AZ-700 Exam Question 161
Hotspot Question
FirewallPolicy1 contains the following rules:
- Allow outbound traffic from Vnet1 and Vnet2 to the internet.
- Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints, service endpoints, routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true.
Otherwise, select No. NOTE: Each correct selection is worth one point.
FirewallPolicy1 contains the following rules:
- Allow outbound traffic from Vnet1 and Vnet2 to the internet.
- Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints, service endpoints, routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true.
Otherwise, select No. NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 162
Regional VNet Integration enables connecting to a VNet in the same region with no need for a gateway. While using VNet Integration with VNets in the same region, which of the below Azure networking features would you use to block outbound traffic?
AZ-700 Exam Question 163
You are planning the IP addressing for the subnets in Azure virtual networks.
Which type of resource requires IP addresses in the subnets?
Which type of resource requires IP addresses in the subnets?
AZ-700 Exam Question 164
Case Study 2 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment:
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
Other Azure Resources
The Azure subscription contains additional resources as shown in the following table.
Requirements:
Virtual Network Requirements
Contoso has the following virtual networks requirements:
- Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over
the Microsoft backbone network
- The virtual machines in Vnet4 and Vnet5 must be able to communicate
over the Microsoft backbone network.
- A virtual machine named VM-Analyze will be deployed to Subnet1. VM-
Analyze must inspect the outbound network traffic from Subnet2 to the
internet.
Network Security Requirements
Contoso has the following network security requirements:
- Configure Azure Active Directory (Azure AD) authentication for Point- to-Site (P2S) VPN users.
- Enable NSG flow logs for NSG3 and NSG4.
- Create an NSG named NSG10 that will be associated to Vnet1/Subnet1
and will have the custom inbound security rules shown in the following
table.
- Create an NSG named NSG11 that will be associated to Vnet1/Subnet2
and will have the custom outbound security rules shown in the following table.
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?
Overview
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment:
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
Other Azure Resources
The Azure subscription contains additional resources as shown in the following table.
Requirements:
Virtual Network Requirements
Contoso has the following virtual networks requirements:
- Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over
the Microsoft backbone network
- The virtual machines in Vnet4 and Vnet5 must be able to communicate
over the Microsoft backbone network.
- A virtual machine named VM-Analyze will be deployed to Subnet1. VM-
Analyze must inspect the outbound network traffic from Subnet2 to the
internet.
Network Security Requirements
Contoso has the following network security requirements:
- Configure Azure Active Directory (Azure AD) authentication for Point- to-Site (P2S) VPN users.
- Enable NSG flow logs for NSG3 and NSG4.
- Create an NSG named NSG10 that will be associated to Vnet1/Subnet1
and will have the custom inbound security rules shown in the following
table.
- Create an NSG named NSG11 that will be associated to Vnet1/Subnet2
and will have the custom outbound security rules shown in the following table.
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?
AZ-700 Exam Question 165
Hotspot Question
You have an Azure subscription that contains an Azure application gateway named AG1 and two Azure App Service apps named App1 and App2 that have the following configurations:
- Both apps are accessible by using HTTP and HTTPS.
- HTTP host headers are used to route requests to the appropriate apps.
- Both apps are hosted in a single App Service Environment in the West
Europe Azure region.
You need to publish the apps by using AG1. The solution must ensure that AG1 provides both HTTP and HTTPS access.
What is the minimum number of resources required for AG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an Azure application gateway named AG1 and two Azure App Service apps named App1 and App2 that have the following configurations:
- Both apps are accessible by using HTTP and HTTPS.
- HTTP host headers are used to route requests to the appropriate apps.
- Both apps are hosted in a single App Service Environment in the West
Europe Azure region.
You need to publish the apps by using AG1. The solution must ensure that AG1 provides both HTTP and HTTPS access.
What is the minimum number of resources required for AG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
