You have an Azure subscription that contains the following resources: • A virtual network named Vnet1 • Two subnets named subnet1 and AzureFirewallSubnet • A public Azure Firewall named FW1 • A route table named RT1 that is associated to Subnet1 • A rule routing of 0.0.0.0/0 to FW1 in RT1 After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
Question 182
SIMULATION -
Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected] Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You need to create an Azure Firewall instance named FW1 that meets the following requirements: • Has an IP address from the address range of 10.1.255.0/24 • Uses a new Premium firewall policy named FW-policy1 • Routes traffic directly to the internet To complete this task, sign in to the Azure portal.
Question 183
SIMULATION -
Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected] Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled. You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task. To complete this task, sign in to the Azure portal.
Question 184
SIMULATION -
Username and password - Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected] Azure Password: xxxxxxxxxx - If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only: Lab Instance: 12345678 - You need to configure VNET1 to log all events and metrics. The solution must ensure that you can query the events and metrics directly from the Azure portal by using KQL. To complete this task, sign in to the Azure portal.
Question 185
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software. You have a network security group (NSG) named NSG1 associated to each subnet. When a new subnet is created in Vnet1 an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1. You need to create an inbound security rule in NSG1 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements: • Ensure that only the monitoring virtual machines receive a connection from 131.1071.15. • Minimize changes to NSG1 when a new subnet is created. What should you use as the destination in the inbound security rule?
Question 186
You have an Azure subscription that contains the resources shown in the following table. Subnet1 contains three virtual machines that host an app named App1. App1 is accessed by using the SFTP protocol. From NSG1, you configure an inbound security rule named Rule2 that allows inbound SFTP connections to ASG1. You need to ensure that the inbound SFTP connections are managed by using ASG1. The solution must minimize administrative effort. What should you do?
Question 187
You have an Azure subscription that contains the resources shown in the following table. Users on HP1 connect to App1 by using a URL of https://app1.contoso.com. You need to ensure that the IDPS on FW1 can identify security threats in the connections from HP1 to Server1. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Question 188
HOTSPOT - You are implementing the virtual network requirements for VM-Analyze. What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have the Azure firewall shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Question 190
HOTSPOT - You have an Azure subscription that contains 10 virtual machines. The virtual machines are assigned private IP addresses. The subscription contains the resources shown in the following table. You need to configure FWPolicy1 to meet the following requirements: • Allow incoming connections to the virtual machines from the internet on port 4567. • Block outbound connections from the virtual machines to an FQDN of *.fabrikam.com. What should you configure in FWPolicy1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
