최신 AZ-700 무료덤프 - Microsoft Designing and Implementing Microsoft Azure Networking Solutions
Your on-premises network contains a VPN device.
You have an Azure subscription that contains a virtual network and a virtual network gateway.
You need to create a Site-to-Site VPN connection that has a custom cryptographic policy.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network and a virtual network gateway.
You need to create a Site-to-Site VPN connection that has a custom cryptographic policy.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
You have an Azure subscription that contains the resource groups shown in the following table.
You have the virtual networks shown in the following table.
Vne1l contains two virtual machines named VM1 and VM2. Vnet2 contains two virtual machines named VM3 and VM4. You have the network security groups (NSGs) shown in the following table that include only default rules.
You have the Azure load balancers shown in the following table.
You have the virtual networks shown in the following table.
Vne1l contains two virtual machines named VM1 and VM2. Vnet2 contains two virtual machines named VM3 and VM4. You have the network security groups (NSGs) shown in the following table that include only default rules.
You have the Azure load balancers shown in the following table.
정답:
You have an on-premises DNS server named Server1 that hosts a primary DNS zone named fabrikam.com.
You have an Azure subscription that contains the resources shown in the following table.
Users on the on-premises network access resources on all the virtual networks by using a Site-to-Site (S2S) VPN. You need to deploy an Azure DNS Private Resolver solution that meets the following requirements:
* Resources connected to the virtual networks must be able to resolve DNS names for fabrikam.com.
* Server1 must be able to resolve the DNS names of the resources in contoso.com.
* The solution must minimize costs and administrative effort.
What is the minimum number of resolvers you should deploy?
You have an Azure subscription that contains the resources shown in the following table.
Users on the on-premises network access resources on all the virtual networks by using a Site-to-Site (S2S) VPN. You need to deploy an Azure DNS Private Resolver solution that meets the following requirements:
* Resources connected to the virtual networks must be able to resolve DNS names for fabrikam.com.
* Server1 must be able to resolve the DNS names of the resources in contoso.com.
* The solution must minimize costs and administrative effort.
What is the minimum number of resolvers you should deploy?
정답: D
You have an Azure subscription that contains the route tables and routes shown in the following table.
The subscription contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The subscription contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
You have the hybrid network shown in the Network Diagram exhibit.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?
정답: B
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe Azure region.
You deploy an Azure App Service app named App1 to the West Europe region.
You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs.
What should you do first?
You deploy an Azure App Service app named App1 to the West Europe region.
You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs.
What should you do first?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Your on-premises network contains the subnets shown in the following table.
The network contains a firewall named FW1 that uses a public IP address of 131.107.100.200.
You have an Azure subscription that contains the resources shown in the following table.
You plan to configure a Site-to-Site (S2S) VPN named VPN1 that will connect GW1 to FW1.
You need to configure LNG1 to support VPN1. The solution must meet the following requirements:
* Ensure that the resources on Subnet1 and Subnet2 can communicate with the resources on VNe1l.
* Minimize administrative effort.
How should you configure LNG1? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
The network contains a firewall named FW1 that uses a public IP address of 131.107.100.200.
You have an Azure subscription that contains the resources shown in the following table.
You plan to configure a Site-to-Site (S2S) VPN named VPN1 that will connect GW1 to FW1.
You need to configure LNG1 to support VPN1. The solution must meet the following requirements:
* Ensure that the resources on Subnet1 and Subnet2 can communicate with the resources on VNe1l.
* Minimize administrative effort.
How should you configure LNG1? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
정답:
You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines.
You need to recommend a load balancing solution for the virtual network. The solution must meet the following requirements:
* The virtual machines and the load balancer must be accessible only from the virtual network.
* Costs must be minimized.
What should you include in the recommendation?
You need to recommend a load balancing solution for the virtual network. The solution must meet the following requirements:
* The virtual machines and the load balancer must be accessible only from the virtual network.
* Costs must be minimized.
What should you include in the recommendation?
정답: A
SIMULATION
Task 9
You need to ensure that subnet4-3 can accommodate 507 hosts.
Task 9
You need to ensure that subnet4-3 can accommodate 507 hosts.
정답:
See the Explanation below for step by step instructions
Explanation:
Here are the steps and explanations for ensuring that subnet4-3 can accommodate 507 hosts:
To determine the subnet size that can accommodate 507 hosts, you need to use the formula: number of hosts = 2^(32 - n) - 2, where n is the number of bits in the subnet mask1. You need to find the value of n that satisfies this equation for 507 hosts.
To solve this equation, you can use trial and error or a binary search method. For example, you can start with n = 24, which is the default subnet mask for Class C networks. Then, plug in the value of n into the formula and see if it is too big or too small for 507 hosts.
If you try n = 24, you get number of hosts = 2^(32 - 24) - 2 = 254, which is too small. You need to increase the value of n to get a larger number of hosts.
If you try n = 25, you get number of hosts = 2^(32 - 25) - 2 = 510, which is just enough to accommodate 507 hosts. You can stop here or try a smaller value of n to see if it still works.
If you try n = 26, you get number of hosts = 2^(32 - 26) - 2 = 254, which is too small again. You need to decrease the value of n to get a larger number of hosts.
Therefore, the smallest value of n that can accommodate 507 hosts is n = 25. This means that the subnet mask for subnet4-3 should be /25 or 255.255.255.128 in dot-decimal notation1.
To change the subnet mask for subnet4-3, you need to go to the Azure portal and select your virtual network. Then select Subnets under Settings and select subnet4-3 from the list2.
On the Edit subnet page, under Address range (CIDR block), change the value from /24 to /25. Then select Save2.
Explanation:
Here are the steps and explanations for ensuring that subnet4-3 can accommodate 507 hosts:
To determine the subnet size that can accommodate 507 hosts, you need to use the formula: number of hosts = 2^(32 - n) - 2, where n is the number of bits in the subnet mask1. You need to find the value of n that satisfies this equation for 507 hosts.
To solve this equation, you can use trial and error or a binary search method. For example, you can start with n = 24, which is the default subnet mask for Class C networks. Then, plug in the value of n into the formula and see if it is too big or too small for 507 hosts.
If you try n = 24, you get number of hosts = 2^(32 - 24) - 2 = 254, which is too small. You need to increase the value of n to get a larger number of hosts.
If you try n = 25, you get number of hosts = 2^(32 - 25) - 2 = 510, which is just enough to accommodate 507 hosts. You can stop here or try a smaller value of n to see if it still works.
If you try n = 26, you get number of hosts = 2^(32 - 26) - 2 = 254, which is too small again. You need to decrease the value of n to get a larger number of hosts.
Therefore, the smallest value of n that can accommodate 507 hosts is n = 25. This means that the subnet mask for subnet4-3 should be /25 or 255.255.255.128 in dot-decimal notation1.
To change the subnet mask for subnet4-3, you need to go to the Azure portal and select your virtual network. Then select Subnets under Settings and select subnet4-3 from the list2.
On the Edit subnet page, under Address range (CIDR block), change the value from /24 to /25. Then select Save2.
You have an Azure subscription that contains an app named Appl. App1 is deployed to the Azure App Service apps show in the following table.
You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the available worker instances.
What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the available worker instances.
What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
You have an Azure subscription that contains a virtual network named Vnetl. Vnetl has a /24 IPv4 address space.
You need to subdivide Vnet1. The solution must maximize the number of usable subnets.
What is the maximum number of IPv4 subnets you can create, and how many usable IP addresses will be available per subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to subdivide Vnet1. The solution must maximize the number of usable subnets.
What is the maximum number of IPv4 subnets you can create, and how many usable IP addresses will be available per subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance.
You need to configure the policy to meet the following requirements:
Log all connections from Australia.
Deny all connections from New Zealand.
Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute.
What is the minimum number of objects you should create?
You need to configure the policy to meet the following requirements:
Log all connections from Australia.
Deny all connections from New Zealand.
Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute.
What is the minimum number of objects you should create?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You have three on-premises networks.
You have an Azure subscription that contains a Basic Azure virtual WAN. The virtual WAN contains a single virtual hub and a virtual network gateway that is limited to a throughput of 1 Gbps.
The on-premises networks connect to the virtual WAN by using Site-to-Site (S2S) VPN connections.
You need to increase the throughput of the virtual WAN to 3 Gbps. The solution must minimize administrative effort.
What should you do?
You have an Azure subscription that contains a Basic Azure virtual WAN. The virtual WAN contains a single virtual hub and a virtual network gateway that is limited to a throughput of 1 Gbps.
The on-premises networks connect to the virtual WAN by using Site-to-Site (S2S) VPN connections.
You need to increase the throughput of the virtual WAN to 3 Gbps. The solution must minimize administrative effort.
What should you do?
정답: C
You have an Azure subscription that contains 100 network security groups (NSGs).
You need to ensure that you log the application of specific NSG rules.
Which type of log should you configure?
You need to ensure that you log the application of specific NSG rules.
Which type of log should you configure?
정답: C
SIMULATION
Task 10
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
Task 10
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
정답:
See the Explanation below for step by step instructions
Explanation:
To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, you can use a Network Security Group (NSG). This solution is straightforward and minimizes administrative effort.
Step-by-Step Solution
Step 1: Create a Network Security Group (NSG)
Navigate to the Azure Portal.
Search for "Network security groups" and select it.
Click on "Create".
Enter the following details:
Subscription: Select your subscription.
Resource Group: Select an existing resource group or create a new one.
Name: Enter a name for the NSG (e.g., NSG-Subnet1-2).
Region: Select the region where your virtual network is located.
Click on "Review + create" and then "Create".
Step 2: Create an Inbound Security Rule
Navigate to the newly created NSG.
Select "Inbound security rules" from the left-hand menu.
Click on "Add" to create a new rule.
Enter the following details:
Source: Select Service Tag.
Source Service Tag: Select VirtualNetwork.
Source port ranges: Leave as *.
Destination: Select IP Addresses.
Destination IP addresses/CIDR ranges: Enter the IP range of subnet1-2 (e.g., 10.1.2.0/24).
Destination port ranges: Enter 5585.
Protocol: Select TCP.
Action: Select Deny.
Priority: Enter a priority value (e.g., 100).
Name: Enter a name for the rule (e.g., Deny-TCP-5585).
Click on "Add" to create the rule.
Step 3: Associate the NSG with Subnet1-2
Navigate to the virtual network that contains subnet1-2.
Select "Subnets" from the left-hand menu.
Select subnet1-2 from the list of subnets.
Click on "Network security group".
Select the NSG you created (NSG-Subnet1-2).
Click on "Save".
Explanation:
Network Security Group (NSG): NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network. They contain security rules that allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and protocol1.
Inbound Security Rule: By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port.
Association with Subnet: Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet.
By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.
Explanation:
To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, you can use a Network Security Group (NSG). This solution is straightforward and minimizes administrative effort.
Step-by-Step Solution
Step 1: Create a Network Security Group (NSG)
Navigate to the Azure Portal.
Search for "Network security groups" and select it.
Click on "Create".
Enter the following details:
Subscription: Select your subscription.
Resource Group: Select an existing resource group or create a new one.
Name: Enter a name for the NSG (e.g., NSG-Subnet1-2).
Region: Select the region where your virtual network is located.
Click on "Review + create" and then "Create".
Step 2: Create an Inbound Security Rule
Navigate to the newly created NSG.
Select "Inbound security rules" from the left-hand menu.
Click on "Add" to create a new rule.
Enter the following details:
Source: Select Service Tag.
Source Service Tag: Select VirtualNetwork.
Source port ranges: Leave as *.
Destination: Select IP Addresses.
Destination IP addresses/CIDR ranges: Enter the IP range of subnet1-2 (e.g., 10.1.2.0/24).
Destination port ranges: Enter 5585.
Protocol: Select TCP.
Action: Select Deny.
Priority: Enter a priority value (e.g., 100).
Name: Enter a name for the rule (e.g., Deny-TCP-5585).
Click on "Add" to create the rule.
Step 3: Associate the NSG with Subnet1-2
Navigate to the virtual network that contains subnet1-2.
Select "Subnets" from the left-hand menu.
Select subnet1-2 from the list of subnets.
Click on "Network security group".
Select the NSG you created (NSG-Subnet1-2).
Click on "Save".
Explanation:
Network Security Group (NSG): NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network. They contain security rules that allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and protocol1.
Inbound Security Rule: By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port.
Association with Subnet: Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet.
By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.
You have a network security group named NSG1.
You need to enable network security group (NSG) flow logs for NSG1. The solution must support retention policies.
What should you create first?
You need to enable network security group (NSG) flow logs for NSG1. The solution must support retention policies.
What should you create first?
정답: D
You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. Both subnets contain virtual machines. You create a NAT gateway named NATgateway1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
정답:
