AZ-700試験無料問題集「Microsoft Designing and Implementing Microsoft Azure Networking Solutions 認定」
You have an Azure subscription that contains the resources shown in the following table.
You purchase a certificate for app1.contoso.com from a public certification authority (CA) and install the certificate on appservice1.
You need to ensure that App1 can be accessed by using a URL of https://app1.contoso.com. The solution must ensure that all the traffic for App1 is routed via FD1.
Which type of DNS record should you create, and where should you store the certificate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
You purchase a certificate for app1.contoso.com from a public certification authority (CA) and install the certificate on appservice1.
You need to ensure that App1 can be accessed by using a URL of https://app1.contoso.com. The solution must ensure that all the traffic for App1 is routed via FD1.
Which type of DNS record should you create, and where should you store the certificate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
正解:
Explanation:
You have an Azure subscription that contains the resources shown in the following table.
You need to associate Gateway 1 with Subnet1. The solution must minimize downtime on VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to associate Gateway 1 with Subnet1. The solution must minimize downtime on VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: VM2, VM3 and VM4.
VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3.
There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP to VNet1/Subnet2, VNet2 or VNet3. Therefore, VM1 can ping VM2 in VNet1/Subnet2, VM3 in VNet2 and VM4 in VNet3.
Box 2:
VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound ICMP from VNet3. There are no NSGs blocking inbound ICMP to VNet1/Subnet1, VNet1/Subnet2 or VNet2 from VNet3 (NSG10 blocks inbound ICMP from VNet4 but not from VNet3). Therefore, VM4 can ping VM1 in VNet1/Subnet1, VM2 in VNet1/Subnet2 and VM3 in VNet2.
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
You have an Azure subscription that contains the route tables and routes shown in the following table.
The subscription contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The subscription contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
You have an Azure firewall shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1:
If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet.
Forced tunneling can only be enabled during the creation of the firewall. It cannot be enabled after the firewall has been deployed.
Box 2:
The "Visit Azure Firewall Manager to configure and manage this firewall" link in the exhibit shows that the firewall is managed by Azure Firewall Manager.
You have the Azure virtual networks shown in the following table.
You have the Azure resources shown in the following table.
You need to check latency between the resources by using connection monitors in Azure Network Watcher.
What is the minimum number of connection monitors that you must create?
You have the Azure resources shown in the following table.
You need to check latency between the resources by using connection monitors in Azure Network Watcher.
What is the minimum number of connection monitors that you must create?
正解:E
解答を投票する
You are configuring two network virtual appliances (NVAs) in an Azure virtual network. The NVAs will be used to inspect all the traffic within the virtual network.
You need to provide high availability for the NVAs. The solution must minimize administrative effort. What shtraffic ould you include in the solution?
You need to provide high availability for the NVAs. The solution must minimize administrative effort. What shtraffic ould you include in the solution?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have two Azure virtual networks named VNet1 and VNet2 that are peered with each other. VNet1 hosts
10 virtual machines that contain web servers. VNet2 hosts five virtual machines that contain database servers.
You need to configure a security solution that meets the following requirements:
* Ensures that the database servers can accept connections only from the web servers
* Ensures that the web servers can initiate connections only to the database servers
* Ensures that all network security groups (NSGs) are associated only with subnets
* Use application security groups to implement the solution
What is the minimum number of application security groups required?
10 virtual machines that contain web servers. VNet2 hosts five virtual machines that contain database servers.
You need to configure a security solution that meets the following requirements:
* Ensures that the database servers can accept connections only from the web servers
* Ensures that the web servers can initiate connections only to the database servers
* Ensures that all network security groups (NSGs) are associated only with subnets
* Use application security groups to implement the solution
What is the minimum number of application security groups required?
正解:B
解答を投票する
You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant named Tenant1. Sub1 contains an Azure VPN gateway named VNetGW1.
You manually register the Azure VPN Client in Tenant1.
You need to configure VNetGW1 to support the Microsoft Entra authentication of Point-to-Site (P2S) VPN connections. The solution must ensure that users can establish P2S VPN connections by using the Azure VPN Client.
To what should you set Tenant and Issuer in the Point-to-site configuration settings of VNetGW1?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You manually register the Azure VPN Client in Tenant1.
You need to configure VNetGW1 to support the Microsoft Entra authentication of Point-to-Site (P2S) VPN connections. The solution must ensure that users can establish P2S VPN connections by using the Azure VPN Client.
To what should you set Tenant and Issuer in the Point-to-site configuration settings of VNetGW1?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains the virtual networks.shown in the following table.
You have a virtual machine named VM5 that has the following IP address configurations:
* IP address: 10.4.0.5
* Subnet mask:255.255.255.0
* Default gateway:10.4.0.1
* DNSserver:168.63.129.16
You have an Azure Private DNS zone named, fabrikam.com that contains the records shown in, the following table.
The virtual network links in the fabrikam.com DNS /one are configured as shown in the exhibit. (Click the Exhibit tab.) VMS fails to resolve the IP address for.appKfabrik3in.com.
For each of the following statements, select Yes if, the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a virtual machine named VM5 that has the following IP address configurations:
* IP address: 10.4.0.5
* Subnet mask:255.255.255.0
* Default gateway:10.4.0.1
* DNSserver:168.63.129.16
You have an Azure Private DNS zone named, fabrikam.com that contains the records shown in, the following table.
The virtual network links in the fabrikam.com DNS /one are configured as shown in the exhibit. (Click the Exhibit tab.) VMS fails to resolve the IP address for.appKfabrik3in.com.
For each of the following statements, select Yes if, the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains the resources shown in the following table.
Subshell contains Three virtual machines that host an app named App1. App1 is accessed by using the SFTP protocol.
From NSG1. you configure an inbound security rule named Rule2 that allows inbound SFTP connections to ASG1.
You need to ensure that the inbound SFTP connections are managed by using ASG1. The solution must minimize administrative effort.
What should you do?
Subshell contains Three virtual machines that host an app named App1. App1 is accessed by using the SFTP protocol.
From NSG1. you configure an inbound security rule named Rule2 that allows inbound SFTP connections to ASG1.
You need to ensure that the inbound SFTP connections are managed by using ASG1. The solution must minimize administrative effort.
What should you do?
正解:B
解答を投票する
You have an on-premises network
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway named Gateway 1.
You need to implement an ExpressRoute solution from a third-party provider named Fabrikam, Inc. The solution must ensure that devices on the on-premises network can connect to the Azure resources on VNet1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway named Gateway 1.
You need to implement an ExpressRoute solution from a third-party provider named Fabrikam, Inc. The solution must ensure that devices on the on-premises network can connect to the Azure resources on VNet1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:B,D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics.
Which two resources should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct answer selection is worth one point.
You need to use Traffic Analytics.
Which two resources should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct answer selection is worth one point.
正解:B,C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Azure Traffic Manager parent profile named TM1. TM1 has two child profiles named TM2 and TM3.
TM1 uses the performance traffic-routing method and has the endpoints shown in the following table.
TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table.
TM3 uses priority traffic-routing method and has the endpoints shown in the following table.
The App2, App4, and App6 endpoints have a degraded monitoring status.
To which endpoint is traffic directed? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
TM1 uses the performance traffic-routing method and has the endpoints shown in the following table.
TM2 uses the weighted traffic-routing method with MinChildEndpoint = 2 and has the endpoints shown in the following table.
TM3 uses priority traffic-routing method and has the endpoints shown in the following table.
The App2, App4, and App6 endpoints have a degraded monitoring status.
To which endpoint is traffic directed? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-nested-profiles Traffic from West Europe:
Basedd on TM1 table, West Europe will trigger TM2. However, as the MinChildEndpoint is set to 2, and App4 is degraded (down), the entire TM2 will not be considered available.
This goes back to the origin TM1 that uses performance traffic-routing method, which means the closest location is App1 and naturally be the next best performance instance.
Hence, Answer = App1
Traffic from West US:
Based on TM1 table, West US will trigger TM3. However, both App2 and App6 were degraded (down), so none of them can be considered.
This goes back to the original TM1 that uses performance traffic-routing method, from TM1, the other 2 US locations would be App2 and App3. But App2 we know it's already degraded (unavailable), hence the only option would be App3.
Answer = App3