Microsoft Designing and Implementing Microsoft Azure Networking Solutions (AZ-700)

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.

You plan to deploy the resources shown in the following table.

 

You need to deploy two load balancers to manage the traffic for VMSS1, VM1, and VM2. The solution must meet the following requirements:

• Either VM1 or VM2 must inspect all the traffic from the internet to App1.
• All user connections from the internet to App1 must be load balanced.
• Costs must be minimized.

Which load balancer SKU should you include in the solution? To answer, drag the appropriate SKUs to the correct resources. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

 

Correct Answer:

You have an Azure subscription that contains the resources shown in the following table.

You have an Azure Front Door instance named FD that contains an origin group named OG1.

You need to configure a health probe for OG1. The solution must minimize the amount of traffic generated by the health probe.

Which HTTP method should you use?

You have an on-premises web server that hosts a web app named App1 and has the following configurations:

• IP address: 131.107.50.60
• FQDN: server1.contoso.com

You have an Azure subscription.

You need to publish App1 by using Azure Front Door. The solution must meet the following requirements:

• Ensure that internet users can connect to App1 by using an FQDN of app1.contoso.com.
• Minimize the changes required to the configuration of Front Door if Server1 is migrated to Azure.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure application gateway named AG1 and two Azure App Service apps named App1 and App2 that have the following configurations:

• Both apps are accessible by using HTTP and HTTPS.
• HTTP host headers are used to route requests to the appropriate apps.
• Both apps are hosted in a single App Service Environment in the West Europe Azure region.

You need to publish the apps by using AG1. The solution must ensure that AG1 provides both HTTP and HTTPS access.

What is the minimum number of resources required for AG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to plan the deployment of LBGW1. The solution must support the planned changes.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.
What should you do first?

You have an on-premises server named Server1 that runs Windows Server.

You have an Azure subscription that contains a virtual network named VNet1.

You plan to connect Server1 to VNet1 by using Azure Network Adapter.

You need to minimize how long it takes to deploy the adapter to Server1.

What should you create first?

You have an Azure subscription that contains the resources shown in the following table:

Each quarter, you deploy five new virtual machines to host App1.

You need to add a rule to NSG1 to ensure that the virtual machines that host App1 can connect to SQL1 and SQL2. The solution must follow the principle of least privilege and minimize administrative effort.

How should you configure the source property and the destination property for the rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a virtual network. The virtual network contains two subnets named Subnet1 and Subnet2. You have an instance of Azure Application Gateway v2 named AppGw1 that is connected to Subnet1.

You need to move AppGw1 to Subnet2. The solution must minimize downtime.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You create an ExpressRoute circuit named ERC1 that is enabled by your connectivity provider.

You need to ensure that the routes for Azure Backup and Azure Cosmos DB are advertised to the on-premises network via ECR1.

The solution must minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an on-premises network.

You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that on-premises devices can communicate with Azure resources that are connected to Subnet4.

What should you do on each resource? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes.

Which service tag should you use?

You need to configure GW1 to meet the network security requirements for the P2S VPN users. Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

You have an Azure subscription. The subscription contains a locally-redundant storage (LRS) account named storage1 that is deployed to the US East Azure region and has a Microsoft.Storage service endpoint.

You set Redundancy for storage1 to Read-access geo-redundant storage (RA-GRS).

You need to ensure that the contents of storage1 will be accessible by using a service endpoint in a paired region. The solution must minimize administrative effort.

What should you do first?

Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New York. The company only has Azure resources in the East US region.

You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs. Which type of ExpressRoute circuits should you create?

You plan to implement an Azure Virtual WAN named VWAN1 that will contain a hub named Hub1. VWAN1 will include the virtual networks shown in the following table.

You need to ensure that hosts connected to VNet1 can communicate with hosts connected to VNet3.

How should you configure the routing tables for VWAN1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN. Users will authenticate by an on-premises Active Directory domain.

Which additional service should you deploy to support the VPN authentication?

You have multiple remote users that have either a Windows 11 device or an Ubuntu Linux 22.04 device. Each device has a manually registered Azure VPN Client installed.

You have an Azure subscription that contains an Azure VPN gateway named VNetGW1.

The Windows 11 users establish Point-to-Site (P2S) VPN connections to VNetGW1 and authenticate by using their Microsoft Entra credentials. The Ubuntu Linux users cannot establish P2S VPN connections.

You need to ensure that the Ubuntu Linux users can establish P2S VPN connections to VNetGW1. The solution must minimize administrative effort and maximize security. To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.

Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.)

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the resources shown in the following table.

You fail to establish a Site-to-Site VPN connection between your company’s main office and an Azure virtual network. You need to troubleshoot what prevents you from establishing the IPsec tunnel.

Which diagnostic log should you review?

SIMULATION -

 

Username and password -

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User-12345678@cloudslice.onmicrosoft.com

Azure Password: xxxxxxxxxx -

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678 -

You plan to manage the public DNS records for a domain named fabrikam.com by using an Azure solution.

You need to ensure that wvw.fabrikam.com resolves to 131.107.2.50.

To complete this task, sign in to the Azure portal.

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1.

You plan to add a private endpoint to Subnet.

You need to ensure that you can route traffic between the private endpoint and the Azure Private Link service by using a user-defined route.

What should you do first on Subnet1?

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

You have an Azure subscription that contains virtual networks, network security groups (NSGs), and virtual machines.

You need to perform the following actions:

• Identify unknown traffic between the resources.
• Check the network connectivity between the virtual machines.

What should you use to perform each action? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements.

What should you do first?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two Azure virtual networks named Vnet1 and Vnet2.

You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.

You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2.

You need to ensure that Client1 can communicate with Vnet2. Solution: You reset the gateway of Vnet1.

Does this meet the goal?

You have an on-premises network.

You have an Azure subscription that contains a virtual network.

You have an ExpressRoute service provider.

You plan to connect the Azure virtual network and the on-premises network by using an ExpressRoute circuit.

You create a new ExpressRoute circuit.

You need to provision the new circuit.

Which information should you provide to the service provider?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two Azure virtual networks named Vnet1 and Vnet2.

You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.

You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2.

You need to ensure that Client1 can communicate with Vnet2. Solution: You enable BGP on the gateway of Vnet1.

Does this meet the goal?

SIMULATION

 

Username and password -

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User-37774194@cloudslice.onmicrosoft.com

Azure Password: xxxxxxxxxx -

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 12345678 -

You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com.

You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de.contoso.com. All other traffic must be routed to ny.contoso.com.

To complete this task, sign in to the Azure portal.

You have an Azure environment shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

You need to configure the P2S VPN to meet the connectivity requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You plan to deploy Azure virtual network.

You need to design the subnets.

Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

You have the resources shown in the following table.

You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.

The links have auto registration enabled.

You create the virtual machines shown in the following table.

You manually add the following entry to the contoso.com zone:

• Name: VM1
• IP address: 10.1.10.9

For each of the following statements, select Yes of the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains 100 network security groups (NSGs).

You need to ensure that you log the application of specific NSG rules.

Which type of log should you configure?

Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20. Vnet1 contains a subnet named Subnet1 that uses an IP address space of 192.168.0.0/24.

You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48.

You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription.

You plan to implement an Azure application gateway named AGW1.

You need to implement an external TLS certificate store for AGW1. The solution must meet the following requirements:

• Keys must be stored by using the highest possible security.
• Administrative effort must be minimized.

Which type of certificate store should you use, and which type of identity should you use to access the store? To answer, select the appropriate options in the answer area

NOTE: Each correct answer is worth one point.

You plan to deploy Azure Virtual WAN.

You need to deploy a virtual WAN hub that meets the following requirements:

• Supports 10 sites that will connect to the virtual WAN hub by using a Site-to-Site VPN connection 
• Supports 8 Gbps of ExpressRoute traffic.
• Minimizes costs.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFW1.

You plan to enable the following:

• TLS inspection
• Threat intelligence
• A network intrusion detection and prevention system (IDPS)

What can you enable by using AzFW1?

You have an Azure subscription that contains the resources shown in the following table.

The IP Addresses settings for Vnet1 are configured as shown in the exhibit.

You need to ensure that you can integrate WebApp1 and Vnet1.

Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription that contains an Azure Firewall policy named FWPolicy1.

You need to configure FWPolicy1 to meet the following requirements:

• Allow traffic based on the FQDN of the destination.
• Allow TCP traffic based on the source.

Which types of rules should you use for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have two Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection. You are implementing peering between Hub1 and Spoke1.

You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.

How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have three on-premises sites. Each site has a third-party VPN device.

You have an Azure virtual WAN named VWAN1 that has a hub named Hub1. Hub1 connects two of the three on-premises sites by using a Site-to-Site VPN connection.

You need to connect the third site to the other two sites by using Hub1.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription that contains a virtual network named VNet1.

Your on-premises network connects to VNet1 by using a Site-to-Site (S2S) VPN connection.

You need to ensure that Azure Network Watcher generates an alert if the VPN connection fails.

Which Network Watcher feature should you use to generate the alert, and which data source should the feature query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You are planning an Azure solution that will contain the following types of resources in a single Azure region:

• Virtual machine Azure App Service
• Virtual Network gateway Azure SQL Managed Instance

App Service and SQL Managed Instance will be delegated to create resources in virtual networks.

You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an Azure Virtual Desktop host pool named Pool1.

You need to implement Azure Firewall and TLS inspection for all the outbound traffic from Pool1.

Which two resources should you configure? Each correct answer present part of the solution.

NOTE: Each correct answer is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two Azure virtual networks named Vnet1 and Vnet2.

You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.

You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2.

You need to ensure that Client1 can communicate with Vnet2. Solution: You download and reinstall the VPN client configuration. Does this meet the goal?

You have an Azure subscription that contains 200 virtual machines.

You need to use Azure Network Watcher to identify which virtual machines generate the most network traffic. The solution must minimize administrative effort.

Which prerequisites should you deploy for Network Watcher, and which Network Watcher feature should you use to identify the virtual machines? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription. The subscription contains 500 virtual machines that run either Windows 11 or Linux.

You need to identify which Linux virtual machines are accessible from the internet. The solution must minimize administrative effort.

What should you use, and what should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure the default route in Vnet2 and Vnet3. The solution must requirements. What should you use to configure the default route?

You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.

Which connectivity method should you use?

You have an on-premises VPN appliance named GW1.

You have an Azure subscription that contains an Azure VPN gateway named VPNGW1. VPNGW1 connects to GW1.

You need to modify the IKEv2 encryption algorithm used by VPNGW1 and GW1.

Which PowerShell cmdlet should you run? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

Your on-premises network uses an IP address space of 10.0.0.0/20.

You have an Azure subscription that contains the resources shown in the following table.

The on-premises network is connected to HubVnet by using a Site-to-Site (S2S) VPN.

You deploy an Azure firewall named AZFW1 to HubVNet.

You need to ensure that AZFW/1 can inspect all the traffic between the on-premises network and SpokeVNet.

What should you do in RT1? To answer, drag the appropriate destination to the correct route. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You are implementing the virtual network requirements for VM-Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have the resources shown in the following table.

From the Microsoft Entra admin center, you register the Azure VPN application as an enterprise application.

You need to enable Microsoft Entra authentication for the P2S VPN connections. The solution must meet the following requirements:

• Ensure that only the members of Group1 can establish VPN connections to VPNGW1.
• Ensure that only the members of Group2 can establish VPN connections to VPNGW2.

In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.