Task 10
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use?
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
Task 9
You plan to use VNET4 for an Azure API Management implementation.
You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.
Task 7
You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.
You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.
Task 6
You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com.
You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de contoso.com. All other traffic must be routed to ny.contoso.com.
Task 11
You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.
Task 8
You plan to deploy an appliance to subnet3-2- The appliance will perform packet inspection and will have an IP address of 10.3.2.100.
You need to ensure that all traffic to the internet from subnet3-1 is forwarded to the appliance for inspection.
Task 6
You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
NO: 7 SIMULATION
Task 7
You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.
Task 5
You need to archive all the metrics of VNET1 to an existing storage account.
Task 1
You need to ensure that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure. The solution must ensure that the virtual machines on VNET1 and VNET2 can resolve the names of the virtual machines on either virtual network.
Task 10
You need to configure VNET1 to log all events and metrics. The solution must ensure that you can query the events and metrics directly from the Azure portal by using KQL.
Task 4
You need to ensure that the owner of VNET3 receives an alert if an administrative operation is performed on the virtual network.
Task 2
You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.
Task 5
You need to ensure that requests for wwwjelecloud.com from any of your Azure virtual networks resolve to frontdoor1.azurefd.net.
Task 1
You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.
You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.
You have an Azure subscription that contains a virtual network name Vnet1. Vnet1 contains a virtual machine named VM1 and an Azure firewall named FW1.
You have an Azure Firewall Policy named FP1 that is associated to FW1.
You need to ensure that RDP requests to the public IP address of FW1 route to VM1.
What should you configure on FP1?
You have an Azure virtual network that contains the subnets shown in the following table.
You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall.
You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com.
What should you do?
You have the Azure Traffic Manager profiles shown in the following table.
You plan to add the endpoints shown in the following table.
Which endpoints can you add to Profile2?
You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1 You need to deploy Azure Firewall to RG1. The solution must minimize administrative effort What should you do first?
You have an Azure subscription.
You plan 10 implement an Azure application gateway named AGW1.
You need to implement an external TLS certificate store for AGW1. The solution must meet the following requirements:
• Keys must be stored by using the highest possible security.
• Administrative effort must be minimized.
Which type of certificate store should you use, and which type of identity should you use to access the store? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
You have an Azure subscription that contains an Azure Firewall Premium policy named FWP1.
To FWP1, you plan to add the rule collections shown in the following table.
Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an app named Appl. App1 is hosted on the Azure App Service instances shown in the following table.
You need to implement Azure Traffic Manager to meet the following requirements:
• App1 traffic must be assigned equally to each App Service instance in each Azure region.
• App1 traffic from North Europe must be routed to the Appl instances in the North Europe region.
• App1 traffic from North America must be routed to the Appl instances in the East US Azure region.
You have an Azure application gateway named AppGW1 that balances requests to a web app named App1.
You need to modify the server variables in the response header of App1.
What should you configure on AppGW1?
You have an Azure firewall shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You have the Azure environment shown In the Azure Environment exhibit. (Click the Azure Environment tab.) The settings for each subnet are shown in the following table.
The Firewalls and virtual networks settings for storage1 are configured as shown in the Storage1 exhibit. (Click the Storage1 tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have the network security groups (NSGs) shown in the following table.
In NSG1, you create inbound rules as shown in the following table.
You have the Azure virtual machines shown in the following table.
NSG2 has only the default rules configured.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to connect an on-premises network and an Azure environment. The solution must use ExpressRoute and support failing over to a Site-to-Site VPN connection if there is an ExpressRoute failure.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have the Azure resources shown in the following table.
You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.
You need to ensure that you can use the service endpoint to connect to the read-only endpoint of storage1 in the paired Azure region.
What should you do first?
You have an on-premises network.
You have an Azure subscription that contains the resources shown in the following table.
You need to implement an ExpressRoute circuit to access the resources in the subscription. The solution must ensure that the on-premises network connects to the Azure resources by using the ExpressRoute circuit.
Which type of peering should you use for each connection? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual machine scale set named VMSS1 and a public standard Azure load balancer named LB1. VMSS1 contains eight virtual machines that have private IP addresses only VMSS1 is configured as a backend pool of LB1. LB1 has two frontend IP addresses and one outbound rule that provides internet connectivity to VMSS1.
What is the maximum number of ports available to the virtual machines in VMSS1. and what should you change to increase the maximum number of SNAT ports available to VMSS1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
ION NO: 36 HOTSPOT
You have the hybrid network shown in the Network Diagram exhibit.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1 and the virtual machines shown in the following table.
All the virtual machines are connected to VNet1.
You need to ensure that the applications hosted on the virtual machines can be accessed from the internet. The solution must ensure that the virtual machines share a single public IP address
What should you use?
Azure virtual networks in the East US Azure region as shown in the following table.
The virtual networks are peered to one another. Each virtual network contains four subnets.
You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.
What is the minimum number of IP addresses that you must assign to VM1?
ESTION NO: 1
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to plan the deployment of LBGW1. The solution must support the planned changes.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.
What should you do first?
You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?
You need to configure a custom rule for APPGWI-WAFPolicy to allow only connections that originate from FD1. The solution must support the planned changes.
Which Match type and Match variable should you select?
You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?
You need to configure the P2S VPN to meet the connectivity requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You ate configuring the DNS forwarding luleset for DNSR1
You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.
Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?
You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements
What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.