AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Questions and Answers

Questions 4

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.

Which connectivity method should you use?

Options:

a service endpoint

a private endpoint

Azure Firewall

Azure Front Door

Buy Now

Questions 5

You need to meet the network security requirements for the NSG flow logs.

Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 6

STION NO: 2 DRAG DROP

You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.

Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Buy Now

Questions 7

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 8

You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 9

N NO: 1

You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

Options:

route filters

BGP route exchange

a user-defined route assigned to GatewaySubnet in Vnet1

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

Buy Now

Questions 10

You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 11

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

Options:

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

a user-defined route assigned to GatewaySubnet in Vnet1

BGP route exchange

route filters

Buy Now

Questions 12

You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.

What should you include in the solution?

Options:

a service endpoint

Azure Front Door

a private endpoint

Azure Traffic Manager

Buy Now

Questions 13

You are implementing the virtual network requirements for VM Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 14

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

Options:

a private endpoint

a virtual network peering

a private link service

a routing table

a service endpoint

Buy Now

Questions 15

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 16

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 17

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 18

You need to configure GW1 to meet the network security requirements for the P2S VPN users.

Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

Options:

IKEv2 and OpenVPN (SSL)

IKEv2

IKEv2 and SSTP (SSL)

OpenVPN (SSL)

SSTP (SSL)

Buy Now

Questions 19

In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 20

You create NSG10 and NSG11 to meet the network security requirements.

For each of the following statements, select Yes it the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 21

You are implementing the Virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 22

You have an Azure subscription that contains the public IPv4 addresses shown in the following table.

You plan to create a load balancer named LB1 that will have the following settings:

* Name: LB1

* Location: West US

* Type: Public

* SKU: Standard

Which public IPv4 addresses can be used by LB1?

Options:

IP1 and IP3 only

IP3 only

IP3 and IP5 only

IP2only

IP1, IP2. IP3. IP4. and IP5

IP1, IP3, IP4, and 1P5 only

Buy Now

Questions 23

Task 1

You need to ensure that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure. The solution must ensure that the virtual machines on VNET1 and VNET2 can resolve the names of the virtual machines on either virtual network.

Options:

Buy Now

Answer:

See the Explanation below for step by step instructions.

Explanation:

To achieve the task of ensuring that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure, and that they can resolve the names of the virtual machines on either virtual network, you can follow these steps:

Step-by-Step Solution

Step 1: Create a Private DNS Zone

Navigate to the Azure Portal.

Search for “Private DNS zones” in the search bar and select it.

Click on “Create”.

Enter the DNS zone name as contoso.azure.

Select the appropriate subscription and resource group.

Click on “Review + create” and then “Create”.

Step 2: Link VNET1 and VNET2 to the DNS Zone

Go to the newly created DNS zone (contoso.azure).

Select “Virtual network links” from the left-hand menu.

Click on “Add”.

Enter a name for the link (e.g., VNET1-link).

Select the subscription and virtual network (VNET1).

Enable auto-registration to ensure that VMs are automatically registered in the DNS zone.

Click on “OK”.

Repeat the process for VNET2.

Step 3: Configure DNS Settings for VNET1 and VNET2

Navigate to VNET1 in the Azure Portal.

Select “DNS servers” under the “Settings” section.

Ensure that the DNS server is set to “Default (Azure-provided)”.

Repeat the process for VNET2.

Step 4: Verify Name Resolution

Deploy a virtual machine in VNET1 and another in VNET2.

Connect to the virtual machines using Remote Desktop Protocol (RDP) or Secure Shell (SSH).

Test name resolution by pinging the VM in VNET2 from the VM in VNET1 using its hostname (e.g., ping .contoso.azure).

Explanation

Private DNS Zone: This allows you to manage and resolve domain names in a private network without exposing them to the public internet.

Virtual Network Links: Linking VNET1 and VNET2 to the DNS zone ensures that VMs in these networks can register their DNS records automatically.

Auto-registration: This feature automatically registers the DNS records of VMs in the linked virtual networks, simplifying management.

DNS Settings: Using Azure-provided DNS ensures that the VMs can resolve each other’s names without additional configuration.

By following these steps, you ensure that virtual machines on VNET1 and VNET2 are included automatically in the DNS zone contoso.azure and can resolve each other’s names seamlessly.

Questions 24

You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance.

You need to configure the policy to meet the following requirements:

Log all connections from Australia.

Deny all connections from New Zealand.

Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute.

What is the minimum number of objects you should create?

Options:

three custom rules that each has one condition

one custom rule that has three conditions

one custom rule that has one condition

one rule that has two conditions and another rule that has one condition

Buy Now

Questions 25

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You configure a custom cookie and an exclusion rule.

Does this meet the goal?

Options:

Yes

Buy Now

Questions 26

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1

You deploy an instance of Azure Application Gateway v2 named AppGw1 to Subnet1. You create a network security group (NSG) named NSG1 and link NSG1 to Subnet1.

You need to ensure that AppGw1 will only load balance traffic that originates from VNet1. The solution must minimize the impact on the functionality of AppGw1.

What should you add to NSG1?

Options:

an outbound rule that has a priority 100 and blocks all internet traffic

an outbound rule that has a priority of 4096 and blocks all internet traffic

an inbound rule that has a priority of 4096 and blocks all internet traffic

an inbound rule that has a priority of 100 and blocks all internet traffic

Buy Now

Questions 27

Task 6

You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com.

You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de contoso.com. All other traffic must be routed to ny.contoso.com.

Options:

Buy Now

Answer:

See the Explanation below for step by step instructions.

Explanation:

To provide a single host name that routes traffic based on the origin, you can use Azure Traffic Manager. This service allows you to route traffic to different endpoints based on various routing methods, including geographic routing.

Navigate to the Azure Portal.

Search for “Traffic Manager profiles” and select it.

Click on “Create”.

Enter the following details:

Name: Enter a name for the Traffic Manager profile (e.g., ContosoTrafficManager).

Routing method: Select Geographic.

Subscription: Select your subscription.

Resource group: Select an existing resource group or create a new one.

Resource group location: Choose a location (this does not affect the routing).

Click on “Create”.

Navigate to the newly created Traffic Manager profile.

Select “Endpoints” from the left-hand menu.

Click on “Add” to add a new endpoint.

Enter the following details:

Type: Select External endpoint.

Name: Enter a name for the endpoint (e.g., NewYorkEndpoint).

FQDN: Enter ny.contoso.com.

Geographic region: Select “World” (this will be adjusted later).

Click on “Add” to save the endpoint.

Repeat the process to add the second endpoint:

Type: Select External endpoint.

Name: Enter a name for the endpoint (e.g., GermanyEndpoint).

FQDN: Enter de.contoso.com.

Geographic region: Select Europe.

Navigate to the Traffic Manager profile.

Select “Configuration” from the left-hand menu.

Under “Geographic routing”, adjust the regions:

For the GermanyEndpoint, ensure that the geographic region is set to Europe.

For the NewYorkEndpoint, ensure that the geographic region is set to World (excluding Europe).

Use a DNS query tool to test the routing.

From a location in Germany, query the Traffic Manager profile’s DNS name and ensure it resolves to de.contoso.com.

From a location outside Europe, query the Traffic Manager profile’s DNS name and ensure it resolves to ny.contoso.com.

Azure Traffic Manager: This service uses DNS to direct client requests to the most appropriate endpoint based on the routing method you choose. Geographic routing ensures that traffic is directed based on the origin of the request.

Geographic Routing: This method allows you to route traffic based on the geographic location of the DNS query origin, ensuring that users are directed to the nearest or most appropriate endpoint.

Step-by-Step SolutionStep 1: Create a Traffic Manager ProfileStep 2: Configure EndpointsStep 3: Adjust Geographic RoutingStep 4: Test the ConfigurationExplanationBy following these steps, you can provide a single host name that routes traffic to de.contoso.com for users in Germany and to ny.contoso.com for users from other locations, ensuring efficient and appropriate traffic management.

Questions 28

You have an Azure subscription that contains an Azure Front Door named FD1. FD1 is configured as shown in the following exhibit.

You need to enable Azure Private Link for FD1.

What should you do first?

Options:

Create an origin group.

Add an endpoint.

Change Pricing Tier to Azure Front Door Premium.

Create a custom route.

Buy Now

Questions 29

After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.

You need to configure a rate limit for incoming requests to AFD1.

Solution: You modify the policy settings of WAF1.

Does this meet the goal?

Options:

Yes

Buy Now

Questions 30

You need to configure the P2S VPN to meet the connectivity requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 31

Task 11

You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.

The on-premises network has the following configurations:

• Internal address range: 10.10.0.0/16.

• Firewall 1 internal IP address: 10.10.1.1.

• Firewall1 public IP address: 131.107.50.60.

BGP is NOT used.

You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.

Options:

Buy Now

Questions 32

You have an Azure subscription that contains the resources shown in the following table.

You need to configure FW1 to filter traffic that originates from VNet1 and targets the FQDN of SQLDB1 Which type of rule should you use?

Options:

infrastructure

application

DNAT

network

Buy Now

Questions 33

You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?

Options:

Add a route table to SUBNET-PL

Enable a network policy for SUBNET-PE.

From Azure Virtual Network Manager, create a security admin configuration.

From Azure Viitual Network Manager, create a network group that has Member type set to Subnet

Buy Now

Questions 34

You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 35

You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements

What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 36

You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?

Options:

AzureFrontDoor.FirstParty

AzureFrontDoor.Infra

AzureFrontDoor.Backend

AzureFrontDoor.Frontend

Buy Now

Questions 37

You have an Azure subscription that contains the virtual networks shown in the following table.

You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.

To which virtual networks can you deploy AF1?

Options:

Vnet1 only

Vnet1 and Vnet2 only

Vnet1, Vnet2, and Vnet4 only

Vnet1 and Vnet4 only

Vnet1, Vnet2. Vnet3, and Vnet4

Buy Now

Questions 38

You need to configure a custom rule for APPGWI-WAFPolicy to allow only connections that originate from FD1. The solution must support the planned changes.

Which Match type and Match variable should you select?

Options:

String and RequestCookies

IP address and RemoteAddr

String and RequestHeaders

Geo location and RemoteAddr

Buy Now

Questions 39

You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.

What should you do first?

Options:

Add a custom domain to FD1.

Add a security policy to FD1.

Request a certificate from a trusted root CA.

Export the TLS certificate and the private key from App2.

Buy Now

Questions 40

You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Buy Now

Questions 41

You ate configuring the DNS forwarding luleset for DNSR1

You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.

Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Questions 42

You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?

Options:

From the SSL settings, upload a TLS client certificate that is issued by the internal root CA and includes the full certificate chain.

From the Backend settings, upload a wildcard TLS certificate that has a private key issued by the internal root CA

From the Backend settings, upload the internal root CA certificate.

From the SSL settings, upload a TLS client certificate that is issued by the internal root CA.

Buy Now

Questions 43

You need to plan the deployment of LBGW1. The solution must support the planned changes.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Exam Code: AZ-700

Exam Name: Designing and Implementing Microsoft Azure Networking Solutions

Last Update: Feb 22, 2025

Questions: 289

AZ-700 PDF

$28.5 ~~$94.99~~

Add to Cart

AZ-700 Testing Engine

$33 ~~$109.99~~

Add to Cart

AZ-700 PDF + Testing Engine

$43.5 ~~$144.99~~

Add to Cart

Weekend Special Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

clapgeek logo

AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options: