004 Az 700 - 96

Download as pdf or txt
Download as pdf or txt
You are on page 1of 19

Welcome to download the Newest 2passeasy AZ-700 dumps

https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

Exam Questions AZ-700


Designing and Implementing Microsoft Azure Networking Solutions

https://www.2passeasy.com/dumps/AZ-700/

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

NEW QUESTION 1
- (Exam Topic 1)
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?

A. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3


B. a user-defined route assigned to GatewaySubnet in Vnet1
C. BGP route exchange
D. route filters

Answer: A

Explanation:
VNet 1 will get the default from BGP and propagate it to VNET 2 and 3

NEW QUESTION 2
- (Exam Topic 1)
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?

A. a service endpoint
B. Azure Front Door
C. a private endpoint
D. Azure Traffic Manager

Answer: A

NEW QUESTION 3
- (Exam Topic 1)
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements
and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
For the first question, only ExpressRoute GW SKU Ultra Performance support FastPath feature.
For the second question, vnet1 will connect to ExpressRoute gw, once Vnet1 peers with Vnet2, the traffic from on-premise network will bypass GW and Vnet1,
directly goes to Vnet2, while this feature is under public preview.
====Reference
ExpressRoute virtual network gateway is designed to exchange network routes and route network traffic. FastPath is designed to improve the data path
performance between your on-premises network and your virtual network. When enabled, FastPath sends network traffic directly to virtual machines in the virtual
network, bypassing the gateway.
To configure FastPath, the virtual network gateway must be either: Ultra Performance
ErGw3AZ
VNet Peering - FastPath will send traffic directly to any VM deployed in a virtual network peered to the one connected to ExpressRoute, bypassing the
ExpressRoute virtual network gateway.
https://docs.microsoft.com/en-us/azure/expressroute/about-fastpath Gateway SKU
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways

NEW QUESTION 4
- (Exam Topic 2)
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
2, 4

NEW QUESTION 5
- (Exam Topic 2)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 6
- (Exam Topic 2)
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Text Description automatically generated
Box 1: VM2, VM3 and VM4.
VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3.
There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP to VNet1/Subnet2, VNet2 or VNet3. Therefore, VM1 can
ping VM2 in VNet1/Subnet2, VM3 in VNet2 and VM4 in VNet3.
Box 2:
VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound ICMP from VNet3. There are no NSGs blocking inbound ICMP to
VNet1/Subnet1, VNet1/Subnet2 or VNet2 from VNet3 (NSG10 blocks inbound ICMP from VNet4 but not from VNet3). Therefore, VM4 can ping VM1 in
VNet1/Subnet1, VM2 in VNet1/Subnet2 and VM3 in VNet2.

NEW QUESTION 7
- (Exam Topic 3)
You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance.
You need to configure the policy to meet the following requirements:

Log all connections from Australia.


Deny all connections from New Zealand.
Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute.
What is the minimum number of objects you should create?

A. three custom rules that each has one condition


B. one custom rule that has three conditions
C. one custom rule that has one condition
D. one rule that has two conditions and another rule that has one condition

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview

NEW QUESTION 8
- (Exam Topic 3)
Your company has offices in Montreal. Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address.
You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy! that has
a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that originates from the office in Montreal.
You need to apply a rate limit of 100 requests for traffic that originates from each office. What should you do?

A. Modify the conditions of Rule1.


B. Create two additional associations.
C. Modify the rule type of Rule1.
D. Modify the rate limit threshold of Rule1.

Answer: B

NEW QUESTION 9
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You reset the gateway of
Vnet1.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

NEW QUESTION 10
- (Exam Topic 3)
You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure.
You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine.
What should you use?

A. Azure Monitor
B. IP flow verify
C. Connection Monitor
D. Azure Internet Analyzer

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor

NEW QUESTION 10
- (Exam Topic 3)
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks
all outbound traffic that is not allowed explicitly.
Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.
You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.
What should you include in the solution?

A. a service tag
B. a private endpoint
C. a subnet delegation
D. an application security group

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview

NEW QUESTION 11
- (Exam Topic 3)
You have the Azure environment shown in the exhibit.

VM1 is a virtual machine that has an instance-level public IP address (ILPIP).


Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool. NAT Gateway uses a public IP address named IP3 that is associated to
SubnetA. VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?

A. IP1
B. IP2
C. IP3
D. IP4

Answer: A

NEW QUESTION 14
- (Exam Topic 3)
You configure a route table named RT1 that has the routes shown in the following table.

You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.

You have the resources shown in the following table.

Vnet1 connects to an ExpressRoute circuit.


The on-premises router advertises the following routes:
* 0.0.0.0/0
* 10.0.0.0/16
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 15
- (Exam Topic 3)
You have the Azure load balancer shown in the Load Balancer exhibit.

LB2 has the backend pools shown in the Backend Pools exhibit.

You need to ensure that LB2 distributes traffic to all the members of VMSS1.
What should you do?

A. Add a network interface to VMSS1.


B. Configure a health probe.
C. Add a public IP address to each member of VMSS1.
D. Add a load balancing rule.

Answer: D

NEW QUESTION 18
- (Exam Topic 3)
You have an Azure subscription.
You have the on-premises sites shown the following table.

You plan to deploy Azure Virtual WAN.


You are evaluating Virtual WAN Basic and Virtual WAN Standard.
Which type of Virtual WAN can you use for each site? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 22
- (Exam Topic 3)
You have an Azure subscription that contains the public IP addresses shown in the following table.

You plan to deploy a NAT gateway named NAT1.


Which public IP addresses can be used as the public IP address for NAT1?

A. IP3 and IP5 only


B. IP5 only
C. IP1, IP3, and IP5 only
D. IP3 only
E. IP2 and IP4 only

Answer: D

Explanation:
Only static IPv4 addresses in the Standard SKU are supported. IPv6 doesn’t support NAT. Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview

NEW QUESTION 25
- (Exam Topic 3)
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the
following resources:
* An Azure App Service app named App1
* An Azure DNS zone named contoso.com
* An Azure private DNS zone named private.contoso.com
* A virtual network named Vnet1
You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS. You need to provide a developer with the name that
is registered in Azure DNS for the private endpoint.
What should you provide?

A. app1.privatelink.azurewebsites.net
B. app1.contoso.com
C. app1.contoso.onmicrosoft.com
D. app1.private.contoso.com

Answer: A

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

NEW QUESTION 30
- (Exam Topic 3)
You plan to publish a website that will use an FQDN of www.contoso.com. The website will be hosted by using the Azure App Service apps shown in the following
table.

You plan to use Azure Traffic Manager to manage the routing of traffic for www.contoso.com between AS1 and AS2.
You need to ensure that Traffic Manager routes traffic for www.contoso.com. Which DNS record should you create?

A. two A records that map wmv.contoso.com to 131 107 100 1 and 131 107 200 1
B. a CNAME record that maps www.contoso.com to TMprofile1.azurefd.net
C. a CNAME record that mapswww.contoso.comtoTMprofile1.trafficmanager.net
D. a TXT record that contains a string ofas1.contoso.com and as2.contoso.com in the details

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/quickstart-create-traffic-manager-profile https://docs.microsoft.com/en-us/azure/app-service/configure-
domain-traffic-manager

NEW QUESTION 33
- (Exam Topic 3)
You have the hybrid network shown in the Network Diagram exhibit.

You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.

You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 35
- (Exam Topic 3)
Azure virtual networks in the East US Azure region as shown in the following table.

The virtual networks are peered to one another. Each virtual network contains four subnets.
You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.
What is the minimum number of IP addresses that you must assign to VM1?

A. 1
B. 2
C. 4
D. 8

Answer: A

NEW QUESTION 39
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL
of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24. Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
The parameter here should be RemoteAddr not Request header.
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview#match-variable

NEW QUESTION 44

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

- (Exam Topic 3)
You have the network security groups (NSGs) shown in the following table.

In NSG1, you create inbound rules as shown in the following table.

You have the Azure virtual machines shown in the following table.

NSG2 has only the default rules configured.


For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

NEW QUESTION 47
- (Exam Topic 3)
You have an Azure virtual network named Vnet1 that connects to an on-premises network. You have an Azure Storage account named storageaccount1 that
contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:

Ensure that all on-premises users can access storageaccount1 through the private endpoint.
Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
* 168.63.129.16 is the IP address of Azure DNS which hosts Azure Private DNS zones. It is only accessible from within a VNet which is why we need to forward on-
prem DNS requests to the VM running DNS in the VNet. The VM will then forward the request to Azure DNS for the IP of the storage account private endpoint.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints

NEW QUESTION 50
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You enable BGP on the
gateway of Vnet1.
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

NEW QUESTION 52
- (Exam Topic 3)
You are configuring two network virtual appliances (NVAs) in an Azure virtual network. The NVAs will be used to inspect all the traffic within the virtual network.
You need to provide high availability for the NVAs. The solution must minimize administrative effort. What should you include in the solution?

A. Azure Standard Load Balancer


B. Azure Traffic Manager
C. Azure Application Gateway
D. Azure Front Door

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/nva-ha?tabs=cli

NEW QUESTION 54
- (Exam Topic 3)
You have the Azure resources shown in the following table.

You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.
You need to ensure that you can use the service endpoint to connect to the read-only endpoint of storage1 in the paired Azure region.
What should you do first?

A. Configure the firewall settings for storage1.


B. Fail over storage1 to the paired Azure region.
C. Create a virtual network in the paired Azure region.
D. Create another service endpoint.

Answer: A

NEW QUESTION 55
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL
of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway. Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?

A. Yes
B. No

Answer: A

NEW QUESTION 59
- (Exam Topic 3)
You have an Azure virtual network that contains the subnets shown in the following table.

You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall. You need to ensure that all the hosts on Subnet2 can
access an external site located at https://*.contoso.com. What should you do?

A. Create a network security group (NSG) and associate the NSG to Subnet2.
B. In a firewall policy, create an application rule.
C. In a firewall policy, create a DNAT rule.
D. In a firewall policy, create a network rule.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

Answer: B

NEW QUESTION 62
- (Exam Topic 3)
You have an Azure subscription that contains the public IPv4 addresses shown in the following table.

You plan to create a load balancer named LB1 that will have the following settings:
* Name: LB1
* Location: West US
* Type: Public
* SKU: Standard
Which public IPv4 addresses can be used by LB1?

A. IP1 and IP3 only


B. IP3 only
C. IP3 and IP5 only
D. IP2only
E. IP1, IP2. IP3. IP4. and IP5
F. IP1, IP3, IP4, and 1P5 only

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-public-ip-address
This is because "Load balancer and the public IP address SKU must match when you use them with public IP addresses" https://docs.microsoft.com/en-
us/azure/load-balancer/skus
Standard SKU Load Balancer routes traffic within and across regions, and to Availability Zones for high resiliency.

NEW QUESTION 66
- (Exam Topic 3)
You have an Azure virtual network that contains two subnets named Subnet1 and Subnet2. Subnet1 contains a virtual machine named VM1. Subnet2 contains a
virtual machine named VM2.
You have two network security groups (NSGs) named NSG1 and NSG2. NSG1 has 100 inbound security rules and is associated to VM1. NSG2 has 200 inbound
security rules and is associated to Subnet1.
VM2 cannot connect to VM1.
You suspect that an NSG rule blocks connectivity.
You need to identify which rule blocks the connection. The issue must be resolved as quickly as possible. Which Azure Network Watcher feature should you use?

A. Effective security rules


B. Connection troubleshoot
C. NSG diagnostic
D. NSG flow logs

Answer: C

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

NEW QUESTION 71
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL
of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion request headers that contain 137.135.10.24. Does this meet the goat?

A. Yes
B. No

Answer: B

NEW QUESTION 75
- (Exam Topic 3)
You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics.
Which two resources should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct answer selection is worth one
point.

A. an Azure Monitor workbook


B. a Log Analytics workspace C a storage account
C. an Azure Sentinel workspace
D. an Azure Monitor data collection rule

Answer: BC

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics A storage acccount is used to store network security group flow logs.
A Log Analytics workspace is used by Traffic Analytics to store the aggregated and indexed data that is then used to generate the analytics.
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#enable-flow-log-settings

NEW QUESTION 78
- (Exam Topic 3)
You have an Azure subscription that contains two virtual networks named Vnet1 and Vnet2.
You register a public DNS zone named fabrikam.com. The zone is configured as shown in the Public DNS Zone exhibit.

You have a private DNS zone named fabrikam.com. The zone is configured as shown in the Private DNS Zone exhibit.

You have a virtual network link configured as shown in the Virtual Network Link exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 79
- (Exam Topic 3)
You have two Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.
You are implementing peering between Hub1 and Spoke1.
You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or
not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=

NEW QUESTION 83
- (Exam Topic 3)
You have an Azure Front Door instance that provides access to a web app. The web app uses a hostname of www.contoso.com.
You have the routing rules shown in the following table.

Which rule will apply to each incoming request? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Table Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-route-matching

NEW QUESTION 87
- (Exam Topic 3)
You have an Azure firewall shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Graphical user interface, text, application, email Description automatically generated
Box 1:
If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet. Forced tunneling can only be enabled during the creation
of the firewall. It cannot be enabled after the firewall has been deployed.
Box 2:
The “Visit Azure Firewall Manager to configure and manage this firewall” link in the exhibit shows that the firewall is managed by Azure Firewall Manager.

NEW QUESTION 92
- (Exam Topic 3)
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)

You have the Azure firewall shown in the Firewall 1 exhibit. (Click the Firewall tab.)

You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 94
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL
of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway. Solution: You add a rewrite rule for the host header.
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#limitations

NEW QUESTION 96
- (Exam Topic 3)
You have an Azure subscription that contains an Azure App Service app. The app uses a URL of https://www.contoso.com.
You need to use a custom domain on Azure Front Door for www.contoso.com. The custom domain must use a certificate from an allowed certification authority
(CA).
What should you include in the solution?

A. an enterprise application in Azure Active Directory (Azure AD)


B. Active Directory Certificate Services (AD CS)
C. Azure Key Vault
D. Azure Application Gateway

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

NEW QUESTION 101


......

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Welcome to download the Newest 2passeasy AZ-700 dumps
https://www.2passeasy.com/dumps/AZ-700/ (105 New Questions)

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual AZ-700 Exam Questions With Answers.

We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
AZ-700 Product From:

https://www.2passeasy.com/dumps/AZ-700/

Money Back Guarantee

AZ-700 Practice Exam Features:

* AZ-700 Questions and Answers Updated Frequently

* AZ-700 Practice Questions Verified by Expert Senior Certified Staff

* AZ-700 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* AZ-700 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com


Powered by TCPDF (www.tcpdf.org)

You might also like