Microsoft AZ-700 Online Practice Questions and Exam Preparation

Microsoft AZ-700 Online Questions & Answers

• Question 271:

  You have an Azure subscription that contains a distributed web app named App1. App1 is hosted across multiple Azure regions.

  You need to recommend a solution for routing user requests to App. The solution must meet the following requirements:

  1. Support the routing of a user request to a resource based on the URL of the request.

  2. Support query string replacement.

  3. Minimize network latency.

  What should you include in the recommendation?

  A. Azure Load Balancer
  B. Azure Traffic Manager
  C. Azure Content Delivery Network (CDN)
  D. Azure Front Door
  D. Azure Front Door

• Question 272:

  You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure.

  You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine.

  What should you use?

  A. Azure Monitor
  B. IP flow verify
  C. Connection Monitor
  D. Azure Internet Analyzer
  C. Connection Monitor

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor

• Question 273:

  HOTSPOT

  You have an Azure subscription that contains an Azure Firewall policy named FWPolicy1.

  You need to configure FWPolicy1 to meet the following requirements:

  Allow traffic based on the FQDN of the destination.

  Allow TCP traffic based on the source.

  Which types of rules should you use for each requirement? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Application only

  Allow traffic based on the FQDN of the destination.

  You can use an FQDN tag in application rules to allow the required outbound network traffic through your firewall. For example, to manually allow Windows Update network traffic through your firewall, you need to create multiple application rules per the Microsoft documentation. Using FQDN tags, you can create an application rule, include the Windows Updates tag, and now network traffic to Microsoft Windows Update endpoints can flow through your firewall.

  Box 2: Network or DNAT only Allow TCP traffic based on the source.

  There are three types of rule collections:

  Application rules: Configure fully qualified domain names (FQDNs) that can be accessed from a Virtual Network.

  Network rules: Configure rules that contain source addresses, protocols, destination ports, and destination addresses.

  NAT rules: Configure DNAT rules to allow incoming Internet connections.

  Note NAT:

  Microsoft refers to the form of NAT as being Destination Network Address Translation (DNAT). The rules work with the following parameters:

  Name: A label for the rule.

  *-> Protocol: TCP or UDP.

  Source Address: * (Internet), a specific Internet address, or a CIDR block.

  Destination Address: Expect this to be renamed - this refers to the external address of the firewall that the rule will inspect.

  Destination Ports: The TCP or UDP ports that the rule will listen to on the external IP address of the firewall.

  Translated Address: The IP address of the service (virtual machine, internal load balancer, and so on) that privately hosts or presents the service.

  Translated Port: The port that the inbound traffic will be routed to by the Azure Firewall.

  References:

  https://learn.microsoft.com/en-us/azure/firewall/fqdn-tags

  https://learn.microsoft.com/en-us/azure/firewall/firewall-faq

  https://petri.com/the-three-different-types-of-rules-that-are-in-the-azure-firewall/

• Question 274:

  You have an application deployed in to two Azure app services as shown below.

  

  You need to control the threshold for failing over the front end to the standby region.

  What should you configure?

  A. An application Insights availability test
  B. Azure SQL Database failover groups
  C. Connection Monitor in Azure Network Watcher
  D. Endpoint monitor settings in Traffic Manager
  D. Endpoint monitor settings in Traffic Manager

  ---

  Explanation

  Correct Answer(s):

  Endpoint monitor settings in Traffic Manager - You need to configure endpoint monitoring settings Tolerated number of failures - This value specifies how many failures a Traffic Manager probing agent tolerates before marking that endpoint as unhealthy. Its value can range between 0 and 9. A value of 0 means a single monitoring failure can cause that endpoint to be marked as unhealthy. If no value is specified, it uses the default value of 3.

  https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoringWrongAnswers:AnapplicationInsightsavailabilitytest-Thisisasimpletestthroughtheportaltovalidatewhetheranendpointisresponding,andmeasureperformanceassociatedwiththatresponse.

  Azure SQL Database failover groups - The requirement is front-end failover.

  Connection Monitor in Azure Network Watcher - Connection Monitor provides unified end-to-end connection monitoring in Azure Network Watcher. For example, your front-end web server VM communicates with a database server VM in a multi-tier application. You want to check network connectivity between the two VMs.

• Question 275:

  DRAG DROP

  You have two Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.

  You are implementing peering between Hub1 and Spoke1.

  You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.

  How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  References:

  https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli#virtual-network-peering

• Question 276:

  What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

  A. a private endpoint
  B. a routing table
  C. a service endpoint
  D. a private link service
  E. a virtual network peering
  E. a virtual network peering

  ---

  Explanation

  There is no virtual network peering between VM4's VNet (VNet3) and VM5's VNet (VNet4). To enable the VMs to communicate over the Microsoft backbone network a VNet peering is required between VNet3 and VNet4.

• Question 277:

  HOTSPOT

  You have an Azure subscription that contains virtual networks, network security groups (NSGs), load balancer, virtual machines, and virtual network gateways.

  You enable Azure Monitor Network Insights.

  You need to perform the following actions:

  1. Review the NSG flow logs.

  2. Monitor resource utilization.

  3. Review the results of IP flow verify testing.

  Which Azure Monitor Network Insights feature should you use for each action? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Traffic Review the NSG Flow logs

  Traffic Analytics within Network Insights can be used to monitor network traffic to and from clusters and identify potential data exfiltration. This feature, also part of Azure Monitor Network Insights, leverages NSG flow logs to provide a comprehensive view of traffic flow, helping you identify potential security risks and optimize network configurations.

  Box 2: Topology Monitor resource utilization

  To monitor resource utilization in your Azure network, use Network Watcher's Topology and Traffic Analytics features in conjunction with Azure Monitor's Metrics and Logs capabilities

  Azure Monitor Network Insights:

  Topology: Provides a visual representation of your Azure virtual network and connected resources, helping you understand the relationships between them. You can drill down into specific resources, like VMs, to see their traffic and connectivity insights and access diagnostic tools.

  Box 3: Diagnostic Toolkit Review the results of IP flow verify testing

  Diagnostic Toolkit provides access to all the diagnostic features available for troubleshooting the network.

  You can use this drop-down list to access features like packet capture, VPN troubleshoot, connection troubleshoot, next hop, and IP flow verify:

  References:

  https://learn.microsoft.com/en-us/azure/network-watcher/network-insights-overview

• Question 278:

  Your company has two on-premises sites in New York and Los Angeles.

  Your company has Azure virtual networks in the East US Azure region and the West US Azure region.

  Each on-premises site has Azure ExpressRoute circuits to both regions.

  You need to recommend a solution that meets the following requirements:

  Outbound traffic to the Internet from workloads hosted on the virtual networks must be routed through the closest available on-premises site.

  If an on-premises site fails, traffic from the workloads on the virtual networks to the Internet must reroute automatically to the other site.

  What should you include in the recommendation to route from virtual networks to on-premises locations?

  A. Azure Default routes
  B. Border Gateway Protocol (BGP)
  C. User-defined routes
  B. Border Gateway Protocol (BGP)

  ---

  Explanation

  Correct Answer(s):

  Border Gateway Protocol (BGP) - You must use BGP to advertise on-premises routes to the Microsoft Edge router. You cannot create user-defined routes to force traffic to the ExpressRoute virtual network gateway if you deploy a virtual network gateway deployed as type: ExpressRoute.

  https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#next-hop-types-across-azure-tools

  Wrong Answers:

  Azure Default routes - When outbound traffic is sent from a subnet, Azure selects a route based on the destination IP address, using the longest prefix match algorithm.

  User-defined routes - You cannot create user-defined routes to force traffic to the ExpressRoute virtual network gateway if you deploy a virtual network gateway deployed as type: ExpressRoute.

• Question 279:

  SIMULATION

  

  Username and password

  Use the following login credentials as needed:

  To enter your username, place your cursor in the Sign in box and click on the username below.

  To enter your password, place your cursor in the Enter password box and click on the password below.

  Azure Username: [email protected] Azure Password: xxxxxxxxxx

  If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

  The following information is for technical support purposes only:

  Lab Instance: 12345678

  You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.

  To complete this task, sign in to the Azure portal.

  A. See explanation below.
  B. Placeholder
  C. Placeholder
  D. Placeholder
  A. See explanation below.

  ---

  Explanation

  You can create a virtual network before you create a virtual machine or you can create the virtual network as you create a virtual machine.

  You create these resources to support communication with a virtual machine:

  Network interfaces

  IP addresses

  Virtual network and subnets

  Create a virtual network

  Step 1: Select Create a resource in the upper left-hand corner of the portal.

  Step 2: In the search box, enter Virtual Network. Select Virtual Network in the search results.

  Step 3: In the Virtual Network page, select Create.

  Step 4: In Create virtual network, enter or select this information in the Basics tab:

  

  Step 5:

  Enter Region: France Central

  Step 6: Select the IP Addresses tab, or select the Next: IP Addresses button at the bottom of the page and enter in the following information then select

  Add:

  

  Step 7: For IPv4 address space enter: 10.5.1.0/16

  Step 8: Click Add subnet

  Step 9: For Subnet address range Enter 10.5.1.0/24.

  Step 10: Finish the wizard.

  References:

  https://learn.microsoft.com/en-us/azure/virtual-network/quick-create-portal

• Question 280:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

  You configure the application gateway to direct traffic to the URL of the application gateway.

  You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

  

  You need to ensure that the URL is accessible through the application gateway from any IP address.

  Solution: You add a rewrite rule for the host header.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#limitations