AZ-700 無料問題集「Microsoft Designing and Implementing Microsoft Azure Networking Solutions」
You have an Azure subscription that contains an Azure application gateway named AG1 and two Azure App Service apps named App1 and App2 that have the following configurations:
* Both apps are accessible by using HTTP and HTTPS.
* HTTP host headers are used to route requests to the appropriate apps.
* Both apps are hosted in a single App Service Environment in the West Europe Azure region.
You need to publish the apps by using AG1. The solution must ensure that AG1 provides both HTTP and HTTPS access.
What is the minimum number of resources required for AG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
* Both apps are accessible by using HTTP and HTTPS.
* HTTP host headers are used to route requests to the appropriate apps.
* Both apps are hosted in a single App Service Environment in the West Europe Azure region.
You need to publish the apps by using AG1. The solution must ensure that AG1 provides both HTTP and HTTPS access.
What is the minimum number of resources required for AG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You create an ExpressRoute circuit named ERC1 that is enabled by your connectivity provider.
You need to ensure that the routes for Azure Backup and Azure Cosmos DB are advertised to the on-premises network via ECR1. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that the routes for Azure Backup and Azure Cosmos DB are advertised to the on-premises network via ECR1. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Azure virtual networks in the East US Azure region as shown in the following table.
The virtual networks are peered to one another. Each virtual network contains four subnets.
You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.
What is the minimum number of IP addresses that you must assign to VM1?
The virtual networks are peered to one another. Each virtual network contains four subnets.
You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.
What is the minimum number of IP addresses that you must assign to VM1?
正解:C
解答を投票する
You have two on-premises datacenters.
You have an Azure subscription that contains four virtual networks named VNet1 VNet2, VNet3, and VNet4 You create an Azure virtual WAN named VWAN1. VWAN1 contains a single virtual hub that is connected to both on-premises datacenters and all the virtual networks in a full mesh topology.
You create a route table named RT1.
You need to configure VWAN1 to meet the following requirements:
* Connectivity between VNet1 and VNet2 and both on-premises datacenters must be allowed.
* Connectivity between VNet3 and VNet4 and both on-premises datacenters must be allowed.
* VNet1 and VNet2 must be isolated from VNet3 and VNet4.
How should you configure routing for VNet1 and VNet2 and for both on-premises datacenters? To answer, drag the appropriate route tables and route table propagation to the correct requirements. Each route table and route table propagation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains four virtual networks named VNet1 VNet2, VNet3, and VNet4 You create an Azure virtual WAN named VWAN1. VWAN1 contains a single virtual hub that is connected to both on-premises datacenters and all the virtual networks in a full mesh topology.
You create a route table named RT1.
You need to configure VWAN1 to meet the following requirements:
* Connectivity between VNet1 and VNet2 and both on-premises datacenters must be allowed.
* Connectivity between VNet3 and VNet4 and both on-premises datacenters must be allowed.
* VNet1 and VNet2 must be isolated from VNet3 and VNet4.
How should you configure routing for VNet1 and VNet2 and for both on-premises datacenters? To answer, drag the appropriate route tables and route table propagation to the correct requirements. Each route table and route table propagation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:B、D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1.
Hub1 has a security status of Unsecured.
You need to ensure that the security status of Hub1 is marked as Secured.
Solution: You implement Azure Web Application Firewall (WAF).
Does this meet the requirement?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1.
Hub1 has a security status of Unsecured.
You need to ensure that the security status of Hub1 is marked as Secured.
Solution: You implement Azure Web Application Firewall (WAF).
Does this meet the requirement?
正解:B
解答を投票する
You are planning an Azure deployment that will contain three virtual networks in the East US Azure region as shown in the following table.
A Site-to-Site VPN will connect Vnet1 to your company's on-premises network.
You need to recommend a solution that ensures that the virtual machines on all the virtual networks can communicate with the on-premises network- The solution must minimize costs.
What should you recommend for Vnet2 and Vnet3?
A Site-to-Site VPN will connect Vnet1 to your company's on-premises network.
You need to recommend a solution that ensures that the virtual machines on all the virtual networks can communicate with the on-premises network- The solution must minimize costs.
What should you recommend for Vnet2 and Vnet3?
正解:D
解答を投票する
Your on-premises network contains an Active Directory Domain Services {AD DS) domain named contoso.
com that has an internal certification authority (CA).
You have an Azure subscription.
You deploy an Azure application gateway named AppGwy1 and perform the following actions:
* Configure an HTTP listener.
* Associate a routing rule with the listener.
You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
com that has an internal certification authority (CA).
You have an Azure subscription.
You deploy an Azure application gateway named AppGwy1 and perform the following actions:
* Configure an HTTP listener.
* Associate a routing rule with the listener.
You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
You have an Azure subscription that contains a virtual machine named VM1. VM1 contains a NIC named NIC1 and a public IP address named PIP1.PIP1 is assigned to NIC1.
You plan to deploy four Network Virtual Appliances (NVAs).
You need to ensure that all the inbound traffic from the internet to PIP1 is inspected by the NVAs. The solution must ensure that the NVA deployment is highly available.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You plan to deploy four Network Virtual Appliances (NVAs).
You need to ensure that all the inbound traffic from the internet to PIP1 is inspected by the NVAs. The solution must ensure that the NVA deployment is highly available.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.
Which two Azure resources should you configure? Each correct answer presents a part of the solution.
(Choose two.)
NOTE: Each correct selection is worth one point.
Which two Azure resources should you configure? Each correct answer presents a part of the solution.
(Choose two.)
NOTE: Each correct selection is worth one point.
正解:B、D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains the resources shown in the following table.
You plan to deploy an Azure Virtual Network NAT gateway named Gateway 1. The solution must meet the following requirements:
* VM1 will access the internet by using its public IP address.
* VM2 will access the internet by using its public IP address.
* Administrative effort must be minimized.
You need to ensure that you can deploy Gateway1 to Vnet1.
What is the minimal number of subnets that Vnet1 must have?
You plan to deploy an Azure Virtual Network NAT gateway named Gateway 1. The solution must meet the following requirements:
* VM1 will access the internet by using its public IP address.
* VM2 will access the internet by using its public IP address.
* Administrative effort must be minimized.
You need to ensure that you can deploy Gateway1 to Vnet1.
What is the minimal number of subnets that Vnet1 must have?
正解:C
解答を投票する
Your company has an on-premises network and three Azure subscriptions named Subscription1, Subscription2, and Subscription3.
The departments at the company use the Azure subscriptions as shown in the following table.
All the resources in the subscriptions are in either the West US Azure region or the West US 2 Azure region.
You plan to connect all the subscriptions to the on-premises network by using ExpressRoute.
What is the minimum number of ExpressRoute circuits required?
The departments at the company use the Azure subscriptions as shown in the following table.
All the resources in the subscriptions are in either the West US Azure region or the West US 2 Azure region.
You plan to connect all the subscriptions to the on-premises network by using ExpressRoute.
What is the minimum number of ExpressRoute circuits required?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: No
Zone2.contoso.com is not linked to any virtual networks. Therefore, no VMs are able to resolve names in the zone.
Box 2: Yes
VM4 is in VNet3. Zone1.contoso.com has a link to VNet3 and auto-registration is enabled on the link.
Box3: No
VNet3 is linked to zone1.contoso.com and auto-registration is enabled on the link. A virtual network can only have one registration zone. You can link zone2.contoso.com to VNet3 but you won't be able to enable auto- registration on the link.
Topic 3, Proseware. Inc
Overview
Existing Environment
Proseware. Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Network infrashtructure
The offices contain the resources shown in the following table.
NYCNet connects to Azure by using an ExptessRoute circuit.
SFONet connects to Azure by using a Site to-Site (S2S) VPN.
The Azure subscriotion contains the virtual networks and subnets shown in the followina table.
The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet
The subscription contains Application Gateway resources shown in the following table.
The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.
HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
The subscription contains an Azure Private DNS zone named DNSZonel in the East US region. DNSZonel hosts a namespace of azure.piosewaie.com and is linked to HubVNet The subscription contains a Standard Azure load balancer named LBS1 in the East US region. LBS1 contains a backend pool that hosts VM1 and VM2.
Planned Changes
Proseware plans to implement the following changes:
* Deploy an Azure Private DNS Resolver named PRDNSl to HubVNet and link PRDNS1 to SpokeVNet.
* Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNSl
* Deploy Azure Virtual Network Manager and implement the following rules:
o Allow inbound connections on TCP port 3389 from the on-premises networks to SU8NET-JUMPHOSTS. o Block inbound connections on TCP poit 80 from the internet to SpokeVNet.
* Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.
* Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.
* Deploy a gateway load balancer named L8GW1 to HubVNet.
* Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and NVA2.
* Ensure that all the traffic to App2 is processed by using FD1.
Connectivity Requirements
Proseware identifies the following connectivity requirements:
* Minimize the complexity of the Azure Virtual Network Manager deployment.
* Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN
* Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S) VP and their proseware.com credentials.
Security Requirements
Proseware identifies the following general requirements:
* Minimize the IP address space required to deploy platform-managed resources to the virtual networks.
* From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.
proseware.com namespace by using PRDNS1.
* Whenever possible, minimize administrative effort.