Win IT Exam with Last Dumps 2025

Microsoft AZ-700 Exam

Page 6/24
Viewing Questions 51 60 out of 231 Questions
25.00%

Question 51
HOTSPOT -
You have the Azure App Service app shown in the App Service exhibit.
AZ-700_51Q_1.jpg related to the Microsoft AZ-700 Exam
The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.
AZ-700_51Q_2.jpg related to the Microsoft AZ-700 Exam
The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.
AZ-700_51Q_3.png related to the Microsoft AZ-700 Exam
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-700_51Q_4.png related to the Microsoft AZ-700 Exam
Image AZ-700_51R.jpg related to the Microsoft AZ-700 Exam



Box 1: Yes -
The integration subnet can be used by only one App Service plan.
Box 2: No -
No Private Endpoint connections defined.
When regional virtual network integration is enabled, your app makes outbound calls through your virtual network. The outbound addresses that are listed in the app properties portal are the addresses still used by your app. However, if your outbound call is to a virtual machine or private endpoint in the integration virtual network or peered virtual network, the outbound address will be an address from the integration subnet.
Box 3: Yes -
Apps in App Service are hosted on worker roles. Regional virtual network integration works by mounting virtual interfaces to the worker roles with addresses in the delegated subnet. Because the from address is in your virtual network, it can access most things in or through your virtual network like a VM in your virtual network would.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration

Question 52
You have a hub-and-spoke topology. The topology includes multiple on-premises locations that connect to a hub virtual network in Azure via ExpressRoute circuits.
You have an Azure Application Gateway named GW1 that provides a single point of ingress from the internet.
You plan to migrate the hub-and-spoke topology to Azure Virtual WAN.
You need to identify which changes must be applied to the existing topology. The solution must ensure that you maintain a single point of ingress from the internet.
Which three changes should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.



Transition connectivity to virtual WAN hub:
Step 1. (E) Delete the existing peering connections from Spoke virtual networks to the old customer-managed hub. Access to applications in spoke virtual networks is unavailable until steps 1-3 are complete.
Step 2. (D) Connect the spoke virtual networks to the Virtual WAN hub via VNet connections.
Step 3. (C) Remove any user-defined routes (UDR) previously used within spoke virtual networks for spoke-to-spoke communications. This path is now enabled by dynamic routing available within the Virtual WAN hub.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-wan/migrate-from-hub-spoke-topology

Question 53
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?



Azure Application Gateway is limited to 100 active listeners that are routing traffic. Active listeners = total number of listeners - listeners not active.
If a default configuration inside a routing rule is set to route traffic (for example, it has a listener, a backend pool, and HTTP settings) then that also counts as a listener.
Note: Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers. This type of routing is known as application layer (OSI layer 7) load balancing.
Incorrect:
Not B: Floating IP. Some application scenarios prefer or require the same port to be used by multiple application instances on a single VM in the backend pool.
Common examples of port reuse include:
clustering for high availability
network virtual appliances
exposing multiple TLS endpoints without re-encryption.
Not D: Multiple site hosting enables you to configure more than one web application on the same port of application gateways using public-facing listeners. It allows you to configure a more efficient topology for your deployments by adding up to 100+ websites to one application gateway. Each website can be directed to its own backend pool.
Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/main/includes/application-gateway-limits.md

Question 54
DRAG DROP -
You register a DNS domain with a third-party registrar.
You need to host the DNS zone on Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-700_54Q.jpg related to the Microsoft AZ-700 Exam
Image AZ-700_54R.jpg related to the Microsoft AZ-700 Exam



Step 1: Create a public DNS zone.
Create a DNS zone -
1. Go to the Azure portal to create a DNS zone. Search for and select DNS zones.
AZ-700_54E_1.png related to the Microsoft AZ-700 Exam
2. Select Create DNS zone.
3. On the Create DNS zone page, enter the following values, and then select Create.
Step 2: Identify the FQDNs of the name servers.
Retrieve name servers.
Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone. Azure DNS gives name servers from a pool each time a zone is created.
With the DNS zone created, in the Azure portal Favorites pane, select All resources. On the All resources page, select your DNS zone. If the subscription you've selected already has several resources in it, you can enter your domain name in the Filter by name box to easily access the application gateway.
Retrieve the name servers from the DNS zone page. In this example, the zone contoso.net has been assigned name servers ns1-01.azure-dns.com, ns2-
01.azure-dns.net, *ns3-01.azure-dns.org, and ns4-01.azure-dns.info:
AZ-700_54E_2.jpg related to the Microsoft AZ-700 Exam
Azure DNS automatically creates authoritative NS records in your zone for the assigned name servers.
Step 3: Modify the NS records for the domain.
Delegate the domain -
Once the DNS zone gets created and you have the name servers, you'll need to update the parent domain with the Azure DNS name servers.
Each registrar has its own DNS management tools to change the name server records for a domain.
1. In the registrar's DNS management page, edit the NS records and replace the NS records with the Azure DNS name servers.
2. When you delegate a domain to Azure DNS, you must use the name servers that Azure DNS provides. Use all four name servers, regardless of the name of your domain. Domain delegation doesn't require a name server to use the same top-level domain as your domain.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Question 55
HOTSPOT -
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)
AZ-700_55Q_1.jpg related to the Microsoft AZ-700 Exam
You have the Azure firewall shown in the Firewall1 exhibit. (Click the Firewall1 tab.)
AZ-700_55Q_2.jpg related to the Microsoft AZ-700 Exam
You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)
AZ-700_55Q_3.jpg related to the Microsoft AZ-700 Exam
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-700_55Q_4.jpg related to the Microsoft AZ-700 Exam
Image AZ-700_55R.jpg related to the Microsoft AZ-700 Exam



Box 1: Yes -
Resources in Subnet1 will use the Route2 and its Next hop ID address to the Firewall to reach the Internet.
Box 2: Yes -
Yes, with network network peering.
Box 3: No -
Resources in Subnet2 can only reach resources in Subnet1, as gateway transit for virtual network peering has not been configured.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit


Question 56
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You resize the gateway of Vnet1 to a larger SKU.
Does this meet the goal?



The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

Question 57
You have an Azure subscription that contains the virtual networks shown in the following table.
AZ-700_57Q.jpg related to the Microsoft AZ-700 Exam
You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.
To which virtual networks can you deploy AF1?



Azure Firewall operates in a single VNET.
Azure Firewall is a regional service.
Yes. Vnet1: Same VNET and same region.
No. Vnet2: Same Resource Group but different VNET and different region. Must be in the same region.
No. Vnet3: Different VNET, different region. Must be in the same region.
No. Vnet4: Different VNET, same region.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/networking/guide/well-architected-framework-azure-firewall

Question 58
HOTSPOT
-
You have two Azure App Service instances that host the web apps shown the following table.
AZ-700_58Q_1.png related to the Microsoft AZ-700 Exam
You deploy an Azure 2 that has one public frontend IP address and two backend pools.
You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.
What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-700_58Q_2.png related to the Microsoft AZ-700 Exam
Image AZ-700_58R.png related to the Microsoft AZ-700 Exam




Question 59
Your company has four branch offices and an Azure subscription. The subscription contains an Azure VPN gateway named GW1.
The branch offices are configured as shown in the following table.
AZ-700_59Q.png related to the Microsoft AZ-700 Exam
The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.
The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.
You need to ensure that the Branch1 users can connect to the Azure resources. The solution must meet the following requirements:
• Minimize downtime for all users.
• Minimize administrative effort.
What should you do first?




Question 60
DRAG DROP
-
You have an Azure subscription that contains a virtual network named Vnet1 and an Azure SQL database named SQL1. SQL1 has a private endpoint on Vnet1.
You have a partner company named Fabrikam, Inc. Fabrikam has an Azure subscription that contains a virtual network named Vnet2 and a virtual machine named VM1. VM1 is connected to Vnet2.
You need to provide VM1 with access to SQL1 by using an Azure Private Link service.
What should you implement on each virtual network? To answer, drag the appropriate resources to the correct virtual networks. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
AZ-700_60Q.png related to the Microsoft AZ-700 Exam
Image AZ-700_60R.png related to the Microsoft AZ-700 Exam