Question 141
You have an Azure subscription that contains the following resources:
• A virtual network named Vnet1
• Two subnets named subnet1 and AzureFirewallSubnet
• A public Azure Firewall named FW1
• A route table named RT1 that is associated to Subnet1
• A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?
A. On FW1, configure a DNAT rule for port 1688
B. Deploy a NAT gateway.
C. Add an internet route to RT1 for the Azure Key Management Service (KMS).
D. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.
Question 142
You have an on-premises network.
You have an Azure subscription that includes a virtual network named VNet1 and a private Azure Kubernetes Service (AKS) cluster named AKS1. VNet1 is connected to your on-premises environment via an Azure ExpressRoute circuit. AKS1 is connected to VNet1.
You need to implement an off-cluster ingress controller for AKS1. The solution must provide connectivity from the on-premises environment to containerized workloads hosted on AKS1.
Which Azure service should you use?
A. Azure Application Gateway
B. Azure Front Door
C. Azure Traffic Manager
D. Azure Load Balancer
Question 143
HOTSPOT
-
You are planning an Azure Front Door deployment that will contain the resources shown in the following table.
Users will connect to the App Service through Front Door by using a URL of https://www.fabrikam.com.
You obtain a certificate for the host name of www.fabrikam.com.
You need to configure a DNS record for www.fabrikam.com and upload the certificate to Azure.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 144
HOTSPOT
-
You have an Azure subscription that contains an app named App1. App1 is hosted on the Azure App Service instances shown in the following table.
You need to implement Azure Traffic Manager to meet the following requirements:
• App1 traffic must be assigned equally to each App Service instance in each Azure region.
• App1 traffic from North Europe must be routed to the App1 instances in the North Europe region.
• App1 traffic from North America must be routed to the App1 instances in the East US Azure region.
• If an App Service instance fails, all the traffic for that instance must be routed to the remaining instances in the same region.
How should you configure the Traffic Manager profiles? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 145
You have an Azure subscription that contains the Azure App Service web apps shown in the following table.
You need to deploy Azure Traffic Manager. The solution must meet the following requirements:
• Traffic to https://www.fabrikam.com must be directed to App1eu.
• If App1eu becomes unresponsive, all the traffic to https://www.fabrikam.com must be directed to App1us.
You need to implement Traffic Manager to meet the requirements.
Which two resources should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a Traffic Manager profile that uses the priority routing method
B. a Traffic Manager profile that uses the geographic routing method
C. a CNAME record in a DNS domain named fabrikam.com
D. a TXT record in a DNS domain named fabricam.com
E. a real user measurements key in Traffic Manager
Question 146
HOTSPOT
-
You have an Azure subscription that contains an app named App1. App1 is deployed to the Azure App Service apps shown in the following table.
You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the available worker instances.
What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 147
You have an Azure subscription that contains the following resources:
• A virtual network named Vnet1
• Two subnets named subnet1 and AzureFirewallSubnet
• A public Azure Firewall named FW1
• A route table named RT1 that is associated to Subnet1
• A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?
A. On FW1, configure a DNAT rule for port 1688.
B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
C. Deploy an application security group that allows outbound traffic to 1688.
D. Deploy an Azure Standard Load Balancer that has an outbound NAT rule.
Question 148
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1.
You deploy an instance of Azure Application Gateway v2 named AppGw1 to Subnet1. You create a network security group (NSG) named NSG1 and link NSG1 to Subnet1.
You need to ensure that AppGw1 will only load balance traffic that originates from VNet1. The solution must minimize the impact on the functionality of AppGw1.
What should you add to NSG1?
A. an outbound rule that has a priority of 4096 and blocks all internet traffic
B. an inbound rule that has a priority of 4096 and blocks all internet traffic
C. an inbound rule that has a priority of 100 and blocks all internet traffic
D. an outbound rule that has a priority 100 and blocks all internet traffic
Question 149
You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines.
You need to recommend a load balancing solution for the virtual network. The solution must meet the following requirements:
• The virtual machines and the load balancer must be accessible only from the virtual network.
• Costs must be minimized.
What should you include in the recommendation?
A. Basic Azure Load Balancer
B. Azure Application Gateway v1
C. Azure Standard Load Balancer
D. Azure Application Gateway v2
Question 150
You have an Azure subscription that contains the following resources:
• A virtual network named Vnet1
• Two subnets named subnet1 and AzureFirewallSubnet
• A public Azure Firewall named FW1
• A route table named RT1 that is associated to Subnet1
• A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?
A. On FW1, configure a DNAT rule for port 1688.
B. Deploy an application security group that allows outbound traffic to 1688.
C. Add an internet route to RT1 for the Azure Key Management Service (KMS).
D. Deploy an Azure Standard Load Balancer that has an outbound NAT rule.
