Task 4
You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.
Answer : A
Here are the steps and explanations for ensuring that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name stor-age34280945.pnvatelinlcblob.core.windows.net:
Select Save to apply your changes1.
Sign in to your domain registrar's website, and then go to the page for managing DNS settings2.
Create a CNAME record with the following information2:
Source domain name: stor-age34280945.pnvatelinlcblob.core.windows.net
Destination domain name: stor-age34280945.pnvatelinlcblob.core.windows.net
Save your changes and wait for the DNS propagation to take effect2.
Task 3
You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
Answer : A
Here are the steps and explanations for creating a policy that can be linked to the planned application gateway and block connections from IP addresses in the 131.107.150.0/24 range:
On theCreate a WAF policypage,Basicstab, enter or select the following information and accept the defaults for the remaining settings:
Policy for: Regional WAF (Application Gateway)
Subscription: Select your subscription name
Resource group: Select your resource group
Policy name: Type a unique name for your WAF policy
Rule name: Type a unique name for your custom rule
Priority: Type a number that indicates the order of evaluation for this rule
Rule type: Select Match rule
Match variable: Select RemoteAddr
Operator: Select IPMatch
Match values: Type 131.107.150.0/24
Action: Select Block
On theReview + createtab, review your settings and selectCreateto create your WAF policy1.
On theWeb application firewalltab, select your WAF policy from the drop-down list and selectSave
Task 2
You need to create an Azure Firewall instance named FW1 that meets the following requirements:
* Has an IP address from the address range of 10.1.255.0/24
* Uses a new Premium firewall policy named FW-pohcy1
* Routes traffic directly to the internet
Answer : A
Task 1
You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.
You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.
Answer : A
Destination: 192.168.10.0/24
Next hop type: Virtual appliance
Next hop address: 10.1.2.4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAFT.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You configure a custom rule for WAF1.
Does this meet the goal?
Answer : A
Topic 4, Labs / Tasks
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.
You have a network security group (NSG) named NSG1 associated to each subnet.
When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.
You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:
* Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.
* Minimize changes to NSG1 when a new subnet is created.
What should you use as the destination in the inbound security rule?
Answer : C
You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks.
You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub.
You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution.
What should you include in the solution?
Answer : B