AZ-700 Exam Question 1
You have an Azure subscription that is linked to an Azure AD tenant named contoso.onmicrosoft.com.
The subscription contains the following resources:
- A virtual network named Vnet1
- An App Service plan named ASPI
- An Azure App Service named webapp1
- An Azure private DNS zone named private.contoso.com
- Virtual machines on Vnet1 that cannot communicate outside the virtual network You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of
https:/Avwwprivate.contosocom.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
The subscription contains the following resources:
- A virtual network named Vnet1
- An App Service plan named ASPI
- An Azure App Service named webapp1
- An Azure private DNS zone named private.contoso.com
- Virtual machines on Vnet1 that cannot communicate outside the virtual network You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of
https:/Avwwprivate.contosocom.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 2
Note: This QUESTION 1is part of a series of questions that present the same scenario.
Each QUESTION 1in the series contains a unique solution that might meet the stated goals. Some QUESTION 1sets might have more than one correct solution, while others might not have a correct solution.
After you answer a QUESTION 1in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit.
Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You resize the gateway of Vnet1 to a larger SKU.
Does this meet the goal?
Each QUESTION 1in the series contains a unique solution that might meet the stated goals. Some QUESTION 1sets might have more than one correct solution, while others might not have a correct solution.
After you answer a QUESTION 1in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit.
Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You resize the gateway of Vnet1 to a larger SKU.
Does this meet the goal?
AZ-700 Exam Question 3
Hotspot Question
You have on-premises datacenters in New York and Seattle.
You have an Azure subscription that contains the ExpressRoute circuits shown in the following table.
You need to ensure that all the data sent between the datacenters is routed via the ExpressRoute circuits. The solution must minimize costs.
How should you configure the network? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have on-premises datacenters in New York and Seattle.
You have an Azure subscription that contains the ExpressRoute circuits shown in the following table.
You need to ensure that all the data sent between the datacenters is routed via the ExpressRoute circuits. The solution must minimize costs.
How should you configure the network? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 4
Hotspot Question
You have the network topology shown in the Topology exhibit.
You have the Azure firewall shown in the Firewall1 exhibit.
You have the route table shown in the RouteTable1 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have the network topology shown in the Topology exhibit.
You have the Azure firewall shown in the Firewall1 exhibit.
You have the route table shown in the RouteTable1 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 5
Case Study 3 - Contoso, Ltd
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.
NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.
The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.
The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.
HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
- Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.
- Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.
- Deploy Azure Virtual Network Manager and implement the following rules:
- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET- JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
- Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.
- Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.
- Deploy a gateway load balancer named LBGW1 to HubVNet.
- Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and NVA2.
- Ensure that all the traffic to App2 is processed by using FD1.
Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
- Minimize the complexity of the Azure Virtual Network Manager deployment.
- Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.
- Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to- Site (P2S) VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
- Whenever possible, use the internal CA.
- Ensure that all connections routed via APPGW1 use end-to-end encryption.
- Ensure that user connections to Azure-hosted apps use end-to-end encryption.
- Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.
- Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.
- Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
- Minimize the IP address space required to deploy platform-managed resources to the virtual networks.
- From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
- Whenever possible, minimize administrative effort.
Hotspot Question
You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements.
What should you identify for each virtual network? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.
NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.
The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.
The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.
HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
- Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.
- Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.
- Deploy Azure Virtual Network Manager and implement the following rules:
- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET- JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
- Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.
- Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.
- Deploy a gateway load balancer named LBGW1 to HubVNet.
- Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and NVA2.
- Ensure that all the traffic to App2 is processed by using FD1.
Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
- Minimize the complexity of the Azure Virtual Network Manager deployment.
- Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.
- Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to- Site (P2S) VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
- Whenever possible, use the internal CA.
- Ensure that all connections routed via APPGW1 use end-to-end encryption.
- Ensure that user connections to Azure-hosted apps use end-to-end encryption.
- Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.
- Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.
- Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
- Minimize the IP address space required to deploy platform-managed resources to the virtual networks.
- From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
- Whenever possible, minimize administrative effort.
Hotspot Question
You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements.
What should you identify for each virtual network? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
