Microsoft AZ-700 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that contains the resources shown in the following table.

NSG1 is associated to the NIC of VM1 and contains the rules shown in the following table.

You collect NSG flow logs for five minutes for the following activities:

* Two RDP sessions from VM1 to VM2, each initiated from a different TCP port

* Three SSH sessions from VM2 to VM1, each initiated from a different TCP port

You analyze the logs by using Traffic Analytics in Azure Network Watcher. How many aggregated flow entries will Traffic Analytics identify?

D10

Answer : B

Question 2

You have an Azure subscription that contains a virtual machine named VM1 and a network security group (NSG) named NSG1. NSG1 has the default rules configured VM1 runs Windows Server and contains a single NIC named NIC1 NIC! is associated with NSG1.

You need to prevent access to the Azure Instance Metadata Service (IMDS) REST API on VM1 The solution must minimize administrative effort.

What should you add to NSG1?

Aan outbound rule that blocks traffic to an IP address

Ban outbound rule that blocks traffic to a service tag

Can inbound and outbound rule that blocks traffic to an application security group.

Dan inbound rule that blocks traffic to an IP address

Answer : B

Question 3

You have an Azure subscription that contains a resource group named RG1 and a virtual network named VNet1 You need to deploy Azure Firewall to RG1. The solution must minimize administrative effort What should you do first?

ACreate a secured virtual hub named AzureFirewallHub.

BCreate a new resource group named AzureFirewallResourceGroup.

CCreate a new virtual network named AzureFirewallNetwork.

DOn VNet1, create a virtual subnet named AzureFirewallSubnet.

Answer : D

Question 4

You have an Azure virtual machine named VM1.

You need to capture all the network traffic of VM1 by using Azure Network Watcher. To which locations can the capture be written?

Aa file path on VM1 only

BGeneral purpose v2 standard only

Ca Block blob premium account only

DGeneral purpose v2 standard and a file path on VM1 only

EGeneral purpose v2 standard and a Block blob premium account only

Fblob storage, a file path on VM1, and a Block blob premium account

Answer : D

Question 5

Your company has 40 branch offices that are linked by using a Software-Defined Wide Area Network (SD-WAN). The SD-WAN uses

BGP.

You have an Azure subscription that contains 20 virtual networks configured as a hub and spoke topology. The topology contains a hub virtual network named Vnetl.

The virtual networks connect to the SD-WAN by using a network virtual appliance (NVA) in Vnetl.

You need to ensure that BGP route advertisements will propagate between the virtual networks and the SD-WAN. The solution must minimize administrative effort

What should you implement?

AAn Azure VPN Gateway that has BGP enabled

Ba NAT gateway

CAzure Traffic Manager

DAzure Route Server

Answer : D

Question 6

You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy an Azure Virtual Network NAT gateway named Gateway 1. The solution must meet the following requirements:

* VM1 will access the internet by using its public IP address.

* VM2 will access the internet by using its public IP address.

* Administrative effort must be minimized.

You need to ensure that you can deploy Gateway1 to Vnet1.

What is the minimal number of subnets that Vnet1 must have?

Answer : C

Question 7

Your on-premises network contains a DNS server named Server 1.

You have an Azure subscription that contains the resources shown in the following table.

The on-premises network is connected to VNet1 by using a Site-to-Site (S2S) VPN.

You need to ensure that Server1 can resolve the DNS name of storage1. The solution must minimize costs and administrative effort.

What should you use?

Aan Azure Private DNS zone

Ban Azure virtual machine that hosts a DNS service

Can Azure public DNS zone

DAzure DNS Private Resolver

Answer : D

Microsoft AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Exam Practice Test