Your company has a single on-premises datacenter in Washington DC. The East US Azure region has a peering location in Washington DC.
The company only has Azure resources in the East US region.
You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.
Which type of ExpressRoute circuits should you create? ExpressRoute Local ExpressRoute Direct ExpressRoute Premium ExpressRoute Standard.
You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.
Users will authenticate by an on-premises Active Directory domain.
Which additional service should you deploy to support the VPN authentication? an Azure key vault a RADIUS server a certification authority Azure Active Directory (Azure AD) Application Proxy.
You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel.
Which diagnostic log should you review? IKEDiagnosticLog RouteDiagnosticLog GatewayDiagnosticLog TunnelDiagnosticLog.
Your company has an on-premises network and three Azure subscriptions named Subscription1, Subscription2, and Subscription3.
The departments at the company use the Azure subscriptions as shown in the following table. (See image)
All the resources in the subscriptions are in either the West US Azure region or the West US 2 Azure region.
You plan to connect all the subscriptions to the on-premises network by using ExpressRoute.
What is the minimum number of ExpressRoute circuits required? 1 2 3 4 5.
Your company has offices in New York and Amsterdam. The company has an Azure subscription. Both offices connect to Azure by using a Site-to-Site VPN connection.
The office in Amsterdam uses resources in the North Europe Azure region. The office in New York uses resources in the East US Azure region.
You need to implement ExpressRoute circuits to connect each office to the nearest Azure region. Once the ExpressRoute circuits are connected, the on-premises computers in the Amsterdam office must be able to connect to the on-premises servers in the New York office by using the ExpressRoute circuits.
Which ExpressRoute option should you use? ExpressRoute FastPath ExpressRoute Global Reach ExpressRoute Direct ExpressRoute Local.
You have an Azure virtual network named Vnet1 and an on-premises network. The on-premises network has policy-based VPN devices.
In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.
You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit. (See image)
You need to ensure that the on-premises network can connect to the route-based GW1.
What should you do before you create the connection? Set Connection Mode to ResponderOnly. Set BGP to Enabled. Set Use Azure Private IP Address to Enabled. Set IPsec / IKE policy to Custom.
Your on-premises network contains a VPN device.
You have an Azure subscription that contains a virtual network and a virtual network gateway.
You need to create a Site-to-Site VPN connection that has a custom cryptographic policy.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area. Box1 Box2.
You have an Azure virtual network and an on-premises datacenter that connect by using a Site-to-Site VPN tunnel.
You need to ensure that all traffic from the virtual network to the internet is routed through the datacenter.
How should you complete the PowerShell script to configure forced tunneling? To answer, select the appropriate options in the answer area. Box1 Box2.
A Site-to-Site VPN will connect Vnet1 to your company’s on-premises network.
You need to recommend a solution that ensures that the virtual machines on all the virtual networks can communicate with the on-premises network. The solution must minimize costs.
What should you recommend for Vnet2 and Vnet3? VNet-to-VNet VPN connections peering service endpoints route tables.
The company has an Azure subscription that contains the virtual networks shown in the following table. (See image)
You need to connect the virtual networks to the office by using ExpressRoute. The solution must meet the following requirements:
• The connection must have up to 1 Gbps of bandwidth.
• The office must have access to all the virtual networks.
• Costs must be minimized.
How many ExpressRoute circuits should be provisioned, and which ExpressRoute SKU should you enable? one ExpressRoute Premium circuit two ExpressRoute Premium circuits four ExpressRoute Standard circuits one ExpressRoute Standard circuit.
You have an Azure subscription that contains a virtual network.
You plan to deploy an Azure VPN gateway and 90 Site-to-Site VPN connections. The solution must meet the following requirements:
• Ensure that the Site-to-Site VPN connections remain available if an Azure datacenter fails.
• Minimize costs.
Which gateway SKU should you specify? VpnGw1AZ VpnGw2AZ VpnGw4AZ VpnGw5AZ.
You create a virtual network named Vnet2 in the West US region.
You plan to enable peering between Vnet1 and Vnet2.
You need to ensure that the virtual machines connected to Vnet2 can connect to VM1 and VM2 via LB1.
What should you do? From the Peerings settings of Vnet2, set Traffic forwarded from remote virtual network to Allow. Change the Floating IP configurations of LB1. From the Peerings settings of Vnet1, set Traffic forwarded from remote virtual network to Allow. Change the SKU of LB1.
Your on-premises network contains an Active Directory Domain Services (AD DS) domain named contoso.com that has an internal certification authority (CA).
You have an Azure subscription.
You deploy an Azure application gateway named AppGwy1 and perform the following actions:
• Configure an HTTP listener
• Associate a routing rule with the listener
You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? First action Second action Third action Fourth action.
You have an Azure subscription that contains a virtual network gateway named VNetGwy1. VNetGwy1 has a public IP address of 20.25.32.214.
You need to query the health probe of VNetGwy1.
How should you complete the URI? Box 1 Box 2.
You have an Azure subscription that contains a virtual network named VNet1 and the virtual machines shown in the following table. (See image)
All the virtual machines are connected to Vnet1.
You need to ensure that the applications hosted on the virtual machines can be accessed from the internet. The solution must ensure that the virtual machines share a single public IP address.
What should you use? an internal load balancer Azure Application Gateway a NAT gateway a public load balancer.
Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview -
Litware, Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment -
Hybrid Environment -
The on-premises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by using Azure AD Connect.
All offices connect to a virtual network named Vnet1 by using a Site-to-Site VPN connection.
Azure Environment -
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table. (See image 1)
A diagram of the resource in the East US Azure region is shown in the Azure Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Azure Network Diagram - (See image 2)
Requirements -
Business Requirements -
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements -
Litware identifies the following virtual networking requirements:
• Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an ExpressRoute circuit.
• Ensure that the records in the cloud.litwareinc.com can be resolved from the on-premises locations.
• Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
• Minimize the size of the subnets allocated to platform-managed services.
• Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.
Hybrid Networking Requirements -
Litware identifies the following hybrid networking requirements:
• Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
• Latency of the traffic between the Boston datacenter and all the virtual networks must be minimized.
• The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute FastPath connection.
• Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements -
Litware identifies the following networking requirements for platform as a service (PaaS):
• The storage1 account must be accessible from all on-premises locations without exposing the public endpoint of storage1.
• The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public endpoint of storage2.
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? On the peering from Vnet1, select Allow for Traffic forwarded from remote virtual network. On the peerings from Vnet2 and Vnet3, select Allow for Traffic forwarded from remote virtual network. On the peering from Vnet1, select Use the remote virtual network's gateway or Route Server. On the peering from Vnet1, select Allow for Traffic to remote virtual network. On the peerings from Vnet2 and Vnet3, select Use the remote virtual network's gateway or Route Server.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You reset the gateway of Vnet1.
Does this meet the goal? Yes No.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You enable BGP on the gateway of Vnet1.
Does this meet the goal? Yes No.
You have the Azure environment shown in the following exhibit. (See image)
VM1 can communicate with: VM2 can communicate with:.
You plan to deploy Azure virtual network.
You need to design the subnets.
Which three types of resources require a dedicated subnet? Azure Bastion Azure Active Directory Domain Services (Azure AD DS) Azure Private Link Azure Application Gateway v2 VPN gateway.
You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table. (See image 1)The links have auto registration enabled.
You create the virtual machines shown in the following table.(See image 2)
You manually add the following entry to the contoso.com zone:
✑ Name: VM1
IP address: 10.1.10.9 -
For each of the following statements, select Yes if the statement is true. Otherwise, select No. VM2 will resolve vm1.contoso.com to 10.1.10.10 Deleting VM1 will delete all VM1 records automatically Changing the IP address of VM3 will update the DNS record of VM3 automatically.
Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20. Vnet1 contains a subnet named Subnet1 that uses an
IP address space of 192.168.0.0/24.
You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48.
You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses.
What should you do? Create an IPv6 subnet that uses a CIDR suffix of: For each virtual machine, create an additional:.
You plan to deploy Azure Virtual WAN.
You need to deploy a virtual WAN hub that meets the following requirements:
✑ Supports 10 sites that will connect to the virtual WAN hub by using a Site-to-Site VPN connection
✑ Supports 8 Gbps of ExpressRoute traffic
✑ Minimizes costs
What should you configure? Virtual WAN type: Number of scale units:.
You have an Azure subscription that contains the resources shown in the following table. (See image)
You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? First action Second action Third action.
You have Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.
You are implementing peering between Hub1 and Spoke1.
You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.
How should you complete the PowerShell script? Value1 Value2.
You have three on-premises sites. Each site has a third-party VPN device.
You have an Azure virtual WAN named VWAN1 that has a hub named Hub1. Hub1 connects two of the three on-premises sites by using a Site-to-Site VPN connection.
You need to connect the third site to the other two sites by using Hub1.
Which four actions should you perform in sequence? First action Second action Third action Fourth action.
You are planning an Azure solution that will contain the following types of resources in a single Azure region:
✑ Virtual machine
✑ Azure App Service
✑ Virtual Network gateway
✑ Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks.
You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.
What should you identify? Virtual networks: Subnets:.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You download and reinstall the VPN client configuration.
Does this meet the goal? Yes No.
You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.
Which two actions should you perform? Modify the DNS server settings of Vnet1. For FW1, configure custom DNS server. For FW1, enable DNS proxy. On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1. On the on-premises DNS servers, configure forwarders that point to the Azure provided DNS service at 168.63.129.16.
You are planning the IP addressing for the subnets in Azure virtual networks.
Which type of resource requires IP addresses in the subnets? internal load balancers storage account Azure Virtual Networks NAT service endpoint policies.
You have an Azure subscription.
You have the on-premises sites shown the following table. (See image)
You plan to deploy Azure Virtual WAN.
You are evaluating Virtual WAN Basic and Virtual WAN Standard.
Which type of Virtual WAN can you use for each site? Virtual WAN Basic: Virtual WAN Standard:.
You have an Azure subscription that contains two virtual networks named Vnet1 and Vnet2.
You register a public DNS zone named fabrikam.com. The zone is configured as shown in the Public DNS Zone exhibit. (See image1)
You have a private DNS zone named fabrikam.com. The zone is configured as shown in the Private DNS Zone exhibit. (See image2)
You have a virtual network link configured as shown in the Virtual Network Link exhibit. (See image3)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Queries for www.fabrikam.com from the internet are resolved to 131.107.1.1. Queries for server1.fabrikam.com can be resolved from the internet. Queries for www.fabrikam.com from Vnet2 are resolved to 131.107.100.10.
You have two Azure virtual networks named VNet1 and VNet2 in an Azure region that has three availability zones.
You deploy 12 virtual machines to each virtual network, deploying four virtual machines per zone. The virtual machines in VNet1 host an app named App1. The virtual machines in VNet2 host an app named App2.
You plan to use Azure Virtual Network NAT to implement outbound connectivity for App1 and App2.
You need to identify the minimum number of subnets and Virtual Network NAT instances required to meet the following requirements:
✑ A failure of two zones must NOT affect the availability of either App1 or App2.
✑ A failure of two zones must NOT affect the outbound connectivity of either App1 or App2.
What should you identify? Minimum number of subnets Minimum number of Virtual Network NAT instances.
You have the Azure resources shown in the following table. (See image)
WebApp1 uses the Standard pricing tier.
You need to ensure that WebApp1 can access the virtual machines deployed to Vnet1\Subnet1 and Vnet2\Subnet1. The solution must minimize costs.
What should you create in each virtual network? Vnet1 Vnet2.
You have the Azure App Service app shown in the App Service exhibit. (See image1)
The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit. (See image2)
The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.(See image3)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Subnet2 can contain only App Service apps in the ASP1 App Service plan As12 will use an IP address from Subnet2 for network communications Computers in Vnet1 will connect to a private IP address when they connect to as12.
You have a hub-and-spoke topology. The topology includes multiple on-premises locations that connect to a hub virtual network in Azure via ExpressRoute circuits.
You have an Azure Application Gateway named GW1 that provides a single point of ingress from the internet.
You plan to migrate the hub-and-spoke topology to Azure Virtual WAN.
You need to identify which changes must be applied to the existing topology. The solution must ensure that you maintain a single point of ingress from the internet.
Which three changes should you include in the solution? Add user-defined routes. Add virtual network peerings. Replace the user-defined routes used by the current topology. Create virtual network connections. Remove the existing virtual network peerings. Redeploy GW1.
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution? Azure Application Gateway V2 that has multiple listeners Azure Standard Load Balancer that has Floating IP enabled Azure Standard Load Balancer that has high availability (HA) ports enabled Azure Application Gateway v2 that has multiple site hosting enabled.
You register a DNS domain with a third-party registrar.
You need to host the DNS zone on Azure.
Which three actions should you perform in sequence? First action Second action Third action.
You have the network topology shown in the Topology exhibit. (Click the Topology tab.) (See image 1)
You have the Azure firewall shown in the Firewall1 exhibit. (Click the Firewall1 tab.) (See image 2)
You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.) (See image 3)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. The resources in Subnet1 can connect to the internet through Firewall1 The resources in Subnet1 can connect to the resources in Vnet2 The resources in Subnet2 can connect to the internet through Firewall1.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You resize the gateway of Vnet1 to a larger SKU.
Does this meet the goal? Yes No.
You have an Azure subscription that contains the virtual networks shown in the following table. (See image)
You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.
To which virtual networks can you deploy AF1? Vnet1 and Vnet4 only Vnet1, Vnet2, Vnet3, and Vnet4 Vnet1 only Vnet1 and Vnet2 only Vnet1, Vnet2, and Vnet4 only.
You have two Azure App Service instances that host the web apps shown the following table. (See image)
You deploy an Azure 2 that has one public frontend IP address and two backend pools.
You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.
What is the minimum number of listeners and routing rules you should configure? Listeners Routing rules.
Your company has four branch offices and an Azure subscription. The subscription contains an Azure VPN gateway named GW1.
The branch offices are configured as shown in the following table. (See image)
The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.
The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.
You need to ensure that the Branch1 users can connect to the Azure resources. The solution must meet the following requirements:
• Minimize downtime for all users.
• Minimize administrative effort.
What should you do first? Recreate LNG1. Reset RTR1. Reset Connection1. Reset GW1.
You have an Azure subscription that contains a virtual network named Vnet1 and an Azure SQL database named SQL1. SQL1 has a private endpoint on Vnet1.
You have a partner company named Fabrikam, Inc. Fabrikam has an Azure subscription that contains a virtual network named Vnet2 and a virtual machine named VM1. VM1 is connected to Vnet2.
You need to provide VM1 with access to SQL1 by using an Azure Private Link service.
What should you implement on each virtual network? Vnet1 Vnet2.
You have an Azure subscription that contains the resources shown in the following table.
You plan to deploy an Azure Virtual Network NAT gateway named Gateway1. The solution must meet the following requirements:
• VM1 will access the internet by using its public IP address.
• VM2 will access the internet by using its public IP address.
• Administrative effort must be minimized.
You need to ensure that you can deploy Gateway1 to Vnet1.
What is the minimum number of subnets required on Vnet1? 2 3 4 5.
You have an Azure subscription that contains the virtual networks shown in the following table. (See image 1)
You have a virtual machine named VM5 that has the following IP address configurations:
• IP address:10.4.0.5
• Subnet mask:255.255.255.0
• Default gateway: 10.4.0.1
• DNS server: 168.63.129.16
You have an Azure Private DNS zone named fabrikam.com that contains the records shown in the following table. (See image 2)
The virtual network links in the fabrikam.com DNS zone are configured as shown in the exhibit. (Click the Exhibit tab.) (See image 3)
VM5 fails to resolve the IP address for app1.fabrikam.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Updating the IP address configurations of VM5 to use a DNS server address of 10.4.0.2 will enable the virtual machine to resolve app1.fabrikam.com Enabling a virtual network link for Vnet3 in fabrikam.com DNS zone will enable VM5 to resolve app1.fabrikam.com Adding an A record for app1.fabrikam.com to the fabrikam.com DNS zone will enable VM5 to resolve app1.fabrikam.com.
Your company has five offices. Each office has a firewall device and a local internet connection. The offices connect to a third-party SD-WAN.
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains a virtual network gateway named Gateway1. Each office connects to Gateway1 by using a Site-to-Site VPN connection.
You need to replace the third-party SD-WAN with an Azure Virtual WAN.
What should you include in the solution? Delete Gateway1. Create new Point-to-Site (P2S) VPN connections on the firewall devices. Create an Azure Traffic Manager profile. Enable active-active mode on Gateway1.
You are planning the IP addressing for the subnets in Azure virtual networks.
Which type of resource requires IP addresses in the subnets? internal load balancers Azure DDoS Protection for virtual networks service endpoint policies service endpoints.
You have an Azure subscription mat contains tour virtual networks named VNet1, VNet2, VNet3, and VNet4.
You plan to deploy a hub and spoke topology by using virtual network peering.
You need to configure VNet1 as the hub network. The solution must meet the following requirements:
• Support transitive routing between spokes.
• Maximize network throughput.
What should you include in the solution? Azure VPN Gateway Azure Route Server Azure Private Link Azure Firewall.
You have an Azure subscription that contains the resource groups shown in the following table. (See image1)
You have the virtual networks shown in the following table. (See image2)
You have the subnets shown in the following table. (See image3)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Vnet1 can be moved to RG3 Three hundred virtual machines can be deployed to the East US Azure region A new virtual network named Vnet2 can be created in RG2 in the East US Azure region.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the resources shown in the following table. (See image)
You need to publish App1 by using AG1 and a URL of https://app1.contoso.com. The solution must meet the following requirements:
• TLS connections must terminate on AG1.
• Minimize the number of targets in the backend pool of AG1.
• Minimize the number of deployed copies of the SSL certificate of App1.
How many locations should you import to the certificate, and how many targets should you add to the backend pool of AG1? Certificates Backend pool targets.
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains a virtual machine named VM1 and an Azure firewall named FW1.
You have an Azure Firewall Policy named FP1 that is associated to FW1.
You need to ensure that RDP requests to the public IP address of FW1 route to VM1.
What should you configure on FP1? a network rule URL filtering a DNAT rule an application rule.
You have the Azure virtual networks shown in the following table.(See image1)
You have the Azure resources shown in the following table.(See image2)
You need to check latency between the resources by using connection monitors in Azure Network Watcher.
What is the minimum number of connection monitors that you must create? 1 2 3 4 5.
You have an Azure virtual network that contains the subnets shown in the following table.(see image1)
In.NSG1, you create inbound rules as shown in the following table.(See image2)
NSG2 has only the default rules configured.
You have the Azure virtual machines shown in the following table.(See image3)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. VM3 can connect to port 8080 on VM1 VM1 and VM2 can connect on port 9090 VM1 can connect to VM3 on port 9090.
You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure.
You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine.
What should you use? Azure Monitor IP flow verify Connection Monitor Azure Internet Analyzer.
You have an Azure subscription that contains the following resources:
✑ A virtual network named Vnet1
✑ Two subnets named subnet1 and AzureFirewallSubnet
✑ A public Azure Firewall named FW1
✑ A route table named RT1 that is associated to Subnet1
✑ A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do? On FW1, create an outbound service tag rule for AzureCloud. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS). Deploy a NAT gateway. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.
You have an Azure application gateway named AppGW1 that provides access to the following hosts:
✑ www.adatum.com
✑ www.contoso.com
✑ www.fabrikam.com
AppGW1 has the listeners shown in the following table.(See image1)
You create Azure Web Application Firewall (WAF) policies for AppGW1 as shown in the following table.(See image2)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. From 131.107.10.15, you can access www.contoso.com From 131.107.10.15, you can access www.fabrikam.com From 131.107.10.15, you can access www.adatum.com.
|
