최신 AZ-700 무료덤프 - Microsoft Designing and Implementing Microsoft Azure Networking Solutions
You have an Azure subscription that contains an Azure Firewall Premium policy named FWP1.
To FWP1, you plan to add the rule collections shown in the following table.
Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
To FWP1, you plan to add the rule collections shown in the following table.
Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Task 2
You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.
You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.
정답:
See the Explanation below for step by step instructions.
Explanation:
To deploy Azure virtual machines to the France Central region and ensure they are in a network segment with an IP address range of 10.5.1.0/24, follow these steps:
Step-by-Step Solution
Step 1: Create a Virtual Network in France Central
* Navigate to the Azure Portal.
* Search for "Virtual networks" in the search bar and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the virtual network (e.g., VNet-FranceCentral).
* Region: Select France Central.
* Click on "Next: IP Addresses".
Step 2: Configure the Address Space and Subnet
* In the IP Addresses tab, enter the address space as 10.5.1.0/24.
* Click on "Add subnet".
* Enter the following details:
* Subnet name: Enter a name for the subnet (e.g., Subnet-1).
* Subnet address range: Enter 10.5.1.0/24.
* Click on "Add".
* Click on "Review + create" and then "Create".
Step 3: Deploy Virtual Machines to the Virtual Network
* Navigate to the Azure Portal.
* Search for "Virtual machines" in the search bar and select it.
* Click on "Create" and then "Azure virtual machine".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select the same resource group used for the virtual network.
* Virtual machine name: Enter a name for the VM.
* Region: Select France Central.
* Image: Select the desired OS image.
* Size: Select the appropriate VM size.
* Click on "Next: Disks", configure the disks as needed, and then click on "Next: Networking".
* In the Networking tab, select the virtual network (VNet-FranceCentral) and subnet (Subnet-1) created earlier.
* Complete the remaining configuration steps and click on "Review + create" and then "Create".
Explanation:
* Virtual Network: A virtual network in Azure allows you to create a logically isolated network that can host your Azure resources.
* Address Space: The address space 10.5.1.0/24 ensures that the VMs are in a specific network segment.
* Subnet: Subnets allow you to segment the virtual network into smaller, manageable sections.
* Region: Deploying the virtual network and VMs in the France Central region ensures that the resources are physically located in that region.
By following these steps, you can ensure that your Azure virtual machines in the France Central region are deployed within the specified IP address range of 10.5.1.0/24.
Explanation:
To deploy Azure virtual machines to the France Central region and ensure they are in a network segment with an IP address range of 10.5.1.0/24, follow these steps:
Step-by-Step Solution
Step 1: Create a Virtual Network in France Central
* Navigate to the Azure Portal.
* Search for "Virtual networks" in the search bar and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the virtual network (e.g., VNet-FranceCentral).
* Region: Select France Central.
* Click on "Next: IP Addresses".
Step 2: Configure the Address Space and Subnet
* In the IP Addresses tab, enter the address space as 10.5.1.0/24.
* Click on "Add subnet".
* Enter the following details:
* Subnet name: Enter a name for the subnet (e.g., Subnet-1).
* Subnet address range: Enter 10.5.1.0/24.
* Click on "Add".
* Click on "Review + create" and then "Create".
Step 3: Deploy Virtual Machines to the Virtual Network
* Navigate to the Azure Portal.
* Search for "Virtual machines" in the search bar and select it.
* Click on "Create" and then "Azure virtual machine".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select the same resource group used for the virtual network.
* Virtual machine name: Enter a name for the VM.
* Region: Select France Central.
* Image: Select the desired OS image.
* Size: Select the appropriate VM size.
* Click on "Next: Disks", configure the disks as needed, and then click on "Next: Networking".
* In the Networking tab, select the virtual network (VNet-FranceCentral) and subnet (Subnet-1) created earlier.
* Complete the remaining configuration steps and click on "Review + create" and then "Create".
Explanation:
* Virtual Network: A virtual network in Azure allows you to create a logically isolated network that can host your Azure resources.
* Address Space: The address space 10.5.1.0/24 ensures that the VMs are in a specific network segment.
* Subnet: Subnets allow you to segment the virtual network into smaller, manageable sections.
* Region: Deploying the virtual network and VMs in the France Central region ensures that the resources are physically located in that region.
By following these steps, you can ensure that your Azure virtual machines in the France Central region are deployed within the specified IP address range of 10.5.1.0/24.
You have two Azure subscriptions named Subscnption1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1. Hub1 has a security status of Unsecured.
You need to ensure that the security status of Hub1 is marked as Secured.
Solution: You implement an Azure Front Door profile.
Does this meet the requirement?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1. Hub1 has a security status of Unsecured.
You need to ensure that the security status of Hub1 is marked as Secured.
Solution: You implement an Azure Front Door profile.
Does this meet the requirement?
정답: A
You have two Azure subscriptions named Sub1 and Sub2. Sub1 contains a virtual machine named VM1.
You plan to make VM1 available to the resources in Sub2 by using Azure Private Link.
You need to ensure that the private link service can be configured to provide access to VM1.
What should you configure in Sub1 first?
You plan to make VM1 available to the resources in Sub2 by using Azure Private Link.
You need to ensure that the private link service can be configured to provide access to VM1.
What should you configure in Sub1 first?
정답: D
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You reset the gateway of Vnet1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You reset the gateway of Vnet1.
Does this meet the goal?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You plan to implement an Azure Virtual WAN named VWAN1 that will contain a hub named Hub1.
VWAN1 will include the virtual networks shown in the following table.
You need to ensure that hosts connected to VNet1 can communicate with hosts connected to VNet3.
How should you configure the routing tables for VWAN1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
VWAN1 will include the virtual networks shown in the following table.
You need to ensure that hosts connected to VNet1 can communicate with hosts connected to VNet3.
How should you configure the routing tables for VWAN1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
2, 4
Task 3
You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
정답:
See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for creating a policy that can be linked to the planned application gateway and block connections from IP addresses in the 131.107.150.0/24 range:
* To create a policy, you need to go to the Azure portal and select Create a resource. Search for WAF, select Web Application Firewall, then select Create1.
* On the Create a WAF policy page, Basics tab, enter or select the following information and accept the defaults for the remaining settings:
* Policy for: Regional WAF (Application Gateway)
* Subscription: Select your subscription name
* Resource group: Select your resource group
* Policy name: Type a unique name for your WAF policy
* On the Custom rules tab, select Add a rule to create a custom rule that blocks connections from IP addresses in the 131.107.150.0/24 range2. Enter or select the following information for the custom rule:
* Rule name: Type a unique name for your custom rule
* Priority: Type a number that indicates the order of evaluation for this rule
* Rule type: Select Match rule
* Match variable: Select RemoteAddr
* Operator: Select IPMatch
* Match values: Type 131.107.150.0/24
* Action: Select Block
* On the Review + create tab, review your settings and select Create to create your WAF policy1.
* To link your policy to the planned application gateway, you need to go to the Application Gateway service in the Azure portal and select your application gateway3.
* On the Web application firewall tab, select your WAF policy from the drop-down list and select Save
Explanation:
Here are the steps and explanations for creating a policy that can be linked to the planned application gateway and block connections from IP addresses in the 131.107.150.0/24 range:
* To create a policy, you need to go to the Azure portal and select Create a resource. Search for WAF, select Web Application Firewall, then select Create1.
* On the Create a WAF policy page, Basics tab, enter or select the following information and accept the defaults for the remaining settings:
* Policy for: Regional WAF (Application Gateway)
* Subscription: Select your subscription name
* Resource group: Select your resource group
* Policy name: Type a unique name for your WAF policy
* On the Custom rules tab, select Add a rule to create a custom rule that blocks connections from IP addresses in the 131.107.150.0/24 range2. Enter or select the following information for the custom rule:
* Rule name: Type a unique name for your custom rule
* Priority: Type a number that indicates the order of evaluation for this rule
* Rule type: Select Match rule
* Match variable: Select RemoteAddr
* Operator: Select IPMatch
* Match values: Type 131.107.150.0/24
* Action: Select Block
* On the Review + create tab, review your settings and select Create to create your WAF policy1.
* To link your policy to the planned application gateway, you need to go to the Application Gateway service in the Azure portal and select your application gateway3.
* On the Web application firewall tab, select your WAF policy from the drop-down list and select Save
You have an Azure Front Door instance named FrontDoor1.
You deploy two instances of an Azure web app to different Azure regions.
You plan to provide access to the web app through FrontDoor1 by using the name app1.contoso.com.
You need to ensure that FrontDoor1 is the entry point for requests that use app1.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You deploy two instances of an Azure web app to different Azure regions.
You plan to provide access to the web app through FrontDoor1 by using the name app1.contoso.com.
You need to ensure that FrontDoor1 is the entry point for requests that use app1.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation:
You have an instance of Azure Web Application Firewall (WAF) on Azure Front Door.
You plan to create a WAF rule that will block high rates of requests from a single IP address.
You need to query Log Analytics to identify the optimal threshold for the rule.
Which table should you query in Log Analytics?
You plan to create a WAF rule that will block high rates of requests from a single IP address.
You need to query Log Analytics to identify the optimal threshold for the rule.
Which table should you query in Log Analytics?
정답: C
You have an Azure subscription that contains 100 network security groups (NSGs).
You need to ensure that you log the application of specific NSG rules.
Which type of log should you configure?
You need to ensure that you log the application of specific NSG rules.
Which type of log should you configure?
정답: C
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* Two subnets named subnet1 and AzureFirewallSubnet
* A public Azure Firewall named FW1
* A route table named RT1 that is associated to Subnet1
* A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?
* A virtual network named Vnet1
* Two subnets named subnet1 and AzureFirewallSubnet
* A public Azure Firewall named FW1
* A route table named RT1 that is associated to Subnet1
* A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription that contains the resources shown in the following table.
Each virtual network contains 20 virtual machines and a subnet that has an IP address space of /24.
You need to ensure that you can access the virtual machines from the internet by using Azure Bastion.
What is the minimum number of bastion subnets you should deploy, and what is the smallest supported IP address space for each bastion subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Each virtual network contains 20 virtual machines and a subnet that has an IP address space of /24.
You need to ensure that you can access the virtual machines from the internet by using Azure Bastion.
What is the minimum number of bastion subnets you should deploy, and what is the smallest supported IP address space for each bastion subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
