microsoft az-700 practice test

HOTSPOT

You have an Azure application gateway.

You need to create a rewrite rule that will remove the origin port from the HTTP header of incoming requests that are being forwarded to the backend pool.

How should you configure each setting? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1.

You deploy an instance of Azure Application Gateway v2 named AppGw1 to Subnet1. You create a network security group (NSG) named NSG1 and link NSG1 to Subnet1.

You need to ensure that AppGw1 will only load balance traffic that originates from VNet1. The solution must minimize the impact on the functionality of AppGw1.

What should you add to NSG1?

• A. an outbound rule that has a priority of 4096 and blocks all internet traffic
• B. an inbound rule that has a priority of 4096 and blocks all internet traffic
• C. an inbound rule that has a priority of 100 and blocks all internet traffic
• D. an outbound rule that has a priority 100 and blocks all internet traffic

You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?

• A. Azure Application Gateway V2 that has multiple listeners
• B. Azure Standard Load Balancer that has Floating IP enabled
• C. Azure Standard Load Balancer that has high availability (HA) ports enabled
• D. Azure Application Gateway v2 that has multiple site hosting enabled

HOTSPOT


Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.


To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.


Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.


Existing Environment


Azure Network Infrastructure

Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.


Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram




Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.




Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.




Requirements


Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
o Two container groups that connect to Vnet6
o Three virtual machines that connect to Vnet6
o Allow VPN connections to be established to Vnet6
o Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network.
The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.


Network Security Requirements

Contoso has the following network security requirements:

Configure Azure Active Directory (Azure AD) authentication for Point-to-Site (P2S) VPN users.
Enable NSG flow logs for NSG3 and NSG4.
Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.

Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



You need to meet the network security requirements for the NSG flow logs.

Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have Azure App Service apps in the West US Azure region as shown in the following table.

You need to ensure that all the apps can access the resources in a virtual network named VNet1 without forwarding traffic through the internet.
How many integration subnets should you create?

• A. 0
• B. 1
• C. 3
• D. 4
• E. 6

You have an Azure subscription that contains the resources shown in the following table.



Gateway1 provides access to App1 by using a URL of https://app1.contoso.com.

You create a new web app named App2.

You need to configure Gateway1 to enable access to App2 by using a URL of https://app2.contoso.com. The solution must minimize administrative effort.

What should you configure on Gateway1?

• A. a backend pool and a routing rule
• B. a listener and a routing rule
• C. a listener, a backend pool, and a routing rule
• D. a listener and a backend pool

You have an Azure subscription that contains the following resources:

A virtual network named Vnet1
Two subnets named subnet1 and AzureFirewallSubnet
A public Azure Firewall named FW1
A route table named RT1 that is associated to Subnet1
A rule routing of 0.0.0.0/0 to FW1 in RT1

After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.

You need to ensure that the virtual machines can be activated.

What should you do?

• A. On FW1, configure a DNAT rule for port 1688.
• B. Deploy an application security group that allows outbound traffic to 1688.
• C. Add an internet route to RT1 for the Azure Key Management Service (KMS).
• D. Deploy an Azure Standard Load Balancer that has an outbound NAT rule.

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.



The virtual network topology is shown in the following exhibit.



Firewall1 is configured as shown in following exhibit.



FirewallPolicy1 contains the following rules:

Allow outbound traffic from Vnet1 and Vnet2 to the internet.
Allow any traffic between Vnet1 and Vnet2.

No custom private endpoints, service endpoints, routing tables, or network security groups (NSGs) were created.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

DRAG DROP

You have two on-premises datacenters.

You have an Azure subscription that contains four virtual networks named VNet1, VNet2, VNet3, and VNet4.

You create an Azure virtual WAN named VWAN1. VWAN1 contains a single virtual hub that is connected to both on-premises datacenters and all the virtual networks in a full mesh topology.

You create a route table named RT1.

You need to configure VWAN1 to meet the following requirements:

Connectivity between VNet1 and VNet2 and both on-premises datacenters must be allowed.
Connectivity between VNet3 and VNet4 and both on-premises datacenters must be allowed.
VNet1 and VNet2 must be isolated from VNet3 and VNet4.

How should you configure routing for VNet1 and VNet2 and for both on-premises datacenters? To answer, drag the appropriate route tables and route table propagation to the correct requirements. Each route table and route table propagation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.



You have a virtual machine named VM5 that has the following IP address configurations:

IP address:10.4.0.5
Subnet mask:255.255.255.0
Default gateway: 10.4.0.1
DNS server: 168.63.129.16

You have an Azure Private DNS zone named fabrikam.com that contains the records shown in the following table.



The virtual network links in the fabrikam.com DNS zone are configured as shown in the exhibit. (Click the Exhibit tab.)



VM5 fails to resolve the IP address for app1.fabrikam.com.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.