004 Az 700 - 96
004 Az 700 - 96
004 Az 700 - 96
https://www.2passeasy.com/dumps/AZ-700/
NEW QUESTION 1
- (Exam Topic 1)
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
Answer: A
Explanation:
VNet 1 will get the default from BGP and propagate it to VNET 2 and 3
NEW QUESTION 2
- (Exam Topic 1)
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
A. a service endpoint
B. Azure Front Door
C. a private endpoint
D. Azure Traffic Manager
Answer: A
NEW QUESTION 3
- (Exam Topic 1)
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements
and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
For the first question, only ExpressRoute GW SKU Ultra Performance support FastPath feature.
For the second question, vnet1 will connect to ExpressRoute gw, once Vnet1 peers with Vnet2, the traffic from on-premise network will bypass GW and Vnet1,
directly goes to Vnet2, while this feature is under public preview.
====Reference
ExpressRoute virtual network gateway is designed to exchange network routes and route network traffic. FastPath is designed to improve the data path
performance between your on-premises network and your virtual network. When enabled, FastPath sends network traffic directly to virtual machines in the virtual
network, bypassing the gateway.
To configure FastPath, the virtual network gateway must be either: Ultra Performance
ErGw3AZ
VNet Peering - FastPath will send traffic directly to any VM deployed in a virtual network peered to the one connected to ExpressRoute, bypassing the
ExpressRoute virtual network gateway.
https://docs.microsoft.com/en-us/azure/expressroute/about-fastpath Gateway SKU
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways
NEW QUESTION 4
- (Exam Topic 2)
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
2, 4
NEW QUESTION 5
- (Exam Topic 2)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 6
- (Exam Topic 2)
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Text Description automatically generated
Box 1: VM2, VM3 and VM4.
VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3.
There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP to VNet1/Subnet2, VNet2 or VNet3. Therefore, VM1 can
ping VM2 in VNet1/Subnet2, VM3 in VNet2 and VM4 in VNet3.
Box 2:
VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound ICMP from VNet3. There are no NSGs blocking inbound ICMP to
VNet1/Subnet1, VNet1/Subnet2 or VNet2 from VNet3 (NSG10 blocks inbound ICMP from VNet4 but not from VNet3). Therefore, VM4 can ping VM1 in
VNet1/Subnet1, VM2 in VNet1/Subnet2 and VM3 in VNet2.
NEW QUESTION 7
- (Exam Topic 3)
You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance.
You need to configure the policy to meet the following requirements:
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview
NEW QUESTION 8
- (Exam Topic 3)
Your company has offices in Montreal. Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address.
You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy! that has
a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that originates from the office in Montreal.
You need to apply a rate limit of 100 requests for traffic that originates from each office. What should you do?
Answer: B
NEW QUESTION 9
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You reset the gateway of
Vnet1.
A. Yes
B. No
Answer: B
Explanation:
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
NEW QUESTION 10
- (Exam Topic 3)
You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure.
You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine.
What should you use?
A. Azure Monitor
B. IP flow verify
C. Connection Monitor
D. Azure Internet Analyzer
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor
NEW QUESTION 10
- (Exam Topic 3)
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks
all outbound traffic that is not allowed explicitly.
Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.
You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.
What should you include in the solution?
A. a service tag
B. a private endpoint
C. a subnet delegation
D. an application security group
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview
NEW QUESTION 11
- (Exam Topic 3)
You have the Azure environment shown in the exhibit.
A. IP1
B. IP2
C. IP3
D. IP4
Answer: A
NEW QUESTION 14
- (Exam Topic 3)
You configure a route table named RT1 that has the routes shown in the following table.
You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 15
- (Exam Topic 3)
You have the Azure load balancer shown in the Load Balancer exhibit.
LB2 has the backend pools shown in the Backend Pools exhibit.
You need to ensure that LB2 distributes traffic to all the members of VMSS1.
What should you do?
Answer: D
NEW QUESTION 18
- (Exam Topic 3)
You have an Azure subscription.
You have the on-premises sites shown the following table.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 22
- (Exam Topic 3)
You have an Azure subscription that contains the public IP addresses shown in the following table.
Answer: D
Explanation:
Only static IPv4 addresses in the Standard SKU are supported. IPv6 doesn’t support NAT. Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview
NEW QUESTION 25
- (Exam Topic 3)
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the
following resources:
* An Azure App Service app named App1
* An Azure DNS zone named contoso.com
* An Azure private DNS zone named private.contoso.com
* A virtual network named Vnet1
You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS. You need to provide a developer with the name that
is registered in Azure DNS for the private endpoint.
What should you provide?
A. app1.privatelink.azurewebsites.net
B. app1.contoso.com
C. app1.contoso.onmicrosoft.com
D. app1.private.contoso.com
Answer: A
NEW QUESTION 30
- (Exam Topic 3)
You plan to publish a website that will use an FQDN of www.contoso.com. The website will be hosted by using the Azure App Service apps shown in the following
table.
You plan to use Azure Traffic Manager to manage the routing of traffic for www.contoso.com between AS1 and AS2.
You need to ensure that Traffic Manager routes traffic for www.contoso.com. Which DNS record should you create?
A. two A records that map wmv.contoso.com to 131 107 100 1 and 131 107 200 1
B. a CNAME record that maps www.contoso.com to TMprofile1.azurefd.net
C. a CNAME record that mapswww.contoso.comtoTMprofile1.trafficmanager.net
D. a TXT record that contains a string ofas1.contoso.com and as2.contoso.com in the details
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/quickstart-create-traffic-manager-profile https://docs.microsoft.com/en-us/azure/app-service/configure-
domain-traffic-manager
NEW QUESTION 33
- (Exam Topic 3)
You have the hybrid network shown in the Network Diagram exhibit.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 35
- (Exam Topic 3)
Azure virtual networks in the East US Azure region as shown in the following table.
The virtual networks are peered to one another. Each virtual network contains four subnets.
You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.
What is the minimum number of IP addresses that you must assign to VM1?
A. 1
B. 2
C. 4
D. 8
Answer: A
NEW QUESTION 39
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL
of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24. Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The parameter here should be RemoteAddr not Request header.
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview#match-variable
NEW QUESTION 44
- (Exam Topic 3)
You have the network security groups (NSGs) shown in the following table.
You have the Azure virtual machines shown in the following table.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 47
- (Exam Topic 3)
You have an Azure virtual network named Vnet1 that connects to an on-premises network. You have an Azure Storage account named storageaccount1 that
contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
Ensure that all on-premises users can access storageaccount1 through the private endpoint.
Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
* 168.63.129.16 is the IP address of Azure DNS which hosts Azure Private DNS zones. It is only accessible from within a VNet which is why we need to forward on-
prem DNS requests to the VM running DNS in the VNet. The VM will then forward the request to Azure DNS for the IP of the storage account private endpoint.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
NEW QUESTION 50
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You enable BGP on the
gateway of Vnet1.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
NEW QUESTION 52
- (Exam Topic 3)
You are configuring two network virtual appliances (NVAs) in an Azure virtual network. The NVAs will be used to inspect all the traffic within the virtual network.
You need to provide high availability for the NVAs. The solution must minimize administrative effort. What should you include in the solution?
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/nva-ha?tabs=cli
NEW QUESTION 54
- (Exam Topic 3)
You have the Azure resources shown in the following table.
You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.
You need to ensure that you can use the service endpoint to connect to the read-only endpoint of storage1 in the paired Azure region.
What should you do first?
Answer: A
NEW QUESTION 55
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL
of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway. Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?
A. Yes
B. No
Answer: A
NEW QUESTION 59
- (Exam Topic 3)
You have an Azure virtual network that contains the subnets shown in the following table.
You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall. You need to ensure that all the hosts on Subnet2 can
access an external site located at https://*.contoso.com. What should you do?
A. Create a network security group (NSG) and associate the NSG to Subnet2.
B. In a firewall policy, create an application rule.
C. In a firewall policy, create a DNAT rule.
D. In a firewall policy, create a network rule.
Answer: B
NEW QUESTION 62
- (Exam Topic 3)
You have an Azure subscription that contains the public IPv4 addresses shown in the following table.
You plan to create a load balancer named LB1 that will have the following settings:
* Name: LB1
* Location: West US
* Type: Public
* SKU: Standard
Which public IPv4 addresses can be used by LB1?
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-public-ip-address
This is because "Load balancer and the public IP address SKU must match when you use them with public IP addresses" https://docs.microsoft.com/en-
us/azure/load-balancer/skus
Standard SKU Load Balancer routes traffic within and across regions, and to Availability Zones for high resiliency.
NEW QUESTION 66
- (Exam Topic 3)
You have an Azure virtual network that contains two subnets named Subnet1 and Subnet2. Subnet1 contains a virtual machine named VM1. Subnet2 contains a
virtual machine named VM2.
You have two network security groups (NSGs) named NSG1 and NSG2. NSG1 has 100 inbound security rules and is associated to VM1. NSG2 has 200 inbound
security rules and is associated to Subnet1.
VM2 cannot connect to VM1.
You suspect that an NSG rule blocks connectivity.
You need to identify which rule blocks the connection. The issue must be resolved as quickly as possible. Which Azure Network Watcher feature should you use?
Answer: C
NEW QUESTION 71
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL
of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion request headers that contain 137.135.10.24. Does this meet the goat?
A. Yes
B. No
Answer: B
NEW QUESTION 75
- (Exam Topic 3)
You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics.
Which two resources should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct answer selection is worth one
point.
Answer: BC
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics A storage acccount is used to store network security group flow logs.
A Log Analytics workspace is used by Traffic Analytics to store the aggregated and indexed data that is then used to generate the analytics.
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#enable-flow-log-settings
NEW QUESTION 78
- (Exam Topic 3)
You have an Azure subscription that contains two virtual networks named Vnet1 and Vnet2.
You register a public DNS zone named fabrikam.com. The zone is configured as shown in the Public DNS Zone exhibit.
You have a private DNS zone named fabrikam.com. The zone is configured as shown in the Private DNS Zone exhibit.
You have a virtual network link configured as shown in the Virtual Network Link exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 79
- (Exam Topic 3)
You have two Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.
You are implementing peering between Hub1 and Spoke1.
You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or
not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=
NEW QUESTION 83
- (Exam Topic 3)
You have an Azure Front Door instance that provides access to a web app. The web app uses a hostname of www.contoso.com.
You have the routing rules shown in the following table.
Which rule will apply to each incoming request? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Table Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-route-matching
NEW QUESTION 87
- (Exam Topic 3)
You have an Azure firewall shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Graphical user interface, text, application, email Description automatically generated
Box 1:
If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet. Forced tunneling can only be enabled during the creation
of the firewall. It cannot be enabled after the firewall has been deployed.
Box 2:
The “Visit Azure Firewall Manager to configure and manage this firewall” link in the exhibit shows that the firewall is managed by Azure Firewall Manager.
NEW QUESTION 92
- (Exam Topic 3)
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)
You have the Azure firewall shown in the Firewall 1 exhibit. (Click the Firewall tab.)
You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 94
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL
of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway. Solution: You add a rewrite rule for the host header.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#limitations
NEW QUESTION 96
- (Exam Topic 3)
You have an Azure subscription that contains an Azure App Service app. The app uses a URL of https://www.contoso.com.
You need to use a custom domain on Azure Front Door for www.contoso.com. The custom domain must use a certificate from an allowed certification authority
(CA).
What should you include in the solution?
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https
Visit Our Site to Purchase the Full Set of Actual AZ-700 Exam Questions With Answers.
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
AZ-700 Product From:
https://www.2passeasy.com/dumps/AZ-700/
* AZ-700 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* AZ-700 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year