Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Azure Certs > AZ-700 Deck 2 > Flashcards

AZ-700 Deck 2 Flashcards

1
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You reset the gateway of Vnet1.

Does this meet the goal?
A. Yes
B. No

A

B. No

The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You enable BGP on the gateway of Vnet1.

Does this meet the goal?
A. Yes
B. No

A

B: No

The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have an Azure environment shown in the following exhibit.

https://www.examtopics.com/assets/media/exam-media/04157/0003500001.jpg

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

VM1 can communicate with:

  • VM2 only
  • VM2 and VM3 only
  • the on-premises datacenter and VM2 only
  • the on-premises datacenter, VM1, and VM3 only

VM2 can communicate with:

  • VM1 only
  • VM1 and VM3 only
  • the on-premises datacenter and VM3 only
  • the on-premises datacenter, VM1, and VM3 only
A

VM1 can communicate with:
- the on-premises datacenter and VM2 only

VM2 can communicate with:
- the on-premises datacenter, VM1, and VM3 only

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit?toc=/azure/virtual-network/toc.json

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You plan to deploy Azure virtual network.
You need to design the subnets.
Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Azure Bastion
B. Azure Active Directory Domain Services
C. Azure Private Link
D. Azure Application Gateway v2
E. VPN gateway

A

A. Azure Bastion
D. Azure Application Gateway v2
E. VPN gateway

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.

Vnet1 10.1.0.0/16
Vnet2 10.2.0.0/16

The links have auto registration enabled.
You create the virtual machines shown in the following table.

Name	IP Address
--------------------
Vnet1	10.1.10.10
Vnet2	10.2.10.10
Vnet2	10.2.10.11

You manually add the following entry to the contoso.com zone:
✑ Name: VM1

IP address: 10.1.10.9 -

For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

VM2 will resolve vm1.contoso.com to 10.1.10.10 Y/N
Deleting VM1 will delete the VM1 record automatically Y/N
Changing the IP address of VM3 will update the DNS record of VM3 automatically Y/N

A

VM2 will resolve vm1.contoso.com to 10.1.10.10 N
Deleting VM1 will delete the VM1 record automatically N
Changing the IP address of VM3 will update the DNS record of VM3 automatically N

Box 1: No -
The manual DNS record will overwrite the auto-registered DNS record so VM1 will resolve to 10.1.10.9.

Box 2: No -
The DNS record for VM1 is now a manually created record rather than an auto-registered record. Only auto-registered DNS records are deleted when a VM is deleted.

Box 3: No -
This answer depends on how the IP address is changed. To change the IP address of a VM manually, you would need to select ‘Static’ as the IP address assignment. In this case, the DNS record will not be updated because only DHCP assigned IP addresses are auto-registered.

https://docs.microsoft.com/en-us/azure/dns/dns-faq-private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20. Vnet1 contains a subnet named Subnet1 that uses an
IP address space of 192.168.0.0/24.
You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48.
You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Create an IPv6 subnet that uses the CIDR suffix of:

  • /20
  • /24
  • /48
  • /64

For each virtual machine, create an additional:

  • IP configuration
  • NIC
  • Public IPv6 address
A

Create an IPv6 subnet that uses the CIDR suffix of: /64

For each virtual machine, create an additional: IP Configuration

https: //docs.microsoft.com/en-us/azure/virtual-network/ipv6-overview
https: //docs.microsoft.com/en-us/azure/virtual-network/ipv6-add-to-existing-vnet-powershell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You plan to deploy Azure Virtual WAN.
You need to deploy a virtual WAN hub that meets the following requirements:
✑ Supports 10 sites that will connect to the virtual WAN hub by using a Site-to-Site VPN connection
✑ Supports 8 Gbps of ExpressRoute traffic
✑ Minimizes costs
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Virtual WAN Type:

  • Basic
  • Standard

Number of scale units:

  • 2
  • 4
  • 6
  • 8
A

Virtual WAN Type: Standard

Number of scale units: 4

https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about

8 Gig Express Route. 2 GB per ER scale unit. Therefore number of scale units = 8/2 = 4
https://www.wwt.com/article/microsoft-azure-virtual-wan-cloud-networking-architecture

Basic virtual WAN supports Site-to-site VPN only

Standard virtual WAN supports
ExpressRoute
User VPN (P2S)
VPN (site-to-site)
Inter-hub and VNet-to-VNet transiting through the virtual hub
Azure Firewall
NVA in a virtual WAN
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have an Azure subscription that contains the resources shown in the following table.

WebApp1 Web app West Us
VNet1 Virtual network East US

The IP Addresses settings for Vnet1 are configured as shown in the exhibit.

https://www.examtopics.com/assets/media/exam-media/04157/0004400002.jpg

You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

A - Create a service endpoint
B - Deploy a VPN gateway
C - Add a private endpoint
D - Modify the address space of Vnet1
E - Configure a Point-to-Site (P2S) VPN
A

D - Modify the address space of Vnet1
B - Deploy a VPN gateway
E - Configure a Point-to-Site (P2S) VPN

https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#gateway-required-vnet-integration

Given answer is correct. Existing subnet space spans the entire address space of vnet, so it needs to be modified. Cross region vnet integration requires a vpn gateway and a point to site vpn connection. So you need to add the gateway, then configure the p2s to add address space. https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration#gateway-required-vnet-integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have two Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.
You are implementing peering between Hub1 and Spoke1.
You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

  • AllowForwardedTraffic
  • AllowGatewayTransit
  • UseRemoteGateways

$hub = Get-AzVirtualNetwork -ResourceGroup “RG1” -Name “Hub1”
$spoke = Get-AZVirtualNetwork -ResourceGroup “RG2” -Name “Spokel”
Add-AZVirtualNetworkPeering -Name “Hubl-Spokel” -VirtualNetwork $hub
-RemoteVirtualNetworkId $spoke.id Value _____________________

Add-AZVirtualNetworkPeering -Name “Spokel-Hubl” -VirtualNetwork $spoke
-RemoteVirtualNetworkId Shub. id Value _____________________

A

$hub = Get-AzVirtualNetwork -ResourceGroup “RG1” -Name “Hub1”
$spoke = Get-AZVirtualNetwork -ResourceGroup “RG2” -Name “Spokel”
Add-AZVirtualNetworkPeering -Name “Hubl-Spokel” -VirtualNetwork $hub
-RemoteVirtualNetworkId $spoke.id Value -AllowGatewayTransit

Add-AZVirtualNetworkPeering -Name “Spokel-Hubl” -VirtualNetwork $spoke
-RemoteVirtualNetworkId Shub. id Value -UseRemoteGateways

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli#virtual-network-peering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have three on-premises sites. Each site has a third-party VPN device.
You have an Azure virtual WAN named VWAN1 that has a hub named Hub1. Hub1 connects two of the three on-premises sites by using a Site-to-Site VPN connection.
You need to connect the third site to the other two sites by using Hub1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

A - Download the VPN configuration file from VWAN1
B - In a Hub1, create a VPN gateway
C - In a Hub1, create a VPN site
D - In a Hub1, create a connection to the VPN site
E - Configure the VPN device

A

C - In a Hub1, create a VPN site
D - In a Hub1, create a connection to the VPN site
A - Download the VPN configuration file from VWAN1
E - Configure the VPN device

https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal

Answer is correct. As already two VPN S2S are formed, means that, VGW is there.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are planning an Azure solution that will contain the following types of resources in a single Azure region:
✑ Virtual machine
✑ Azure App Service
✑ Virtual Network gateway
✑ Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks.
You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Virtual Networks:

  • 1
  • 2
  • 3
  • 4

Subnets:

  • 1
  • 2
  • 3
  • 4
A

Virtual Networks: 1

Subnets: 4

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You download and reinstall the VPN client configuration.

Does this meet the goal?
A. Yes
B. No

A

A. Yes

he VPN client must be downloaded again if any changes are made to VNet peering or the network topology.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Modify the DNS server settings of Vnet1.
B. For FW1, configure custom DNS server.
C. For FW1, enable DNS proxy.
D. On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.
E. On the on-premises DNS servers, configure forwarders that point to the Azure provided DNS service at 168.63.129.16.

A

C. For FW1, enable DNS proxy.
D. On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.

https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder https://azure.microsoft.com/en-gb/blog/new-enhanced-dns-features-in-azure-firewall-now-generally-available/

DNS proxy configuration requires three steps:

Enable DNS proxy in Azure Firewall DNS settings.
Optionally configure your custom DNS server or use the provided default.
Finally, you must configure the Azure Firewall’s private IP address as a custom DNS server in your virtual network DNS server settings. This ensures DNS traffic is directed to Azure Firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are planning the IP addressing for the subnets in Azure virtual networks.
Which type of resource requires IP addresses in the subnets?
A. internal load balancers
B. storage account
C. service endpoints
D. service endpoint policies

A

A. internal load balancers

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have an Azure subscription.
You have the on-premises sites shown the following table.

Number Number of users Connection type to Azure
Site1 500 ExpressRoute
Site2 100 Site-to-Site VPN
Site3 1 Point-to-Site (P2S) VPN

You plan to deploy Azure Virtual WAN.
You are evaluating Virtual WAN Basic and Virtual WAN Standard.
Which type of Virtual WAN can you use for each site? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Virtual WAN Basic:

  • Site2 only
  • Site3 only
  • Site2 and Site3 only
  • Site1, Site2, and Site3

Virtual WAN Standard:

  • Site1 only
  • Site1 and Site3 only
  • Site2 and Site3 only
  • Site1, Site2, and Site3
A

Virtual WAN Basic:
- Site2 only

Virtual WAN Standard:
- Site1, Site2, and Site3

https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about

vWAN Basic supports only S2S while Standard supports P2S, S2S, ExpressRoute, Inter-hub and VNet-to-VNet transiting through the virtual hub, Azure Firewall and NVA in a virtual WAN
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about#basicstandard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have an Azure subscription that contains two virtual networks named Vnet1 and Vnet2.
You register a public DNS zone named fabrikam.com. The zone is configured as shown in the Public DNS Zone exhibit.

https://www.examtopics.com/assets/media/exam-media/04157/0005500001.jpg

You have a private DNS zone named fabrikam.com. The zone is configured as shown in the Private DNS Zone exhibit.

https://www.examtopics.com/assets/media/exam-media/04157/0005600001.jpg

You have a virtual network link configured as shown in the Virtual Network Link exhibit.

https://www.examtopics.com/assets/media/exam-media/04157/0005700001.jpg

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Queries for www.fabrikam.com from the internet are resolved to 131.107.1.1. Yes/No
Queries for server1.fabrikam.com can be resolved from the internet Yes/No
Queries for www.fabrikam.com from Vnet2 are resolved to 131.107.100.1 Yes/No

A

Queries for www.fabrikam.com from the internet are resolved to 131.107.1.1. Yes
Queries for server1.fabrikam.com can be resolved from the internet No
Queries for www.fabrikam.com from Vnet2 are resolved to 131.107.100.1 No

Box 1: Yes -
DNS queries from the internet use the public DNS zone. In the public DNS zone, www.fabrikam.com is a CNAME record that resolves to appservice1.fabrikam.com which resolves to 131.107.1.1.

Box 2: No -
DNS queries from the internet use the public DNS zone. There is no DNS record for server1.fabrikam.com in the public DNS zone.

Box 3: No -
The private DNS zone is linked to VNet1, not VNet2. Therefore, resources in VNet2 cannot query the private DNS zone.

17
Q

You have two Azure virtual networks named Vnet1 and Vnet2 in an Azure region that has three availability zones.
You deploy 12 virtual machines to each virtual network, deploying four virtual machines per zone. The virtual machines in Vnet1 host an app named App1. The virtual machines in Vnet2 host an app named App2.
You plan to use Azure Virtual Network NAT to implement outbound connectivity for App1 and App2.
You need to identify the minimum number of subnets and Virtual Network NAT instances required to meet the following requirements:
✑ A failure of two zones must NOT affect the availability of either App1 or App2.
✑ A failure of two zones must NOT affect the outbound connectivity of either App1 or App2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Minimum number of subnets:

  • 1
  • 2
  • 6
  • 12

Minimum number of Virtual Network NAT instances:

  • 1
  • 2
  • 6
  • 12
A

Minimum number of subnets: 2

Minimum number of Virtual Network NAT instances: 2

https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview

I would say 2 subnets, because the subnets are regional resources, hence they exists in all zones and 6 NAT gateways (Virtual NAT refers to virtual NAT gateway: https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview), because the NAT gateway is zonal, so you have to deploy a NAT gateway in each zone to have the full redundancy. (https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview#virtual-network-nat-basics)

Azure Certs (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions