Microsoft AZ-700 Exam Practice Test Instant Access

Question 1

You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks.

You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub.

You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution.

What should you include in the solution?

AAn Azure Virtual WAN ExpressRoute gateway

BA Network Virtual Appliance (NVA)

CA Site to site gateway (VPN gateway)

DA Point to site gateway (User VPN gateway)

Answer : B

Question 2

You have an Azure subscription that contains an Azure Front Door named FD1. FD1 is configured as shown in the following exhibit.

You need to enable Azure Private Link for FD1.

What should you do first?

ACreate an origin group.

BAdd an endpoint.

CChange Pricing Tier to Azure Front Door Premium.

DCreate a custom route.

Answer : C

Question 3

SIMULATION

Task 3

You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.

ASee the Explanation below for step by step instructions

Answer : A

To ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, you can useVirtual Network Peering. This method connects the two virtual networks directly through the Microsoft backbone network, ensuring low-latency and high-bandwidth communication.

Step-by-Step Solution

Step 1: Set Up Virtual Network Peering

Navigate to the Azure Portal.

Search for ''Virtual networks''and select VNET1.

In the left-hand menu, select''Peerings''under the ''Settings'' section.

Click on ''Add''to create a new peering.

Enter the following details:

Name: Enter a name for the peering (e.g.,VNET1-to-VNET2).

Peer virtual network: Select VNET2.

Allow virtual network access: Ensure this is enabled.

Allow forwarded traffic: Enable if needed.

Allow gateway transit: Enable if needed.

Click on ''Add''.

Step 2: Configure Peering on VNET2

Navigate to VNET2in the Azure Portal.

In the left-hand menu, select''Peerings''under the ''Settings'' section.

Click on ''Add''to create a new peering.

Enter the following details:

Name: Enter a name for the peering (e.g.,VNET2-to-VNET1).

Peer virtual network: Select VNET1.

Allow virtual network access: Ensure this is enabled.

Allow forwarded traffic: Enable if needed.

Allow gateway transit: Enable if needed.

Click on ''Add''.

Explanation

Virtual Network Peering: This feature connects two virtual networks in the same or different regions, allowing resources in both networks to communicate with each other as if they were part of the same network.The traffic between peered virtual networks uses the Microsoft backbone infrastructure, ensuring low latency and high bandwidth12.

Allow Virtual Network Access: This setting ensures that the virtual networks can communicate with each other.

Allow Forwarded Traffic: This setting allows traffic forwarded from a network security appliance in the peered virtual network.

Allow Gateway Transit: This setting allows the peered virtual network to use the gateway in the local virtual network.

By following these steps, you can ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, leveraging the high-speed Microsoft backbone network.

Question 4

You have an on-premises network named Site1.

You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.

You need to control access to storage1 from Site1 by using network security groups (NSGs).

What should you do first?

AAssociate a route table with Subnet1.

BAssociate a NAT gateway with Subnet1.

CConfigure a network policy for private endpoints on Subnet1.

DCreate a subnet delegation on Subnet1.

Answer : C

Question 5

You have two Azure subscriptions named Sub1 and Sub2. Sub1 contains a virtual machine named VM1.

You plan to make VM1 available to the resources in Sub2 by using Azure Private Link.

You need to ensure that the private link service can be configured to provide access to VM1.

What should you configure in Sub1 first?

Aa service endpoint

Ban Azure Private DNS zone

Ca private endpoint

Dan Azure load balancer

Answer : C

Question 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1.

Hub1 has a security status of Unsecured.

You need to ensure that the security status of Hub1 is marked as Secured.

Solution: You implement Azure Web Application Firewall (WAF).

Does this meet the requirement?

AYes

BNo

Answer : B

Question 7

You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.

Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.)

NOTE: Each correct selection is worth one point.

Aa virtual network gateway

BAzure Application Gateway

CAzure Firewall

Da local network gateway

EAzure Front Door

Answer : A, D

https://docs.microsoft.com/en-us/azure/vpn-gateway/bgp-howto

Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Exam Practice Test