Microsoft Microsoft Certified: Azure Network Engineer Associate AZ-700 Questions & Answers
Question 31:
HOTSPOT
You configure a route table named RT1 that has the routes shown in the following table.
You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.
You have the resources shown in the following table.
Vnet1 connects to an ExpressRoute circuit. The on-premises router advertises the following routes:
1.
0.0.0.0/0
2.
10.0.0.0/16
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
NVA1 with IP (NVA-network virtual appliance) 192.168.0.4 is on the DMZ subnet. It will use route 10.0.0.0/16 to the on-premises network.
Box 2: No
VM2 has IP address 192.168.2.4 and is on the BackEnd subnet. VM2 will not use the RT1 route table, and will not reach the on-premises network through NVA1.
Box 3: Yes
VM1 with IP address 192.168.1.4 is on the FrontEnd subnet, and will use the RT1 routing table. It will use Route2 and Next Hop IP address 192.168.0.4, IP address of NVA1, to reach VM2.
Question 32:
HOTSPOT
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)
You have the Azure firewall shown in the Firewall 1 exhibit. (Click the Firewall tab.)
You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
Resources in Subnet1 will use the Route2 and its Next hop ID address to the Firewall to reach the Internet.
Box 2: Yes
Yes, with network network peering.
Box 3: No
Resources in Subnet2 can only reach resources in Subnet1, as gateway transit for virtual network peering has not been configured.
You have an Azure subscription that contains a single virtual network and a virtual network gateway.
You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD).
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: An enterprise application
Enable Azure AD authentication on the VPN gateway:
1.
Locate the Directory ID of the directory that you want to use for authentication. It's listed in the properties section of the Active Directory page.
2.
Under your Azure AD, in Enterprise applications, you see Azure VPN listed. Copy the Directory ID.
3.
Sign in to the Azure portal as a user that is assigned the Global administrator role.
4.
Next, give admin consent. Copy and paste the URL that pertains to your deployment location in the address bar of your browser.
5.
Select the Global Admin account if prompted.
6.
Select Accept when prompted.
7. Under your Azure AD, in Enterprise applications, you see Azure VPN listed.
Box 2: Open VPN (SSL)
When you connect to your VNet using Point-to-Site, you have a choice of which protocol to use. The protocol you use determines the authentication options that are available to you. If you want to use Azure Active Directory authentication,
You have a web application that uses Azure Traffic Manager for load balancing. End users must be routed to the closest endpoint for lowest network latency. Which traffic-routing method should you configure?
A. Performance
B. Geographic
C. Priority
Correct Answer: A
Correct Answer(s):
Performance Use when you have endpoints in different geographic locations, and you want end users to use the "closest" endpoint for the lowest network latency.
Wrong Answers:
Geographic - Select this routing method to direct users to specific endpoints (Azure, External, or Nested) based on where their DNS queries originate from geographically.
Priority - Select this routing method when you want to have a primary service endpoint for all traffic. You can provide multiple backup endpoints in case the primary or one of the backup endpoints is unavailable
Question 35:
HOTSPOT
You have the Azure environment shown in the exhibit.
You have virtual network peering between Vnet1 and Vnet2. You have virtual network peering between Vnet4 and Vnet5. The virtual network peering is configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Correct Answer:
Box 1: Yes
Virtual network peering seamlessly connects two Azure virtual networks, merging the two virtual networks into one for connectivity purposes. Gateway transit is a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity.
The following diagram shows how gateway transit works with virtual network peering.
In the diagram, gateway transit allows the peered virtual networks to use the Azure VPN gateway in Hub-RM. Connectivity available on the VPN gateway, including S2S, P2S, and VNet-to-VNet connections, applies to all three virtual
networks.
In hub-and-spoke network architecture, gateway transit allows spoke virtual networks to share the VPN gateway in the hub, instead of deploying VPN gateways in every spoke virtual network.
Box 2: Yes
VM2 uses the remote gateway GW1 to reach VM4.
Box 3: No
VM2 can reach VM4 through GW1, but not VM5 as VNEt1 does not use remote Gateways.
You have the hybrid network shown in the Network Diagram exhibit.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering-Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
Virtual network peering seamlessly connects two Azure virtual networks, merging the two virtual networks into one for connectivity purposes.
Box 2: No No Virtual Gateway is used. Gateway transit is a peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity. The following diagram shows how gateway transit works with virtual network peering.
In the diagram, gateway transit allows the peered virtual networks to use the Azure VPN gateway in Hub-RM. Connectivity available on the VPN gateway, including S2S, P2S, and VNet-to-VNet connections, applies to all three virtual
You have the Azure environment shown in the Azure Environment exhibit.
The settings for each subnet are shown in the following table.
The Firewalls and virtual networks settings for storage1 are configured as shown in the Storage1 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 38:
HOTSPOT
You have two Azure App Service instances that host the web apps shown the following table.
You deploy an Azure 2 that has one public frontend IP address and two backend pools.
You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.
What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: 2 Listeners
One listener for As1.contoso.com, and one listener for As2.contoso.com.
Note: Multiple site hosting enables you to configure more than one web application on the same port of application gateways using public-facing listeners. It allows you to configure a more efficient topology for your deployments by adding up to 100+ websites to one application gateway. Each website can be directed to its own backend pool. For example, three domains, contoso.com, fabrikam.com, and adatum.com, point to the IP address of the application gateway. You'd create three multi-site listeners and configure each listener for the respective port and protocol setting.
You can also define wildcard host names in a multi-site listener and up to 5 host names per listener.
Box 2: 2 Routing rules
Application Gateway request routing rules Rule type When you create a rule, you choose between basic and path-based.
*
Choose basic if you want to forward all requests on the associated listener (for example, blog.contoso.com/*) to a single backend pool.
*
Choose path-based if you want to route requests from specific URL paths to specific backend pools. The path pattern is applied only to the path of the URL, not to its query parameters.
Associated backend pool
Associate to the rule the backend pool that contains the backend targets that serve requests that the listener receives.
*
For a basic rule, only one backend pool is allowed. All requests on the associated listener are forwarded to that backend pool.
*
For a path-based rule, add multiple backend pools that correspond to each URL path. The requests that match the URL path that's entered are forwarded to the corresponding backend pool. Also, add a default backend pool. Requests that
don't match any URL path in the rule are forwarded to that pool.
Your company has 10 instances of a web service. Each instance is hosted in a different Azure region and is accessible through a public endpoint.
The development department at the company is creating an application named App1. Every 10 minutes, App1 will use a list of endpoints and connect to the first available endpoint.
You plan to use Azure Traffic Manager to maintain the list of endpoints.
You need to configure a Traffic Manager profile that will minimize the impact of DNS caching.
What should you configure? To answer, select the appropriate options in the answer area.
You have two Azure virtual networks named Vnet1 and Vnet2 in an Azure region that has three availability zones.
You deploy 12 virtual machines to each virtual network, deploying four virtual machines per zone. The virtual machines in Vnet1 host an app named App1. The virtual machines in Vnet2 host an app named App2.
You plan to use Azure Virtual Network NAT to implement outbound connectivity for App1 and App2.
You need to identify the minimum number of subnets and Virtual Network NAT instances required to meet the following requirements:
1.
A failure of two zones must NOT affect the availability of either App1 or App2.
2.
A failure of two zones must NOT affect the outbound connectivity of either App1 or App2.
What should you identify? To answer, select the appropriate options in the answer area.
"The pattern you want to use for zone isolation is creating a "zonal stack" per availability zone. This "zonal stack" consists of virtual machine instances, a NAT gateway resource with public IP addresses or prefix on a subnet all in the same
zone.
Failure of outbound connectivity due to a zone outage is isolated to the specific zone affected. The outage won't affect the other zonal stacks where other NAT gateways are deployed with their own subnets and zonal public IPs."
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-700 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
