Valid AZ-700 Dumps shared by ExamDiscuss.com for Helping Passing AZ-700 Exam! ExamDiscuss.com now offer the newest AZ-700 exam dumps, the ExamDiscuss.com AZ-700 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com AZ-700 dumps with Test Engine here:
Access AZ-700 Dumps Premium Version
(398 Q&As Dumps, 35%OFF Special Discount Code: freecram)
Online Access Free AZ-700 Exam Questions
| Exam Code: | AZ-700 |
| Exam Name: | Designing and Implementing Microsoft Azure Networking Solutions |
| Certification Provider: | Microsoft |
| Free Question Number: | 75 |
| Version: | v2023-10-06 |
| Rating: | |
| # of views: | 466 |
| # of Questions views: | 9239 |
| Go To AZ-700 Questions | |
Recent Comments (The most recent comments are at the top.)
No.# To configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com, you should perform the following actions in sequence:
1. From AppGwy1, create an SSL profile.
2. From an on-premises computer, upload a certificate to AppGwy1.
3. From AppGwy1, create HTTP listeners and associate the listener to the SSL profile.
4. From AppGwy1, create a routing rule.
Explanation:
1. Create an SSL profile: This is the first step, as the SSL profile is where you configure the mutual authentication settings, including the trusted client CA certificate.
2. Upload a certificate to AppGwy1: You need to upload the trusted client CA certificate from the on-premises Active Directory Domain Services (AD DS) domain to AppGwy1. This certificate will be used to authenticate the client requests.
3. Create HTTP listeners and associate the listener to the SSL profile: After configuring the SSL profile with the trusted client CA certificate, you need to associate it with an HTTP listener to enable mutual authentication for the incoming requests.
4. Create a routing rule: Finally, you need to create a routing rule to direct the incoming requests to the appropriate backend pool or target.
The other action, "From AppGwy1, create a frontend IP configuration," is not necessary for the specific task of configuring mutual authentication. The frontend IP configuration is typically set up earlier in the deployment process.
Citations:
[1] https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-portal
[2] https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-powershell
[3] https://stackoverflow.com/questions/76426791/does-azure-application-gateway-support-conditional-mtls
[4] https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/application-gateway/mutual-authentication-certificate-management.md
[5] https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-overview...
No.# type** the correct answer should be D
No.# N - all outbound traffic from VM2 is sent to the internet by default
N - the effective route table show the all the the subnet on the same VNET as a more specific one than the default route and Gateway routes. So subnets within a vnet can communicate can communicate directly.
Y - all outbound traffic from VM1 is sent to the VPN gateway
No.# C. IKEv2 and SSTP (SSL)
No.# My take is answer is correct because:
A-3 subnets for: subnet1 for the 3+1 VM, subnet2 as per requirements, GatewaySubnet for VPN
B-Two service endpoints for keyvault and DB1,
No.# VM1 in Fabrikam's Vnet2 with access to SQL1 in your Vnet1 using Azure Private Link service, you should implement the following resources:
**Vnet1 (Your Azure subscription):**
- **Private Link Service**: You need to create a Private Link service in Vnet1 that references the Azure SQL database (SQL1). This service will provide a way for VM1 in Vnet2 to access SQL1 over a private connection.
- **Standard Load Balancer**: You need to configure a Standard Load Balancer in Vnet1 to handle the incoming traffic to the Private Link Service. This load balancer must be deployed in the same region as the virtual network and the Private Link Service.
**Vnet2 (Fabrikam's Azure subscription):**
- **Private Endpoint**: You need to create a private endpoint in Vnet2 that connects to the Private Link service in Vnet1. This private endpoint will allow VM1 to access SQL1 securely over the Azure network.
The other resources listed (Nat Gateway, Peering link, service endpoint, Azure Application Gateway, Azure Load Balancer) are not required for this specific scenario of connecting VM1 to SQL1 using Azure Private Link service.
The key components are the Private Link Service in Vnet1 and the Private Endpoint in Vnet2, along with the Standard Load Balancer in Vnet1 to handle the incoming traffic to the Private Link Service.
Citations:
[1] https://learn.microsoft.com/en-us/azure/private-link/create-private-link-service-portal
[2] https://learn.microsoft.com/en-us/azure/private-link/private-link-faq
[3] https://blog.vjirovsky.cz/demystifying-azure-private-link/
[4] https://azure.microsoft.com/en-us/products/private-link
[5] https://tutorialsdojo.com/azure-virtual-network-vnet/...
No.# Express Route Premium SKU provides ability to connect from on-premises to any of the Azure regions across the globe.
No.# Answer seems correct
1) 1 Multi site Listener mapping each backend app service (total 2)
2) 1 routing rule mapping per listener/backend pool with Multi site option (total 2)
No.# As I researched here in these 3 reference documentations:
1. https://learn.microsoft.com/en-us/azure/reliability/availability-zones-overview;
2. https://learn.microsoft.com/en-us/azure/vpn-gateway/create-zone-redundant-vnet-gateway
3. https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways#gwsku
When deploying an ErGw1AZ, it is possible to define its zone availability as "Zone-Redundant", in addition it is also essential that the ip used by the ER Gateway be "Standard", because at the time of provisioning this ip will become redundant between the availability zones . Regarding the ER Circuit, it can be "Local", but in this scenario it would be unlimited and more expensive than the "Standard" Limited in 1Gbps. In my opinion the best answer would be:
1. One ExpressRoute Standard circuit
2. One ExpressRoute gateway of the ErGw1AZ SKU
No.# Y: Traffic will flow through the FW because of the 0.0.0.0/0 rule
Y: Traffic will flow through the FW then onto vNet 2 through the peer.
N: No route for subnet 2 through the FW so it will use Azure default to connect to the web
No.# Network Watcher: A regional service that enables you to monitor and diagnose conditions at a network scenario level in Azure. You can turn NSG flow logs on and off with Network Watcher.
Network security group (NSG) flow logs is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through an NSG.
Why use NSG Flow Logs?
It is vital to monitor, manage, and know your own network for uncompromised security, compliance, and performance.
Common use cases include Network Monitoring: Identify unknown or undesired traffic. Monitor traffic levels and bandwidth consumption. Filter flow logs by IP and port to understand application behavior.
No.# Should be YNY
Y - You need to add User Defined Route to the Firewall Appliance from the subnets (https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal)
N - The firewall is not a VPN Gateway, and we do not have any connection with On-Premises here (https://learn.microsoft.com/en-us/answers/questions/516530/how-to-set-up-a-multi-spoke-virtual-network-in-azu)
Y - Azure Firewall can filter by web categories (https://learn.microsoft.com/en-us/azure/firewall/web-categories)
No.# A. Add a backend pool. | D. Add a listener. | E. Add a rule.
VMSS2 is newly created and would need a backend pool. AGW needs to listen to HTTP traffic and forward the HTTP requests based on the rules for VMSS1 Pool1 or VMSS2 Pool2 as per the question.
No.# Active/Passive: https://<YourVirtualNetworkGatewayIP>:8081/healthprobe
Acttve/Active: https://<YourVirtualNetworkGatewayIP2>:8083/healthprobe (Second IP)
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-cannot-connect#step-7-verify-the-azure-gateway-health-probe
No.# BGP route exchange
No.# Box 1: Global Reach -
ExpressRoute Global Reach is the service where if you have two datacenters, which are located at different geo-locations and both are connected to Microsoft
Azure via Express Route then these two datacenters can also connect to each other securely via Microsoft's backbone.
Incorrect:
FastPath is designed to improve the data path performance between your on-premises network and your virtual network. When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing the gateway.
Box 2: Private -
With ExpressRoute Global Reach, you can link ExpressRoute circuits together to make a private network between your on-premises networks.
Reference:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-global-reach
No.# To quickly identify the NSG rule that is blocking the connection between VM2 and VM1, the Azure Network Watcher feature you should use is: A. Effective security rules The "Effective security rules" feature in Azure Network Watcher allows you to view the effective security rules applied to a network interface or a subnet. This feature is particularly useful in scenarios where you suspect an NSG rule is blocking connectivity, as it provides a comprehensive view of all the effective security rules, including those inherited from associated NSGs. By using the "Effective security rules" feature, you can quickly identify the specific rule that is blocking the connection between VM2 and VM1, without having to manually review the 100 inbound security rules in NSG1 and the 200 inbound security rules in NSG2. The other options are not as suitable for this scenario:
B. NSG flow logs: This feature is used for capturing network traffic flow information, which is not directly relevant to identifying the specific rule blocking the connection.
C. NSG diagnostic: This feature provides diagnostic information about NSGs, but does not directly help in identifying the specific rule causing the issue.
D. Connection troubleshoot: This feature is used for troubleshooting end-to-end connectivity issues, but does not focus on identifying the specific NSG rule causing the problem.
Therefore, the "Effective security rules" feature in Azure Network Watcher is the most appropriate choice to quickly identify the NSG rule that is blocking the connection between VM2 and VM1...
No.# NYN
VM5 is in VNET3 and VNET3 isn't linked to the fabrikam.com private DNS zone. This means it won't be able to resolve anything in that private DNZ zone until it is linked.
No.# The circuit owner can share a circuit with up to 10 Azure subscriptions. The circuit owner can view who has been authorized to the circuit. The owner can revoke the authorization at any time.
No.# No, the article says " When NAT gateway is configured to subnets, all previous outbound configurations, such as Load balancer or instance-level public IPs (IL PIPs) are superseded and NAT gateway directs all outbound traffic to the internet. " So the correct answer is C: Ref: https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource#connect-to-the-internet-with-nat-gateway