HOTSPOT - You have an Azure subscription that contains the virtual machines shown in the following table. Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule: - Priority: 100 - Port: Any - Protocol: Any - Source: Any - Destination: Storage - Action: Deny You create a private endpoint that has the following settings: - Name: Private1 - Resource type: Microsoft.Storage/storageAccounts - Resource: storage1 - Target sub-resource: blob - Virtual network: Vnet1 - Subnet: Subnet1 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure firewall shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area:
Box 1: If forced tunneling was enabled, the Firewall Subnet would be named AzureFirewallManagementSubnet. Forced tunneling can only be enabled during the creation of the firewall. It cannot be enabled after the firewall has been deployed. Box 2: The "Visit Azure Firewall Manager to configure and manage this firewall" link in the exhibit shows that the firewall is managed by Azure Firewall Manager.
Question 163
You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure. You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine. What should you use?
You have an Azure subscription that contains the following resources: - A virtual network named Vnet1 - Two subnets named subnet1 and AzureFirewallSubnet - A public Azure Firewall named FW1 - A route table named RT1 that is associated to Subnet1 - A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
HOTSPOT - You have an Azure application gateway named AppGW1 that provides access to the following hosts: - www.adatum.com - www.contoso.com - www.fabrikam.com AppGW1 has the listeners shown in the following table. You create Azure Web Application Firewall (WAF) policies for AppGW1 as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly. Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service. You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB. What should you include in the solution?
Your company has offices in Montreal, Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address. You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy1 that has a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that originates from the office in Montreal. You need to apply a rate limit of 100 requests for traffic that originates from each office. What should you do?
Question 168
You have an Azure virtual network named Vnet1. You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources. Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following resources: - A virtual network named Vnet1 - A subnet named Subnet1 in Vnet1 - A virtual machine named VM1 that connects to Subnet1 - Three storage accounts named storage1, storage2, and storage3 You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts. Solution: You configure the firewall on storage1 to only accept connections from Vnet1. Does this meet the goal?
Question 170
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following resources: - A virtual network named Vnet1 - A subnet named Subnet1 in Vnet1 - A virtual machine named VM1 that connects to Subnet1 - Three storage accounts named storage1, storage2, and storage3 You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts. Solution: You create a network security group (NSG) and associate the NSG to Subnet1. Does this meet the goal?
