[Jan-2022] Free AZ-700 Exam Questions AZ-700 Actual Free Exam Questions
Verified AZ-700 dumps and 98 unique questions
NEW QUESTION 49
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated
Box 1: No
NSG10 which is attached to VM1's subnet blocks RDP (port TCP 3389) to 'Any' which means the port is blocked to all destinations.
Box 2: Yes
NSG10 blocks ICMP from VNet4 (source 10.10.0.0/16) but it is not blocked from VM2's subnet (VNet1/Subnet2).
Box 3: No
NSG11 blocks RDP (port TCP 3389) destined for 'VirtualNetwork'. VirtualNetwork is a service tag and means the address space of the virtual network (VNet1) which in this case is 10.1.0.0/16. Therefore, RDP traffic from subnet2 to anywhere else in VNet1 is blocked.
NEW QUESTION 50
Azure virtual networks in the East US Azure region as shown in the following table.
The virtual networks are peered to one another. Each virtual network contains four subnets.
You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.
What is the minimum number of IP addresses that you must assign to VM1?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 51
Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New York.
The company only has Azure resources in the East US region.
You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.
Which type of ExpressRoute circuits should you create?
- A. ExpressRoute Direct
- B. ExpressRoute Standard
- C. ExpressRoute Local
- D. ExpressRoute Premium
Answer: C
Explanation:
Reference:
https://azure.microsoft.com/en-us/pricing/details/expressroute/
NEW QUESTION 52
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION 53
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. On the peering from Vnet1, select Use remote gateways.
- B. On the peerings from Vnet2 and Vnet3, select Use remote gateways.
- C. On the peerings from Vnet2 and Vnet3, select Allow gateway transit.
- D. On the peering from Vnet1, select Allow forwarded traffic.
- E. On the peering from Vnet1, select Allow gateway transit.
Answer: D,E
NEW QUESTION 54
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
Box 2: One NSG
The minimum requirement is one NSG. You could attach the NSG to VMScaleSet1 and restrict outbound traffic, or you could attach the NSG to VMScaleSet2 and restrict inbound traffic. Either way you would need two custom NSG rules.
Box 1: Two custom rules
With the NSG attached to VMScaleSet2, you would need to create a custom rule blocking all traffic from VMScaleSet1. Then you would need to create another custom rule with a higher priority than the first rule that allows traffic on port 443.
The default rules in the NSG will allow all other traffic to VMScaleSet2.
NEW QUESTION 55
You have two Azure subscriptions named Subscnption1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
NEW QUESTION 56
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.
You configure the listener for HTTPS by uploading an enterprise signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1. What should you do?
- A. Increase the Unhealthy threshold setting in the custom probe.
- B. Upload the public key certificate to the HTTP settings.
- C. Set Listener type to Multi site.
- D. Enable the SSL profile for the listener.
Answer: D
NEW QUESTION 57
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 58
You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.
Users will authenticate by using an on premises Active Directory domain.
Which additional service should you deploy to support the VPN authentication?
- A. a RADIUS server
- B. a certification authority (CA)
- C. an Azure key vault
- D. Azure Active Directory (Azure AD) Application Proxy
Answer: D
NEW QUESTION 59
You have 10 Azure App Service instances. Each instance hosts the same web app. Each instance is in a different Azure region.
You need to configure Azure Traffic Manager to direct users to the instance that has the lowest latency.
Which routing method should you use?
- A. weighted
- B. geographic
- C. performance
- D. priority
Answer: D
NEW QUESTION 60
You have five virtual machines that run Windows Server. Each virtual machine hosts a different web app.
You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.corn and a different URL path for each web app, for example: https://www.contoso.com/app1.
You need to control the flow of traffic based on the URL path.
What should you configure?
- A. listeners
- B. rules
- C. HTTP settings
- D. rewrites
Answer: B
NEW QUESTION 61
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 62
You have an Azure subscription that contains an Azure App Service app. The app uses a URL of
https://www.contoso.com.
You need to use a custom domain on Azure Front Door for www.contoso.com. The custom domain must use a certificate from an allowed certification authority (CA).
What should you include in the solution?
- A. Active Directory Certificate Services (AD CS)
- B. Azure Key Vault
- C. Azure Application Gateway
- D. an enterprise application in Azure Active Directory (Azure AD)
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https
NEW QUESTION 63
You have an Azure Traffic Manager parent profile named TM1. TM1 has two child profiles named TM2 and TM3.
TM1 uses the performance traffic-routing method and has the endpoints shown in the following table.
TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table.
TM3 uses priority traffic-routing method and has the endpoints shown in the following table.
The App2, App4, and App6 endpoints have a degraded monitoring status.
To which endpoint is traffic directed? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
Answer:
Explanation:
Explanation
Diagram Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-nested-profiles
NEW QUESTION 64
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
- A. IKEv2
- B. SSTP (SSL)
- C. OpenVPN (SSL)
- D. IKEv2 and SSTP (SSL)
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
NEW QUESTION 65
......
Latest 100% Passing Guarantee - Brilliant AZ-700 Exam Questions PDF: https://www.exam4labs.com/AZ-700-practice-torrent.html
AZ-700 Dumps for Pass Guaranteed - Pass AZ-700 Exam: https://drive.google.com/open?id=1FNhabKekSzu7yhTHRMnjwl9YlPstpB0P