Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Azure Certs > AZ-700 Deck 3 > Flashcards

AZ-700 Deck 3 Flashcards

1
Q

You have an Azure subscription that contains the route tables and routes shown in the following table.

RT1 Default Route 0.0.0.0/0 VirtualNetworkGateway
RT2 Default Route 0.0.0.0/0 Internet

The subscription contains the subnets shown in the following table.

Subnet1 10.10.1.0/24 RT1 Vnet1
Subnet2 10.10.2.0/24 RT2 Vnet1
GatewaySubnet 10.10.3.0/24 None Vnet1

The subscription contains the virtual machines shown in the following table.

VM1 10.10.1.5
VM2 10.10.2.5

There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Traffic from VM2 to the internet is routed through the New-York Site-to-Site VPN connection Y/N
Traffic from VM1 to VM2 is routed through the New-York Site-to-Site VPN connection Y/N
Traffic from VM1 to the internet is routed through the New-York Site-To-Site VPN connection Y/N

A

Traffic from VM2 to the internet is routed through the New-York Site-to-Site VPN connection N
Traffic from VM1 to VM2 is routed through the New-York Site-to-Site VPN connection N
Traffic from VM1 to the internet is routed through the New-York Site-To-Site VPN connection Y

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

No - VM2 is in Subnet2, and hence we would be looking at RT2. RT2 says default route is directly into the Internet. So answer is No (Not using site-to-site VPN).

No - VM1 and VM2 are in the same VNET1. By default, VM1 can reach VM2 natively due to same VNET. So answer is No (Not using site-to-sute VPN).

Yes - VM1 is in Subnet1, and hence we would be looking at RT1. RT1 say default route to VirtualNetorkGateway which is force the traffic into the site-to-site VPN connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have an Azure subscription that contains the public IP addresses shown in the following table.

IP1 IPv4 Basic Static
IP2 IPv4 Basic Dynamic
IP3 IPv4 Standard Static
IP4 IPv6 Basic Dynamic
IP5 IPv6 Standard Static

You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1?
A. IP3 only
B. IP5 only
C. IP2 and IP4 only
D. IP1, IP3 and IP5 only
E. IP3 and IP5 only

A

A. IP3 only

Only static IPv4 addresses in the Standard SKU are supported. IPv6 doesn’t support NAT.

https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have an Azure application gateway named AGW1 that has a routing rule named Rule1. Rule 1 directs traffic for http://www.contoso.com to a backend pool named Pool1. Pool1 targets an Azure virtual machine scale set named VMSS1.
You deploy another virtual machine scale set named VMSS2.
You need to configure AGW1 to direct all traffic for http://www.adatum.com to VMSS2.
The solution must ensure that requests to http://www.contoso.com continue to be directed to Pool1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add a backend pool.
B. Modify an HTTP setting.
C. Add an HTTP setting.
D. Add a listener.
E. Add a rule.

A

A. Add a backend pool.
D. Add a listener.
E. Add a rule.

https://docs.microsoft.com/en-us/azure/application-gateway/configuration-overview

You need a backend for VMSS2, a listener for the site adatum.com and a rule to redirect the request from the listener to backend VMSS2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have an Azure Traffic Manager parent profile named TM1. TM1 has two child profiles named TM2 and TM3.
TM1 uses the performance traffic-routing method and has the endpoints shown in the following table.

Name	Location
--------------------------
App1	North Europe
App2	East US
App3	Central US
TM2	West Europe
TM3	West US

TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table.

App4 West Europe 99
App5 West Europe 1

TM3 uses priority traffic-routing method and has the endpoints shown in the following table.

App6 West US
App2 East US

The App2, App4, and App6 endpoints have a degraded monitoring status.
To which endpoint is traffic directed? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

Traffic from West Europe:

  • App1
  • App2
  • App4
  • App5

Traffic from West US:

  • App1
  • App2
  • App3
  • App6
A

Traffic from West Europe:- App1

Traffic from West US:- App3

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-nested-profiles

Traffic from West Europe:
Basedd on TM1 table, West Europe will trigger TM2. However, as the MinChildEndpoint is set to 2, and App4 is degraded (down), the entire TM2 will not be considered available.
This goes back to the origin TM1 that uses performance traffic-routing method, which means the closest location is App1 and naturally be the next best performance instance.
Hence, Answer = App1

Traffic from West US:
Based on TM1 table, West US will trigger TM3. However, both App2 and App6 were degraded (down), so none of them can be considered.
This goes back to the original TM1 that uses performance traffic-routing method, from TM1, the other 2 US locations would be App2 and App3. But App2 we know it’s already degraded (unavailable), hence the only option would be App3.
Answer = App3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

{
“timeStamp”: “2021-06-02T18:13:45+00:007,
“resourceID”: */SUBSCRIPTIONS/489£2hht-seTy-$87v-g571-$63hw3679512/RESOURCEGROUPS/RG1/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/AGW1”,
“operationNane”: “ApplicationGatewayFirewall”,
“category”: “ApplicationGateweyFirewallLog”,
“properties”: {
“instanceId”: “appgw_0”,
“clientIp”: “137.135.10.24”,
“clientPort”: “”,
“requestUri“: “/login”,
“ruleSetType”: “OWASP_CRS”,
“rulesetVersion”: *3.0.0”,
“ruleid”: “920300”,
“message”: “Request Missing an Accept Header”,
“action”: “Matched”,
“site”: “Global”,
“details”: {
“message”: “Warning. Match of \"pm AppleWebKit Android\\,” against \"REQUEST_HEADER:User-Agent\\” required. ”,
“data”: “”,
“File”: “rules\/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”;
“line”: “1247”
},
“hostname”: “appl.contoso.com”,
“transactionId”: “f7546159yIhjk7wal14568if5131t68h7”,
“policyId”: “default”,
“policyScope”: “Global”,
“poplicyScopeNane”: “Global”,
}
}

You need to ensure that the URL is accessible through the application gateway.
Solution: You add a rewrite rule for the host header.
Does this meet the goal?
A. Yes
B. No

A

B. No

Rewrites are not supported when the application gateway is configured to redirect the requests or to show a custom error page.
https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#limitations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have an Azure Front Door instance that provides access to a web app. The web app uses a hostname of www.contoso.com.
You have the routing rules shown in the following table.

Name	Path
------------------
RuleA	/abc/def
RuleB	/ab
RuleC	/*
RuleD	/abc/*

Which rule will apply to each incoming request? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

www. contoso.com/abc/def
- RuleA
- RuleB
- RuleC
- RuleD

www. contoso.com/default.html
- RuleA
- RuleB
- RuleC
- RuleD

www. contoso.com/abc/def/default.html
- RuleA
- RuleB
- RuleC
- RuleD

A

www. contoso.com/abc/def - RuleA
www. contoso.com/default.html - RuleC
www. contoso.com/abc/def/default.html - RuleD
https: //docs.microsoft.com/en-us/azure/frontdoor/front-door-route-matching

Look for any routing rule with an exact match on the Path
If no exact match Paths, look for routing rules with a wildcard Path that matches
If no routing rules are found with a matching Path, then reject the request and return a 400: Bad Request error HTTP response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

{
“timeStamp”: “2021-06-02T18:13:45+00:007,
“resourceID”: */SUBSCRIPTIONS/489£2hht-seTy-$87v-g571-$63hw3679512/RESOURCEGROUPS/RG1/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/AGW1”,
“operationNane”: “ApplicationGatewayFirewall”,
“category”: “ApplicationGateweyFirewallLog”,
“properties”: {
“instanceId”: “appgw_0”,
“clientIp”: “137.135.10.24”,
“clientPort”: “”,
“requestUri“: “/login”,
“ruleSetType”: “OWASP_CRS”,
“rulesetVersion”: *3.0.0”,
“ruleid”: “920300”,
“message”: “Request Missing an Accept Header”,
“action”: “Matched”,
“site”: “Global”,
“details”: {
“message”: “Warning. Match of \"pm AppleWebKit Android\\,” against \"REQUEST_HEADER:User-Agent\\” required. ”,
“data”: “”,
“File”: “rules\/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”;
“line”: “1247”
},
“hostname”: “appl.contoso.com”,
“transactionId”: “f7546159yIhjk7wal14568if5131t68h7”,
“policyId”: “default”,
“policyScope”: “Global”,
“poplicyScopeNane”: “Global”,
}
}

You need to ensure that the URL is accessible through the application gateway.
Solution: You disable the WAF rule that has a ruleId 920300.
Does this meet the goal?
A. Yes
B. N

A

A. Yes

A correct Answer. Disabling the WAF Rule implies not match required for “ specified header string”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Azure Certs (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions