Drag and Drop Question
Your company, named Contoso, Ltd., has an Azure subscription that contains the resources shown in the following table.

You plan to deploy Azure Front Door. The solution must meet the following requirements:
- Requests to a URL of https://contoso.azurefd.net/uk must be routed to App1uk.
- Requests to a URL of https://contoso.azurefd.net/us must be routed to App1us.
- Requests to a URL of https://contoso.azurefd.net/images must be
routed to the storage account closest to the user.
What is the minimum number of backend pools and routing rules you should create? To answer, drag the appropriate number to the correct components. Each number may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You can get the current service tag and range information by downloading the JSON file or programmatically adding it as part of your on-premises firewall configuration. Which of the following can be used to programmatically retrieve the current list of service tags?

Case Study 1 - Litware. Inc
Overview
Litware. Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment:
Hybrid Environment
The on-prernises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by usinq Azure AD Connect.
All the offices connect to a virtual network named Vnetl by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table.

A diagram of the resource in the East US Azure region is shown in the Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Azure Environment Diagram

Requirements:
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
- Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the
Boston datacenter over an ExpressRoute circuit.
- Ensure that the records in the cloud.litwareinc.com zone can be
resolved from the on-premises locations.
- Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
- Minimize the size of the subnets allocated to platform-managed
services.
- Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443
only.
Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
- Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
- Latency of the traffic between the Boston datacenter and all the
virtual networks must be minimized.
- The Boston datacenter must connect to the Azure virtual networks by
using an ExpressRoute FastPath connection.
- Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
- The storage1 account must be accessible from all on-premises
locations without exposing the public endpoint of storage1.
- The storage2 account must be accessible from Vnet2 and Vnet3 without
exposing the public endpoint of storage2.
Drag and Drop Question
You need to implement outbound connectivity for VMScaleSet1.
The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

SIMULATION

Username and password
Use the following login credentials as needed:
- To enter your username, place your cursor in the Sign in box and click on the username below.
- To enter your password, place your cursor in the Enter password box and click on the password below.
- Azure Username: [email protected]
- Azure Password: xxxxxxxxxx
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
- Lab Instance: 12345678
You need to ensure that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contosoazure. The solution must ensure that the virtual machines on VNET1 and VNET2 can resolve the names of the virtual machines on either virtual network.
To complete this task, sign in to the Azure portal.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
- A virtual network named Vnet1
- A subnet named Subnet1 in Vnet1
- A virtual machine named VM1 that connects to Subnet1
- Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You create a network security group (NSG) and associate the NSG to Subnet1.
Does this meet the goal?