You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual machine named VM1 and a network security group (NSG) named NSG1. NSG1 has the default rules configured VM1 runs Windows Server and contains a single NIC named NIC1 NIC! is associated with NSG1.
You need to prevent access to the Azure Instance Metadata Service (IMDS) REST API on VM1 The solution must minimize administrative effort.
What should you add to NSG1?
You have an Azure subscription that contains a virtual machine scale set named VMSS1 and a public standard Azure load balancer named LB1. VMSS1 contains eight virtual machines that have private IP addresses only VMSS1 is configured as a backend pool of LB1. LB1 has two frontend IP addresses and one outbound rule that provides internet connectivity to VMSS1.
What is the maximum number of ports available to the virtual machines in VMSS1. and what should you change to increase the maximum number of SNAT ports available to VMSS1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1 You need to deploy Azure Firewall to RG1. The solution must minimize administrative effort What should you do first?
You have an Azure virtual network named VNet1 that contains the subnets shown in the following table.
You need to deploy an Azure application gateway named AppGW1 to VNetl To where can you deploy AppGW1?
Task 10
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You add a rule to the rule set of AFD1.
Does this meet the goal?
Task 11
You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.
The on-premises network has the following configurations:
• Internal address range: 10.10.0.0/16.
• Firewall 1 internal IP address: 10.10.1.1.
• Firewall1 public IP address: 131.107.50.60.
BGP is NOT used.
You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.
You have an Azure subscription that contains the resources shown in the following table.
NSG1 is associated to the NIC of VM1 and contains the rules shown in the following table.
You collect NSG flow logs for five minutes for the following activities:
• Two RDP sessions from VM1 to VM2, each initiated from a different TCP port
• Three SSH sessions from VM2 to VM1, each initiated from a different TCP port
You analyze the logs by using Traffic Analytics in Azure Network Watcher. How many aggregated flow entries will Traffic Analytics identify?
Task 8
You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1
You have an Azure subscription that contains six Azure App Service apps. The apps have an identical configuration and are deployed across multiple Azure regions.
You plan to deploy Azure Front Door to load balance traffic across the apps.
You need to ensure that the round robin load-balancing algorithm will send traffic only to a limited number App Service apps based on their proximity to a user. The solution must minimize administrative effort.
What should you modify, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Task 9
You need to ensure that subnet4-3 can accommodate 507 hosts.
You configure a route table named RT1 that has the routes shown in the following table.
You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.
You have the resources shown in the following table.
Vnet1 connects to an ExpressRoute circuit. The on-premises router advertises the following routes:
* 0.0.0.0/0
* 10.0.0.0/16
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You plan 10 implement an Azure application gateway named AGW1.
You need to implement an external TLS certificate store for AGW1. The solution must meet the following requirements:
• Keys must be stored by using the highest possible security.
• Administrative effort must be minimized.
Which type of certificate store should you use, and which type of identity should you use to access the store? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
You have an Azure subscription that contains a single virtual network and a virtual network gateway.
You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD).
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the public IPv4 addresses shown in the following table.
You plan to create a load balancer named LB1 that will have the following settings:
* Name: LB1
* Location: West US
* Type: Public
* SKU: Standard
Which public IPv4 addresses can be used by LB1?
Your company has offices in and Amsterdam. The company has an Azure subscription. Both offices connect to Azure by using a Site-to-Site VPN connection.
The office in Amsterdam uses resources in the North Europe Azure region. The office in New York uses resources in the East US Azure region.
You need to implement ExpressRoute circuits to connect each office to the nearest Azure region. Once the ExpressRoute circuits are connected, the on-premises computers in the Amsterdam office must be able to connect to the on-premises servers in the New York office by using the ExpressRoute circuits.
Which ExpressRoute option should you use?
You have an Azure subscription. The subscription contains a locally-redundant storage 1LRS) account named stoiage1 that is deployed to the US East Azure region and has a Microsoft Storage service endpoint.
You set Redundancy for storage 1 to Read-access geo-redundant storage (RA-GRS)
You need to ensure that the contents of storage1 will be accessible by using a service endpoint in a paired region. The solution must minimize administrative effort
What should you do first?
You have an on-premises network named Site1.
You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.
You need to control access to storage1 from Site1 by using network security groups (NSGs).
What should you do first?
You have an Azure subscription that contains two virtual networks named Vnet1 and Vnet2.
You register a public DNS zone named fabrikam.com. The zone is configured as shown in the Public DNS Zone exhibit.
You have a private DNS zone named fabrikam.com. The zone is configured as shown in the Private DNS Zone exhibit.
You have a virtual network link configured as shown in the Virtual Network Link exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You plan to implement an Azure Virtual WAN named VWAN1 that will contain a hub named Hub1. VWAN1 will include the virtual networks shown in the following table.
You need to ensure that hosts connected to VNet1 can communicate with hosts connected to VNet3.
How should you configure the routing tables for VWAN1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company has 10 instances of a web service. Each instance is hosted in a different Azure region and is accessible through a public endpoint.
The development department at the company is creating an application named App1. Every 10 minutes. App1 will use a list of end points and connect to the first available endpoint.
You plan to use Azure Traffic Manager to maintain the list of endpoints.
You need to configure a Traffic Manager profile that will minimize the impact of DNS caching.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You modify the policy settings of WAF1.
Does this meet the goal?
You have an Azure Front Door instance that has a single frontend named Frontend1 and an Azure Web Application Firewall (WAF) policy named Policy1. Policy1 redirects requests that have a header containing "string1" to Policy1 is associated to Fronte nd1.
You need to configure additional redirection settings. Requests to Frontend1 that have a header containing "string2" must be redirected to
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2.
You have the NAT gateway shown in the NATgateway1 exhibit.
You have the virtual machine shown in the VM1 exhibit.
Subnet1 is configured as shown in the Subnet1 exhibit.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1.
You need to deploy an instance of Azure Application Gateway v2 named AppGw1 to VNet1. AppGw1 will include one basic listener and two multi-site listeners. The listeners will be accessible only from VNet1.
What is the minimum number of IP addresses required for AppGw1? To answer, select the appropriate options in the answer area
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You discover that users connect directly to App1.
You need to meet The following requirements:
• Administrators must only access App1 by using a private endpoint.
• All user connections to App1 must be routed through FD1.
• The downtime of connections to App1 must be minimized.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
You have the Azure App Service app shown in the App Service exhibit.
The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.
The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics.
Which two resources should you create? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct answer selection is worth one point.
Your on-premises network contains two subnets named Subnet1 and Subnet2. Subnet2 contains a Hyper-V host that contains two virtual machines named VM1 and VM2. VM1 and VM2 are connected to Subnet2.
You have an Azure virtual network named VNet1 that contains GatewaySubnet and a subnet named VSubnet1. VNet1 is connected to the on-premises network by using a Site-to-Site (S2S) VPN connection.
You plan to migrate VM1 to VNet1 and maintain the existing IP address of VM1. VM2 will remain on Subnet2.
You need to prepare the environment to ensure that VM1 can communicate with VM2 once the migration is complete.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.’
You have art Azure subscription.
You plan to deploy Azure Front Door with Azure Web Application Firewall (WAF).
You plan to implement custom rules and managed rules that meet the following requirements:
• Block malicious bots.
• Throttle client IP addresses that exceed 100 connections per minute.
You need to identify which Front Door SKU to configure, and which type of rule to configure for each requirement. The solution must minimize administrative effort and costs.
What should identify? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
NO: 168 DRAG DROP
You have an on-premises network.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway.
You need to connect VNet1 to the on-premises network by using an ExpressRoute circuit.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription.
You have the on-premises sites shown the following table.
You plan to deploy Azure Virtual WAN.
You are evaluating Virtual WAN Basic and Virtual WAN Standard.
Which type of Virtual WAN can you use for each site? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use?
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
N NO: 1
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
STION NO: 2 DRAG DROP
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
