Free Microsoft Certified: Azure Network Engineer Associate AZ-700 Ultimate Study Guide (Updated 244 Questions) [Q121-Q142]

Free Microsoft Certified: Azure Network Engineer Associate AZ-700 Ultimate Study Guide (Updated 244 Questions)

Get to the Top with AZ-700 Practice Exam Questions

Microsoft AZ-700 exam is intended for IT professionals who have a deep understanding of Azure networking technologies and services, including virtual networks, VPNs, load balancers, and network security groups. Candidates for this certification should also have experience working with Azure services such as Azure Active Directory, Azure DNS, and Azure Traffic Manager. AZ-700 exam is typically taken by network architects, network engineers, and IT professionals who are responsible for designing and implementing Azure networking solutions for their organizations.

The AZ-700 exam is intended for professionals who work with cloud networking solutions and want to demonstrate their mastery of Azure networking services. Candidates for AZ-700 exam should have experience working with virtual networking, routing, and network security solutions in the Azure environment. They should also be familiar with hybrid networking configurations and have a good understanding of how to integrate Azure networking services with on-premises networks.

 

NEW QUESTION # 121
You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.
Users will authenticate by using an on premises Active Directory domain.
Which additional service should you deploy to support the VPN authentication?

• A. a certification authority (CA)
• B. Azure Active Directory (Azure AD) Application Proxy
• C. an Azure key vault
• D. a RADIUS server

Answer: B

NEW QUESTION # 122
You have an Azure subscription that contains the public IPv4 addresses shown in the following table.

You plan to create a load balancer named LB1 that will have the following settings:
* Name: LB1
* Location: West US
* Type: Public
* SKU: Standard
Which public IPv4 addresses can be used by LB1?

• A. IP1, IP2. IP3. IP4. and IP5
• B. IP3 and IP5 only
• C. IP3 only
• D. IP1, IP3, IP4, and 1P5 only
• E. IP1 and IP3 only
• F. IP2only

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-public-ip-address
This is because "Load balancer and the public IP address SKU must match when you use them with public IP addresses" https://docs.microsoft.com/en-us/azure/load-balancer/skus
Standard SKU Load Balancer routes traffic within and across regions, and to Availability Zones for high resiliency.

NEW QUESTION # 123
You have an Azure firewall shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 124
You have an on-premises network named Site1.
You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.
You need to control access to storage1 from Site1 by using network security groups (NSGs).
What should you do first?

• A. Associate a NAT gateway with Subnet1.
• B. Associate a route table with Subnet1.
• C. Configure a network policy for private endpoints on Subnet1.
• D. Create a subnet delegation on Subnet1.

Answer: B

NEW QUESTION # 125
You have an Azure subscription that contains the resources shown in the following table.

The virtual network topology is shown in the following exhibit.

Firewall1 is configured as shown in following exhibit.

FirewallPolicy1 contains the following rules:
* Allow outbound traffic from Vnet1 and Vnet2 to the internet.
* Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints. service endpoints. routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 126
You have an Azure subscription that contains a single virtual network and a virtual network gateway.
You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD).
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 127
You have two Azure subscriptions named Subscription1 and Subscription2.
There are no connections between the virtual networks in two subscriptions.
You configure a private link service as shown in the privatelinkservice1 exhibit. (Click the privatelinkservice1 tab.)

You create a load balancer name in Subscription1 and configure the backend pool shown in the lb1 exhibit. (Click tie 1b1 tab.)

You create a private endpoint in Subscription2 as shown in the privateendpoint4 exhibit. (Click the privateendpoint4)

For each of the following statements, select YES if the statement is true. Otherwise. select No.

Answer:

Explanation:

NEW QUESTION # 128
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Box 2: One NSG
The minimum requirement is one NSG. You could attach the NSG to VMScaleSet1 and restrict outbound traffic, or you could attach the NSG to VMScaleSet2 and restrict inbound traffic. Either way you would need two custom NSG rules.
Box 1: Two custom rules
With the NSG attached to VMScaleSet2, you would need to create a custom rule blocking all traffic from VMScaleSet1. Then you would need to create another custom rule with a higher priority than the first rule that allows traffic on port 443.
The default rules in the NSG will allow all other traffic to VMScaleSet2.

NEW QUESTION # 129
You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.

The links have auto registration enabled.
You create the virtual machines shown in the following table.

You manually add the following entry to the contoso.com zone:
Name: VM1
IP address: 10.1.10.9
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-faq-private

NEW QUESTION # 130
You have the Azure environment shown in the exhibit.

VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.
NAT Gateway uses a public IP address named IP3 that is associated to SubnetA.
VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?

• A. IP1
• B. IP4
• C. IP2
• D. IP3

Answer: A

NEW QUESTION # 131
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?

• A. a user-defined route assigned to GatewaySubnet in Vnet1
• B. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3
• C. BGP route exchange
• D. route filters

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview Overview This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Topic 2, Contoso
Existing Environment:
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com.
The Azure subscription contains the virtual networks shown in the following table.

Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.

The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.

Zone1.contoso.com has the virtual network links shown in the following table.

Other Azure Resources
The Azure subscription contains additional resources as shown in the following table.

Requirements:
Virtual Network Requirements
Contoso has the following virtual networks requirements:
* Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network
* The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
* A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.
Network Security Requirements
Contoso has the following network security requirements:
* Configure Azure Active Directory (Azure AD) authentication for Point-to-Site (P2S) VPN users.
* Enable NSG flow logs for NSG3 and NSG4.
* Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.

* Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.

NEW QUESTION # 132
Your company has an on-premises network and three Azure subscriptions named Subscription1, Subscription2, and Subscription3.
The departments at the company use the Azure subscriptions as shown in the following table.

All the resources in the subscriptions are in either the West US Azure region or the West US 2 Azure region.
You plan to connect all the subscriptions to the on-premises network by using ExpressRoute.
What is the minimum number of ExpressRoute circuits required?

• A. 0
• B. 1
• C. 2
• D. 3
• E. 4

Answer: C

NEW QUESTION # 133
You have the Azure Traffic Manager profiles shown in the following table.

You plan to add the endpoints shown in the following table.

Which endpoints can you add to Profile2?

• A. Endpoint1 only
• B. Endpoint1, Endpoint2, Endpoint3, and Endpoint4
• C. Endpoint1 and Endpoint4 only
• D. Endpoint2 and Endpoint3 only
• E. Endpoint3 only

Answer: C

NEW QUESTION # 134
You have an Azure subscription that contains the public IPv4 addresses shown in the following table.

You plan to create a load balancer named LB1 that will have the following settings:
* Name: LB1
* Location: West US
* Type: Public
* SKU: Standard
Which public IPv4 addresses can be used by LB1?

• A. IP1, IP2. IP3. IP4. and IP5
• B. IP3 and IP5 only
• C. IP3 only
• D. IP1, IP3, IP4, and 1P5 only
• E. IP1 and IP3 only
• F. IP2only

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-public-ip-address This is because "Load balancer and the public IP address SKU must match when you use them with public IP addresses" https://docs.microsoft.com/en-us/azure/load-balancer/skus Standard SKU Load Balancer routes traffic within and across regions, and to Availability Zones for high resiliency.

NEW QUESTION # 135
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Graphical user interface, text, application, email Description automatically generated

Box 1: No
NSG10 which is attached to VM1's subnet blocks RDP (port TCP 3389) to 'Any' which means the port is blocked to all destinations.
Box 2: Yes
NSG10 blocks ICMP from VNet4 (source 10.10.0.0/16) but it is not blocked from VM2's subnet (VNet1/Subnet2).
Box 3: No
NSG11 blocks RDP (port TCP 3389) destined for 'VirtualNetwork'. VirtualNetwork is a service tag and means the address space of the virtual network (VNet1) which in this case is 10.1.0.0/16. Therefore, RDP traffic from subnet2 to anywhere else in VNet1 is blocked.

NEW QUESTION # 136
You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-autoregistration
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances

NEW QUESTION # 137
You have an Azure subscription that contains the resources is shown in the following table.

You need to ensure that the apps hosted on VM1 can resolve the IP address of the What should you create first?

• A. a private DNS zone named database.windows.net
• B. a public DNS zone named private ink.database.windows.net
• C. a public DNS zone named database.windows.net
• D. a private DNS zone named privatelink.database.windows.net

Answer: B

NEW QUESTION # 138
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 139
You have an Azure subscription that contains the virtual networks shown in the following table.

You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.
To which virtual networks can you deploy AF1?

• A. Vnet1, Vnet2, and Vnet4 only
• B. Vnet1 and Vnet2 only
• C. Vnet1 and Vnet4 only
• D. Vnet1, Vnet2. Vnet3, and Vnet4
• E. Vnet1 only

Answer: E

NEW QUESTION # 140
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You enable BGP on the gateway of Vnet1.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Explanation
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

NEW QUESTION # 141
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe Azure region.
You deploy an Azure App Service app named App1 to the West Europe region.
You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs.
What should you do first?

• A. Create a private link.
• B. Create a NAT gateway.
• C. Create a gateway subnet and deploy a virtual network gateway.
• D. Create a new subnet.

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

NEW QUESTION # 142
......

Microsoft AZ-700 is a certification exam that aims to test the knowledge of professionals in designing and implementing Microsoft Azure networking solutions. AZ-700 exam is designed to assess the competency of individuals in designing and implementing various Azure networking services, including virtual networks, load balancers, network security groups, hybrid connectivity, and Azure DNS.

 

Pass Microsoft AZ-700 exam - questions - convert Tets Engine to PDF: https://www.prep4king.com/AZ-700-exam-prep-material.html

Use Real AZ-700 Dumps Free Sample Questions and Practice Test Engine: https://drive.google.com/open?id=1f5wsoezIqtucuzvzFJ6dwd611YnYmqSq