AZ-700 Exam Question 66
Case Study 1 - Litware. Inc
Overview
Litware. Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment:
Hybrid Environment
The on-prernises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by usinq Azure AD Connect.
All the offices connect to a virtual network named Vnetl by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table.
A diagram of the resource in the East US Azure region is shown in the Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Azure Environment Diagram
Requirements:
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
- Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the
Boston datacenter over an ExpressRoute circuit.
- Ensure that the records in the cloud.litwareinc.com zone can be
resolved from the on-premises locations.
- Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
- Minimize the size of the subnets allocated to platform-managed
services.
- Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443
only.
Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
- Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
- Latency of the traffic between the Boston datacenter and all the
virtual networks must be minimized.
- The Boston datacenter must connect to the Azure virtual networks by
using an ExpressRoute FastPath connection.
- Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
- The storage1 account must be accessible from all on-premises
locations without exposing the public endpoint of storage1.
- The storage2 account must be accessible from Vnet2 and Vnet3 without
exposing the public endpoint of storage2.
Hotspot Question
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Overview
Litware. Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment:
Hybrid Environment
The on-prernises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by usinq Azure AD Connect.
All the offices connect to a virtual network named Vnetl by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table.
A diagram of the resource in the East US Azure region is shown in the Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Azure Environment Diagram
Requirements:
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
- Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the
Boston datacenter over an ExpressRoute circuit.
- Ensure that the records in the cloud.litwareinc.com zone can be
resolved from the on-premises locations.
- Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
- Minimize the size of the subnets allocated to platform-managed
services.
- Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443
only.
Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
- Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
- Latency of the traffic between the Boston datacenter and all the
virtual networks must be minimized.
- The Boston datacenter must connect to the Azure virtual networks by
using an ExpressRoute FastPath connection.
- Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
- The storage1 account must be accessible from all on-premises
locations without exposing the public endpoint of storage1.
- The storage2 account must be accessible from Vnet2 and Vnet3 without
exposing the public endpoint of storage2.
Hotspot Question
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 67
Drag and Drop Question
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.
You plan to deploy the resources shown in the following table.
You need to deploy two load balancers to manage the traffic for VMSS1, VM1, and VM2. The solution must meet the following requirements:
- Either VM1 or VM2 must inspect all the traffic from the internet to
App1.
- All user connections from the internet to App1 must be load balanced.
- Costs must be minimized.
Which load balancer SKU should you include in the solution? To answer, drag the appropriate SKUs to the correct resources. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2.
You plan to deploy the resources shown in the following table.
You need to deploy two load balancers to manage the traffic for VMSS1, VM1, and VM2. The solution must meet the following requirements:
- Either VM1 or VM2 must inspect all the traffic from the internet to
App1.
- All user connections from the internet to App1 must be load balanced.
- Costs must be minimized.
Which load balancer SKU should you include in the solution? To answer, drag the appropriate SKUs to the correct resources. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 68
You have an Azure subscription that contains an Azure Front Door named FD1.
You plan to deploy an app named App1 by using Azure App Service. Users will access App1 by using FD1.
You need to provide FD1 with access to App1. The solution must meet the following requirements:
- Ensure that users can only access App1 by using FD1.
- Ensure that users cannot access App1 directly from the internet.
What should you create for App1?
You plan to deploy an app named App1 by using Azure App Service. Users will access App1 by using FD1.
You need to provide FD1 with access to App1. The solution must meet the following requirements:
- Ensure that users can only access App1 by using FD1.
- Ensure that users cannot access App1 directly from the internet.
What should you create for App1?
AZ-700 Exam Question 69
Hotspot Question
You have an Azure subscription that contains an app named App1. App1 is hosted on the Azure App Service instances shown in the following table.
You need to implement Azure Traffic Manager to meet the following requirements:
- App1 traffic must be assigned equally to each App Service instance in each Azure region.
- App1 traffic from North Europe must be routed to the App1 instances
in the North Europe region.
- App1 traffic from North America must be routed to the App1 instances
in the East US Azure region.
- If an App Service instance fails, all the traffic for that instance
must be routed to the remaining instances in the same region.
How should you configure the Traffic Manager profiles? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an app named App1. App1 is hosted on the Azure App Service instances shown in the following table.
You need to implement Azure Traffic Manager to meet the following requirements:
- App1 traffic must be assigned equally to each App Service instance in each Azure region.
- App1 traffic from North Europe must be routed to the App1 instances
in the North Europe region.
- App1 traffic from North America must be routed to the App1 instances
in the East US Azure region.
- If an App Service instance fails, all the traffic for that instance
must be routed to the remaining instances in the same region.
How should you configure the Traffic Manager profiles? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 70
Drag and Drop Question
Your on-premises network contains two subnets named Subnet and Subnet2. Subnet2 contains a Hyper-V host that contains two virtual machines named VM1 and VM2. VM1 and VM2 are connected to Subnet2.
You have an Azure virtual network named VNet1 that contains GatewaySubnet and a subnet named VSubnet1. VNet1 is connected to the on-premises network by using a Site-to-Site (S2S) VPN connection.
You plan to migrate VM1 to VNet1 and maintain the existing IP address of VM1. VM2 will remain on Subnet2.
You need to prepare the environment to ensure that VM1 can communicate with VM2 once the migration is complete.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Your on-premises network contains two subnets named Subnet and Subnet2. Subnet2 contains a Hyper-V host that contains two virtual machines named VM1 and VM2. VM1 and VM2 are connected to Subnet2.
You have an Azure virtual network named VNet1 that contains GatewaySubnet and a subnet named VSubnet1. VNet1 is connected to the on-premises network by using a Site-to-Site (S2S) VPN connection.
You plan to migrate VM1 to VNet1 and maintain the existing IP address of VM1. VM2 will remain on Subnet2.
You need to prepare the environment to ensure that VM1 can communicate with VM2 once the migration is complete.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
