Practice Free AZ-700 Exam Online Questions
HOTSPOT
You have an Azure subscription that contains the virtual networks.shown in the following table.
You have a virtual machine named VM5 that has the following IP address configurations:
• IP address: 10.4.0.5
• Subnet mask:255.255.255.0
• Default gateway:10.4.0.1
• DNSserver:168.63.129.16
You have an Azure Private DNS zone named, fabrikam.com that contains the records shown in, the following table.
The virtual network links in the fabrikam.com DNS /one are configured as shown in the exhibit. (Click the Exhibit tab.)
VMS fails to resolve the IP address for.appKfabrik3in.com.
For each of the following statements, select Yes if, the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
SIMULATION
Task 2
You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage
resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . an allow rule that has the IP address range of Vnet1 as the source and destination of Sq1.EastUS
- B . a deny rule that has a source of VirtualNetwork and a destination of Sq1
- C . a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
- D . a deny rule that has the IP address range of Vnet1 as the source and destination of Storage
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage
resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . an allow rule that has the IP address range of Vnet1 as the source and destination of Sq1.EastUS
- B . a deny rule that has a source of VirtualNetwork and a destination of Sq1
- C . a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
- D . a deny rule that has the IP address range of Vnet1 as the source and destination of Storage
You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines. You need to recommend which subnet mask size to use for the virtual subnets.
What should you recommend?
- A . /64
- B . /120
- C . /48
- D . /24
DRAG DROP
Your on-premises network contains an Active Directory Domain Services {AD DS) domain named contoso.com that has an internal certification authority (CA). You have an Azure subscription.
You deploy an Azure application gateway named AppGwy1 and perform the following actions:
• Configure an HTTP listener.
• Associate a routing rule with the listener.
You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You configure the firewall on storage1 to only accept connections from Vnet1.
Does this meet the goal?
- A . Yes
- B . No
You have the Azure load balancer shown in the Load Balancer exhibit.
LB2 has the backend pools shown in the Backend Pools exhibit.
You need to ensure that LB2 distributes traffic to all the members of VMSS1.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Add a network interface to VMSS1.
- B . Configure a health probe.
- C . Add a public IP address to each member of VMSS1.
- D . Add a load balancing rule.
HOTSPOT
You have an Azure application gateway named AppGW1 that provides access to the following hosts:
* www.adatum.com
* www.contoso.com
* www.fabrikam.com
AppGW1 has the listeners shown in the following table.
You create Azure Web Application Firewall (WAF) policies for AppGW1 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains a single virtual network and a virtual network gateway. You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD).
What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
