Microsoft Microsoft Certified: Azure Network Engineer Associate AZ-700 Questions & Answers
Question 21:
HOTSPOT
You have the Azure resources shown in the following table.
WebApp1 uses the Standard pricing tier.
You need to ensure that WebApp1 can access the virtual machines deployed to Vnet1\Subnet1 and Vnet2\Subnet1. The solution must minimize costs.
What should you create in each virtual network? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
Explanation:
Box 1: An additional subnet
Regional virtual network integration: When you connect to virtual networks in the same region, you must have a dedicated subnet in the virtual network you're integrating with.
Box 2: A VPN gateway
Gateway-required virtual network integration: When you connect directly to virtual networks in other regions or to a classic virtual network in the same region, you need an Azure Virtual Network gateway created in the target virtual network.
Note: If your app is in an App Service Environment, it's already in a virtual network and doesn't require use of the VNet integration feature to reach resources in the same virtual network.
You have the hybrid network shown in the Network Diagram exhibit.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering-Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
Virtual network peering seamlessly connects two Azure virtual networks, merging the two virtual networks into one for connectivity purposes.
Box 2: No No Virtual Gateway is used. Gateway transit is a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity. The following diagram shows how gateway transit works with virtual
network peering.
In the diagram, gateway transit allows the peered virtual networks to use the Azure VPN gateway in Hub-RM. Connectivity available on the VPN gateway, including S2S, P2S, and VNet-to-VNet connections, applies to all three virtual
You have two Azure App Service instances that host the web apps shown the following table.
You deploy an Azure 2 that has one public frontend IP address and two backend pools.
You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.
What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: 2 Listeners
One listener for As1.contoso.com, and one listener for As2.contoso.com.
Note: Multiple site hosting enables you to configure more than one web application on the same port of application gateways using public-facing listeners. It allows you to configure a more efficient topology for your deployments by adding up to 100+ websites to one application gateway. Each website can be directed to its own backend pool. For example, three domains, contoso.com, fabrikam.com, and adatum.com, point to the IP address of the application gateway. You'd create three multi-site listeners and configure each listener for the respective port and protocol setting.
You can also define wildcard host names in a multi-site listener and up to 5 host names per listener.
Box 2: 2 Routing rules
Application Gateway request routing rules Rule type When you create a rule, you choose between basic and path-based.
*
Choose basic if you want to forward all requests on the associated listener (for example, blog.contoso.com/*) to a single backend pool.
*
Choose path-based if you want to route requests from specific URL paths to specific backend pools. The path pattern is applied only to the path of the URL, not to its query parameters.
Associated backend pool
Associate to the rule the backend pool that contains the backend targets that serve requests that the listener receives.
*
For a basic rule, only one backend pool is allowed. All requests on the associated listener are forwarded to that backend pool.
*
For a path-based rule, add multiple backend pools that correspond to each URL path. The requests that match the URL path that's entered are forwarded to the corresponding backend pool. Also, add a default backend pool. Requests that
don't match any URL path in the rule are forwarded to that pool.
You have an Azure subscription that contains the resource groups shown in the following table.
You have the virtual networks shown in the following table.
Vnet1 contains two virtual machines named VM1 and VM2. Vnet2 contains two virtual machines named VM3 and VM4. You have the network security groups (NSGs) shown in the following table that include only default rules.
You have the Azure load balancers shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No
VM2 is in Vnet1.
Vnet1 is located in East US.
Vnet1 has the two subnets Sb1 and Sb2, both in RG1.
Lb2 is in West US and has the Backend pool in Vnet2.
Note: The backend resources must be in the same virtual network as the load balancer for IP based LBs
Box 2: Yes
VM4 and VM3 are both in Vnet2.
Lb2 is also in Vnet2. Lb2 is an internal load balancer. VM3 is in the backend pool of Lb2. Rule is TCP port 1433, backend port 1433.
Note: Public Load Balancers are used to load balance internet traffic to your VMs. An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a
virtual network.
Box 3: Yes
VM1 is in the backend pool of Lb1. Lb1 is a public load balancer.
Rule is TCP port 80, backend port 80.
Note: A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load
Balancers are used to load balance internet traffic to your VMs.
You have an Azure subscription. The subscription contains virtual machines that host websites as shown in the following table.
You have the Azure Traffic Manager profiles shown in the following table.
You have the endpoints shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No
VM1, which is hosting site1.contoso.com, is located in East US. The VM1 endpoint status is degraded. Endpoint monitoring health checks are failing. The endpoint isn't included in DNS responses and doesn't receive traffic.
When an endpoint has a Degraded status, it's no longer returned in response to DNS queries. Instead, an alternative endpoint is chosen and returned. The traffic-routing method configured in the profile determines how the alternative
endpoint is chosen.
Priority. Endpoints form a prioritized list. The first available endpoint on the list is always returned. If an endpoint status is Degraded, then the next available endpoint is returned.
The user will connect to site2.us.contoso.com instead.
Box 2: No
VM3, which is hosting site2.contoso.com, is located in in East US. The VM3 endpoint status is CheckingEndpoint. The endpoint is monitored, but the results of the first probe haven't been received yet. CheckingEndpoint is a temporary state
that usually occurs immediately after adding or enabling an endpoint in the profile. An endpoint in this state is included in DNS responses and can receive traffic.
User will connect to site2.contoso.com, not to site2.uk.contoso.com
Box 3: No VM3, which is hosting site2.contoso.com, is located in in East US. The VM1 endpoint status is CheckingEndpoint, which is OK (see above). User will connect to site2.contoso.com, not to site2.japan.contoso.com
The VNet Integration settings for as123 are configured as shown below.
The Private Endpoint connections settings for as123 are configured as shown below.
Select Yes of the below statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Question 27:
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.
VNet1 and VNet2 are NOT connected to each other.
You need to block traffic from SQL Server 2019 to IIS by using application security groups. The solution must minimize administrative effort.
How should you configure the application security groups? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: 2
All network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in.
We need one application security group for each of the two virtual networks.
Box 2: 3
One network assignment in VNet1. Two network assignments in VNET2.
Allow outbound traffic from Vnet1 and Vnet2 to the internet.
2.
Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints, service endpoints, routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 29:
HOTSPOT
You have two Azure subscriptions named Subscription1 and Subscription2. There are no connections between the virtual networks in two subscriptions.
You configure a private link service as shown in the privatelinkservice1 exhibit. (Click the privatelinkservice1 tab.)
You create a load balancer name in Subscription1 and configure the backend pool shown in the lb1 exhibit. (Click tie 1b1 tab.)
You create a private endpoint in Subscription2 as shown in the privateendpoint4 exhibit. (Click the privateendpoint4)
For each of the following statements, select YES if the statement is true. Otherwise. select No.
Hot Area:
Correct Answer:
Question 30:
HOTSPOT
You have the network security groups (NSGs) shown in the following table.
In NSG1, you create inbound rules as shown in the following table.
You have the Azure virtual machines shown in the following table.
NSG2 has only the default rules configured.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network that contains the subnets shown in the following table.
Hot Area:
Correct Answer:
Box 1: Yes
VM3 is Subnet2. NSG2 applies. The default rule will allow communication.
Box 2: No
VM1 and VM2 is in Subnet1. NSG1 applies. Only traffic on ports 80 and 443 will be allowed. Connection on port 9090 will be denied.
Note: Priority: A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a
result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Box 3: No
VM1 is in Subnet1. NSG1 applies. Only traffic on ports 80 and 443 will be allowed. Connection on port 9090 will be denied.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-700 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
