최신 AZ-700 무료덤프 - Microsoft Designing and Implementing Microsoft Azure Networking Solutions
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
What should you use to configure the default route?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure virtual machine named VM1.
You need to capture all the network traffic of VM1 by using Azure Network Watcher. To which locations can the capture be written?
You need to capture all the network traffic of VM1 by using Azure Network Watcher. To which locations can the capture be written?
정답: D
Task 11
You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.
You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.
정답:
See the Explanation below for step by step instructions.
Explanation:
To ensure that only hosts on VNET1 can access the slcnage42150372 storage account and that access occurs over the Azure backbone network, you can use Azure Private Endpoints. This method secures the connection by assigning a private IP address from your virtual network to the storage account, ensuring that traffic does not traverse the public internet.
Step-by-Step Solution
Step 1: Create a Private Endpoint for the Storage Account
* Navigate to the Azure Portal.
* Search for "Storage accounts" and select the slcnage42150372 storage account.
* In the storage account blade, select "Networking" under the "Security + networking" section.
* Under "Private endpoint connections", click on "Add private endpoint".
* Enter the following details:
* Name: Enter a name for the private endpoint (e.g., PrivateEndpoint-VNET1).
* Region: Select the same region as your virtual network (VNET1).
* Click on "Next: Resource".
Step 2: Configure the Resource
* Select "Target sub-resource": Choose the storage service you want to connect to (e.
g., blob, file, queue, table).
* Click on "Next: Virtual network".
Step 3: Select the Virtual Network and Subnet
* Select the virtual network: Choose VNET1.
* Select the subnet: Choose the appropriate subnet within VNET1.
* Click on "Next: Configuration".
Step 4: Configure DNS Integration (Optional)
* Configure DNS settings if needed to ensure proper name resolution within your virtual network.
* Click on "Next: Tags", add any tags if necessary, and then click on "Review + create".
* Review your settings and click on "Create".
Step 5: Restrict Public Network Access
* Navigate back to the storage account.
* Select "Networking" under the "Security + networking" section.
* Under "Firewalls and virtual networks", select "Selected networks".
* Ensure that only VNET1 is listed under the virtual networks section.
* Click on "Save".
Explanation:
* Private Endpoints: These provide secure connectivity to Azure services by assigning a private IP address from your VNet to the service, ensuring that traffic stays within the Azure backbone network12.
* Firewall and Virtual Networks: Configuring the storage account to allow access only from selected networks (VNET1) ensures that no other network can access the storage account3.
By following these steps, you can ensure that only hosts on VNET1 can access the slcnage42150372 storage account, and that all access occurs over the secure Azure backbone network.
Explanation:
To ensure that only hosts on VNET1 can access the slcnage42150372 storage account and that access occurs over the Azure backbone network, you can use Azure Private Endpoints. This method secures the connection by assigning a private IP address from your virtual network to the storage account, ensuring that traffic does not traverse the public internet.
Step-by-Step Solution
Step 1: Create a Private Endpoint for the Storage Account
* Navigate to the Azure Portal.
* Search for "Storage accounts" and select the slcnage42150372 storage account.
* In the storage account blade, select "Networking" under the "Security + networking" section.
* Under "Private endpoint connections", click on "Add private endpoint".
* Enter the following details:
* Name: Enter a name for the private endpoint (e.g., PrivateEndpoint-VNET1).
* Region: Select the same region as your virtual network (VNET1).
* Click on "Next: Resource".
Step 2: Configure the Resource
* Select "Target sub-resource": Choose the storage service you want to connect to (e.
g., blob, file, queue, table).
* Click on "Next: Virtual network".
Step 3: Select the Virtual Network and Subnet
* Select the virtual network: Choose VNET1.
* Select the subnet: Choose the appropriate subnet within VNET1.
* Click on "Next: Configuration".
Step 4: Configure DNS Integration (Optional)
* Configure DNS settings if needed to ensure proper name resolution within your virtual network.
* Click on "Next: Tags", add any tags if necessary, and then click on "Review + create".
* Review your settings and click on "Create".
Step 5: Restrict Public Network Access
* Navigate back to the storage account.
* Select "Networking" under the "Security + networking" section.
* Under "Firewalls and virtual networks", select "Selected networks".
* Ensure that only VNET1 is listed under the virtual networks section.
* Click on "Save".
Explanation:
* Private Endpoints: These provide secure connectivity to Azure services by assigning a private IP address from your VNet to the service, ensuring that traffic stays within the Azure backbone network12.
* Firewall and Virtual Networks: Configuring the storage account to allow access only from selected networks (VNET1) ensures that no other network can access the storage account3.
By following these steps, you can ensure that only hosts on VNET1 can access the slcnage42150372 storage account, and that all access occurs over the secure Azure backbone network.
Task 3
You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.
You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.
정답:
See the Explanation below for step by step instructions.
Explanation:
To ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, you can use Virtual Network Peering. This method connects the two virtual networks directly through the Microsoft backbone network, ensuring low-latency and high-bandwidth communication.
Step-by-Step Solution
Step 1: Set Up Virtual Network Peering
* Navigate to the Azure Portal.
* Search for "Virtual networks" and select VNET1.
* In the left-hand menu, select "Peerings" under the "Settings" section.
* Click on "Add" to create a new peering.
* Enter the following details:
* Name: Enter a name for the peering (e.g., VNET1-to-VNET2).
* Peer virtual network: Select VNET2.
* Allow virtual network access: Ensure this is enabled.
* Allow forwarded traffic: Enable if needed.
* Allow gateway transit: Enable if needed.
* Click on "Add".
Step 2: Configure Peering on VNET2
* Navigate to VNET2 in the Azure Portal.
* In the left-hand menu, select "Peerings" under the "Settings" section.
* Click on "Add" to create a new peering.
* Enter the following details:
* Name: Enter a name for the peering (e.g., VNET2-to-VNET1).
* Peer virtual network: Select VNET1.
* Allow virtual network access: Ensure this is enabled.
* Allow forwarded traffic: Enable if needed.
* Allow gateway transit: Enable if needed.
* Click on "Add".
Explanation:
* Virtual Network Peering: This feature connects two virtual networks in the same or different regions, allowing resources in both networks to communicate with each other as if they were part of the same network. The traffic between peered virtual networks uses the Microsoft backbone infrastructure, ensuring low latency and high bandwidth12.
* Allow Virtual Network Access: This setting ensures that the virtual networks can communicate with each other.
* Allow Forwarded Traffic: This setting allows traffic forwarded from a network security appliance in the peered virtual network.
* Allow Gateway Transit: This setting allows the peered virtual network to use the gateway in the local virtual network.
By following these steps, you can ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, leveraging the high-speed Microsoft backbone network.
Explanation:
To ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, you can use Virtual Network Peering. This method connects the two virtual networks directly through the Microsoft backbone network, ensuring low-latency and high-bandwidth communication.
Step-by-Step Solution
Step 1: Set Up Virtual Network Peering
* Navigate to the Azure Portal.
* Search for "Virtual networks" and select VNET1.
* In the left-hand menu, select "Peerings" under the "Settings" section.
* Click on "Add" to create a new peering.
* Enter the following details:
* Name: Enter a name for the peering (e.g., VNET1-to-VNET2).
* Peer virtual network: Select VNET2.
* Allow virtual network access: Ensure this is enabled.
* Allow forwarded traffic: Enable if needed.
* Allow gateway transit: Enable if needed.
* Click on "Add".
Step 2: Configure Peering on VNET2
* Navigate to VNET2 in the Azure Portal.
* In the left-hand menu, select "Peerings" under the "Settings" section.
* Click on "Add" to create a new peering.
* Enter the following details:
* Name: Enter a name for the peering (e.g., VNET2-to-VNET1).
* Peer virtual network: Select VNET1.
* Allow virtual network access: Ensure this is enabled.
* Allow forwarded traffic: Enable if needed.
* Allow gateway transit: Enable if needed.
* Click on "Add".
Explanation:
* Virtual Network Peering: This feature connects two virtual networks in the same or different regions, allowing resources in both networks to communicate with each other as if they were part of the same network. The traffic between peered virtual networks uses the Microsoft backbone infrastructure, ensuring low latency and high bandwidth12.
* Allow Virtual Network Access: This setting ensures that the virtual networks can communicate with each other.
* Allow Forwarded Traffic: This setting allows traffic forwarded from a network security appliance in the peered virtual network.
* Allow Gateway Transit: This setting allows the peered virtual network to use the gateway in the local virtual network.
By following these steps, you can ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, leveraging the high-speed Microsoft backbone network.
You have an Azure subscription that contains the resource groups shown in the following table.
You have the virtual networks shown in the following table.
Vne1l contains two virtual machines named VM1 and VM2. Vnet2 contains two virtual machines named VM3 and VM4. You have the network security groups (NSGs) shown in the following table that include only default rules.
You have the Azure load balancers shown in the following table.
You have the virtual networks shown in the following table.
Vne1l contains two virtual machines named VM1 and VM2. Vnet2 contains two virtual machines named VM3 and VM4. You have the network security groups (NSGs) shown in the following table that include only default rules.
You have the Azure load balancers shown in the following table.
정답:
Explanation:
You are planning an Azure Front Door deployment that will contain the resources shown in the following table.
Users will connect to the App Service through Front Door by using a URL of https://www.fabrikarn.com.
You obtain a certificate for the host name of www.fabfikam.com.
You need to configure a DNS record for www.fabrikam.com and upload the certificate to Azure. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Users will connect to the App Service through Front Door by using a URL of https://www.fabrikarn.com.
You obtain a certificate for the host name of www.fabfikam.com.
You need to configure a DNS record for www.fabrikam.com and upload the certificate to Azure. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
정답:
Explanation:
You have an Azure virtual network named Vnet1 that connects to an on-premises network.
You have an Azure Storage account named storageaccount1 that contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
* Ensure that all on-premises users can access storageaccount1 through the private endpoint.
* Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure Storage account named storageaccount1 that contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
* Ensure that all on-premises users can access storageaccount1 through the private endpoint.
* Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation:
168.63.129.16 is the IP address of Azure DNS which hosts Azure Private DNS zones. It is only accessible from within a VNet which is why we need to forward on-prem DNS requests to the VM running DNS in the VNet. The VM will then forward the request to Azure DNS for the IP of the storage account private endpoint.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
You have five virtual machines that run Windows Server. Each virtual machine hosts a different web app.
You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.corn and a different URL path for each web app, for example: https://www.contoso.com/app1.
You need to control the flow of traffic based on the URL path.
What should you configure?
You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.corn and a different URL path for each web app, for example: https://www.contoso.com/app1.
You need to control the flow of traffic based on the URL path.
What should you configure?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure Virtual Desktop deployment that has 500 session hosts.
All outbound traffic to the internet uses a NAT gateway.
During peak business hours, some users report that they cannot access internet resources. In Azure Monitor, you discover many failed SNAT connections.
You need to increase the available SNAT connections.
What should you do?
All outbound traffic to the internet uses a NAT gateway.
During peak business hours, some users report that they cannot access internet resources. In Azure Monitor, you discover many failed SNAT connections.
You need to increase the available SNAT connections.
What should you do?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription. The subscription contains two virtual machine scale sets that host two apps named App1 and App2, an Azure Private Link service named PLS1. and an Azure load balancer named LB1.
PLS1 uses LB1 and has TCP Proxy V2 disabled PLS1 provides access to App1 only.
You need to perform the following actions:
* Provide access to App1 and App2.
* Increase the number of supported private endpoint connections.
What should you modify to provide access to App2, and what should you modify to increase the number of supported connections? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
PLS1 uses LB1 and has TCP Proxy V2 disabled PLS1 provides access to App1 only.
You need to perform the following actions:
* Provide access to App1 and App2.
* Increase the number of supported private endpoint connections.
What should you modify to provide access to App2, and what should you modify to increase the number of supported connections? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You have an Azure subscription
You plan to use Azure Virtual WAN.
You need to deploy a virtual WAN hub that meets the following requirements:
* Supports 4 Gbps of Site-to-Site (S2S) VPN traffic
* Supports 8 Gbps of ExpressRoute traffic
* Minimizes costs
How many scale units should you configure? To answer select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
You plan to use Azure Virtual WAN.
You need to deploy a virtual WAN hub that meets the following requirements:
* Supports 4 Gbps of Site-to-Site (S2S) VPN traffic
* Supports 8 Gbps of ExpressRoute traffic
* Minimizes costs
How many scale units should you configure? To answer select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
정답:
Explanation:
You have two Azure App Service instances that host the web apps shown the following table.
You deploy an Azure application gateway that has one public frontend IP address and two backend pools.
You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.
What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You deploy an Azure application gateway that has one public frontend IP address and two backend pools.
You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.
What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
1, 2
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
정답: E
설명: (DumpTOP 회원만 볼 수 있음)
Task 7
You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.
You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.
You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.
You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.
정답:
See the Explanation below for step by step instructions.
Explanation:
To minimize the risk of SNAT port exhaustion for your 100 virtual machines in subnet4-1, while ensuring minimal administrative effort, you can use an Azure NAT Gateway. This service provides scalable and resilient outbound connectivity for virtual networks, dynamically allocating SNAT ports to avoid exhaustion.
* Navigate to the Azure Portal.
* Search for "NAT gateways" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the NAT gateway (e.g., NATGateway-Subnet4-1).
* Region: Select the region where your virtual network is located.
* Click on "Next: Outbound IP".
* Choose whether to use existing public IP addresses or create new ones.
* If creating new ones, click on "Add new" and configure the new public IP addresses.
* Click on "Next: Subnet".
* Click on "Associate subnet".
* Select the virtual network that contains subnet4-1.
* Select subnet4-1 from the list of subnets.
* Click on "OK".
* Review your settings to ensure everything is correct.
* Click on "Review + create" and then "Create".
* Azure NAT Gateway: This service provides outbound connectivity for virtual networks, dynamically allocating SNAT ports across all VM instances within a subnet. This dynamic allocation helps prevent SNAT port exhaustion, especially in scenarios with high outbound connection volumes12.
* Dynamic SNAT Port Allocation: Unlike static allocation methods, NAT Gateway dynamically allocates SNAT ports based on demand, ensuring efficient use of available ports and reducing the risk of exhaustion2.
Step-by-Step SolutionStep 1: Create a NAT GatewayStep 2: Configure Outbound IP AddressesStep 3:
Associate the NAT Gateway with Subnet4-1Step 4: Review and CreateExplanationBy following these steps, you can ensure that your 100 virtual machines in subnet4-1 can make the necessary API calls without running into SNAT port exhaustion, all while minimizing administrative effort.
Explanation:
To minimize the risk of SNAT port exhaustion for your 100 virtual machines in subnet4-1, while ensuring minimal administrative effort, you can use an Azure NAT Gateway. This service provides scalable and resilient outbound connectivity for virtual networks, dynamically allocating SNAT ports to avoid exhaustion.
* Navigate to the Azure Portal.
* Search for "NAT gateways" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the NAT gateway (e.g., NATGateway-Subnet4-1).
* Region: Select the region where your virtual network is located.
* Click on "Next: Outbound IP".
* Choose whether to use existing public IP addresses or create new ones.
* If creating new ones, click on "Add new" and configure the new public IP addresses.
* Click on "Next: Subnet".
* Click on "Associate subnet".
* Select the virtual network that contains subnet4-1.
* Select subnet4-1 from the list of subnets.
* Click on "OK".
* Review your settings to ensure everything is correct.
* Click on "Review + create" and then "Create".
* Azure NAT Gateway: This service provides outbound connectivity for virtual networks, dynamically allocating SNAT ports across all VM instances within a subnet. This dynamic allocation helps prevent SNAT port exhaustion, especially in scenarios with high outbound connection volumes12.
* Dynamic SNAT Port Allocation: Unlike static allocation methods, NAT Gateway dynamically allocates SNAT ports based on demand, ensuring efficient use of available ports and reducing the risk of exhaustion2.
Step-by-Step SolutionStep 1: Create a NAT GatewayStep 2: Configure Outbound IP AddressesStep 3:
Associate the NAT Gateway with Subnet4-1Step 4: Review and CreateExplanationBy following these steps, you can ensure that your 100 virtual machines in subnet4-1 can make the necessary API calls without running into SNAT port exhaustion, all while minimizing administrative effort.
You have an Azure subscription. The subscription contains multiple Azure SQL Database resources and a virtual network named VNet1 that has five subnets. All the subnets are associated with a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic, unless specifically allowed by a rule.
Each subnet contains 50 virtual machines. Multiple virtual machines host instances of SQL Server on Virtual Machines and will be configured to replicate with the Azure SQL Database resources.
You need to configure a new outbound rule in NSG1 to allow the SQL Server on Virtual Machines instances to connect to the Azure SQL Database resources. The solution must meet the following requirements:
* Minimize modifications to NSG1 when additional instances of SQL Server on Virtual Machines are deployed.
* Ensure that only SQL Server on Virtual Machines instances can connect to the Azure SQL Database resources.
How should you configure each setting for the new outbound rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Each subnet contains 50 virtual machines. Multiple virtual machines host instances of SQL Server on Virtual Machines and will be configured to replicate with the Azure SQL Database resources.
You need to configure a new outbound rule in NSG1 to allow the SQL Server on Virtual Machines instances to connect to the Azure SQL Database resources. The solution must meet the following requirements:
* Minimize modifications to NSG1 when additional instances of SQL Server on Virtual Machines are deployed.
* Ensure that only SQL Server on Virtual Machines instances can connect to the Azure SQL Database resources.
How should you configure each setting for the new outbound rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You are planning an Azure solution that will contain the following types of resources in a single Azure region:
* Virtual machine
* Azure App Service
* Virtual Network gateway
* Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks.
You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
* Virtual machine
* Azure App Service
* Virtual Network gateway
* Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks.
You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can- be-deployed-into-a-virtual-network
You have art Azure subscription.
You plan to deploy Azure Front Door with Azure Web Application Firewall (WAF).
You plan to implement custom rules and managed rules that meet the following requirements:
* Block malicious bots.
* Throttle client IP addresses that exceed 100 connections per minute.
You need to identify which Front Door SKU to configure, and which type of rule to configure for each requirement. The solution must minimize administrative effort and costs.
What should identify? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You plan to deploy Azure Front Door with Azure Web Application Firewall (WAF).
You plan to implement custom rules and managed rules that meet the following requirements:
* Block malicious bots.
* Throttle client IP addresses that exceed 100 connections per minute.
You need to identify which Front Door SKU to configure, and which type of rule to configure for each requirement. The solution must minimize administrative effort and costs.
What should identify? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You create an ExpressRoute circuit named ERC1 that is enabled by your connectivity provider.
You need to ensure that the routes for Azure Backup and Azure Cosmos DB are advertised to the on-premises network via ECR1. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that the routes for Azure Backup and Azure Cosmos DB are advertised to the on-premises network via ECR1. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
