AZ-700 Designing and Implementing Microsoft Azure Networking Solutionspopular - Practice Questions - Post 1
Featured Image: 
1. Your company has a single on-premises datacenter in Washington DC. The East US Azure region has a peering location in Washington DC. The company only has Azure resources in the East US region. You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs. Which type of ExpressRoute circuits should you create?
Page: Page 1
Option A: ExpressRoute Local
Option B: ExpressRoute Direct
Option C: ExpressRoute Premium
Option D: ExpressRoute Standard
Answer(s): 1
Explanation: https://azure.microsoft.com/en-us/pricing/details/expressroute/
2. You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN. Users will authenticate by an on-premises Active Directory domain. Which additional service should you deploy to support the VPN authentication?
Page: Page 1
Option A: an Azure key vault
Option B: a RADIUS server
Option C: a certification authority
Option D: Azure Active Directory (Azure AD) Application Proxy
Answer(s): 2
Explanation: https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
3. You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure. Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.) NOTE: Each correct selection is worth one point.
Page: Page 1
Option A: a virtual network gateway
Option B: Azure Application Gateway
Option C: Azure Firewall
Option D: a local network gateway
Answer(s): 1,4
Explanation: https://docs.microsoft.com/en-us/azure/vpn-gateway/bgp-howto
4. You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network. You need to troubleshoot what prevents you from establishing the IPsec tunnel. Which diagnostic log should you review?
Page: Page 1
Option A: IKEDiagnosticLog
Option B: RouteDiagnosticLog
Option C: GatewayDiagnosticLog
Option D: TunnelDiagnosticLog
Answer(s): 1
Explanation: https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
5. HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported) You have an Azure subscription that contains a single virtual network and a virtual network gateway. You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD). What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Page: Page 2
Answer(s):
Explanation:
6.
Page: Page 2
Answer(s):
Explanation:
7.
Page: Page 2
Answer(s):
Explanation:
8.
Page: Page 2
Answer(s):
Explanation:
9. You have an Azure virtual network named Vnet1 and an on-premises network. The on-premises network has policy-based VPN devices. In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based. You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit. You need to ensure that the on-premises network can connect to the route-based GW1. What should you do before you create the connection?
Page: Page 3
Option A: Set Connection Mode to ResponderOnly.
Option B: Set BGP to Enabled.
Option C: Set Use Azure Private IP Address to Enabled.
Option D: Set IPsec / IKE policy to Custom.
Answer(s): 4
Explanation: BGP is the standard routing protocol commonly used in the Internet to exchange routing and reachability information between two or more networks. BGP enables the Azure VPN Gateways and your on-premises VPN devices, called BGP peers or neighbors, to exchange "routes" that will inform both gateways on the availability and reachability for those prefixes to go through the gateways or routers involved. BGP can also enable transit routing among multiple networks by propagating routes a BGP gateway learns from one BGP peer to all other BGP peers. Incorrect: Not C: A VPN gateway must have a Public IP address. Verify that you have an externally facing public IPv4 address for your VPN device.
10. HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported) Your on-premises network contains a VPN device. You have an Azure subscription that contains a virtual network and a virtual network gateway. You need to create a Site-to-Site VPN connection that has a custom cryptographic policy. How should you complete the PowerShell script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Page: Page 3
Option A: See Explanation section for answer.
Answer(s): 1
Explanation:
11. HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported) You have an Azure virtual network and an on-premises datacenter that connect by using a Site-to-Site VPN tunnel. You need to ensure that all traffic from the virtual network to the internet is routed through the datacenter. How should you complete the PowerShell script to configure forced tunneling? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Page: Page 3
Option A: See Explanation section for answer.
Answer(s): 1
Explanation:
12. You are planning an Azure deployment that will contain three virtual networks in the East US Azure region as shown in the following table. A Site-to-Site VPN will connect Vnet1 to your company’s on-premises network. You need to recommend a solution that ensures that the virtual machines on all the virtual networks can communicate with the on-premises network. The solution must minimize costs. What should you recommend for Vnet2 and Vnet3?
Page: Page 3
Option A: VNet-to-VNet VPN connections
Option B: peering
Option C: service endpoints
Option D: route tables
Answer(s): 2
Explanation: Not available
13. Your company has an office in New York. The company has an Azure subscription that contains the virtual networks shown in the following table. You need to connect the virtual networks to the office by using ExpressRoute. The solution must meet the following requirements: • The connection must have up to 1 Gbps of bandwidth. • The office must have access to all the virtual networks. • Costs must be minimized. How many ExpressRoute circuits should be provisioned, and which ExpressRoute SKU should you enable?
Page: Page 4
Option A: one ExpressRoute Premium circuit
Option B: two ExpressRoute Premium circuits
Option C: four ExpressRoute Standard circuits
Option D: one ExpressRoute Standard circuit
Answer(s):
Explanation: Not available
14. You have an Azure subscription that contains a virtual network. You plan to deploy an Azure VPN gateway and 90 Site-to-Site VPN connections. The solution must meet the following requirements: • Ensure that the Site-to-Site VPN connections remain available if an Azure datacenter fails. • Minimize costs. Which gateway SKU should you specify?
Page: Page 4
Option A: VpnGw1AZ
Option B: VpnGw2AZ
Option C: VpnGw4AZ
Option D: VpnGw5AZ
Answer(s):
Explanation: Not available
15. You have an Azure subscription that contains the resources shown in the following table. You create a virtual network named Vnet2 in the West US region. You plan to enable peering between Vnet1 and Vnet2. You need to ensure that the virtual machines connected to Vnet2 can connect to VM1 and VM2 via LB1. What should you do?
Page: Page 4
Option A: From the Peerings settings of Vnet2, set Traffic forwarded from remote virtual network to Allow.
Option B: Change the Floating IP configurations of LB1.
Option C: From the Peerings settings of Vnet1, set Traffic forwarded from remote virtual network to Allow.
Option D: Change the SKU of LB1.
Answer(s):
Explanation: Not available
16. DRAG DROP (Drag and Drop is not supported) (Drag and Drop is not supported) Your on-premises network contains an Active Directory Domain Services (AD DS) domain named contoso.com that has an internal certification authority (CA). You have an Azure subscription. You deploy an Azure application gateway named AppGwy1 and perform the following actions: • Configure an HTTP listener • Associate a routing rule with the listener You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Page: Page 4
Option A: See Explanation section for answer.
Answer(s):
Explanation:
17. SIMULATION Username and password Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User-12345678@cloudslice.onmicrosoft.com Azure Password: xxxxxxxxxx If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall1. The on-premises network has the following configuration: • internal address range: 10.10.0.0/16 • Firewall1 internal IP address: 10.10.1.1 • Firewall public IP address: 131.107.50.60 BGP is NOT used. You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task. To complete this task, sign in to the Azure portal.
Page: Page 5
Answer(s):
Explanation:
18.
Page: Page 5
Answer(s):
Explanation:
19.
Page: Page 5
Answer(s):
Explanation:
20.
Page: Page 5
Answer(s):
Explanation:
21. You have an Azure subscription that contains a virtual network named VNet1 and the virtual machines shown in the following table. All the virtual machines are connected to Vnet1. You need to ensure that the applications hosted on the virtual machines can be accessed from the internet. The solution must ensure that the virtual machines share a single public IP address. What should you use?
Page: Page 6
Option A: an internal load balancer
Option B: Azure Application Gateway
Option C: a NAT gateway
Option D: a public load balancer
Answer(s): 4
Explanation: Not available
22. You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements. Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Page: Page 6
Option A: On the peering from Vnet1, select Allow for Traffic forwarded from remote virtual network.
Option B: On the peerings from Vnet2 and Vnet3, select Allow for Traffic forwarded from remote virtual network.
Option C: On the peering from Vnet1, select Use the remote virtual network's gateway or Route Server.
Option D: On the peering from Vnet1, select Allow for Traffic to remote virtual network.
Answer(s): 2,5
Explanation: Configure VPN gateway transit for virtual network peering A: On the hub VNET Vnet: Traffic forwarded from remote virtual network: Allow E: On the spoke VNETs: Virtual network gateway: Use the remote virtual network's gateway Note: There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly. Business Requirements Litware identifies the following hybrid networking requirements: * Traffic between Vnet2 and Vnet3 must be routed through Vnet1. * Etc.
23. HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported) You have an Azure subscription. You plan to use Azure Virtual WAN. You need to deploy a virtual WAN hub that meets the following requirements: • Supports 4 Gbps of Site-to-Site (S2S) VPN traffic • Supports 8 Gbps of ExpressRoute traffic • Minimizes costs How many scale units should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Page: Page 6
Option A: See Explanation section for answer.
Answer(s): 1
Explanation:
24. DRAG DROP (Drag and Drop is not supported) (Drag and Drop is not supported) You have an on-premises network. You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway. You need to connect VNet1 to the on-premises network by using an ExpressRoute circuit. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Page: Page 6
Option A: See Explanation section for answer.
Answer(s): 1
Explanation:
25. You have three on-premises networks. You have an Azure subscription that contains a Basic Azure virtual WAN. The virtual WAN contains a single virtual hub and a virtual network gateway that is limited to a throughput of 1 Gbps. The on-premises networks connect to the virtual WAN by using Site-to-Site (S2S) VPN connections. You need to increase the throughput of the virtual WAN to 3 Gbps. The solution must minimize administrative effort. What should you do?
Page: Page 7
Option A: Upgrade the virtual WAN to the Standard SKU.
Option B: Add an additional VPN gateway to the Azure subscription.
Option C: Create an additional virtual hub.
Option D: Increase the number of gateway scale units.
Answer(s): 4
Explanation: Not available
26. You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks. You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub. You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution. What should you include in the solution?
Page: Page 7
Option A: An Azure Virtual WAN ExpressRoute gateway
Option B: A Network Virtual Appliance (NVA)
Option C: A Site to site gateway (VPN gateway)
Option D: A Point to site gateway (User VPN gateway)
Answer(s): 2
Explanation: Not available
27. HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported) You have the Azure resources shown in the following table. You need to link VNet2 to Circuit1. What should you create in each subscription? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Page: Page 7
Option A: See Explanation section for answer.
Answer(s): 1
Explanation:
28. You have an on-premises datacenter and an Azure subscription. You plan to implement ExpressRoute FastPath. You need to create an ExpressRoute gateway. The solution must minimize downtime if a single Azure datacenter fails. Which SKU should you use?
Page: Page 7
Option A: ErGw1AZ
Option B: High performance
Option C: Ultra performance
Option D: ErGw3AZ
Answer(s): 1
Explanation: Not available
29. HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported) You have an Azure subscription that contains the resources shown in the following table. You establish BGP peering between NVA1 and Hub1. You need to implement transit connectivity between VNet1 and VNet3 via Hub1 by using BGP peering. The solution must minimize costs. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Page: Page 8
Answer(s):
Explanation:
30.
Page: Page 8
Answer(s):
Explanation: Not available
Post a Comment