AZ-700試験無料問題集「Microsoft Designing and Implementing Microsoft Azure Networking Solutions 認定」
You have an on-premises network
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway named Gateway 1.
You need to implement an ExpressRoute solution from a third-party provider named Fabrikam, Inc. The solution must ensure that devices on the on-premises network can connect to the Azure resources on VNet1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway named Gateway 1.
You need to implement an ExpressRoute solution from a third-party provider named Fabrikam, Inc. The solution must ensure that devices on the on-premises network can connect to the Azure resources on VNet1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks.
You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub.
You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution.
What should you include in the solution?
You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub.
You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution.
What should you include in the solution?
正解:C
解答を投票する
You need to plan the deployment of LBGW1. The solution must support the planned changes.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Your company has four branch offices and an Azure Subscription. The subscription contains an Azure VPN gateway named GW1.
The branch offices are configured as shown in the following table.
The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.
The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.
You need to ensure that the Branch1 users can connect to the Azure Resources. The solution must meet the following requirements:
* Minimize downtime for all users.
* Minimize administrative effort.
What should you do first?
The branch offices are configured as shown in the following table.
The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.
The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.
You need to ensure that the Branch1 users can connect to the Azure Resources. The solution must meet the following requirements:
* Minimize downtime for all users.
* Minimize administrative effort.
What should you do first?
正解:D
解答を投票する
You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.
The links have auto registration enabled.
You create the virtual machines shown in the following table.
You manually add the following entry to the contoso.com zone:
* Name: VM1
* IP address: 10.1.10.9
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The links have auto registration enabled.
You create the virtual machines shown in the following table.
You manually add the following entry to the contoso.com zone:
* Name: VM1
* IP address: 10.1.10.9
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: No
The manual DNS record will overwrite the auto-registered DNS record so VM1 will resolve to 10.1.10.9.
Box 2: No
The DNS record for VM1 is now a manually created record rather than an auto-registered record. Only auto- registered DNS records are deleted when a VM is deleted.
Box 3: No
This answer depends on how the IP address is changed. To change the IP address of a VM manually, you would need to select 'Static' as the IP address assignment. In this case, the DNS record will not be updated because only DHCP assigned IP addresses are auto-registered.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-faq-private
You have an Azure subscription that contains the resources shown in the following table.
Each virtual network contains 20 virtual machines and a subnet that has an IP address space of /24.
You need to ensure that you can access the virtual machines from the internet by using Azure Bastion.
What is the minimum number of bastion subnets you should deploy, and what is the smallest supported IP address space for each bastion subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Each virtual network contains 20 virtual machines and a subnet that has an IP address space of /24.
You need to ensure that you can access the virtual machines from the internet by using Azure Bastion.
What is the minimum number of bastion subnets you should deploy, and what is the smallest supported IP address space for each bastion subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have Azure App Service apps in the West US Azure region as shown in the following table.
You need to ensure that all the apps can access the resources in a virtual network named Vnet1 without forwarding traffic through the internet-How many integration subnets should you create?
You need to ensure that all the apps can access the resources in a virtual network named Vnet1 without forwarding traffic through the internet-How many integration subnets should you create?
正解:E
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have the Azure environment shown in the exhibit.
VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.
NAT Gateway uses a public IP address named IP3 that is associated to SubnetA.
VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?
VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.
NAT Gateway uses a public IP address named IP3 that is associated to SubnetA.
VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?
正解:C
解答を投票する
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
No
subnet1(WM1->NSG1 outbound->NSG10 outbound)->subnet2(NSG1 inbound->NSG11 inbound->VM2) Yes NSG10 blocks ICMP from VNet4 (source 10.10.0.0/16) but it is not blocked from VM2#€™s subnet (VNet1
/Subnet2).
No
NSG11 blocks RDP (port TCP 3389) destined for #€˜VirtualNetwork#€™. VirtualNetwork is a service tag and means the address space of the virtual network (VNet1) which in this case is 10.1.0.0/16. Therefore, RDP traffic from subnet2 to anywhere else in VNet1 is blocked.
You have an Azure subscription that contains the resources shown in the following table.
The IP Addresses settings for Vnet1 are configured as shown in the exhibit.
You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
The IP Addresses settings for Vnet1 are configured as shown in the exhibit.
You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#gateway-required-vnet- integration
Your on-premises network contains an Active Directory Domain Services {AD DS) domain named contoso.
com that has an internal certification authority (CA).
You have an Azure subscription.
You deploy an Azure application gateway named AppGwy1 and perform the following actions:
* Configure an HTTP listener.
* Associate a routing rule with the listener.
You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
com that has an internal certification authority (CA).
You have an Azure subscription.
You deploy an Azure application gateway named AppGwy1 and perform the following actions:
* Configure an HTTP listener.
* Associate a routing rule with the listener.
You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
You have an Azure subscription that contains an Azure Firewall policy named FWPolicy1. You need to configure FWPolicy1 to meet the following requirements
* Allow traffic based on the FQDN of the destination.
* Allow TCP traffic based on the source.
Which types of rules should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
* Allow traffic based on the FQDN of the destination.
* Allow TCP traffic based on the source.
Which types of rules should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Task 6
You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
正解:
See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for ensuring that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address:
* To use the same static public IP address for multiple hosts, you need to create a NAT gateway and associate it with subnet3-2. A NAT gateway is a resource that performs network address translation (NAT) for outbound traffic from a subnet1. It allows you to use a single public IP address for multiple private IP addresses2.
* To create a NAT gateway, you need to go to the Azure portal and select Create a resource. Search for NAT gateway, select NAT gateway, then select Create3.
* On the Create a NAT gateway page, enter or select the following information and accept the defaults for the remaining settings:
* Subscription: Select your subscription name
* Resource group: Select your resource group
* Name: Type a unique name for your NAT gateway
* Region: Select the same region as your virtual network
* Public IP address: Select Create new and type a name for your public IP address. Select Standard as the SKU and Static as the assignment method4.
* Select Review + create and then select Create to create your NAT gateway3.
* To associate the NAT gateway with subnet3-2, you need to go to the Virtual networks service in the Azure portal and select your virtual network.
* On the Virtual network page, select Subnets under Settings, and then select subnet3-2 from the list.
* On the Edit subnet page, under NAT gateway, select your NAT gateway from the drop-down list. Then select Save.
Explanation:
Here are the steps and explanations for ensuring that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address:
* To use the same static public IP address for multiple hosts, you need to create a NAT gateway and associate it with subnet3-2. A NAT gateway is a resource that performs network address translation (NAT) for outbound traffic from a subnet1. It allows you to use a single public IP address for multiple private IP addresses2.
* To create a NAT gateway, you need to go to the Azure portal and select Create a resource. Search for NAT gateway, select NAT gateway, then select Create3.
* On the Create a NAT gateway page, enter or select the following information and accept the defaults for the remaining settings:
* Subscription: Select your subscription name
* Resource group: Select your resource group
* Name: Type a unique name for your NAT gateway
* Region: Select the same region as your virtual network
* Public IP address: Select Create new and type a name for your public IP address. Select Standard as the SKU and Static as the assignment method4.
* Select Review + create and then select Create to create your NAT gateway3.
* To associate the NAT gateway with subnet3-2, you need to go to the Virtual networks service in the Azure portal and select your virtual network.
* On the Virtual network page, select Subnets under Settings, and then select subnet3-2 from the list.
* On the Edit subnet page, under NAT gateway, select your NAT gateway from the drop-down list. Then select Save.
Your company has offices in London, Tokyo, and New York.
The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.
In Asia, you plan to deploy an additional endpoint that will host an updated version of App1. You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testi What should you configure in Traffic Manager?
The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.
In Asia, you plan to deploy an additional endpoint that will host an updated version of App1. You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testi What should you configure in Traffic Manager?
正解:A
解答を投票する
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You configure a managed rule for WAF1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You configure a managed rule for WAF1.
Does this meet the goal?
正解:A
解答を投票する