Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Microsoft AZ-700

Microsoft AZ-700 Exam Practice Questions (P. 4)

  • Full Access (366 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
HOTSPOT -
You have the Azure resources shown in the following table.

WebApp1 uses the Standard pricing tier.
You need to ensure that WebApp1 can access the virtual machines deployed to Vnet1\Subnet1 and Vnet2\Subnet1. The solution must minimize costs.
What should you create in each virtual network? To answer, select the appropriate options in the answer area.
Hot Area:


Correct Answer:

 Box 1: An additional subnet -
Regional virtual network integration: When you connect to virtual networks in the same region, you must have a dedicated subnet in the virtual network you're integrating with.

Box 2: A VPN gateway -
Gateway-required virtual network integration: When you connect directly to virtual networks in other regions or to a classic virtual network in the same region, you need an Azure Virtual Network gateway created in the target virtual network.
Note: If your app is in an App Service Environment, it's already in a virtual network and doesn't require use of the VNet integration feature to reach resources in the same virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration

Question #32
HOTSPOT -
You have the Azure App Service app shown in the App Service exhibit.

The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.

The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:


Correct Answer:

 Box 1: Yes -
The integration subnet can be used by only one App Service plan.

Box 2: No -
No Private Endpoint connections defined.
When regional virtual network integration is enabled, your app makes outbound calls through your virtual network. The outbound addresses that are listed in the app properties portal are the addresses still used by your app. However, if your outbound call is to a virtual machine or private endpoint in the integration virtual network or peered virtual network, the outbound address will be an address from the integration subnet.

Box 3: Yes -
Apps in App Service are hosted on worker roles. Regional virtual network integration works by mounting virtual interfaces to the worker roles with addresses in the delegated subnet. Because the from address is in your virtual network, it can access most things in or through your virtual network like a VM in your virtual network would.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration

Question #33
You have a hub-and-spoke topology. The topology includes multiple on-premises locations that connect to a hub virtual network in Azure via ExpressRoute circuits.
You have an Azure Application Gateway named GW1 that provides a single point of ingress from the internet.
You plan to migrate the hub-and-spoke topology to Azure Virtual WAN.
You need to identify which changes must be applied to the existing topology. The solution must ensure that you maintain a single point of ingress from the internet.
Which three changes should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
  1. A
    Add user-defined routes.
  2. B
    Add virtual network peerings.
  3. C
    Replace the user-defined routes used by the current topology.
  4. D
    Create virtual network connections.
  5. E
    Remove the existing virtual network peerings.
  6. F
    Redeploy GW1.

Correct Answer:
CDE
Transition connectivity to virtual WAN hub:
Step 1. (E) Delete the existing peering connections from Spoke virtual networks to the old customer-managed hub. Access to applications in spoke virtual networks is unavailable until steps 1-3 are complete.
Step 2. (D) Connect the spoke virtual networks to the Virtual WAN hub via VNet connections.
Step 3. (C) Remove any user-defined routes (UDR) previously used within spoke virtual networks for spoke-to-spoke communications. This path is now enabled by dynamic routing available within the Virtual WAN hub.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-wan/migrate-from-hub-spoke-topology

Question #34
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?
  1. A
    Azure Application Gateway V2 that has multiple listeners
  2. B
    Azure Standard Load Balancer that has Floating IP enabled
  3. C
    Azure Standard Load Balancer that has high availability (HA) ports enabled
  4. D
    Azure Application Gateway v2 that has multiple site hosting enabled

Correct Answer:
A
Azure Application Gateway is limited to 100 active listeners that are routing traffic. Active listeners = total number of listeners - listeners not active.
If a default configuration inside a routing rule is set to route traffic (for example, it has a listener, a backend pool, and HTTP settings) then that also counts as a listener.
Note: Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers. This type of routing is known as application layer (OSI layer 7) load balancing.
Incorrect:
Not B: Floating IP. Some application scenarios prefer or require the same port to be used by multiple application instances on a single VM in the backend pool.
Common examples of port reuse include:
clustering for high availability
network virtual appliances
exposing multiple TLS endpoints without re-encryption.
Not D: Multiple site hosting enables you to configure more than one web application on the same port of application gateways using public-facing listeners. It allows you to configure a more efficient topology for your deployments by adding up to 100+ websites to one application gateway. Each website can be directed to its own backend pool.
Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/main/includes/application-gateway-limits.md

Question #35
DRAG DROP -
You register a DNS domain with a third-party registrar.
You need to host the DNS zone on Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:


Correct Answer:

 Step 1: Create a public DNS zone.

Create a DNS zone -
1. Go to the Azure portal to create a DNS zone. Search for and select DNS zones.

2. Select Create DNS zone.
3. On the Create DNS zone page, enter the following values, and then select Create.
Step 2: Identify the FQDNs of the name servers.
Retrieve name servers.
Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone. Azure DNS gives name servers from a pool each time a zone is created.
With the DNS zone created, in the Azure portal Favorites pane, select All resources. On the All resources page, select your DNS zone. If the subscription you've selected already has several resources in it, you can enter your domain name in the Filter by name box to easily access the application gateway.
Retrieve the name servers from the DNS zone page. In this example, the zone contoso.net has been assigned name servers ns1-01.azure-dns.com, ns2-
01.azure-dns.net, *ns3-01.azure-dns.org, and ns4-01.azure-dns.info:

Azure DNS automatically creates authoritative NS records in your zone for the assigned name servers.
Step 3: Modify the NS records for the domain.

Delegate the domain -
Once the DNS zone gets created and you have the name servers, you'll need to update the parent domain with the Azure DNS name servers.
Each registrar has its own DNS management tools to change the name server records for a domain.
1. In the registrar's DNS management page, edit the NS records and replace the NS records with the Azure DNS name servers.
2. When you delegate a domain to Azure DNS, you must use the name servers that Azure DNS provides. Use all four name servers, regardless of the name of your domain. Domain delegation doesn't require a name server to use the same top-level domain as your domain.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question #36
HOTSPOT -
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)

You have the Azure firewall shown in the Firewall1 exhibit. (Click the Firewall1 tab.)

You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:


Correct Answer:

 Box 1: Yes -
Resources in Subnet1 will use the Route2 and its Next hop ID address to the Firewall to reach the Internet.

Box 2: Yes -
Yes, with network network peering.

Box 3: No -
Resources in Subnet2 can only reach resources in Subnet1, as gateway transit for virtual network peering has not been configured.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit

Question #37
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You resize the gateway of Vnet1 to a larger SKU.
Does this meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
B
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

Question #38
You have an Azure subscription that contains the virtual networks shown in the following table.

You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.
To which virtual networks can you deploy AF1?
  1. A
    Vnet1 and Vnet4 only
  2. B
    Vnet1, Vnet2, Vnet3, and Vnet4
  3. C
    Vnet1 only
  4. D
    Vnet1 and Vnet2 only
  5. E
    Vnet1, Vnet2, and Vnet4 only

Correct Answer:
C
Azure Firewall operates in a single VNET.
Azure Firewall is a regional service.
Yes. Vnet1: Same VNET and same region.
No. Vnet2: Same Resource Group but different VNET and different region. Must be in the same region.
No. Vnet3: Different VNET, different region. Must be in the same region.
No. Vnet4: Different VNET, same region.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/networking/guide/well-architected-framework-azure-firewall

Question #39
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway from any IP address.
Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
B
The log shows that WAF rule with ruleId 920300 was trigged. Instead we should disable the WAF rule that has a ruleId 920300.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-troubleshoot

Question #40
HOTSPOT -
You have an Azure subscription that contains the route tables and routes shown in the following table.

The subscription contains the subnets shown in the following table.

The subscription contains the virtual machines shown in the following table.

The subscription contains the local network gateways shown in the following table.

There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:


Correct Answer:

 Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Previous Questions Next Questions

All Pages