Microsoft AZ-700 Exam Practice Test Instant Access

Question 1

You have an on-premises network named Site1.

You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.

You need to control access to storage1 from Site1 by using network security groups (NSGs).

What should you do first?

AAssociate a route table with Subnet1.

BAssociate a NAT gateway with Subnet1.

CConfigure a network policy for private endpoints on Subnet1.

DCreate a subnet delegation on Subnet1.

Answer : C

Question 2

Your company has offices in London, Tokyo, and New York.

The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.

In Asia, you plan to deploy an additional endpoint that will host an updated version of App1. You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testi What should you configure in Traffic Manager?

Aone profile and five endpoints

Btwo profiles and four endpoints

Cthree profiles and four endpoints

Dtwo profiles and five endpoints

Answer : B

Question 3

You need to configure GW1 to meet the network security requirements for the P2S VPN users.

Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

AIKEv2 and OpenVPN (SSL)

BIKEv2

CIKEv2 and SSTP (SSL)

DOpenVPN (SSL)

ESSTP (SSL)

Answer : D

https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

Question 4

Your company has an office in New York.

The company has an Azure subscription that contains the virtual networks shown in the following table.

Name

Location

Vnet1

East LS

Vnet2

North Europe

Vnet3

West US

Vnet4

West Europe

You need to connect the virtual networks to the office by using ExpressRoute. The solution must meet the following requirements:

* The connection must have up to 1 Gbps of bandwidth.

* The office must have access to all the virtual networks.

* Costs must be minimized.

How many ExpressRoute circuits should be provisioned, and which ExpressRoute 5KU should you enable?

Aone ExpressRoute Standard circuit

Bone ExpressRoute Premium circuit

Ctwo ExpressRoute Premium circuits

Dfour ExpressRoute Standard circuits

Answer : B

Question 5

You have an Azure subscription that contains the virtual networks shown in the following table.

You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.

To which virtual networks can you deploy AF1?

AVnet1 only

BVnet1 and Vnet2 only

CVnet1, Vnet2, and Vnet4 only

DVnet1 and Vnet4 only

EVnet1, Vnet2. Vnet3, and Vnet4

Answer : A

Question 6

You have an Azure subscription that is linked to an Azure AD tenant named contoso.onmicrosoft.com. The subscription contains the following resources:

* A virtual network named Vnet1

* An App Service plan named ASPI

* An Azure App Service named webapp1

* An Azure private DNS zone named private.contoso.com

* Virtual machines on Vnet1 that cannot communicate outside the virtual network

You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of https:/Avwwprivate.contosocom.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

ACreate a private endpoint for webapp1.

BCreate a service endpoint for webapp1.

CCreate a CNAME record that maps www.pnvate.contoso.com to webapp1.privatelink.azurewebsites.net.

DCreate a CNAME record that maps wwwprivatemntoso.com to webapp1.contoso.onmicrosoft.com.

ERegister an enterprise application in Azure AD for webapp1.

FCreate a CNAME record that maps wow.private.contoso.com to webapp 1 private@ntoso.com.

Answer : A, D

Question 7

SIMULATION

Task 1

You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.

You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.

ASee the Explanation below for step by step instructions

Answer : A

To deploy a firewall to subnetl-2, you need to create a network virtual appliance (NVA) in the same virtual network as subnetl-2.An NVA is a virtual machine that performs network functions, such as firewall, routing, or load balancing1.

To create an NVA, you need to create a virtual machine in the Azure portal and select an image that has the firewall software installed.You can choose from the Azure Marketplace or upload your own image2.

To assign the IP address of 10.1.2.4 to the NVA, you need to create a static private IP address for the network interface of the virtual machine.You can do this in the IP configurations settings of the network interface3.

To ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the NVA, you need to create a user-defined route (UDR) table and associate it with subnetl-1.A UDR table allows you to override the default routing behavior of Azure and specify custom routes for your subnets4.

To create a UDR table, you need to go to the Route tables service in the Azure portal and select + Create.You can give a name and a resource group for the route table5.

To create a custom route, you need to select Routes in the route table and select + Add.You can enter the following information for the route5:

Destination: 192.168.10.0/24

Next hop type: Virtual appliance

Next hop address: 10.1.2.4

To associate the route table with subnetl-1, you need to select Subnets in the route table and select + Associate.You can select the virtual network and subnet that you want to associate with the route table5.

Microsoft Designing and Implementing Microsoft Azure Networking Solutions AZ-700 Exam Practice Test