Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Online Training
Microsoft AZ-700 Online Training
The questions for AZ-700 were last updated at Oct 29,2024.
- Exam Code: AZ-700
- Exam Name: Designing and Implementing Microsoft Azure Networking Solutions
- Certification Provider: Microsoft
- Latest update: Oct 29,2024
You fail to establish a Site-to-Site VPN connection between your company’s main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel.
Which diagnostic log should you review?
- A . IKEDiagnosticLog
- B . GatewayDiagnosticLog
- C . TunnelDiagnosticLog
- D . RouteDiagnosticLog
Your company has an on-premises network and three Azure subscriptions named Subscription1, Subscription2, and Subscription3.
The departments at the company use the Azure subscriptions as shown in the following table.
All the resources in the subscriptions are in either the West US Azure region or the West US 2 Azure region.
You plan to connect all the subscriptions to the on-premises network by using ExpressRoute.
What is the minimum number of ExpressRoute circuits required?
- A . 1
- B . 2
- C . 3
- D . 4
- E . 5
You have an Azure virtual network and an on-premises datacenter.
You need to implement a Site-to-Site VPN connection between the datacenter and the virtual network.
Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . a virtual network gateway
- B . Azure Firewall
- C . a local network gateway
- D . Azure Web Application Firewall (WAF)
- E . an on-premises data gateway
- F . an Azure application gateway
- G . a user-defined route
You have the Azure resources shown in the following table.
You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.
You need to ensure that you can use the service endpoint to connect to the read-only endpoint of
storage1 in the paired Azure region.
What should you do first?
- A . Configure the firewall settings for storage1.
- B . Fail over storage1 to the paired Azure region.
- C . Create a virtual network in the paired Azure region.
- D . Create another service endpoint.
DRAG DROP
You have two Azure subscriptions named Subscnption1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage
resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . an allow rule that has the IP address range of Vnet1 as the source and destination of Sq1.EastUS
- B . a deny rule that has a source of VirtualNetwork and a destination of Sq1
- C . a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
- D . a deny rule that has the IP address range of Vnet1 as the source and destination of Storage
DRAG DROP
You have an Azure subscription that contains the resources shown in the following table.
The IP Addresses settings for Vnet1 are configured as shown in the exhibit.
You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The subscription contains the following resources:
* An Azure App Service app named App1
* An Azure DNS zone named contoso.com
* An Azure private DNS zone named private.contoso.com
* A virtual network named Vnet1
You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS.
You need to provide a developer with the name that is registered in Azure DNS for the private endpoint.
What should you provide?
- A . app1.privatelink.azurewebsites.net
- B . app1.contoso.com
- C . app1.contoso.onmicrosoft.com
- D . app1.private.contoso.com
HOTSPOT
You have the Azure App Service app shown in the App Service exhibit.
The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.
The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the public IP addresses shown in the following table.
You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1?
- A . IP3 and IP5 only
- B . IP5 only
- C . IP1, IP3, and IP5 only
- D . IP3 only
- E . IP2 and IP4 only