AZ-700 Exam Question 171
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.
You configure the listener for HTTPS by uploading an enterprise signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1.
What should you do?
You configure the listener for HTTPS by uploading an enterprise signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1.
What should you do?
AZ-700 Exam Question 172
You have an on-premises network named Site1.
You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1. Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.
You need to control access to storage1 from Site1 by using network security groups (NSGs), What should you do first?
You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1. Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.
You need to control access to storage1 from Site1 by using network security groups (NSGs), What should you do first?
AZ-700 Exam Question 173
Drag and Drop Question
You have a DNS domain named contoso.com that is hosted by a third-party domain name registrar.
You have an Azure subscription.
You need to ensure that all DNS queries for the contoso.com domain are resolved by using Azure DNS.
What should you create in the registrar, and what should you create in Azure? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have a DNS domain named contoso.com that is hosted by a third-party domain name registrar.
You have an Azure subscription.
You need to ensure that all DNS queries for the contoso.com domain are resolved by using Azure DNS.
What should you create in the registrar, and what should you create in Azure? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
AZ-700 Exam Question 174
You have an Azure subscription that contains a virtual network named VNet1 and the resources shown in the following table.
You need to implement a solution for the traffic originating from VNet1. The solution must meet the following requirements:
- Perform transparent proxying to external web servers.
- Inspect all outbound TLS traffic.
- Minimize costs.
Which resource should you include in the solution?
You need to implement a solution for the traffic originating from VNet1. The solution must meet the following requirements:
- Perform transparent proxying to external web servers.
- Inspect all outbound TLS traffic.
- Minimize costs.
Which resource should you include in the solution?
AZ-700 Exam Question 175
Case Study 2 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment:
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
Other Azure Resources
The Azure subscription contains additional resources as shown in the following table.
Requirements:
Virtual Network Requirements
Contoso has the following virtual networks requirements:
- Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over
the Microsoft backbone network
- The virtual machines in Vnet4 and Vnet5 must be able to communicate
over the Microsoft backbone network.
- A virtual machine named VM-Analyze will be deployed to Subnet1. VM-
Analyze must inspect the outbound network traffic from Subnet2 to the
internet.
Network Security Requirements
Contoso has the following network security requirements:
- Configure Azure Active Directory (Azure AD) authentication for Point- to-Site (P2S) VPN users.
- Enable NSG flow logs for NSG3 and NSG4.
- Create an NSG named NSG10 that will be associated to Vnet1/Subnet1
and will have the custom inbound security rules shown in the following
table.
- Create an NSG named NSG11 that will be associated to Vnet1/Subnet2
and will have the custom outbound security rules shown in the following table.
Hotspot Question
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Overview
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment:
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
Other Azure Resources
The Azure subscription contains additional resources as shown in the following table.
Requirements:
Virtual Network Requirements
Contoso has the following virtual networks requirements:
- Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over
the Microsoft backbone network
- The virtual machines in Vnet4 and Vnet5 must be able to communicate
over the Microsoft backbone network.
- A virtual machine named VM-Analyze will be deployed to Subnet1. VM-
Analyze must inspect the outbound network traffic from Subnet2 to the
internet.
Network Security Requirements
Contoso has the following network security requirements:
- Configure Azure Active Directory (Azure AD) authentication for Point- to-Site (P2S) VPN users.
- Enable NSG flow logs for NSG3 and NSG4.
- Create an NSG named NSG10 that will be associated to Vnet1/Subnet1
and will have the custom inbound security rules shown in the following
table.
- Create an NSG named NSG11 that will be associated to Vnet1/Subnet2
and will have the custom outbound security rules shown in the following table.
Hotspot Question
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
