AZ-700試験無料問題集「Microsoft Designing and Implementing Microsoft Azure Networking Solutions 認定」
You have the hybrid network shown in the Network Diagram exhibit.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains the resources shown in the following table.
The virtual network topology is shown in the following exhibit.
Firewall1 is configured as shown in following exhibit.
FirewallPolicy1 contains the following rules:
* Allow outbound traffic from Vnet1 and Vnet2 to the internet.
* Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints. service endpoints. routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
The virtual network topology is shown in the following exhibit.
Firewall1 is configured as shown in following exhibit.
FirewallPolicy1 contains the following rules:
* Allow outbound traffic from Vnet1 and Vnet2 to the internet.
* Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints. service endpoints. routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
正解:
You have an Azure application gateway named AppGw1.
You need to create a rewrite rule for AppGw1. The solution must rewrite the URL of requests from
https://www.contoso.com/fashion/shirts to ttps://www.contoso.com/buy.aspx?category- fashion&product=shirts.
How should you complete the rule? To answer NOTE: Each correct selection is worth one point appropriate options in the answer area.
You need to create a rewrite rule for AppGw1. The solution must rewrite the URL of requests from
https://www.contoso.com/fashion/shirts to ttps://www.contoso.com/buy.aspx?category- fashion&product=shirts.
How should you complete the rule? To answer NOTE: Each correct selection is worth one point appropriate options in the answer area.
正解:
You need to connect an on-premises network and an Azure environment. The solution must use ExpressRoute and support failing over to a Site-to-Site VPN connection if there is an ExpressRoute failure.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager
You have an Azure Front Door instance named FD1 that is protected by using Azure Web Application Firewall (WAF).
FD1 uses a frontend host named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region.
You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States.
What should you include in the WAF policy?
FD1 uses a frontend host named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region.
You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States.
What should you include in the WAF policy?
正解:D
解答を投票する
You have an Azure subscription that contains the route tables and routes shown in the following table.
The subscription contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The subscription contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
There is a Site-to-Site VPN connection to each local network gateway.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
You have an Azure application gateway named AppGW1 that provides access to the following hosts:
* www.adatum.com
* www.contoso.com
* www.fabrikam.com
AppGW1 has the listeners shown in the following table.
You create Azure Web Application Firewall (WAF) policies for AppGW1 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
* www.adatum.com
* www.contoso.com
* www.fabrikam.com
AppGW1 has the listeners shown in the following table.
You create Azure Web Application Firewall (WAF) policies for AppGW1 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/per-site-policies
You have an Azure subscription that contains the resources shown in the following table.
The IP Addresses settings for Vnet1 are configured as shown in the exhibit.
You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
The IP Addresses settings for Vnet1 are configured as shown in the exhibit.
You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#gateway-required-vnet- integration
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources:
* An Azure App Service app named App1
* An Azure DNS zone named contoso.com
* An Azure private DNS zone named private.contoso.com
* A virtual network named Vnet1
You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS.
You need to provide a developer with the name that is registered in Azure DNS for the private endpoint.
What should you provide?
* An Azure App Service app named App1
* An Azure DNS zone named contoso.com
* An Azure private DNS zone named private.contoso.com
* A virtual network named Vnet1
You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS.
You need to provide a developer with the name that is registered in Azure DNS for the private endpoint.
What should you provide?
正解:B
解答を投票する
Task 8
You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1
You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1
正解:
See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for ensuring that the storage34280945 storage account will only accept connections from hosts on VNET1:
* To restrict network access to your storage account, you need to configure the Azure Storage firewall and virtual network settings for your storage account. You can do this in the Azure portal by selecting your storage account and then selecting Networking under Settings1.
* On the Networking page, select Firewalls and virtual networks, and then select Selected networks under Allow access from1. This will block all access to your storage account except from the networks or resources that you specify.
* Under Virtual networks, select + Add existing virtual network. Then select VNET1 from the list of virtual networks and select the subnet that contains the hosts that you want to allow access to your storage account1. This will enable a service endpoint for Storage in the subnet and configure a virtual network rule for that subnet through the Azure storage firewall2.
* Select Add to add the virtual network and subnet to your storage account1.
* Select Save to apply your changes1.
Explanation:
Here are the steps and explanations for ensuring that the storage34280945 storage account will only accept connections from hosts on VNET1:
* To restrict network access to your storage account, you need to configure the Azure Storage firewall and virtual network settings for your storage account. You can do this in the Azure portal by selecting your storage account and then selecting Networking under Settings1.
* On the Networking page, select Firewalls and virtual networks, and then select Selected networks under Allow access from1. This will block all access to your storage account except from the networks or resources that you specify.
* Under Virtual networks, select + Add existing virtual network. Then select VNET1 from the list of virtual networks and select the subnet that contains the hosts that you want to allow access to your storage account1. This will enable a service endpoint for Storage in the subnet and configure a virtual network rule for that subnet through the Azure storage firewall2.
* Select Add to add the virtual network and subnet to your storage account1.
* Select Save to apply your changes1.
You have an on-premises network
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway named Gateway 1.
You need to implement an ExpressRoute solution from a third-party provider named Fabrikam, Inc. The solution must ensure that devices on the on-premises network can connect to the Azure resources on VNet1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway named Gateway 1.
You need to implement an ExpressRoute solution from a third-party provider named Fabrikam, Inc. The solution must ensure that devices on the on-premises network can connect to the Azure resources on VNet1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
You have an instance of Azure Web Application Firewall (WAF) on Azure Front Door.
You plan to create a WAF rule that will block high rates of requests from a single IP address.
You need to query Log Analytics to identify the optimal threshold for the rule.
Which table should you query in Log Analytics?
You plan to create a WAF rule that will block high rates of requests from a single IP address.
You need to query Log Analytics to identify the optimal threshold for the rule.
Which table should you query in Log Analytics?
正解:C
解答を投票する
You have an Azure subscription that contains a virtual machine named VM1 and a virtual network named Vnet1. Vnet1 contains three subnets named Subnet1, Subnet2 and GatewaySubnet. VM1 is connected to Subnet 1.
You plan to deploy a new virtual machine named VM2 that will perform network traffic routing and inspection.
You need to ensure that all the traffic from VM1 to the internet will be routed through VM2.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to deploy a new virtual machine named VM2 that will perform network traffic routing and inspection.
You need to ensure that all the traffic from VM1 to the internet will be routed through VM2.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Task 10
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
正解:
See the Explanation below for step by step instructions.
Explanation:
To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, you can use a Network Security Group (NSG). This solution is straightforward and minimizes administrative effort.
Step-by-Step Solution
Step 1: Create a Network Security Group (NSG)
* Navigate to the Azure Portal.
* Search for "Network security groups" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the NSG (e.g., NSG-Subnet1-2).
* Region: Select the region where your virtual network is located.
* Click on "Review + create" and then "Create".
Step 2: Create an Inbound Security Rule
* Navigate to the newly created NSG.
* Select "Inbound security rules" from the left-hand menu.
* Click on "Add" to create a new rule.
* Enter the following details:
* Source: Select Service Tag.
* Source Service Tag: Select VirtualNetwork.
* Source port ranges: Leave as *.
* Destination: Select IP Addresses.
* Destination IP addresses/CIDR ranges: Enter the IP range of subnet1-2 (e.g., 10.1.2.0/24).
* Destination port ranges: Enter 5585.
* Protocol: Select TCP.
* Action: Select Deny.
* Priority: Enter a priority value (e.g., 100).
* Name: Enter a name for the rule (e.g., Deny-TCP-5585).
* Click on "Add" to create the rule.
Step 3: Associate the NSG with Subnet1-2
* Navigate to the virtual network that contains subnet1-2.
* Select "Subnets" from the left-hand menu.
* Select subnet1-2 from the list of subnets.
* Click on "Network security group".
* Select the NSG you created (NSG-Subnet1-2).
* Click on "Save".
Explanation:
* Network Security Group (NSG): NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network. They contain security rules that allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and protocol1.
* Inbound Security Rule: By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port.
* Association with Subnet: Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet.
By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.
Explanation:
To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, you can use a Network Security Group (NSG). This solution is straightforward and minimizes administrative effort.
Step-by-Step Solution
Step 1: Create a Network Security Group (NSG)
* Navigate to the Azure Portal.
* Search for "Network security groups" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the NSG (e.g., NSG-Subnet1-2).
* Region: Select the region where your virtual network is located.
* Click on "Review + create" and then "Create".
Step 2: Create an Inbound Security Rule
* Navigate to the newly created NSG.
* Select "Inbound security rules" from the left-hand menu.
* Click on "Add" to create a new rule.
* Enter the following details:
* Source: Select Service Tag.
* Source Service Tag: Select VirtualNetwork.
* Source port ranges: Leave as *.
* Destination: Select IP Addresses.
* Destination IP addresses/CIDR ranges: Enter the IP range of subnet1-2 (e.g., 10.1.2.0/24).
* Destination port ranges: Enter 5585.
* Protocol: Select TCP.
* Action: Select Deny.
* Priority: Enter a priority value (e.g., 100).
* Name: Enter a name for the rule (e.g., Deny-TCP-5585).
* Click on "Add" to create the rule.
Step 3: Associate the NSG with Subnet1-2
* Navigate to the virtual network that contains subnet1-2.
* Select "Subnets" from the left-hand menu.
* Select subnet1-2 from the list of subnets.
* Click on "Network security group".
* Select the NSG you created (NSG-Subnet1-2).
* Click on "Save".
Explanation:
* Network Security Group (NSG): NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network. They contain security rules that allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and protocol1.
* Inbound Security Rule: By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port.
* Association with Subnet: Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet.
By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.