AZ-700試験無料問題集「Microsoft Designing and Implementing Microsoft Azure Networking Solutions 認定」
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that network traffic is routed over the Azure backbone network for the following scenarios:
* Traffic from SQIMI1 to storage1
* Traffic from domain joined servers on VNet2 to storage1
The solution must minimize costs.
What should you configure for each scenario? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that network traffic is routed over the Azure backbone network for the following scenarios:
* Traffic from SQIMI1 to storage1
* Traffic from domain joined servers on VNet2 to storage1
The solution must minimize costs.
What should you configure for each scenario? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You are planning an Azure solution that will contain the following types of resources in a single Azure region:
Virtual machine
Azure App Service
Virtual Network gateway
Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks.
You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Virtual machine
Azure App Service
Virtual Network gateway
Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks.
You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network
You have an on-premises network.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that on-premises devices can communicate with Azure resources that are connected to Subnet4.
What should you do on each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that on-premises devices can communicate with Azure resources that are connected to Subnet4.
What should you do on each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Your company has four branch offices and an Azure Subscription. The subscription contains an Azure VPN gateway named GW1.
The branch offices are configured as shown in the following table.
The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.
The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.
You need to ensure that the Branch1 users can connect to the Azure Resources. The solution must meet the following requirements:
* Minimize downtime for all users.
* Minimize administrative effort.
What should you do first?
The branch offices are configured as shown in the following table.
The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.
The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.
You need to ensure that the Branch1 users can connect to the Azure Resources. The solution must meet the following requirements:
* Minimize downtime for all users.
* Minimize administrative effort.
What should you do first?
正解:D
解答を投票する
You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:B,E
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Azure subscription that contains multiple virtual machines in the West US Azure region.
You need to use Traffic Analytics.
Which two resources should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct answer selection is worth one point.
You need to use Traffic Analytics.
Which two resources should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct answer selection is worth one point.
正解:B,C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have the Azure subscriptions shown in the following table.
Each virtual network contains 20 internet-accessible resources that are assigned public IP addresses.
You need to implement Azure DDoS Network Protection to protect the resources. The solution must minimize costs.
What is the minimum number of DDoS Network Protection plans you should deploy?
Each virtual network contains 20 internet-accessible resources that are assigned public IP addresses.
You need to implement Azure DDoS Network Protection to protect the resources. The solution must minimize costs.
What is the minimum number of DDoS Network Protection plans you should deploy?
正解:A
解答を投票する
SIMULATION
Task 3
You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
Task 3
You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
正解:
See the Explanation below for step by step instructions
Explanation:
Here are the steps and explanations for creating a policy that can be linked to the planned application gateway and block connections from IP addresses in the 131.107.150.0/24 range:
To create a policy, you need to go to the Azure portal and select Create a resource. Search for WAF, select Web Application Firewall, then select Create1.
On the Create a WAF policy page, Basics tab, enter or select the following information and accept the defaults for the remaining settings:
Policy for: Regional WAF (Application Gateway)
Subscription: Select your subscription name
Resource group: Select your resource group
Policy name: Type a unique name for your WAF policy
On the Custom rules tab, select Add a rule to create a custom rule that blocks connections from IP addresses in the 131.107.150.0/24 range2. Enter or select the following information for the custom rule:
Rule name: Type a unique name for your custom rule
Priority: Type a number that indicates the order of evaluation for this rule Rule type: Select Match rule Match variable: Select RemoteAddr Operator: Select IPMatch Match values: Type 131.107.150.0/24 Action: Select Block On the Review + create tab, review your settings and select Create to create your WAF policy1.
To link your policy to the planned application gateway, you need to go to the Application Gateway service in the Azure portal and select your application gateway3.
On the Web application firewall tab, select your WAF policy from the drop-down list and select Save
Explanation:
Here are the steps and explanations for creating a policy that can be linked to the planned application gateway and block connections from IP addresses in the 131.107.150.0/24 range:
To create a policy, you need to go to the Azure portal and select Create a resource. Search for WAF, select Web Application Firewall, then select Create1.
On the Create a WAF policy page, Basics tab, enter or select the following information and accept the defaults for the remaining settings:
Policy for: Regional WAF (Application Gateway)
Subscription: Select your subscription name
Resource group: Select your resource group
Policy name: Type a unique name for your WAF policy
On the Custom rules tab, select Add a rule to create a custom rule that blocks connections from IP addresses in the 131.107.150.0/24 range2. Enter or select the following information for the custom rule:
Rule name: Type a unique name for your custom rule
Priority: Type a number that indicates the order of evaluation for this rule Rule type: Select Match rule Match variable: Select RemoteAddr Operator: Select IPMatch Match values: Type 131.107.150.0/24 Action: Select Block On the Review + create tab, review your settings and select Create to create your WAF policy1.
To link your policy to the planned application gateway, you need to go to the Application Gateway service in the Azure portal and select your application gateway3.
On the Web application firewall tab, select your WAF policy from the drop-down list and select Save
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?
正解:B
解答を投票する
You are planning an Azure Front Door deployment that will contain the resources shown in the following table.
Users will connect to the App Service through Front Door by using a URL of https://www.fabrikarn.com. You obtain a certificate for the host name of www.fabfikam.com.
You need to configure a DNS record for www.fabrikam.com and upload the certificate to Azure. What should you do? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Users will connect to the App Service through Front Door by using a URL of https://www.fabrikarn.com. You obtain a certificate for the host name of www.fabfikam.com.
You need to configure a DNS record for www.fabrikam.com and upload the certificate to Azure. What should you do? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
正解:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAFT.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You configure a custom rule for WAF1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAFT.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You configure a custom rule for WAF1.
Does this meet the goal?
正解:B
解答を投票する
You have an on-premises DNS server named Server1 that hosts a primary DNS zone named fabrikam.com.
You have an Azure subscription that contains the resources shown in the following table.
Users on the on-premises network access resources on all the virtual networks by using a Site-to-Site (S2S) VPN. You need to deploy an Azure DNS Private Resolver solution that meets the following requirements:
* Resources connected to the virtual networks must be able to resolve DNS names for fabrikam.com.
* Server1 must be able to resolve the DNS names of the resources in contoso.com.
* The solution must minimize costs and administrative effort.
What is the minimum number of resolvers you should deploy?
You have an Azure subscription that contains the resources shown in the following table.
Users on the on-premises network access resources on all the virtual networks by using a Site-to-Site (S2S) VPN. You need to deploy an Azure DNS Private Resolver solution that meets the following requirements:
* Resources connected to the virtual networks must be able to resolve DNS names for fabrikam.com.
* Server1 must be able to resolve the DNS names of the resources in contoso.com.
* The solution must minimize costs and administrative effort.
What is the minimum number of resolvers you should deploy?
正解:A
解答を投票する
You have the network security groups (NSGs) shown in the following table.
In NSG1, you create inbound rules as shown in the following table.
You have the Azure virtual machines shown in the following table.
NSG2 has only the default rules configured.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
In NSG1, you create inbound rules as shown in the following table.
You have the Azure virtual machines shown in the following table.
NSG2 has only the default rules configured.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Your company, named Contoso, Ltd, has an Azure subscription that contains the resources show in the following table.
You plan to deploy Azure Front Door. The solution must meet the following requirement:
* Requests to a URL of https://contoso.azurefd.net/uk must be routed to App1uk.
* Requests to a URL of https://contoso.azurefd.net/us must be routed to App1us.
* Requests to a URL of https://contoso.azurefd.net/images must be routed to the storage account closest to the user.
What is the minimum number of backend pools and routing rules you should create? To answer, the appropriate number to the correct component. Each number may be used once, more than once, or not at all. You may need to drag the spilt bar between panes scroll to view content:
Note: Each correct selection is worth one point.
You plan to deploy Azure Front Door. The solution must meet the following requirement:
* Requests to a URL of https://contoso.azurefd.net/uk must be routed to App1uk.
* Requests to a URL of https://contoso.azurefd.net/us must be routed to App1us.
* Requests to a URL of https://contoso.azurefd.net/images must be routed to the storage account closest to the user.
What is the minimum number of backend pools and routing rules you should create? To answer, the appropriate number to the correct component. Each number may be used once, more than once, or not at all. You may need to drag the spilt bar between panes scroll to view content:
Note: Each correct selection is worth one point.
正解:
You have a computer named CLIENT! that runs Windows 11 and has the Azure VPN Client installed.
You have an Azure virtual network gateway named VPNGW1.
You need to ensure that you can connect CLIENT1 to VPNGW1. The solution must support Microsoft Entra authentication.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure virtual network gateway named VPNGW1.
You need to ensure that you can connect CLIENT1 to VPNGW1. The solution must support Microsoft Entra authentication.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
