Test Online Free Microsoft AZ-700 Exam Questions and Answers

HOTSPOT
You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Show Answer

Answer:


Explanation:
Graphical user interface, text, application, email
Description automatically generated

You have the Azure virtual networks shown in the following table.



You deploy Azure Firewall to Vnet3.
You need to ensure that the traffic from Subnet1-1 to Subnet2-1 passes through the firewall.
What should you configure?

• A. peering links between Vnet1 and Vnet2
• B. a route table associated to Subnet1 -1 and Subnet2-1
• C. an Azure private DNS zone
• D. a route table associated to AzureFitewallSubnet

Show Answer

• A. IKEv2 and OpenVPN (SSL)
• B. IKEv2
• C. IKEv2 and SSTP (SSL)
• D. OpenVPN (SSL)
• E. SSTP (SSL)

Show Answer

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.



You need to ensure that the URL is accessible through the application gateway.
Solution: You add a rewrite rule for the host header.
Does this meet the goal?

• A. Yes
• B. No

Show Answer

HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.



The virtual network topology is shown in the following exhibit.



Firewall1 is configured as shown in following exhibit.



FirewallPolicy1 contains the following rules:
• Allow outbound traffic from Vnet1 and Vnet2 to the internet.
• Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints. service endpoints. routing tables, or network security groups (NSGs) were created.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Show Answer

Answer:

• A. Modify the conditions of Rule1.
• B. Create two additional associations.
• C. Modify the rule type of Rule1.
• D. Modify the rate limit threshold of Rule1.

Show Answer

HOTSPOT
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Show Answer

Answer:


Explanation:
Text
Description automatically generated
Box 1: VM2, VM3 and VM4.
VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3.
There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP to VNet1/Subnet2, VNet2 or VNet3. Therefore, VM1 can ping VM2 in VNet1/Subnet2, VM3 in VNet2 and VM4 in VNet3.
Box 2:
VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound ICMP from VNet3. There are no NSGs blocking inbound ICMP to VNet1/Subnet1, VNet1/Subnet2 or VNet2 from VNet3 (NSG10 blocks inbound ICMP from VNet4 but not from VNet3). Therefore, VM4 can ping VM1 in VNet1/Subnet1, VM2 in VNet1/Subnet2 and VM3 in VNet2.

HOTSPOT
Your on-premises network contains a VPN device.
You have an Azure subscription that contains a virtual network and a virtual network gateway.
You need to create a Site-to-Site VPN connection that has a custom cryptographic policy.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Show Answer

Answer:

• A. a certification authority (CA)
• B. a RADIUS server
• C. an Azure key vault
• D. Azure Active Directory (Azure AD) Application Proxy

Show Answer

Your company has an office in New York.
The company has an Azure subscription that contains the virtual networks shown in the following table.



You need to connect the virtual networks to the office by using ExpressRoute.
The solution must meet the following requirements:
• The connection must have up to 1 Gbps of bandwidth.
• The office must have access to all the virtual networks.
• Costs must be minimized.
How many ExpressRoute circuits should be provisioned, and which ExpressRoute 5KU should you enable?

• A. one ExpressRoute Standard circuit
• B. one ExpressRoute Premium circuit
• C. two ExpressRoute Premium circuits
• D. four ExpressRoute Standard circuits

Show Answer

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error.
You view the diagnostics log and discover the following error.



You need to ensure that the URL is accessible through the application gateway.
Solution: You add a rewrite rule for the host header.
Does this meet the goal?

• A. Yes
• B. No

Show Answer

• A. User Access Administrator
• B. Network Contributor
• C. Resource PolicyContributor
• D. Monitoring Contributor

Show Answer

You have the Azure environment shown in the exhibit.



VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.
NAT Gateway uses a public IP address named IP3 that is associated to SubnetA.
VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?
A. IP1
B. IP2
C. IP3
D. IP4

Show Answer

HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.



Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:
✑ Priority: 100
✑ Port: Any
✑ Protocol: Any
✑ Source: Any
✑ Destination: Storage
✑ Action: Deny
You create a private endpoint that has the following settings:
✑ Name: Private1
✑ Resource type: Microsoft.Storage/storageAccounts
✑ Resource: storage1
✑ Target sub-resource: blob
✑ Virtual network: Vnet1
✑ Subnet: Subnet1
For each of the following statements, select Yes of the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Show Answer

Answer:


Explanation:
Yes, Yes, Yes
NSG rules applied to the subnet hosting the private endpoint are not applied to the private endpoint. So the NSG1 doesn't limit storage access from either VM1 or VM2. https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints#network-security-group-rules-for-subnets-with-private-endpoints

You have an Azure subscription that contains the public IPv4 addresses shown in the following table.



You plan to create a load balancer named LB1 that will have the following settings:
* Name: LB1
* Location: West US
* Type: Public
* SKU: Standard
Which public IPv4 addresses can be used by LB1?

• A. IP1 and IP3 only
• B. IP3 only
• C. IP3 and IP5 only
• D. IP2only
• E. IP1, IP2. IP3. IP4. and IP5
• F. IP1, IP3, IP4, and 1P5 only

Show Answer