Win IT Exam with Last Dumps 2025

Microsoft AZ-700 Exam

Page 20/24
Viewing Questions 191 200 out of 231 Questions
83.33%

Question 191
DRAG DROP
-
You have an Azure subscription that contains an Azure VPN gateway named GW1. GW1 provides Point-to-Site (P2S) VPN connectivity.
Users connect to GW1 from a Windows 11 device by using an SSTP connection.
You need to ensure that the P2S VPN connections support Azure AD authentication.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
AZ-700_191Q.png related to the Microsoft AZ-700 Exam
Image AZ-700_191R.png related to the Microsoft AZ-700 Exam




Question 192
You have the Azure resources shown in the following table.
AZ-700_192Q.png related to the Microsoft AZ-700 Exam
You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.
You need to ensure that you can use the service endpoint to connect to the read-only endpoint of storage1 in the paired Azure region.
What should you do first?



The Azure storage firewall provides access control for the public endpoint of your storage account. You can also use the firewall to block all access through the public endpoint when using private endpoints.
Note: By default, service endpoints work between virtual networks and service instances in the same Azure region. When using service endpoints with Azure
Storage, service endpoints also work between virtual networks and service instances in a paired region.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

Question 193
HOTSPOT -
You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-700_193Q.png related to the Microsoft AZ-700 Exam
Image AZ-700_193R.jpg related to the Microsoft AZ-700 Exam



Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-autoregistration
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances

Question 194
DRAG DROP -
You have an Azure virtual network named Vnet1 that connects to an on-premises network.
You have an Azure Storage account named storageaccount1 that contains blob storage.
You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
- Ensure that all on-premises users can access storageaccount1 through the private endpoint.
- Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-700_194Q.jpg related to the Microsoft AZ-700 Exam
Image AZ-700_194R.jpg related to the Microsoft AZ-700 Exam



168.63.129.16 is the IP address of Azure DNS which hosts Azure Private DNS zones. It is only accessible from within a VNet which is why we need to forward on-prem DNS requests to the VM running DNS in the VNet. The VM will then forward the request to Azure DNS for the IP of the storage account private endpoint.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints

Question 195
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe region.
You deploy an Azure App Service app named App1 to the West Europe region.
You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs.
What should you do first?



Reference:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet


Question 196
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources:
- An Azure App Service app named App1
- An Azure DNS zone named contoso.com
- An Azure private DNS zone named private.contoso.com
- A virtual network named Vnet1
You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS.
You need to provide a developer with the name that is registered in Azure DNS for the private endpoint.
What should you provide?




Question 197
You have Azure App Service apps in the West US Azure region as shown in the following table.
AZ-700_197Q.png related to the Microsoft AZ-700 Exam
You need to ensure that all the apps can access the resources in a virtual network named VNet1 without forwarding traffic through the internet.
How many integration subnets should you create?



One integration subnet is required per App Service Plan regardless of how many apps are running in the App Service Plan.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration

Question 198
HOTSPOT -
You have the Azure environment shown in the Azure Environment exhibit.
AZ-700_198Q_1.jpg related to the Microsoft AZ-700 Exam
The settings for each subnet are shown in the following table.
AZ-700_198Q_2.png related to the Microsoft AZ-700 Exam
The Firewalls and virtual networks settings for storage1 are configured as shown in the Storage1 exhibit.
AZ-700_198Q_3.jpg related to the Microsoft AZ-700 Exam
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-700_198Q_4.png related to the Microsoft AZ-700 Exam
Image AZ-700_198R.jpg related to the Microsoft AZ-700 Exam



Box 1: Yes -
The firewall allows VNet1\Subnet1 through the service endpoint.
Box 2: No -
The firewall does not allow VNet1\Subnet2 through the service endpoint.
Box 3: No -
The firewall allows 132.124.53.0/26 which means it allows all IP addresses between 132.124.53.0 and 132.124.53.63. The public IP of VM3 is 132.124.53.76 which is outside the allowed range.

Question 199
DRAG DROP -
You have two Azure subscriptions named Subscription1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-700_199Q.jpg related to the Microsoft AZ-700 Exam
Image AZ-700_199R.jpg related to the Microsoft AZ-700 Exam



Step 1: Deploy an Azure Load Balancer in front of the application server
Configure your application to run behind a standard load balancer in your virtual network.
Step 2: In Subscription 1, create a private link service and attach the service to the frontend IP configuration of the load balancer.
Create a Private Link Service referencing the load balancer above.
Step 3: In Subscription 2, create a private endpoint by using the private link service.
Private Link service can be accessed from approved private endpoints in any public region. The private endpoint can be reached from the same virtual network, regionally peered VNets, globally peered VNets and on premises using private VPN or ExpressRoute connections.
AZ-700_199E.jpg related to the Microsoft AZ-700 Exam
Step 4: In Subscription1, accept the private endpoint connection request.
Network connections can be initiated only by clients that are connecting to the private endpoint.
Not:
Incorrect: Enable virtual network peering between Vnet1 and Vnet2.
Reference:
https://docs.microsoft.com/en-us/azure/private-link/private-link-service-overview
https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview

Question 200
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources:
- A virtual network named Vnet1
- An App Service plan named ASP1
- An Azure App Service named webapp1
An Azure private DNS zone named private.contoso.com
- Virtual machines on Vnet1 that cannot communicate outside the virtual network
You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of https://www.private.contoso.com.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.



E: You can use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve specific domains.
When you use Private Endpoint for Web App, the requested URL must match the name of your Web App. When you deploy a Private Endpoint, we update the
DNS entry to point to the canonical name mywebapp.privatelink.azurewebsites.net. For example, the name resolution will be (Name, Type, Value): mywebapp.azurewebsites.net CNAME mywebapp.privatelink.azurewebsites.net
Reference:
https://docs.microsoft.com/en-us/azure/app-service/networking/private-endpoint