AZ-700 New Set Deck Flashcards
You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance.
You need to configure the policy to meet the following requirements:
✑ Log all connections from Australia.
✑ Deny all connections from New Zealand.
✑ Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute.
What is the minimum number of objects you should create?
A. three custom rules that each has one condition
B. one custom rule that has three conditions
C. one custom rule that has one condition
D. one rule that has two conditions and another rule that has one condition
A. three custom rules that each has one condition
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics.
Which two resources should you create? Each correct answer presents part of the solution. (Choose two.)
NOTE:
Each correct answer selection is worth one point.
A. an Azure Monitor workbook
B. a Log Analytics workspace
C. a storage account
D. an Azure Sentinel workspace
E. an Azure Monitor data collection rule
B. a Log Analytics workspace
C. a storage account
https: //docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https: //docs.microsoft.com/en-us/azure/network-watcher/enable-network-watcher-flow-log-settings
You have an Azure subscription that contains the virtual machines shown in the following table.
VM1 Vnet1/Subnet1
VM2 Vnet1/Subnet2
Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:
✑ Priority: 100
✑ Port: Any
✑ Protocol: Any
✑ Source: Any
✑ Destination: Storage
✑ Action: Deny
You create a private endpoint that has the following settings:
✑ Name: Private1
✑ Resource type: Microsoft.Storage/storageAccounts
✑ Resource: storage1
✑ Target sub-resource: blob
✑ Virtual network: Vnet1
✑ Subnet: Subnet1
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
From VM2, you can create a container in storage1 Yes/No
From VM1, you can upload data to a blob storage container in storage1 Yes/No
From VM2, you can upload data to a blob storage container in storage1 Yes/No
From VM2, you can create a container in storage1 No
From VM1, you can upload data to a blob storage container in storage1 Yes
From VM2, you can upload data to a blob storage container in storage1 No
https://docs.microsoft.com/en-us/azure/private-link/disable-private-endpoint-network-policy
You have an Azure firewall shown in the following exhibit.
https://www.itexams.com/static/img/exams/Microsoft-AZ-700-1.0/xmlfile-125_1.png
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
On Firewall1, forced tunnel:
- is enabled already
- cannot be enabled
- is disabled but can be enabled
On Firewall1, management by Azure Firewall MAnager:
- is enabled already
- cannot be enabled
- is disabled but can be enabled
On Firewall1, forced tunnel:
- cannot be enabled
On Firewall1, management by Azure Firewall MAnager:
- is enabled already
Box 1:
If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet. Forced tunneling can only be enabled during the creation of the firewall. It cannot be enabled after the firewall has been deployed.
Box 2:
The ג€Visit Azure Firewall Manager to configure and manage this firewallג€ link in the exhibit shows that the firewall is managed by Azure Firewall Manager.
You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure.
You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine.
What should you use?
A. Azure Monitor
B. IP flow verify
C. Connection Monitor
D. Azure Internet Analyzer
C. Connection Monitor
https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor
You have an Azure subscription that contains the following resources:
✑ A virtual network named Vnet1
✑ Two subnets named subnet1 and AzureFirewallSubnet
✑ A public Azure Firewall named FW1
✑ A route table named RT1 that is associated to Subnet1
✑ A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?
A. On FW1, create an outbound service tag rule for AzureCloud.
B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
C. Deploy a NAT gateway.
D. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.
B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
https://ryanmangansitblog.com/2020/05/11/firewall-considerations-windows-virtual-desktop-wvd/