AZ-700 無料問題集「Microsoft Designing and Implementing Microsoft Azure Networking Solutions」
Hotspot Question
You have on-premises datacenters in New York and Seattle.
You have an Azure subscription that contains the ExpressRoute circuits shown in the following table.
You need to ensure that all the data sent between the datacenters is routed via the ExpressRoute circuits. The solution must minimize costs.
How should you configure the network? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have on-premises datacenters in New York and Seattle.
You have an Azure subscription that contains the ExpressRoute circuits shown in the following table.
You need to ensure that all the data sent between the datacenters is routed via the ExpressRoute circuits. The solution must minimize costs.
How should you configure the network? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: Global Reach
ExpressRoute Global Reach is the service where if you have two datacenters, which are located at different geo-locations and both are connected to Microsoft Azure via Express Route then these two datacenters can also connect to each other securely via Microsoft's backbone.
Incorrect:
FastPath is designed to improve the data path performance between your on-premises network and your virtual network. When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing the gateway.
Box 2: Private
With ExpressRoute Global Reach, you can link ExpressRoute circuits together to make a private network between your on-premises networks.
Reference:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-global-reach
You have an Azure subscription that contains the following resources:
- A virtual network named Vnet1
- Two subnets named subnet1 and AzureFirewallSubnet
- A public Azure Firewall named FW1
- A route table named RT1 that is associated to Subnet1
- A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machine operating systems were activated.
You need to ensure that the virtual machines can be activated.
What should you do?
- A virtual network named Vnet1
- Two subnets named subnet1 and AzureFirewallSubnet
- A public Azure Firewall named FW1
- A route table named RT1 that is associated to Subnet1
- A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machine operating systems were activated.
You need to ensure that the virtual machines can be activated.
What should you do?
正解:B
解答を投票する
Case Study 1 - Litware. Inc
Overview
Litware. Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment:
Hybrid Environment
The on-prernises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by usinq Azure AD Connect.
All the offices connect to a virtual network named Vnetl by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table.
A diagram of the resource in the East US Azure region is shown in the Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Azure Environment Diagram
Requirements:
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
- Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the
Boston datacenter over an ExpressRoute circuit.
- Ensure that the records in the cloud.litwareinc.com zone can be
resolved from the on-premises locations.
- Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
- Minimize the size of the subnets allocated to platform-managed
services.
- Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443
only.
Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
- Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
- Latency of the traffic between the Boston datacenter and all the
virtual networks must be minimized.
- The Boston datacenter must connect to the Azure virtual networks by
using an ExpressRoute FastPath connection.
- Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
- The storage1 account must be accessible from all on-premises
locations without exposing the public endpoint of storage1.
- The storage2 account must be accessible from Vnet2 and Vnet3 without
exposing the public endpoint of storage2.
You need to provide connectivity to storage1.
The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
Overview
Litware. Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment:
Hybrid Environment
The on-prernises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by usinq Azure AD Connect.
All the offices connect to a virtual network named Vnetl by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table.
A diagram of the resource in the East US Azure region is shown in the Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Azure Environment Diagram
Requirements:
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
- Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the
Boston datacenter over an ExpressRoute circuit.
- Ensure that the records in the cloud.litwareinc.com zone can be
resolved from the on-premises locations.
- Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
- Minimize the size of the subnets allocated to platform-managed
services.
- Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443
only.
Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
- Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
- Latency of the traffic between the Boston datacenter and all the
virtual networks must be minimized.
- The Boston datacenter must connect to the Azure virtual networks by
using an ExpressRoute FastPath connection.
- Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
- The storage1 account must be accessible from all on-premises
locations without exposing the public endpoint of storage1.
- The storage2 account must be accessible from Vnet2 and Vnet3 without
exposing the public endpoint of storage2.
You need to provide connectivity to storage1.
The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You purchase an Azure subscription. You plan to deploy resources shown in the following table to the subscription.
You need to create a NSG1 rule named Rule1 to meet the following requirements:
- Enable the search servers of App1 to establish outbound HTTP
connections to internet services.
- Minimize administrative effort when new search servers are deployed.
- Use the principle of least privilege.
What should you select as the source for Rule1?
You need to create a NSG1 rule named Rule1 to meet the following requirements:
- Enable the search servers of App1 to establish outbound HTTP
connections to internet services.
- Minimize administrative effort when new search servers are deployed.
- Use the principle of least privilege.
What should you select as the source for Rule1?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have the Azure environment shown in the exhibit.
VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.
NAT Gateway uses a public IP address named IP3 that is associated to SubnetA.
VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?
VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.
NAT Gateway uses a public IP address named IP3 that is associated to SubnetA.
VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Hotspot Question
You have an on-premises datacenter.
You have an Azure subscription that contains 10 virtual machines and a virtual network named VNet1 in the East US Azure region. The virtual machines are connected to VNet1 and replicate across three availability zones.
You need to connect the datacenter to VNet1 by using ExpressRoute. The solution must meet the following requirements:
- Maintain connectivity to the virtual machines if two availability
zones fail.
- Support 1000-Mbps connections.
- Minimize costs.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an on-premises datacenter.
You have an Azure subscription that contains 10 virtual machines and a virtual network named VNet1 in the East US Azure region. The virtual machines are connected to VNet1 and replicate across three availability zones.
You need to connect the datacenter to VNet1 by using ExpressRoute. The solution must meet the following requirements:
- Maintain connectivity to the virtual machines if two availability
zones fail.
- Support 1000-Mbps connections.
- Minimize costs.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You have an internal Basic Azure Load Balancer named LB1 that has two frontend IP addresses.
The backend pool of LB1 contains two Azure virtual machines named VM1 and VM2.
You need to configure the rules on LB1 as shown in the following table.
What should you do for each rule?
The backend pool of LB1 contains two Azure virtual machines named VM1 and VM2.
You need to configure the rules on LB1 as shown in the following table.
What should you do for each rule?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains the resources shown in the following table.
Users on HP1 connect to App1 by using a URL of https://app1.contoso.com.
You need to ensure that the IDPS on FW1 can identify security threats in the connections from HP1 to Server1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Users on HP1 connect to App1 by using a URL of https://app1.contoso.com.
You need to ensure that the IDPS on FW1 can identify security threats in the connections from HP1 to Server1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:A、C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains a distributed web app named App1. App1 is hosted across multiple Azure regions.
You need to recommend a solution for routing user requests to App. The solution must meet the following requirements:
- Support the routing of a user request to a resource based on the URL
of the request.
- Support query string replacement.
- Minimize network latency.
What should you include in the recommendation?
You need to recommend a solution for routing user requests to App. The solution must meet the following requirements:
- Support the routing of a user request to a resource based on the URL
of the request.
- Support query string replacement.
- Minimize network latency.
What should you include in the recommendation?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Hotspot Question
You have an on-premises network and an Azure virtual network named VNet1.
You need to implement Azure Extended Network. The solution must minimize costs.
Which type of virtual machine should you deploy to VNet1, and which tool should you use to configure Azure Extended Network? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an on-premises network and an Azure virtual network named VNet1.
You need to implement Azure Extended Network. The solution must minimize costs.
Which type of virtual machine should you deploy to VNet1, and which tool should you use to configure Azure Extended Network? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure- extended-network#configuration-in-azure
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.
You configure the listener for HTTPS by uploading an enterprise signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1.
What should you do?
You configure the listener for HTTPS by uploading an enterprise signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1.
What should you do?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have five virtual machines that run Windows Server. Each virtual machine hosts a different web app.
You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.corn and a different URL path for each web app, for example:
https://www.contoso.com/app1.
You need to control the flow of traffic based on the URL path.
What should you configure?
You plan to use an Azure application gateway to provide access to each web app by using a hostname of www.contoso.corn and a different URL path for each web app, for example:
https://www.contoso.com/app1.
You need to control the flow of traffic based on the URL path.
What should you configure?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Hotspot Question
You have an Azure subscription that contains two virtual machines.
You monitor traffic between the virtual machines by using NSG flow logs.
You have a network security group (NSG) flow log that has the following entries.
1493763938,185.170.185.105,10.2.0.4,35370,23,T,I,A,B,,,,
1493695838,185.170.185.105,10.2.0.4,35370,23,T,I,A,C,200,500,100,300
1493696138,185.170.185.105,10.2.0.4,35370,23,T,I,A,E,1000,6000,500,1200 You need to identify the following metrics from the log entries:
- The total number of packets transferred between the virtual machines
- The total amount of bytes transferred between the virtual machines
What should you identity? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains two virtual machines.
You monitor traffic between the virtual machines by using NSG flow logs.
You have a network security group (NSG) flow log that has the following entries.
1493763938,185.170.185.105,10.2.0.4,35370,23,T,I,A,B,,,,
1493695838,185.170.185.105,10.2.0.4,35370,23,T,I,A,C,200,500,100,300
1493696138,185.170.185.105,10.2.0.4,35370,23,T,I,A,E,1000,6000,500,1200 You need to identify the following metrics from the log entries:
- The total number of packets transferred between the virtual machines
- The total amount of bytes transferred between the virtual machines
What should you identity? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Drag and Drop Question
You have an Azure subscription that contains the resources shown in the following table.
VNet1 and VNet2 are peered with each other. Subnet1 contains only VM1.
You need to configure Subnet11 to support 500 IP addresses. The solution must ensure that all traffic is routed between VNet1 and VNet2 and users can access App1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that contains the resources shown in the following table.
VNet1 and VNet2 are peered with each other. Subnet1 contains only VM1.
You need to configure Subnet11 to support 500 IP addresses. The solution must ensure that all traffic is routed between VNet1 and VNet2 and users can access App1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Drag and Drop Question
You have an Azure subscription that contains the resources shown in the following table.
You need to associate Gateway1 with Subnet1. The solution must minimize downtime on VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that contains the resources shown in the following table.
You need to associate Gateway1 with Subnet1. The solution must minimize downtime on VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
https://learn.microsoft.com/en-us/azure/nat-gateway/tutorial-migrate-ilip-nat
Hotspot Question
You have an Azure subscription that contains the resources shown in the following table.
You create a service endpoint policy as shown in the Policy exhibit. (Click the Policy tab.)
You configure the Service Endpoints settings for Subnet3 as shown in the Subnets exhibit. (Click the Subnets tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You create a service endpoint policy as shown in the Policy exhibit. (Click the Policy tab.)
You configure the Service Endpoints settings for Subnet3 as shown in the Subnets exhibit. (Click the Subnets tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Hotspot Question
You have an Azure virtual network and an on-premises datacenter that connect by using a Site- to-Site VPN tunnel.
You need to ensure that all traffic from the virtual network to the internet is routed through the datacenter.
How should you complete the PowerShell script to configure forced tunneling? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network and an on-premises datacenter that connect by using a Site- to-Site VPN tunnel.
You need to ensure that all traffic from the virtual network to the internet is routed through the datacenter.
How should you complete the PowerShell script to configure forced tunneling? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
$LocalGateway = Get-AzLocalNetworkGateway -Name "ContosoLocalGateway " - ResourceGroupName "ContosoResourceGroup"
$VirtualGateway = Get-AzVirtualNetworkGateway -Name "ContosoVirtualGateway" Set-AzVirtualNetworkGatewayDefaultSite -GatewayDefaultSite $LocalGateway - VirtualNetworkGateway $VirtualGateway
