users can connect to the Azure resources. The solution must meet the following requirements: • Minimize downtime for all users. • Minimize administrative effort. What should you do first?
Reset Connection1.
HOTSPOT - You need to connect an on-premises network and an Azure environment. The solution must use ExpressRoute and support failing over to a Site-to-Site VPN connection if there is an ExpressRoute failure.What should you configure? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Hot Area: Routing type: [Choices] Number of virtual network gateways: [Choices]
Routing type: Route-based Number of virtual network gateways: 1
You have an Azure virtual network named Vnet1 and an on-premises network. The on-premises network has policy-based VPN devices.In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit. You need to ensure that the on-premises network can connect to the route-based GW1.What should you do before you create the connection?
Set IPsec / IKE policy to Custom.
Answer Area: The resources in Subnet1 can connect to the internet through Firewall1 The resource in Subnet1 can connect to the resources in Vnet2 The resources in Subnet2 can connect to the internet through Firewall1
The resources in Subnet1 can connect to the internet through Firewall1 [YES] The resource in Subnet1 can connect to the resources in Vnet2 [YES] The resources in Subnet2 can connect to the internet through Firewall1 [NO]
HOTSPOT - You have the hybrid network shown in the Network Diagram exhibit. [IMAGE] You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit. [IMAGE] You have a peering connection between Vnet1 and Vnet3 as shown in the Peering-Vnet1-Vnet3 exhibit. [IMAGE] For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:
Statements: The resources in Vnet2 can communicate with the resources in Vnet1 [YES] The resources in Vnet2 can communicate with the resources in Vnet3 [NO] The resources in Vnet2 can communicate with the resources in the on-premises network [NO]
SIMULATION- Username and password -Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected] Azure Password: xxxxxxxxxx -If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 -You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2. To complete this task, sign in to the Azure portal.
Step1: In search box at the top of the Azure portal, look for VNET2. When VNET 2 appears in the search results, select it Step2: Under settings, select Peerings, and then select + Add, as shown in the following picture Step3: Enter/Select the following information, accept the defaults for the remaining settings, and then select Add. *Virtual network - select VNET1 for the name of the remote virtual network Step4: In the peerings page, the Peering status is Connected. Step5: Repeat steps 1 to 4, but in Step 3 add VNET3 instead of VNET1
HOTSPOT - You have the Azure App Service app shown in the App Service exhibit. The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit. The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: Subnet2 can contain only App service in the ASP1 App Service Plan As12 will use an IP address from Subnet2 for network communications Computers in Vnet1 will connect to a private IP address when they connect to As12
Subnet2 can contain only App service in the ASP1 App Service Plan [YES] As12 will use an IP address from Subnet2 for network communications [NO] Computers in Vnet1 will connect to a private IP address when they connect to As12 [YES]
STATEMENTS: To add VM4 to LB1, you must create a new backend pool VM1 is connected to Vnet2 Connections to HTTPS://10.3.0.7 will be load balanced between VM1, VM2, and VM3
To add VM4 to LB1, you must create a new backend pool [NO] VM1 is connected to Vnet2 [YES] Connections to HTTPS://10.3.0.7 will be load balanced between VM1, VM2, and VM3 [NO]
STATEMENTS: Traffic from VM2 to the internet is routed through the New-York Site-to-Site VPN Connection Traffic from Vm1 to Vm2 is routed through the New-York Site-to-Site VPN connection Traffic from VM1 to the internet is routed through the New-York Site-to-Site VPN connection
Traffic from VM2 to the internet is routed through the New-York Site-to-Site VPN Connection [NO] Traffic from Vm1 to Vm2 is routed through the New-York Site-to-Site VPN connection [NO] Traffic from VM1 to the internet is routed through the New-York Site-to-Site VPN connection [YES]
HOTSPOT - You have an Azure Traffic Manager parent profile named TM1. TM1 has two child profiles named TM2 and TM3. TM1 uses the performance traffic-routing method and has the endpoints shown in the following table. [IMAGE] TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table. [IMAGE] TM3 uses priority traffic-routing method and has the endpoints shown in the following table. [IMAGE] The App2, App4, and App6 endpoints have a degraded monitoring status.To which endpoint is traffic directed? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one pointHot Area:
Traffic from West Europe: App1 Traffic from West US: App3
ANSWER AREA: Statements: Updating the IP Address configurations of VM5 to use a DNS server address of 10.4.0.2 will enable the virtual machine to resolve app1.fabrikam.com Enabling a virtual network link for Vnet3 in the Fabrikam.com DNS zone will enable VM5 to resolve app1.fabrikam.com Adding an A record for app1.fabrikam.com to the fabrikam.com DNS zone will enable VM5 to resolve app1.fabrikam.com
Updating the IP Address configurations of VM5 to use a DNS server address of 10.4.0.2 will enable the virtual machine to resolve app1.fabrikam.com [YES] Enabling a virtual network link for Vnet3 in the Fabrikam.com DNS zone will enable VM5 to resolve app1.fabrikam.com [YES] Adding an A record for app1.fabrikam.com to the fabrikam.com DNS zone will enable VM5 to resolve app1.fabrikam.com [NO]
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption. You configure the listener for HTTPS by uploading an enterprise-signed certificate. You need to ensure that the application gateway can provide end-to-end encryption for App1. What should you do?
Upload the public key certificate to the HTTP settings.
HOTSPOT -| You have the Azure environment shown in the exhibit. [IMAGE] You have virtual network peering between Vnet1 and Vnet2. You have virtual network peering between Vnet4 and Vnet5. The virtual network peering is configured as shown in the following table. [IMAGE] For each of the following statements, select Yes if the statement is true. Otherwise, select No.Hot Area:
VM1 and VM4 can communicate [YES] VM2 and VM4 can communicate [YES] VM1 and VM5 can communicate [NO]
STATEMENTS: VM1 can communicate outbound by using NATgateway1 The virtual machines in Subnet2 communicate outbound by using NATgateway1 All virtual machines that use NATgateway1 to connect to the internet use the same public IP address
VM1 can communicate outbound by using NATgateway1 [NO] The virtual machines in Subnet2 communicate outbound by using NATgateway1 [YES] All virtual machines that use NATgateway1 to connect to the internet use the same public IP address [NO]
HOTSPOT -You have the Azure environment shown in the following exhibit. [IMAGE] Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area: VM1 can communicate with (answer choice): VM2 can communicate with (answer choice):
VM1 can communicate with (answer choice): the on-premises datacenter & vm2 only VM2 can communicate with (answer choice):the on-premises datacenter, vm1, & vm3 only
HOTSPOT - You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table. The links have auto registration enabled. You create the virtual machines shown in the following table. You manually add the following entry to the contoso.com zone: ✑ Name: VM1 IP address: 10.1.10.9 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.Hot Area:
VM2 will resolve vm1.contoso.com to 10.1.10.10 [NO] Deleting VM1 will delete all VM1 records automatically [NO] Changing the IP address of VM3 will update the DNS record of VM3 automatically [NO]
HOTSPOT -You have the Azure resources shown in the following table. [IMAGE] WebApp1 uses the Standard pricing tier. You need to ensure that WebApp1 can access the virtual machines deployed to Vnet1\Subnet1 and Vnet2\Subnet1. The solution must minimize costs. What should you create in each virtual network? To answer, select the appropriate options in the answer area. Hot Area: [IMAGE] VNET1: VNET2:
VNET1: An additional subnect VNET2: A VPN gateway
HOTSPOT -You are planning an Azure solution that will contain the following types of resources in a single Azure region :✑ Virtual machine ✑ Azure App Service ✑ Virtual Network gateway ✑ Azure SQL Managed Instance App Service and SQL Managed Instance will be delegated to create resources in virtual networks. You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:
Virtual Networks: 1 Subnets: 4
HOTSPOT -You have an Azure subscription.You have the on-premises sites shown the following table. [IMAGE] You plan to deploy Azure Virtual WAN.You are evaluating Virtual WAN Basic and Virtual WAN Standard.Which type of Virtual WAN can you use for each site? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Hot Area: Virtual WAN Basic: Virtual WAN Standard:
Virtual WAN Basic: Site2 only Virtual WAN Standard: Site1, Site2, and Site3
HOTSPOT - You plan to deploy Azure Virtual WAN.You need to deploy a virtual WAN hub that meets the following requirements: ✑ Supports 10 sites that will connect to the virtual WAN hub by using a Site-to-Site VPN connection ✑ Supports 8 Gbps of ExpressRoute traffic ✑ Minimizes costs What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:
Virtual WAN type: Standard Number of scale units: 4
Statements: Vnet1 can be moved to RG3 Three hundred virtual machines can be deployed to the EAST US Azure region A new virtual network named Vnet2 can be created in RG2 in the EAST US Azure region..
Vnet1 can be moved to RG3 [YES] Three hundred virtual machines can be deployed to the EAST US Azure region [NO] A new virtual network named Vnet2 can be created in RG2 in the EAST US Azure region.. [NO]
You have an Azure subscription that contains the virtual networks shown in the following table. [IMAGE] You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.To which virtual networks can you deploy AF1?
Vnet1 only
DRAG DROP- You have an Azure subscription that contains a virtual network named Vnet1 and an Azure SQL database named SQL1. SQL1 has a private endpoint on Vnet1. You have a partner company named Fabrikam, Inc. Fabrikam has an Azure subscription that contains a virtual network named Vnet2 and a virtual machine named VM1. VM1 is connected to Vnet2. You need to provide VM1 with access to SQL1 by using an Azure Private Link service. What should you implement on each virtual network? To answer, drag the appropriate resources to the correct virtual networks. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.
Vnet1: A private endpoint Vnet2: A peering link
You have an Azure subscription that contains a virtual network. You plan to deploy an Azure VPN gateway and 90 Site-to-Site VPN connections. The solution must meet the following requirements: • Ensure that the Site-to-Site VPN connections remain available if an Azure datacenter fails. • Minimize costs. Which gateway SKU should you specify?
VpnGw4AZ
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have two Azure virtual networks named Vnet1 and Vnet2. You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You download and reinstall the VPN client configuration. Does this meet the goal?
Yes
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL of the application gateway. You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error. [IMAGE] You need to ensure that the URL is accessible through the application gateway. Solution: You disable the WAF rule that has a ruleId 920300. Does this meet the goal?
Yes
You plan to publish a website that will use an FQDN of www.contoso.com. The website will be hosted by using the Azure App Service apps shown in the following table. [IMAGE] You plan to use Azure Traffic Manager to manage the routing of traffic for www.contoso.com between AS1 and AS2. You create a Traffic Manager profile named TMprofile1. TMprofile1 uses the weighted traffic-routing method. You need to ensure that Traffic Manager routes traffic for www.contoso.com. Which DNS record should you create?
a CNAME record that maps www.contoso.com to TMprofile1.trafficmanager.net
You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.Users will authenticate by an on-premises Active Directory domain.Which additional service should you deploy to support the VPN authentication?
a RADIUS server
You have an Azure virtual network and an on-premises datacenter. You are planning a Site-to-Site VPN connection between the datacenter and the virtual network.Which two resources should you include in your plan? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
a virtual network gateway a local network gateway
You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.)NOTE: Each correct selection is worth one point.
a virtual network gateway a local network gateway
You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?
internal load balancers
Your company has an office in New York.The company has an Azure subscription that contains the virtual networks shown in the following table. [IMAGE] You need to connect the virtual networks to the office by using ExpressRoute. The solution must meet the following requirements: • The connection must have up to 1 Gbps of bandwidth. • The office must have access to all the virtual networks. • Costs must be minimized. How many ExpressRoute circuits should be provisioned, and which ExpressRoute SKU should you enable?
one ExpressRoute Premium circuit
You are planning an Azure deployment that will contain three virtual networks in the East US Azure region as shown in the following table. [IMAGE] A Site-to-Site VPN will connect Vnet1 to your company's on-premises network.You need to recommend a solution that ensures that the virtual machines on all the virtual networks can communicate with the on-premises network. The solution must minimize costs.What should you recommend for Vnet2 and Vnet3?
peering
You have an Azure application gateway named AppGW1 that balances requests to a web app named App1. You need to modify the server variables in the response header of App1 What should you configure on AppGW1?
rewrites
You have five virtual machines that run Windows Server. Each virtual machine hosts a different web app. You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.com and a different URL path for each web app, for example: https://www.contoso.com/app1. You need to control the flow of traffic based on the URL path. What should you configure?
rules