AZ-700 Exam Question 6
You have an Azure subscription that contains a virtual machine named VM1 and a network security group (NSG) named NSG1. NSG1 has the default rules configured. VM1 runs Windows Server 2022 and contains a single NIC named NIC1. NIC1 is associated with NSG1.
You need to prevent access to the Azure Instance Metadata Service (IMDS) REST API on VM1.
The solution must minimize administrative effort.
What should you add to NSG1?
You need to prevent access to the Azure Instance Metadata Service (IMDS) REST API on VM1.
The solution must minimize administrative effort.
What should you add to NSG1?
AZ-700 Exam Question 7
You plan to deploy an Azure virtual network.
You need to design the subnets.
Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You need to design the subnets.
Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 8
Hotspot Question
You have an Azure subscription that contains the resources shown in the following table.
You need to restrict access to storage1 and sql1 by using service endpoints. The solution must meet the following requirements:
- Allow access from Subnet1 to SQLDB1.
- Implement service endpoint policies to restrict access to supported
resources.
- Allow access from Subnet1 to storage1 and the read-only replica of
storage1 in the paired Azure region.
What is the minimum number of service endpoints and service endpoint policies you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You need to restrict access to storage1 and sql1 by using service endpoints. The solution must meet the following requirements:
- Allow access from Subnet1 to SQLDB1.
- Implement service endpoint policies to restrict access to supported
resources.
- Allow access from Subnet1 to storage1 and the read-only replica of
storage1 in the paired Azure region.
What is the minimum number of service endpoints and service endpoint policies you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 9
Case Study 2 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment:
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
Other Azure Resources
The Azure subscription contains additional resources as shown in the following table.
Requirements:
Virtual Network Requirements
Contoso has the following virtual networks requirements:
- Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over
the Microsoft backbone network
- The virtual machines in Vnet4 and Vnet5 must be able to communicate
over the Microsoft backbone network.
- A virtual machine named VM-Analyze will be deployed to Subnet1. VM-
Analyze must inspect the outbound network traffic from Subnet2 to the
internet.
Network Security Requirements
Contoso has the following network security requirements:
- Configure Azure Active Directory (Azure AD) authentication for Point- to-Site (P2S) VPN users.
- Enable NSG flow logs for NSG3 and NSG4.
- Create an NSG named NSG10 that will be associated to Vnet1/Subnet1
and will have the custom inbound security rules shown in the following
table.
- Create an NSG named NSG11 that will be associated to Vnet1/Subnet2
and will have the custom outbound security rules shown in the following table.
Hotspot Question
Which virtual machines can VM1 and VM4 ping successfully before NSG10 and NSG11 are created? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Overview
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment:
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
Other Azure Resources
The Azure subscription contains additional resources as shown in the following table.
Requirements:
Virtual Network Requirements
Contoso has the following virtual networks requirements:
- Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over
the Microsoft backbone network
- The virtual machines in Vnet4 and Vnet5 must be able to communicate
over the Microsoft backbone network.
- A virtual machine named VM-Analyze will be deployed to Subnet1. VM-
Analyze must inspect the outbound network traffic from Subnet2 to the
internet.
Network Security Requirements
Contoso has the following network security requirements:
- Configure Azure Active Directory (Azure AD) authentication for Point- to-Site (P2S) VPN users.
- Enable NSG flow logs for NSG3 and NSG4.
- Create an NSG named NSG10 that will be associated to Vnet1/Subnet1
and will have the custom inbound security rules shown in the following
table.
- Create an NSG named NSG11 that will be associated to Vnet1/Subnet2
and will have the custom outbound security rules shown in the following table.
Hotspot Question
Which virtual machines can VM1 and VM4 ping successfully before NSG10 and NSG11 are created? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 10
Hotspot Question
Your company has 10 instances of a web service. Each instance is hosted in a different Azure region and is accessible through a public endpoint.
The development department at the company is creating an application named App1. Every 10 minutes. App1 will use a list of end points and connect to the first available endpoint.
You plan to use Azure Traffic Manager to maintain the list of endpoints.
You need to configure a Traffic Manager profile that will minimize the impact of DNS caching.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company has 10 instances of a web service. Each instance is hosted in a different Azure region and is accessible through a public endpoint.
The development department at the company is creating an application named App1. Every 10 minutes. App1 will use a list of end points and connect to the first available endpoint.
You plan to use Azure Traffic Manager to maintain the list of endpoints.
You need to configure a Traffic Manager profile that will minimize the impact of DNS caching.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
