Microsoft Designing and Implementing Microsoft Azure Networking Solutions AZ-700 Exam Practice Test

You have an Azure Virtual Desktop deployment that has 500 session hosts.

All outbound traffic to the internet uses a NAT gateway.

During peak business hours, some users report that they cannot access internet resources. In Azure Monitor, you discover many failed SNAT connections.

You need to increase the available SNAT connections.

What should you do?

You have an on-premises datacenter named Site1 that contains a firewall named FW1. FW1 connects to the internet.

You have an Azure subscription that contains the resources shown in the following table.

You plan to connect Site1 to Hub1 by using a site-to-site connection.

You need to configure the site-to-site connection to FW1.

What should you create in VWAN1?

You have an Azure subscription.

You plan to deploy Azure Firewall Premium, enable all the Premium features, and configure both network and application rules.

Which type of rule will the firewall process first?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.

You need to configure a rate limit for incoming requests to AFD1.

Solution: You configure a managed rule for WAF1.

Does this meet the goal?

You have the Azure subscriptions shown in the following table.

Each virtual network contains 20 internet-accessible resources that are assigned public IP addresses.

You need to implement Azure DDoS Network Protection to protect the resources. The solution must minimize costs.

What is the minimum number of DDoS Network Protection plans you should deploy?

You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.

You have a network security group (NSG) named NSG1 associated to each subnet.

When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.

You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:

* Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.

* Minimize changes to NSG1 when a new subnet is created.

What should you use as the destination in the inbound security rule?

SIMULATION

Task 5

You need to ensure that requests for wwwjelecloud.com from any of your Azure virtual networks resolve to frontdoor1.azurefd.net.