Microsoft AZ-700 Online Practice Questions and Exam Preparation

Microsoft AZ-700 Online Questions & Answers

• Question 351:

  You have an Azure subscription. The subscription contains a locally-redundant storage 1LRS) account named stoiage1 that is deployed to the US East Azure region and has a Microsoft Storage service endpoint.

  You set Redundancy for storage 1 to Read-access geo-redundant storage (RA-GRS)

  You need to ensure that the contents of storage1 will be accessible by using a service endpoint in a paired region.

  The solution must minimize administrative effort What should you do first?

  A. Create an object replication rule for storage1.
  B. From storage1. select Secure transfer required.
  C. Create a service endpoint policy.
  D. Delete the existing service endpoint.
  D. Delete the existing service endpoint.

• Question 352:

  SIMULATION

  

  Username and password

  Use the following login credentials as needed:

  To enter your username, place your cursor in the Sign in box and click on the username below.

  To enter your password, place your cursor in the Enter password box and click on the password below.

  Azure Username: [email protected] Azure Password: xxxxxxxxxx

  If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

  The following information is for technical support purposes only:

  Lab Instance: 12345678

  You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall1.

  The on-premises network has the following configuration:

  Internal address range: 10.10.0.0/16

  Firewall1 internal IP address: 10.10.1.1

  Firewall1 public IP address: 131.107.50.60

  BGP is not used.

  You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do not need to create a virtual network gateway to complete this task.

  To complete this task, sign in to the Azure portal.

  A. See explanation below.
  B. Placeholder
  C. Placeholder
  D. Placeholder
  A. See explanation below.

  ---

  Explanation

  Create a site-to-site VPN connection in the Azure portal We only create a local network gateway

  The local network gateway is a specific object that represents your on-premises location (the site) for routing purposes. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you'll create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.

  Step 1: From the Azure portal, in Search resources, services, and docs (G+/) type local network gateway. Locate local network gateway under Marketplace in the search results and select it. This opens the Create local network gateway page.

  Step 2: On the Create local network gateway page, on the Basics tab, specifiy the values for your local network gateway.

  * Select Endpoint type: IP address

  * Endpoint: Enter 131.107.50.60 (The Firewall public IP address)

  (IP address: If you have a static public IP address allocated from your Internet service provider for your VPN device, select the IP address option and fill in the IP address as shown in the example. This is the public IP address of the VPN device that you want Azure VPN gateway to connect to. If you don't have the IP address right now, you can use the values shown in the example, but you'll need to go back and replace your placeholder IP address with the public IP address of your VPN device. Otherwise, Azure won't be able to connect.)

  * Address Space: Enter 10.10.0.0/16 (The internal address range)

  Select the endpoint type for the on-premises VPN device - IP address or FQDN (Fully Qualified Domain Name).

  IP address: If you have a static public IP address allocated from your Internet service provider for your VPN device.

  

  Step 3: On the Advanced tab, you can configure BGP settings if needed. Skip this.

  Step 4: When you have finished specifying the values, select Review + create at the bottom of the page to validate the page.

  Step 5: Select Create to create the local network gateway object.

  References:

  https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

• Question 353:

  You have an Azure application gateway configured for a single website that is available at https://www.contoso.com.

  The application gateway contains one backend pool and one rule. The backend pool contains two backend servers. Each backend server has an additional website that is available on port 8080.

  You need to ensure that if port 8080 is unavailable on a backend server, all the traffic for https://www.contoso.com is redirected to the other backend server.

  What should you do?

  A. Create a health probe
  B. Add a new rule
  C. Change the port on the listener
  D. Add a new listener
  A. Create a health probe

  ---

  Explanation

  By default, Azure Application Gateway probes backend servers to check their health status and to check whether they're ready to serve requests. Users can also create custom probes to mention the host name, the path to be probed, and the status codes to be accepted as Healthy. In each case, if the backend server doesn't respond successfully, Application Gateway marks the server as Unhealthy and stops forwarding requests to the server. After the server starts responding successfully, Application Gateway resumes forwarding the requests.

  Note: The default probe request is sent in the format of <protocol>://127.0.0.1:<port>/. For example,

  http://127.0.0.1:80

  for an http probe on port 80. Only HTTP status codes of 200 through 399 are considered healthy. The protocol and destination port are inherited from the HTTP settings. If you wantApplicationGatewaytoprobeonadifferentprotocol,hostname,orpathandtorecognizeadifferentstatuscodeasHealthy,configureacustomprobeandassociateitwiththeHTTPsettings.

  References:

  https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting

• Question 354:

  HOTSPOT

  You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2.

  Both subnets contain virtual machines.

  You create a NAT gateway named NATgateway1 as shown in the following exhibit.

  

  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Both Subnet1 and Subnet2 From exhibit: Subnets None Virtual network: VNet1

  VNet1 contains Subnet1 and Subnet2.

  Azure NAT Gateway resources enable outbound Internet connections from subnets in a virtual network.

  After NAT gateway is added to the subnet of the virtual network, all new connections will then use NAT gateway for making outbound connections.

  Incorrect:

  * Gateway subnet

  Before you create a VPN gateway, you must create a gateway subnet. The gateway subnet contains the IP addresses that the virtual network gateway VMs and services use. When you create your virtual network gateway, gateway VMs are deployed to the gateway subnet and configured with the required VPN gateway settings. Never deploy anything else (for example, additional VMs) to the gateway subnet. The gateway subnet must be named 'GatewaySubnet' to work properly. Naming the gateway subnet 'GatewaySubnet' let's Azure know that this is the subnet to deploy the virtual network gateway VMs and services to.

  Box 2: 16 IP addresses

  From exhibit: Public IP address: None Public IP prefix is specified.

  The /28 address range in the prefix provided 16 IP addresses.

  Note: Add public IP prefix

  Public IP prefixes extend the extensibility of SNAT for outbound connections from the NAT gateway. A public IP prefix avoids SNAT port exhaustion. Each IP provides 64,512 ephemeral ports to NAT gateway for connecting outbound.

  When assigning a public IP prefix to a NAT gateway, the entire range will be used.

  References:

  https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/configure-public-ip-nat-gateway

• Question 355:

  Your company has a single on-premises datacenter in Washington DC. The East US Azure region has a peering location in Washington DC.

  The company only has Azure resources in the East US region.

  You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.

  Which type of ExpressRoute circuits should you create?

  A. ExpressRoute Local
  B. ExpressRoute Direct
  C. ExpressRoute Premium
  D. ExpressRoute Standard
  A. ExpressRoute Local

  ---

  Explanation

  Expressroute Local supports this particular networking scenario for two reasons.

  1. The Washington DC peering location has East US as its Local Azure region. So, you don't need access to all the Geopolitical locations in order to connect the on-prem DC to Azure. Which means you won't necessarily need Expressroute standard.

  2. ExpressRoute Local is a more economical solution compared to the standard.

  https://learn.microsoft.com/en-us/azure/expressroute/expressroute-faqs#what-are-the-benefits-of-expressroute-local

  https://learn.microsoft.com/en-us/azure/expressroute/expressroute-locations-providers#global-commercial-azure

• Question 356:

  HOTSPOT

  You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the resources shown in the following table.

  

  You need to publish App1 by using AG1 and a URL of https://app1.contoso.com. The solution must meet the following requirements:

  1. TLS connections must terminate on AG1.

  2. Minimize the number of targets in the backend pool of AG1.

  3. Minimize the number of deployed copies of the SSL certificate of App1.

  How many locations should you import to the certificate, and how many targets should you add to the backend pool of AG1? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 357:

  You have an Azure subscription that contains an Azure App Service web app named WebApp1 and an Azure Front Door profile named FDProfile1. FDProfile1 forwards requests addressed to https://www.contoso.com to WebApp1.

  You need to ensure that only requests addressed to https://www.contoso.com/users/* are forwarded to WebApp1.

  What should you modify in FDProfile1?

  A. the origin group
  B. the endpoint
  C. the routes
  D. the domain
  C. the routes

• Question 358:

  HOTSPOT

  You ate configuring the DNS forwarding luleset for DNSR1

  You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.

  Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 359:

  Your company has offices in Montreal, Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address.

  You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy1 that has a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that originates from the office in Montreal.

  You need to apply a rate limit of 100 requests for traffic that originates from each office.

  What should you do?

  A. Modify the rate limit threshold of Rule1.
  B. Create two additional associations.
  C. Modify the conditions of Rule1.
  D. Modify the rule type of Rule1.
  C. Modify the conditions of Rule1.

• Question 360:

  DRAG DROP

  You have two Azure subscriptions named Subscnption1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.

  You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.

  Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  Select and Place:

  

  

  ---

  Step 1: Deploy an Azure Load Balancer in front of the application server Configure your application to run behind a standard load balancer in your virtual network.

  Step 2: In Subscription 1, create a private link service and attach the service to the frontend IP configuration of the load balancer.

  Create a Private Link Service referencing the load balancer above.

  Step 3: In Subscription 2, create a private endpoint by using the private link service.

  Private Link service can be accessed from approved private endpoints in any public region. The private endpoint can be reached from the same virtual network, regionally peered VNets, globally peered VNets and on premises using private VPN or ExpressRoute connections.

  

  Step 4: In Subscription1, accept the private endpoint connection request.

  Network connections can be initiated only by clients that are connecting to the private endpoint.

  Not:

  Incorrect: Enable virtual network peering between Vnet1 and Vnet2.

  References:

  https://docs.microsoft.com/en-us/azure/private-link/private-link-service-overview

  https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview