You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.
Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.) a virtual network gateway Azure Application Gateway Azure Firewall a local network gateway Azure Front Door.
You have an Azure virtual network and an on-premises datacenter.
You are planning a Site-to-Site VPN connection between the datacenter and the virtual network.
Which two resources should you include in your plan? Each correct answer presents part of the solution. a user-defined route a virtual network gateway Azure Firewall Azure Web Application Firewall (WAF) an on-premises data gateway an Azure application gateway a local network gateway.
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 has a /24 IPv4 address space.
You need to subdivide Vnet1. The solution must maximize the number of usable subnets.
What is the maximum number of IPv4 subnets you can create, and how many usable IP addresses will be available per subnet? Usable IP addresses IPv4 subnets.
You have an Azure subscription that contains the resources shown in the following table. (See image1)
The virtual network topology is shown in the following exhibit.(See image2)
Firewall1 is configured as shown in following exhibit.(See image3)
FirewallPolicy1 contains the following rules:
• Allow outbound traffic from Vnet1 and Vnet2 to the internet.
• Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints, service endpoints, routing tables, or network security groups (NSGs) were created.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. A routing table must be associated with Subnet1 and Subnet2 to ensure that all internet traffic for VM1 and VM2 is sent via Firewall1 The enable remote gateway setting must be enabled on the virtual net peering to provide VM2 Internet access by using Firewall1 Firewall1 can be configured to limit access to websites by categories.
Your company has 40 branch offices across North America and Europe.
You have an Azure subscription that contains the following virtual networks:
• Two networks in the East US Azure region
• Three networks in the West Europe Azure region
You need to implement Azure Virtual WAN. The solution must meet the following requirements:
• Each branch office in North America must have an ExpressRoute circuit and a Site-to-Site VPN that connects to the East US region.
• Each branch office in Europe must have an ExpressRoute circuit and a Site-to-Site VPN that connects to the West Europe region.
• Transitive connections must be supported between all the branch offices and all the virtual networks.
• Costs must be minimized.
What is the minimum number of Virtual WAN resources required? Virtual WAN Virtual WAN hub Virtual network gateway.
You have a DNS domain named contoso.com that is hosted by a third-party domain name registrar.
You have an Azure subscription.
You need to ensure that all DNS queries for the contoso.com domain are resolved by using Azure DNS.
What should you create in the registrar, and what should you create in Azure? Registrar option.
You have an on-premises network.
You have an Azure subscription that contains the resources shown in the following table.(See image)
You need to implement an ExpressRoute circuit to access the resources in the subscription. The solution must ensure that the on-premises network connects to the Azure resources by using the ExpressRoute circuit.
Which type of peering should you use for each connection? Connection to Vnet1 Connection to SQL1.
You are planning the IP addressing for the subnets in Azure virtual networks.
Which type of resource requires IP addresses in the subnets? storage account internal load balancers service endpoints virtual network peering.
You have the on-premises networks shown in the following table.(See image)
You have an Azure subscription that contains an Azure virtual WAN named VWAN1 and a virtual network named VNet1. VWAN is connected to the on-premises networks and VNet1 in a full mesh topology. The virtual hub routing preference for VWAN1 is AS Path.
You need to route traffic from VNet1 to 10.61.1.5.
Which path will be used? the VPN connection to Branch1 the VPN connection to Branch2 the ExpressRoute connection to Branch2 the ExpressRoute connection to Branch3.
Case Study
-
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
-
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
-
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment
-
Azure Network Infrastructure
-
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com.
The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
-
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
Azure Private DNS Zones
-
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
Other Azure Resources
-
The Azure subscription contains additional resources as shown in the following table.
Requirements
-
Virtual Network Requirements
-
Contoso has the following virtual network requirements:
• Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
o Two container groups that connect to Vnet6
o Three virtual machines that connect to Vnet6
o Allow VPN connections to be established to Vnet6
o Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network.
• The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
• A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.
Network Security Requirements
-
Contoso has the following network security requirements:
• Configure Azure Active Directory (Azure AD) authentication for Point-to-Site (P2S) VPN users.
• Enable NSG flow logs for NSG3 and NSG4.
• Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.
• Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.
You are implementing the virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? Subnets Service endpoints.
This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.(See image)
You need to ensure that the URL is accessible through the application gateway from any IP address.
Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal? Yes No.
You have an Azure subscription that contains the route tables and routes shown in the following table.(See image1)
The subscription contains the subnets shown in the following table.(See image2)
The subscription contains the virtual machines shown in the following table.(See image3)
The subscription contains the local network gateways shown in the following table.(See image4)
There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Traffic from VM2 to the internet is routed through the New-York Site-to-Site VPN connection Traffic from VM1 to VM2 is routed through the New-York Site-to-Site VPN connection Traffic from VM1 to the internet is routed through the New-York Site-to-Site VPN connection.
You have an Azure subscription that contains the public IP addresses shown in the following table.(See image)
You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1? IP3 only IP5 only IP2 and IP4 only IP1, IP3 and IP5 only IP3 and IP5 only.
You have an Azure application gateway named AGW1 that has a routing rule named Rule1. Rule 1 directs traffic for http://www.contoso.com to a backend pool named Pool1. Pool1 targets an Azure virtual machine scale set named VMSS1.
You deploy another virtual machine scale set named VMSS2.
You need to configure AGW1 to direct all traffic for http://www.adatum.com to VMSS2.
The solution must ensure that requests to http://www.contoso.com continue to be directed to Pool1.
Which three actions should you perform? Add a backend pool. Modify an HTTP setting. Add an HTTP setting. Add a listener. Add a rule.
You have an Azure Traffic Manager parent profile named TM1. TM1 has two child profiles named TM2 and TM3.
TM1 uses the performance traffic-routing method and has the endpoints shown in the following table.(See image1)
TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table.(See image2)
TM3 uses priority traffic-routing method and has the endpoints shown in the following table.(See image3)
The App2, App4, and App6 endpoints have a degraded monitoring status.
To which endpoint is traffic directed? Traffic from West Europe Traffic from West US.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
(See image)
You need to ensure that the URL is accessible through the application gateway from any IP address.
Solution: You add a rewrite rule for the host header.
Does this meet the goal? Yes No.
You have an Azure Front Door instance that provides access to a web app. The web app uses a hostname of www.contoso.com.
You have the routing rules shown in the following table. (See image)
Which rule will apply to each incoming request? www.contoso.com/abc/def www.contoso.com/default.htm www.contoso.com/abc/def/default.htm.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.(See image)
You need to ensure that the URL is accessible through the application gateway.
Solution: You disable the WAF rule that has a ruleId 920300.
Does this meet the goal? Yes No.
You have an Azure subscription that contains an Azure App Service app. The app uses a URL of https://www.contoso.com.
You need to use a custom domain on Azure Front Door for www.contoso.com. The custom domain must use a certificate from an allowed certification authority
(CA).
What should you include in the solution? an enterprise application in Azure Active Directory (Azure AD) Active Directory Certificate Services (AD CS) Azure Key Vault Azure Application Gateway.
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.
You configure the listener for HTTPS by uploading an enterprise-signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1.
What should you do? Increase the Unhealthy threshold setting in the custom probe. Enable the SSL profile to the listener. Set Listener type to Multi site. Upload the public key certificate to the HTTP settings.
You have an Azure application gateway named AppGW1 that balances requests to a web app named App1.
You need to modify the server variables in the response header of App1.
What should you configure on AppGW1? HTTP settings rewrites rules listeners.
You have an Azure Virtual Desktop deployment that has 500 session hosts.
All outbound traffic to the internet uses a NAT gateway.
During peak business hours, some users report that they cannot access internet resources. In Azure Monitor, you discover many failed SNAT connections.
You need to increase the available SNAT connections.
What should you do? Bind the NAT gateway to another subnet. Add a public IP address. Deploy Azure Standard Load Balancer that has outbound rules.
You have an Azure subscription that contains the public IPv4 addresses shown in the following table. (See image)
You plan to create a load balancer named LB1 that will have the following settings:
✑ Name: LB1
✑ Location: West US
✑ Type: Public
✑ SKU: Standard
Which public IPv4 addresses can be used by LB1? IP1, IP3, IP4, and IP5 only IP3 only IP1 and IP3 only IP2 only IP1, IP2, IP3, IP4, and IP5 IP3 and IP5 only.
You have the Azure environment shown in the exhibit. (See image)
VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.
NAT Gateway uses a public IP address named IP3 that is associated to SubnetA.
VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used? IP1 IP2 IP3 IP4.
You have five virtual machines that run Windows Server. Each virtual machine hosts a different web app.
You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.com and a different URL path for each web app, for example: https://www.contoso.com/app1.
You need to control the flow of traffic based on the URL path.
What should you configure? HTTP settings listeners rules rewrites.
You have the Azure resources shown in the following table. (See image)
You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.
You need to ensure that you can use the service endpoint to connect to the read-only endpoint of storage1 in the paired Azure region.
What should you do first? Fail over storage1 to the paired Azure region. Configure the firewall settings for storage1. Create a virtual network in the paired Azure region. Create another service endpoint.
You have an Azure virtual network named Vnet1 that connects to an on-premises network.
You have an Azure Storage account named storageaccount1 that contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
✑ Ensure that all on-premises users can access storageaccount1 through the private endpoint.
✑ Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? First action Second action Third action Fourth action.
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe region.
You deploy an Azure App Service app named App1 to the West Europe region.
You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs.
What should you do first? Create a private link. Create a new subnet. Create a NAT gateway. Create a gateway subnet and deploy a virtual network gateway.
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources:
✑ An Azure App Service app named App1
✑ An Azure DNS zone named contoso.com
✑ An Azure private DNS zone named private.contoso.com
✑ A virtual network named Vnet1
You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS.
You need to provide a developer with the name that is registered in Azure DNS for the private endpoint.
What should you provide? app1.contoso.onmicrosoft.com app1.private.contoso.com app1.privatelink.azurewebsites.net app1.contoso.com.
You have the Azure environment shown in the Azure Environment exhibit. (See image1)
The settings for each subnet are shown in the following table. (See image2)
The Firewalls and virtual networks settings for storage1 are configured as shown in the Storage1 exhibit. (See image3)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. VM1 can access storage1 VM2 can access storage1 by using a service endpoint VM3 can access storage1 by using the public IP address.
You have Azure App Service apps in the West US Azure region as shown in the following table. (See image)
You need to ensure that all the apps can access the resources in a virtual network named VNet1 without forwarding traffic through the internet.
How many integration subnets should you create? 0 1 3 4 6.
You have two Azure subscriptions named Subscription1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? First action Second action Third action Fourth action.
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources:
✑ A virtual network named Vnet1
✑ An App Service plan named ASP1
✑ An Azure App Service named webapp1
An Azure private DNS zone named private.contoso.com
✑ Virtual machines on Vnet1 that cannot communicate outside the virtual network
You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of https://www.private.contoso.com.
Which two actions should you perform? Create a CNAME record that maps www.private.contoso.com to webapp1.contoso.onmicrosoft.com. Create a CNAME record that maps www.private.contoso.com to webapp1.private.contoso.com. Create a service endpoint for webapp1. Register an enterprise application in Azure AD for webapp1. Create a private endpoint for webapp1. Create a CNAME record that maps www.private.contoso.com to webapp1.privatelink.azurewebsites.net.
You have an Azure Front Door instance named FD1 that is protected by using Azure Web Application Firewall (WAF).
FD1 uses a frontend hast named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region.
You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States.
What should you include in the WAF policy? a custom rule that uses a match rule a frontend hast association a custom rule that uses a rate limit rule a managed rule set.
You are planning the IP addressing for the subnets in Azure virtual networks.
Which type of resource requires IP addresses in the subnets? Azure DDoS Protection for virtual networks private endpoints Azure Virtual Network NAT service endpoint policies.
You have an Azure subscription that contains the resources shown in the following table.(See image)
You need to ensure that the apps hosted on VM1 can resolve the IP address of the private endpoint for azsql1.database.windows.net.
What should you create first? a public DNS zone named database.windows.net a private DNS zone named database.windows.net a public DNS zone named privatelink.database.windows.net a private DNS zone named privatelink.database.windows.net.
You have an Azure subscription that contains the resources shown in the following table.(See image)
You need to ensure that VM1 and VM2 can connect only to storage1. The solution must meet the following requirements:
• Prevent VM1 and VM2 from accessing any other storage accounts
• Ensure that storage1 is accessible from the internet.
What should you use? a network security group (NSG) a service endpoint policy a private link a private endpoint.
You have two Azure subscriptions named Subscription1 and Subscription2.
There are no connections between the virtual networks in the two subscriptions.
You configure a private link service as shown in the privatelinkservice1 exhibit. (Click the privatelinkservice1 tab.) (See image1)
You create a load balancer name in Subscription1 and configure the backend pool shown in the lb1 exhibit. (Click the lb1 tab.)(See image2)
You create a private endpoint in Subscription2 as shown in the privateendpoint4 exhibit. (Click the privateendpoint4 tab.)(See image3)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. The resources that will be accessed by using privatelinkservice1 must be added to backendpool1 on LB1 Users in Subscription2 can connect to the resources published by privatelinkservice1 by using IP address 10.3.0.7 The private endpoint must be approved by an administrator in Subscription1.
You have an Azure subscription that contains an Azure Front Door named FD1.
You plan to deploy an app named App1 by using Azure App Service. Users will access App1 by using FD1.
You need to provide FD1 with access to App1. The solution must meet the following requirements:
• Ensure that users can only access App1 by using FD1.
• Ensure that users cannot access App1 directly from the internet.
What should you create for App1? an access restriction a private endpoint a subnet delegation a service endpoint.
You have an Azure subscription that contains the resources shown in the following table.(See image)
You purchase a certificate for app1.contoso.com from a public certification authority (CA) and install the certificate on appservice1.
You need to ensure that App1 can be accessed by using a URL of https://app1.contoso.com. The solution must ensure that all the traffic for App1 is routed via FD1.
Which type of DNS record should you create, and where should you store the certificate? DNS record type Store the certificate in.
You have an Azure subscription that contains four virtual machines. The virtual machines host an app named App1.
You deploy an Azure Standard Load Balancer named LB1 to load balance incoming HTTPS requests to App1.
You need to reduce how long it takes for LB1 to stop sending App1 traffic to failed servers. The solution must minimize administrative effort.
What should you modify? the Backend pools settings the Diagnostic settings the Load-balancing rules the Health probes settings.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the following subnets:
• AzureFirewallSubnet
• GatewaySubnet
• Subnet1
• Subnet2
• Subnet3
Subnet2 has a delegation to the Microsoft.Web/serverfarms service.
The subscription contains the resources shown in the following table. (See image)
You need to implement an Azure application gateway named AG1 that will be integrated with an Azure Web Application Firewall (WAF). AG1 will be used to publish VMSS1.
To which subnet should you connect AG1? GatewaySubnet AzureFirewallSubnet Subnet2 Subnet1 Subnet3.
You have an Azure virtual network named VNet1 that contains the subnets shown in the following table.(See image)
You need to deploy an Azure application gateway named AppGW1 to VNet1.
To where can you deploy AppGW1? GatewaySubnet only Subnet2 only Subnet1 or Subnet2 only Subnet2 or GatewaySubnet only Subnet1, Subnet2, and GatewaySubnet.
You have an Azure subscription that contains multiple virtual machine scale sets and multiple Azure load balancers. The load balancers balance traffic across the scale sets.
You plan to deploy Azure Front Door to load balance traffic across the load balancers.
You need to identify which Front Door SKU to configure, and what to use to route the traffic to the load balancers. The solution must minimize costs.
What should you identify? SKU Use.
You have an Azure subscription that contains the following resources:
• A virtual network named Vnet1
• Two subnets named subnet1 and AzureFirewallSubnet
• A public Azure Firewall named FW1
• A route table named RT1 that is associated to Subnet1
• A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do? Deploy a NAT gateway. Deploy an Azure Standard Load Balancer that has an outbound NAT rule. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS). To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? Set the ExpressRoute gateway type to To minimize latency of traffic to Vnet2.
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1? IKEv2 and OpenVPN (SSL) IKEv2 IKEv2 and SSTP (SSL) OpenVPN (SSL) SSTP (SSL).
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use? a private endpoint Azure Firewall Azure Front Door a service endpoint.
You need to implement name resolution for the cloud.litwareinc.com. The solution must meet the networking requirements.
What should you do? To implement automatic DNS name registration in cloud.litwareinc.com To implement name resolution of the cloud.litwareinc.com DNS records from the on-premises locations.
Which virtual machines can VM1 and VM4 ping successfully? VM1 VM4.
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5? a private endpoint a routing table a service endpoint a private link service a virtual network peering.
You have a network security group named NSG1.
You need to enable network security group (NS) flow logs for NSG1. The solution must support retention policies.
What should you create first? A standard general-purpose v2 Azure Storage account An Azure Log Analytics workspace A standard general-purpose v1 Azure Storage account A premium Block blobs Azure Storage account.
You have an Azure subscription that contains the virtual machines shown in the following table.(See image)
VNet1 and VNet2 are NOT connected to each other.
You need to block traffic from SQL Server 2019 to IIS by using application security groups. The solution must minimize administrative effort.
How should you configure the application security groups? Minimum number of application security groups Minimum number of application security group assignments.
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? a deny rule that has a source of VirtualNetwork and a destination of Sql an allow rule that has the IP address range of Vnet1 as the source and destination of Sql.EastUS a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24 a deny rule that has the IP address range of Vnet1 as the source and destination of Storage.
Your company has offices in Montreal, Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address.
You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy1 that has a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that originates from the office in Montreal.
You need to apply a rate limit of 100 requests for traffic that originates from each office.
What should you do? Modify the rate limit threshold of Rule1. Create two additional associations. Modify the conditions of Rule1. Modify the rule type of Rule1.
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly.
Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.
You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.
What should you include in the solution? a service tag a service endpoint policy a subnet delegation an application security group.
|
