Free AZ-700 Sample Questions — Designing and Implementing Microsoft Azure Networking Solutions

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly. Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service. You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB. What should you include in the solution?

• A. a service tag
• B. a service endpoint policy
• C. a subnet delegation
• D. an application security group

You have an Azure subscription. You plan to deploy Azure Firewall Premium, enable all the Premium features, and configure both network and application rules. Which type of rule will the firewall process first?

• A. network
• B. application
• C. threat intelligence
• D. infrastructure

You have an Azure subscription. You plan to deploy an app named App1 that will be accessed by using Azure Application Gateway. You need to deploy the application gateway for App1. What should you create first?

• A. a user-assigned managed identity
• B. a subnet
• C. an X.509 certificate
• D. an Azure Web Application Firewall (WAF) policy

Your company has a single on-premises datacenter in Washington DC. The East US Azure region has a peering location in Washington DC. The company only has Azure resources in the East US region. You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs. Which type of ExpressRoute circuits should you create?

• A. ExpressRoute Local
• B. ExpressRoute Direct
• C. ExpressRoute Premium
• D. ExpressRoute Standard

You have an Azure virtual network and an on-premises datacenter. You are planning a Site-to-Site VPN connection between the datacenter and the virtual network. Which two resources should you include in your plan? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. a user-defined route
• B. a virtual network gateway
• C. Azure Firewall
• D. Azure Web Application Firewall (WAF)
• E. an on-premises data gateway
• F. an Azure application gateway
• G. a local network gateway

You have an Azure subscription that contains the following resources: • A virtual network named Vnet1 • Two subnets named subnet1 and AzureFirewallSubnet • A public Azure Firewall named FW1 • A route table named RT1 that is associated to Subnet1 • A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machine operating systems were activated. You need to ensure that the virtual machines can be activated. What should you do?

• A. Deploy a NAT gateway
• B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS)
• C. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688
• D. Deploy an Azure Standard Load Balancer that has an outbound NAT rule

You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines. You need to recommend which subnet mask size to use for the virtual subnets. What should you recommend?

• A. /64
• B. /120
• C. /48
• D. /24

You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines. You need to recommend a load balancing solution for the virtual network. The solution must meet the following requirements: • The virtual machines and the load balancer must be accessible only from the virtual network. • Costs must be minimized. What should you include in the recommendation?

• A. Basic Azure Load Balancer
• B. Azure Application Gateway v1
• C. Azure Standard Load Balancer
• D. Azure Application Gateway v2

You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN. Users will authenticate by an on-premises Active Directory domain. Which additional service should you deploy to support the VPN authentication?

• A. an Azure key vault
• B. a RADIUS server
• C. a certification authority
• D. Azure Active Directory (Azure AD) Application Proxy

You have an Azure application gateway configured for a single website that is available at https://www.contoso.com. The application gateway contains one backend pool and one rule. The backend pool contains two backend servers. Each backend server has an additional website that is available on port 8080. You need to ensure that if port 8080 is unavailable on a backend server, all the traffic for https://www.contoso.com is redirected to the other backend server. What should you do?

• A. Create a health probe
• B. Add a new rule
• C. Change the port on the listener
• D. Add a new listener

You have an Azure virtual machine named VM1. You need to capture all the network traffic of VM1 by using Azure Network Watcher. To which locations can the capture be written?

• A. a file path on VM1 only
• B. General purpose v2 standard only
• C. a Block blob premium account only
• D. General purpose v2 standard and a file path on VM1 only
• E. General purpose v2 standard and a Block blob premium account only
• F. blob storage, a file path on VM1, and a Block blob premium account

You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?

• A. storage account
• B. internal load balancers
• C. service endpoints
• D. service endpoint policies

You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure. Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.) NOTE: Each correct selection is worth one point.

• A. a virtual network gateway
• B. Azure Application Gateway
• C. Azure Firewall
• D. a local network gateway
• E. Azure Front Door

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

• A. a private endpoint
• B. a routing table
• C. a service endpoint
• D. a private link service
• E. a virtual network peering

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1. You plan to add a private endpoint to Subnet. You need to ensure that you can route traffic between the private endpoint and the Azure Private Link service by using a user-defined route. What should you do first on Subnet1?

• A. Enable network policy
• B. Enable delegation
• C. Create a service endpoint
• D. Provision a Standard Azure load balancer

You have an Azure application gateway named AGW1 that has a routing rule named Rule1. Rule 1 directs traffic for http://www.contoso.com to a backend pool named Pool1. Pool1 targets an Azure virtual machine scale set named VMSS1. You deploy another virtual machine scale set named VMSS2. You need to configure AGW1 to direct all traffic for http://www.adatum.com to VMSS2. The solution must ensure that requests to http://www.contoso.com continue to be directed to Pool1. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Add a backend pool
• B. Modify an HTTP setting
• C. Add an HTTP setting
• D. Add a listener
• E. Add a rule

You have an Azure subscription that contains 100 network security groups (NSGs). You need to ensure that you log the application of specific NSG rules. Which type of log should you configure?

• A. flow log
• B. activity log
• C. Azure resource log
• D. audit log

You have an Azure subscription that contains the following resources: • A virtual network named Vnet1 • Two subnets named subnet1 and AzureFirewallSubnet • A public Azure Firewall named FW1 • A route table named RT1 that is associated to Subnet1 • A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?

• A. On FW1, configure a DNAT rule for port 1688
• B. Deploy a NAT gateway
• C. Add an internet route to RT1 for the Azure Key Management Service (KMS)
• D. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688

You have an Azure Front Door instance that has a single frontend named Frontend1 and an Azure Web Application Firewall (WAF) policy named Policy1. Policy1 redirects requests that have a header containing "string1" to https://www.contoso.com/redirect1. Policy1 is associated to Frontend1. You need to configure additional redirection settings. Requests to Frontend1 that have a header containing "string2" must be redirected to https:// www.contoso.com/redirect2. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Create a custom rule
• B. Create a policy
• C. Create a frontend host
• D. Configure a managed rule
• E. Add a custom rule to Policy1
• F. Create an association

You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?

• A. internal load balancers
• B. storage account
• C. Azure Virtual Networks NAT
• D. service endpoint policies