Curious about Actual Microsoft Azure Network Engineer Associate (AZ-700) Exam Questions?
Here are sample Microsoft Designing and Implementing Microsoft Azure Networking Solutions (AZ-700) Exam questions from real exam. You can get more Microsoft Azure Network Engineer Associate (AZ-700) Exam premium practice questions at TestInsights.
SIMULATION
Task 7
You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.
Correct : A
Here are the steps and explanations for ensuring that hosts on VNET2 can access hosts on both VNET1 and VNET3, but hosts on VNET1 and VNET3 cannot communicate through VNET2:
On the Add peering page, enter or select the following information:
Name: Type a unique name for the peering from the source virtual network to the destination virtual network.
Virtual network deployment model: Select Resource manager.
Subscription: Select the subscription that contains the destination virtual network.
Virtual network: Select the destination virtual network from the list or enter its resource ID.
Name of the peering from [destination virtual network] to [source virtual network]: Type a unique name for the peering from the destination virtual network to the source virtual network.
Configure virtual network access settings: Select Enabled to allow resources in both virtual networks to communicate with each other.
Allow forwarded traffic: Select Disabled to prevent traffic that originates from outside either of the peered virtual networks from being forwarded through either of them.
Allow gateway transit: Select Disabled to prevent either of the peered virtual networks from using a gateway in the other virtual network.
Use remote gateways: Select Disabled to prevent either of the peered virtual networks from using a gateway in the other virtual network as a transit point to another network.
Select Add to create the peering2.
Repeat the previous steps to create peerings between VNET2 and VNET1, and between VNET2 and VNET3. This will allow hosts on VNET2 to access hosts on both VNET1 and VNET3.
On the Create a network security group page, enter or select the following information:
Subscription: Select your subscription name.
Resource group: Select your resource group name.
Name: Type a unique name for your NSG.
Region: Select the same region as your virtual networks.
Select Review + create and then select Create to create your NSG4.
On the Add inbound security rule page or Add outbound security rule page, enter or select the following information:
Source or Destination: Select CIDR block.
Source CIDR blocks or Destination CIDR blocks: Enter the IP address range of the source or destination subnet that you want to filter. For example, 10.0.1.0/24 for VNET1 subnet 1, 10.0.2.0/24 for VNET2 subnet 1, and 10.0.3.0/24 for VNET3 subnet 1.
Protocol: Select Any to apply the rule to any protocol.
Action: Select Deny to block traffic from or to the source or destination subnet.
Priority: Enter a number between 100 and 4096 that indicates the order of evaluation for this rule. Lower numbers have higher priority than higher numbers.
Name: Type a unique name for your rule.
Select Add to create your rule4.
Repeat the previous steps to create inbound and outbound rules for your NSG that deny traffic between VNET1 and VNET3 subnets. For example, you can create an inbound rule that denies traffic from 10.0.1.0/24 (VNET1 subnet 1) to 10.0.3.0/24 (VNET3 subnet 1), and an outbound rule that denies traffic from 10.0.3.0/24 (VNET3 subnet 1) to 10.0.1.0/24 (VNET1 subnet 1).
Repeat the previous steps to associate your NSG with the subnets in VNET1 and VNET3 that you want to isolate from each other.
Start a Discussions
SIMULATION
Task 8
You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1
Correct : A
Here are the steps and explanations for ensuring that the storage34280945 storage account will only accept connections from hosts on VNET1:
SelectAddto add the virtual network and subnet to your storage account1.
Start a Discussions
SIMULATION
Task 9
You need to ensure that subnet4-3 can accommodate 507 hosts.
Correct : A
Here are the steps and explanations for ensuring that subnet4-3 can accommodate 507 hosts:
To solve this equation, you can use trial and error or a binary search method. For example, you can start withn = 24, which is the default subnet mask for Class C networks. Then, plug in the value ofninto the formula and see if it is too big or too small for 507 hosts.
If you tryn = 24, you getnumber of hosts = 2^(32 - 24) - 2 = 254, which is too small. You need to increase the value ofnto get a larger number of hosts.
If you tryn = 25, you getnumber of hosts = 2^(32 - 25) - 2 = 510, which is just enough to accommodate 507 hosts. You can stop here or try a smaller value ofnto see if it still works.
If you tryn = 26, you getnumber of hosts = 2^(32 - 26) - 2 = 254, which is too small again. You need to decrease the value ofnto get a larger number of hosts.
Start a Discussions
SIMULATION
Task 10
You need to configure VNET1 to log all events and metrics. The solution must ensure that you can query the events and metrics directly from the Azure portal by using KQL.
Correct : A
Here are the steps and explanations for configuring VNET1 to log all events and metrics and query them by using KQL:
On the Add diagnostic setting page, enter or select the following information:
Diagnostic setting name: Type a unique name for your diagnostic setting.
Destination details: Select the destination where you want to send the dat
a. For example, you can select Send to Log Analytics workspace and choose your workspace from the list.
Metric: Select AllMetrics to collect all the platform metrics for VNET12.
Select Save to create your diagnostic setting1.
For example, you can use the following KQL query to get the top 10 network security group events for VNET1 in the last 24 hours:
NetworkSecurityGroupEvent
| where TimeGenerated > ago(24h)
| where ResourceId contains 'VNET1'
| summarize count() by EventID
| top 10 by count_
Copy
Select Run to execute your query and view the results in a table or a chart3.
Start a Discussions
SIMULATION
Task 11
You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.
The on-premises network has the following configurations:
* Internal address range: 10.10.0.0/16.
* Firewall 1 internal IP address: 10.10.1.1.
* Firewall1 public IP address: 131.107.50.60.
BGP is NOT used.
You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.
Correct : A
Here are the steps and explanations for creating the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN:
On theCreate local network gatewaypage, enter or select the following information and accept the defaults for the remaining settings:
Name: Type a unique name for your local network gateway.
IP address: Type the public IP address of your VPN device, which is 131.107.50.60 in this case.
Address space: Type the internal address range of your on-premises network, which is 10.10.0.0/16 in this case.
Subscription: Select your subscription name.
Resource group: Select your resource group name.
Location: Select the same region as your virtual network.
SelectReview + createand then selectCreateto create your local network gateway2.
Start a Discussions
Total 263 questions