Microsoft Designing and Implementing Microsoft Azure Networking Solutions - AZ-700 FREE EXAM DUMPS QUESTIONS & ANSWERS
Task 11
You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.
You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.
Correct Answer:
See the Explanation below for step by step instructions.
Explanation:
To ensure that only hosts on VNET1 can access the slcnage42150372 storage account and that access occurs over the Azure backbone network, you can use Azure Private Endpoints . This method secures the connection by assigning a private IP address from your virtual network to the storage account, ensuring that traffic does not traverse the public internet.
Step-by-Step Solution
Step 1: Create a Private Endpoint for the Storage Account
* Navigate to the Azure Portal .
* Search for "Storage accounts" and select the slcnage42150372 storage account.
* In the storage account blade , select "Networking" under the "Security + networking" section.
* Under "Private endpoint connections" , click on "Add private endpoint" .
* Enter the following details :
* Name : Enter a name for the private endpoint (e.g., PrivateEndpoint-VNET1).
* Region : Select the same region as your virtual network (VNET1).
* Click on "Next: Resource" .
Step 2: Configure the Resource
* Select "Target sub-resource" : Choose the storage service you want to connect to (e.
g., blob, file, queue, table).
* Click on "Next: Virtual network" .
Step 3: Select the Virtual Network and Subnet
* Select the virtual network : Choose VNET1.
* Select the subnet : Choose the appropriate subnet within VNET1.
* Click on "Next: Configuration" .
Step 4: Configure DNS Integration (Optional)
* Configure DNS settings if needed to ensure proper name resolution within your virtual network.
* Click on "Next: Tags" , add any tags if necessary, and then click on "Review + create" .
* Review your settings and click on "Create" .
Step 5: Restrict Public Network Access
* Navigate back to the storage account .
* Select "Networking" under the "Security + networking" section.
* Under "Firewalls and virtual networks" , select "Selected networks" .
* Ensure that only VNET1 is listed under the virtual networks section.
* Click on "Save" .
Explanation:
* Private Endpoints : These provide secure connectivity to Azure services by assigning a private IP address from your VNet to the service, ensuring that traffic stays wit hin the Azure backbone ne twork
1 2 .
* Firewall and Virtual Networks : Configuring the storage account to allow access only from selected networks (VNET1) ensures that no other network can access the s torage account 3 .
By following these steps, you can ensure that only hosts on VNET1 can access the slcnage42150372 storage account, and that all access occurs over the secure Azure backbone network.
Explanation:
To ensure that only hosts on VNET1 can access the slcnage42150372 storage account and that access occurs over the Azure backbone network, you can use Azure Private Endpoints . This method secures the connection by assigning a private IP address from your virtual network to the storage account, ensuring that traffic does not traverse the public internet.
Step-by-Step Solution
Step 1: Create a Private Endpoint for the Storage Account
* Navigate to the Azure Portal .
* Search for "Storage accounts" and select the slcnage42150372 storage account.
* In the storage account blade , select "Networking" under the "Security + networking" section.
* Under "Private endpoint connections" , click on "Add private endpoint" .
* Enter the following details :
* Name : Enter a name for the private endpoint (e.g., PrivateEndpoint-VNET1).
* Region : Select the same region as your virtual network (VNET1).
* Click on "Next: Resource" .
Step 2: Configure the Resource
* Select "Target sub-resource" : Choose the storage service you want to connect to (e.
g., blob, file, queue, table).
* Click on "Next: Virtual network" .
Step 3: Select the Virtual Network and Subnet
* Select the virtual network : Choose VNET1.
* Select the subnet : Choose the appropriate subnet within VNET1.
* Click on "Next: Configuration" .
Step 4: Configure DNS Integration (Optional)
* Configure DNS settings if needed to ensure proper name resolution within your virtual network.
* Click on "Next: Tags" , add any tags if necessary, and then click on "Review + create" .
* Review your settings and click on "Create" .
Step 5: Restrict Public Network Access
* Navigate back to the storage account .
* Select "Networking" under the "Security + networking" section.
* Under "Firewalls and virtual networks" , select "Selected networks" .
* Ensure that only VNET1 is listed under the virtual networks section.
* Click on "Save" .
Explanation:
* Private Endpoints : These provide secure connectivity to Azure services by assigning a private IP address from your VNet to the service, ensuring that traffic stays wit hin the Azure backbone ne twork
1 2 .
* Firewall and Virtual Networks : Configuring the storage account to allow access only from selected networks (VNET1) ensures that no other network can access the s torage account 3 .
By following these steps, you can ensure that only hosts on VNET1 can access the slcnage42150372 storage account, and that all access occurs over the secure Azure backbone network.
You have an Azure subscription. The subscription contains two virtual machine scale sets that host two apps named App1 and App2, an Azure Private Link service named PLS1. and an Azure load balancer named LB1.
PLS1 uses LB1 and has TCP Proxy V2 disabled PLS1 provides access to App1 only.
You need to perform the following actions:
* Provide access to App1 and App2.
* Increase the number of supported private endpoint connections.
What should you modify to provide access to App2, and what should you modify to increase the number of supported connections? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
PLS1 uses LB1 and has TCP Proxy V2 disabled PLS1 provides access to App1 only.
You need to perform the following actions:
* Provide access to App1 and App2.
* Increase the number of supported private endpoint connections.
What should you modify to provide access to App2, and what should you modify to increase the number of supported connections? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
You have an Azure subscription that contains the resources shown in the following table.
You create a service endpoint policy that has the following settings:
* Associated subnets: Subnet 1
* Service: Microsoft.Storage
* Scope: Single account
* Resource: storage1
Which resources can VM1 access?
You create a service endpoint policy that has the following settings:
* Associated subnets: Subnet 1
* Service: Microsoft.Storage
* Scope: Single account
* Resource: storage1
Which resources can VM1 access?
Correct Answer: B
Vote an answer
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You add a rule to the rule set of AFD1.
Does this meet the goal?
You need to configure a rate limit for incoming requests to AFD1.
Solution: You add a rule to the rule set of AFD1.
Does this meet the goal?
Correct Answer: B
Vote an answer
You have an Azure firewall shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1:
If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet.
Forced tunneling can only be enabled during the creation of the firewall. It cannot be enabled after the firewall has been deployed.
Box 2:
The "Visit Azure Firewall Manager to configure and manage this firewall" link in the exhibit shows that the firewall is managed by Azure Firewall Manager.
You have an Azure Front Door instance named FD1 that is protected by using Azure Web Application Firewall (WAF).
FD1 uses a frontend host named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region.
You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States.
What should you include in the WAF policy?
FD1 uses a frontend host named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region.
You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States.
What should you include in the WAF policy?
Correct Answer: C
Vote an answer
Azure virtual networks in the East US Azure region as shown in the following table.
The virtual networks are peered to one another. Each virtual network contains four subnets.
You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.
What is the minimum number of IP addresses that you must assign to VM1?
The virtual networks are peered to one another. Each virtual network contains four subnets.
You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.
What is the minimum number of IP addresses that you must assign to VM1?
Correct Answer: B
Vote an answer
You have an Azure subscription that contains the resources shown in the following table.
You establish BGP peering between NVA1 and Hub1.
You need to implement transit connectivity between VNet1 and VNet3 via Hub1 by using BGP peering. The solution must minimize costs.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You establish BGP peering between NVA1 and Hub1.
You need to implement transit connectivity between VNet1 and VNet3 via Hub1 by using BGP peering. The solution must minimize costs.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
You create an ExpressRoute circuit named ERC1 that is enabled by your connectivity provider.
You need to ensure that the routes for Azure Backup and Azure Cosmos DB are advertised to the on-premises network via ECR1. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that the routes for Azure Backup and Azure Cosmos DB are advertised to the on-premises network via ECR1. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Your company has 40 branch offices that are linked by using a Software-Defined Wide Area Network (SD- WAN). The SD-WAN uses BGP.
You have an Azure subscription that contains 20 virtual networks configured as a hub and spoke topology.
The topology contains a hub virtual network named Vnetl.
The virtual networks connect to the SD-WAN by using a network virtual appliance (NVA) in Vnetl.
You need to ensure that BGP route advertisements will propagate between the virtual networks and the SD- WAN. The solution must minimize administrative effort What should you implement?
You have an Azure subscription that contains 20 virtual networks configured as a hub and spoke topology.
The topology contains a hub virtual network named Vnetl.
The virtual networks connect to the SD-WAN by using a network virtual appliance (NVA) in Vnetl.
You need to ensure that BGP route advertisements will propagate between the virtual networks and the SD- WAN. The solution must minimize administrative effort What should you implement?
Correct Answer: C
Vote an answer
Your on-premises network contains two subnets named Subnet1 and Subnet2. Subnet2 contains a Hyper-V host that contains two virtual machines named VM1 and VM2. VM1 and VM2 are connected to Subnet2.
You have an Azure virtual network named VNet1 that contains GatewaySubnet and a subnet named VSubnet1. VNet1 is connected to the on-premises network by using a Site-to-Site (S2S) VPN connection.
You plan to migrate VM1 to VNet1 and maintain the existing IP address of VM1. VM2 will remain on Subnet2.
You need to prepare the environment to ensure that VM1 can communicate with VM2 once the migration is complete.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.'
You have an Azure virtual network named VNet1 that contains GatewaySubnet and a subnet named VSubnet1. VNet1 is connected to the on-premises network by using a Site-to-Site (S2S) VPN connection.
You plan to migrate VM1 to VNet1 and maintain the existing IP address of VM1. VM2 will remain on Subnet2.
You need to prepare the environment to ensure that VM1 can communicate with VM2 once the migration is complete.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.'
Correct Answer:
Explanation:
You have an Azure virtual network named Vnet1 that connects to an on-premises network.
You have an Azure Storage account named storageaccount1 that contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
* Ensure that all on-premises users can access storageaccount1 through the private endpoint.
* Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure Storage account named storageaccount1 that contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
* Ensure that all on-premises users can access storageaccount1 through the private endpoint.
* Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation:
168.63.129.16 is the IP address of Azure DNS which hosts Azure Private DNS zones. It is only accessible from within a VNet which is why we need to forward on-prem DNS requests to the VM running DNS in the VNet. The VM will then forward the request to Azure DNS for the IP of the storage account private endpoint.
Reference:
https://docs.microsoft.co m/en-us/azure/storage/common/storage-private-endpoints
You have an Azure virtual machine named VM1.
You need to capture all the network traffic of VM1 by using Azure Network Watcher. To which locations can the capture be written?
You need to capture all the network traffic of VM1 by using Azure Network Watcher. To which locations can the capture be written?
Correct Answer: A
Vote an answer
You have an Azure subscription that contains an Azure Firewall Premium policy named FWP1.
To FWP1, you plan to add the rule collections shown in the following table.
Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
To FWP1, you plan to add the rule collections shown in the following table.
Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
You have an Azure subscription that contains multiple virtual networks.
From Microsoft Defender for Cloud, you select Regulatory Compliance and view the following compliance controls:
* NS-2. Secure cloud services with network controls
* NS-8 Detect and disable insecure services and protocols
* NS-9. Connect on-premises or cloud network privately
You need to recommend remediations for the controls.
What should you include in the recommendation for each control? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
From Microsoft Defender for Cloud, you select Regulatory Compliance and view the following compliance controls:
* NS-2. Secure cloud services with network controls
* NS-8 Detect and disable insecure services and protocols
* NS-9. Connect on-premises or cloud network privately
You need to recommend remediations for the controls.
What should you include in the recommendation for each control? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
