we provide Download Microsoft AZ-700 exam cram which are the best for clearing AZ-700 test, and to get certified by Microsoft Designing and Implementing Microsoft Azure Networking Solutions. The AZ-700 Questions & Answers covers all the knowledge points of the real AZ-700 exam. Crack your Microsoft AZ-700 Exam with latest dumps, guaranteed!
Check AZ-700 free dumps before getting the full version:
NEW QUESTION 1
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
For the first question, only ExpressRoute GW SKU Ultra Performance support FastPath feature.
For the second question, vnet1 will connect to ExpressRoute gw, once Vnet1 peers with Vnet2, the traffic from on-premise network will bypass GW and Vnet1, directly goes to Vnet2, while this feature is under public preview.
====Reference
ExpressRoute virtual network gateway is designed to exchange network routes and route network traffic. FastPath is designed to improve the data path performance between your on-premises network and your virtual network. When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing the gateway.
To configure FastPath, the virtual network gateway must be either: Ultra Performance
ErGw3AZ
VNet Peering - FastPath will send traffic directly to any VM deployed in a virtual network peered to the one connected to ExpressRoute, bypassing the ExpressRoute virtual network gateway.
https://docs.microsoft.com/en-us/azure/expressroute/about-fastpath Gateway SKU
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 2
Your company has 10 instances of a web service. Each instance is hosted in a different Azure region and is accessible through a public endpoint.
The development department at the company is creating an application named App1. Every 10 minutes. App1 will use a list of end points and connect to the first available endpoint.
You plan to use Azure Traffic Manager to maintain the list of endpoints.
You need to configure a Traffic Manager profile that will minimize the impact of DNS caching. What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 3
You have an Azure subscription that contains the public IP addresses shown in the following table.
You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1?
- A. IP3 and IP5 only
- B. IP5 only
- C. IP1, IP3, and IP5 only
- D. IP3 only
- E. IP2 and IP4 only
Answer: D
Explanation:
Only static IPv4 addresses in the Standard SKU are supported. IPv6 doesn’t support NAT. Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview
NEW QUESTION 4
You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.
- B. On the on-premises DNS servers, configure forwarders that point to the Azure provided DNS service at 168.63.129.16.
- C. Modify the DNS server settings of Vnet1.
- D. For FW1, enable DNS proxy.
- E. For FW1, configure a custom DNS server.
Answer: AC
NEW QUESTION 5
You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure. Which two Azure resources should you configure? Each correct answer presents a part of the solution.
(Choose two.)
NOTE: Each correct selection is worth one point.
- A. a virtual network gateway
- B. Azure Application Gateway
- C. Azure Firewall
- D. a local network gateway
- E. Azure Front Door
Answer: AD
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/bgp-howto
NEW QUESTION 6
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?
- A. Azure Standard Load Balancer that has Floating IP enabled
- B. Azure Application Gateway V2 that has multiple listeners
- C. Azure Application Gateway v2 that has multiple site hosting enabled
- D. Azure Standard Load Balancer that has high availability (HA) ports enabled
Answer: A
NEW QUESTION 7
You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN. Users will authenticate by using an on premises Active Directory domain. Which additional service should you deploy to support the VPN authentication?
- A. a certification authority (CA)
- B. a RADIUS server
- C. an Azure key vault
- D. Azure Active Directory (Azure AD) Application Proxy
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
NEW QUESTION 8
You have an Azure virtual network named Vnet1 that connects to an on-premises network. You have an Azure Storage account named storageaccount1 that contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
Ensure that all on-premises users can access storageaccount1 through the private endpoint.
Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Solution:
* 168.63.129.16 is the IP address of Azure DNS which hosts Azure Private DNS zones. It is only accessible from within a VNet which is why we need to forward on-prem DNS requests to the VM running DNS in the VNet. The VM will then forward the request to Azure DNS for the IP of the storage account private endpoint.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 9
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You configure the firewall on storage1 to only accept connections from Vnet1. Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION 10
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
- A. On the peerings from Vnet2 and Vnet3, select Use remote gateways.
- B. On the peering from Vnet1, select Allow forwarded traffic.
- C. On the peering from Vnet1, select Use remote gateways.
- D. On the peering from Vnet1, select Allow gateway transit.
- E. On the peerings from Vnet2 and Vnet3, select Allow gateway transit.
Answer: BD
NEW QUESTION 11
You have an Azure virtual network that contains the subnets shown in the following table.
You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall. You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com. What should you do?
- A. Create a network security group (NSG) and associate the NSG to Subnet2.
- B. In a firewall policy, create an application rule.
- C. In a firewall policy, create a DNAT rule.
- D. In a firewall policy, create a network rule.
Answer: B
NEW QUESTION 12
You have 10 Azure App Service instances. Each instance hosts the same web app. Each instance is in a different Azure region.
You need to configure Azure Traffic Manager to direct users to the instance that has the lowest latency. Which routing method should you use?
- A. geographic
- B. weighted
- C. performance
- D. priority
Answer: D
NEW QUESTION 13
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 14
You have an Azure Traffic Manager parent profile named TM1. TM1 has two child profiles named TM2 and TM3.
TM1 uses the performance traffic-routing method and has the endpoints shown in the following table.
TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table.
TM3 uses priority traffic-routing method and has the endpoints shown in the following table.
The App2, App4, and App6 endpoints have a degraded monitoring status.
To which endpoint is traffic directed? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point
Solution:
Diagram Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-nested-profiles
Traffic from West Europe:
Basedd on TM1 table, West Europe will trigger TM2. However, as the MinChildEndpoint is set to 2, and App4 is degraded (down), the entire TM2 will not be considered available.
This goes back to the origin TM1 that uses performance traffic-routing method, which means the closest location is App1 and naturally be the next best performance instance.
Hence, Answer = App1
Traffic from West US:
Based on TM1 table, West US will trigger TM3. However, both App2 and App6 were degraded (down), so none of them can be considered.
This goes back to the original TM1 that uses performance traffic-routing method, from TM1, the other 2 US locations would be App2 and App3. But App2 we know it's already degraded (unavailable), hence the only option would be App3.
Answer = App3
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 15
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2.
Solution: You download and reinstall the VPN client configuration. Does this meet the goal?
- A. Yes
- B. No
Answer: A
Explanation:
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
NEW QUESTION 16
You configure a route table named RT1 that has the routes shown in the following table.
You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.
You have the resources shown in the following table.
Vnet1 connects to an ExpressRoute circuit.
The on-premises router advertises the following routes:
* 0.0.0.0/0
* 10.0.0.0/16
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 17
Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20. Vnet1 contains a subnet named Subnet1 that uses an IP address space of 192.168.0.0/24.
You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48.
You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
:
Add IPv6 configuration to NIC. "Configure all of the VM NICs with an IPv6 address using Add-AzNetworkInterfaceIpConfig"
Source: https://docs.microsoft.com/en-us/azure/load-balancer/ipv6-add-to-existing-vnet-powershell
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You create a network security group (NSG) and associate the NSG to Subnet1. Does this meet the goal?
- A. Yes
- B. No
Answer: A
NEW QUESTION 19
You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel. Which diagnostic log should you review?
- A. IKEDiagnosticLog
- B. GatewayDiagnosticLog
- C. TunnelDiagnosticLog
- D. RouteDiagnosticLog
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics IKEDiagnosticLog = The IKEDiagnosticLog table offers verbose debug logging for IKE/IPsec. This is very
useful to review when troubleshooting disconnections, or failure to connect VPN scenarios.
GatewayDiagnosticLog = Configuration changes are audited in the GatewayDiagnosticLog table. TunnelDiagnosticLog = The TunnelDiagnosticLog table is very useful to inspect the historical connectivity
statuses of the tunnel.
RouteDiagnosticLog = The RouteDiagnosticLog table traces the activity for statically modified routes or routes received via BGP.
P2SDiagnosticLog = The last available table for VPN diagnostics is P2SDiagnosticLog. This table traces the activity for Point to Site.
https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
NEW QUESTION 20
......
P.S. Easily pass AZ-700 Exam with 105 Q&As Downloadfreepdf.net Dumps & pdf Version, Welcome to Download the Newest Downloadfreepdf.net AZ-700 Dumps: https://www.downloadfreepdf.net/AZ-700-pdf-download.html (105 New Questions)