Microsoft Designing and Implementing Microsoft Azure Networking Solutions AZ-700 Exam Questions

You have an Azure virtual network and an on-premises datacenter.

You need to implement a Site-to-Site VPN connection between the datacenter and the virtual network.

Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a virtual machine named VM1, a virtual network interface card (NIC) named NIC1, and a Basic SKU public IP address named IP1. NIC1 is attached to VM1. IP1 is associated to NIC1.

You need to upgrade IP1 to the Standard SKU.

What should you do first?

You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?

Your company has offices in London, Tokyo, and New York.

The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.

In Asia, you plan to deploy an additional endpoint that will host an updated version of App1. You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testi What should you configure in Traffic Manager?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1. Hub1 has a security status of Unsecured.

You need to ensure that the security status of Hub1 is marked as Secured.

Solution: You implement an Azure Front Door profile.

Does this meet the requirement?

You have an on-premises network named Site1.

You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.

You need to control access to storage1 from Site1 by using network security groups (NSGs).

What should you do first?

You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.

You have a network security group (NSG) named NSG1 associated to each subnet.

When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.

You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:

* Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.

* Minimize changes to NSG1 when a new subnet is created.

What should you use as the destination in the inbound security rule?