HOTSPOT - You have an Azure subscription that contains the resources shown in the following table. The virtual network topology is shown in the following exhibit. Firewall1 is configured as shown in following exhibit. FirewallPolicy1 contains the following rules: • Allow outbound traffic from Vnet1 and Vnet2 to the internet. • Allow any traffic between Vnet1 and Vnet2. No custom private endpoints, service endpoints, routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Question 82
HOTSPOT - Your company has 40 branch offices across North America and Europe. You have an Azure subscription that contains the following virtual networks: • Two networks in the East US Azure region • Three networks in the West Europe Azure region You need to implement Azure Virtual WAN. The solution must meet the following requirements: • Each branch office in North America must have an ExpressRoute circuit and a Site-to-Site VPN that connects to the East US region. • Each branch office in Europe must have an ExpressRoute circuit and a Site-to-Site VPN that connects to the West Europe region. • Transitive connections must be supported between all the branch offices and all the virtual networks. • Costs must be minimized. What is the minimum number of Virtual WAN resources required? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Question 83
DRAG DROP - You have a DNS domain named contoso.com that is hosted by a third-party domain name registrar. You have an Azure subscription. You need to ensure that all DNS queries for the contoso.com domain are resolved by using Azure DNS. What should you create in the registrar, and what should you create in Azure? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Question 84
HOTSPOT - You have an on-premises network. You have an Azure subscription that contains the resources shown in the following table. You need to implement an ExpressRoute circuit to access the resources in the subscription. The solution must ensure that the on-premises network connects to the Azure resources by using the ExpressRoute circuit. Which type of peering should you use for each connection? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Question 85
You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?
Question 86
You have the on-premises networks shown in the following table. You have an Azure subscription that contains an Azure virtual WAN named VWAN1 and a virtual network named VNet1. VWAN is connected to the on-premises networks and VNet1 in a full mesh topology. The virtual hub routing preference for VWAN1 is AS Path. You need to route traffic from VNet1 to 10.61.1.5. Which path will be used?
Question 87
HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Box 1: No - Zone2.contoso.com is not linked to any virtual networks. Therefore, no VMs are able to resolve names in the zone. Box 2: Yes - VM4 is in VNet3. Zone1.contoso.com has a link to VNet3 and auto-registration is enabled on the link. Box3: No - VNet3 is linked to zone1.contoso.com and auto-registration is enabled on the link. A virtual network can only have one registration zone. You can link zone2.contoso.com to VNet3 but you won't be able to enable auto-registration on the link.
Question 88
You have an Azure subscription that contains a virtual network named VNet1. You deploy several web apps and configure the apps to use private endpoints on VNet1. You need to identify which DNS records the web apps registered automatically. Where will the records be created?
Question 89
HOTSPOT - You have an Azure subscription that contain a storage account named st1 in the East US Azure region. You have the virtual networks shown in the following table. You have the subnets shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Question 90
HOTSPOT - You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements. What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Box 2: One NSG - The minimum requirement is one NSG. You could attach the NSG to VMScaleSet1 and restrict outbound traffic, or you could attach the NSG to VMScaleSet2 and restrict inbound traffic. Either way you would need two custom NSG rules. Box 1: Two custom rules - With the NSG attached to VMScaleSet2, you would need to create a custom rule blocking all traffic from VMScaleSet1. Then you would need to create another custom rule with a higher priority than the first rule that allows traffic on port 443. The default rules in the NSG will allow all other traffic to VMScaleSet2.
