Practice Free AZ-700 Exam Online Questions

HOTSPOT

You have an Azure subscription

You plan to use Azure Virtual WAN.

You need to deploy a virtual WAN hub that meets the following requirements:

• Supports 4 Gbps of Site-to-Site (S2S) VPN traffic

• Supports 8 Gbps of ExpressRoute traffic

• Minimizes costs

How many scale units should you configure? To answer select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

DRAG DROP

You have an Azure subscription that contains the resources shown in the following table.

You need to associate Gateway 1 with Subnet1. The solution must minimize downtime on VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Reveal Solution Hide Solution

Correct Answer:

You have an Azure Front Door instance that has a single frontend named Frontend1 and an Azure Web Application Firewall (WAF) policy named Policy1. Policy1 redirects requests that have a header containing "string1" to https://www.contoso.com/redirect1. Policy1 is associated to Frontend1. You need to configure additional redirection settings. Requests to Frontend1 that have a header containing "string2" must be redirected to https://www.contoso.com/redirect2.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

HOTSPOT

You have an Azure firewall shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1:

If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet. Forced tunneling can only be enabled during the creation of the firewall. It cannot be enabled after the firewall has been deployed.

Box 2:

The “Visit Azure Firewall Manager to configure and manage this firewall” link in the exhibit shows that the firewall is managed by Azure Firewall Manager.

You have an Azure subscription that contains a user named Admin1 and a resource group named RG1.

RG1 contains an Azure Network Watcher instance named NW1.

You need to ensure that Admin1 can place a lock on NW1. The solution must use the principle of least privilege.

Which role should you assign to Admin1?

Reveal Solution Hide Solution

You fail to establish a Site-to-Site VPN connection between your company’s main office and an Azure virtual network.

You need to troubleshoot what prevents you from establishing the IPsec tunnel.

Which diagnostic log should you review?

Reveal Solution Hide Solution

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following resources:

* A virtual network named Vnet1

* A subnet named Subnet1 in Vnet1

* A virtual machine named VM1 that connects to Subnet1

* Three storage accounts named storage1, storage2. and storage3

You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.

Solution: You create a network security group (NSG). You configure a service tag for Microsoft Storage and link the tag to Subnet1.

Does this meet the goal?

Reveal Solution Hide Solution

HOTSPOT

You have an Azure subscription that contains two virtual networks named Vnet1 and Vnet2.

You register a public DNS zone named fabrikam.com.

The zone is configured as shown in the Public DNS Zone exhibit.

You have a private DNS zone named fabrikam.com.

The zone is configured as shown in the Private DNS Zone exhibit.

You have a virtual network link configured as shown in the Virtual Network Link exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1: Yes

DNS queries from the internet use the public DNS zone. In the public DNS zone, www.fabrikam.com is a CNAME record that resolves to appservice1.fabrikam.com which resolves to 131.107.1.1.

Box 2: No

DNS queries from the internet use the public DNS zone. There is no DNS record for server1.fabrikam.com in the public DNS zone.

Box 3: No

The private DNS zone is linked to VNet1, not VNet2. Therefore, resources in VNet2 cannot query the private DNS zone.

HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table.

VNet1 and VNet2 are NOT connected to each other.

You need to block traffic from SQL Server 2019 to IIS by using application security groups. The solution must minimize administrative effort.

How should you configure the application security groups? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

2 ASGs e 3 assignments,

"All network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in." https://learn.microsoft.com/en-us/azure/virtual-network/application-security-groups

You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.

You have a network security group (NSG) named NSG1 associated to each subnet.

When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.

You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15.

The solution must meet the following requirements:

• Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.

• Minimize changes to NSG1 when a new subnet is created.

What should you use as the destination in the inbound security rule?

Reveal Solution Hide Solution