Win IT Exam with Last Dumps 2025

Microsoft AZ-700 Exam

Page 23/24
Viewing Questions 221 230 out of 231 Questions
95.83%

Question 221
HOTSPOT -
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-700_221Q.png related to the Microsoft AZ-700 Exam
Image AZ-700_221R.png related to the Microsoft AZ-700 Exam
Box 1: No -
NSG10 which is attached to VM1's subnet blocks RDP (port TCP 3389) to 'Any' which means the port is blocked to all destinations.
Box 2: Yes -
NSG10 blocks ICMP from VNet4 (source 10.10.0.0/16) but it is not blocked from VM2's subnet (VNet1/Subnet2).
Box 3: No -
NSG11 blocks RDP (port TCP 3389) destined for 'VirtualNetwork'. VirtualNetwork is a service tag and means the address space of the virtual network (VNet1) which in this case is 10.1.0.0/16. Therefore, RDP traffic from subnet2 to anywhere else in VNet1 is blocked.

Question 222
You need to provide access to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
A. a private endpoint
B. Azure Traffic Manager
C. Azure Front Door
D. a service endpoint

Question 223
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
A. IKEv2 and OpenVPN (SSL)
B. IKEv2
C. IKEv2 and SSTP (SSL)
D. OpenVPN (SSL)
E. SSTP (SSL)
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

Question 224
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use?
A. a private endpoint
B. Azure Firewall
C. Azure Front Door
D. a service endpoint
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview

Question 225
HOTSPOT -
You need to implement name resolution for the cloud.litwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-700_225Q.png related to the Microsoft AZ-700 Exam
Image AZ-700_225R.jpg related to the Microsoft AZ-700 Exam
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-autoregistration
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances


Question 226
HOTSPOT -
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-700_226Q.png related to the Microsoft AZ-700 Exam
Image AZ-700_226R.jpg related to the Microsoft AZ-700 Exam
Box 1: VM2, VM3 and VM4.
VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3.
There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP to VNet1/Subnet2, VNet2 or VNet3. Therefore, VM1 can ping VM2 in VNet1/Subnet2, VM3 in VNet2 and VM4 in VNet3.
Box 2:
VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound ICMP from VNet3. There are no NSGs blocking inbound ICMP to VNet1/Subnet1, VNet1/Subnet2 or VNet2 from VNet3 (NSG10 blocks inbound ICMP from VNet4 but not from VNet3). Therefore, VM4 can ping VM1 in VNet1/
Subnet1, VM2 in VNet1/Subnet2 and VM3 in VNet2.

Question 227
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?
A. a private endpoint
B. a routing table
C. a service endpoint
D. a private link service
E. a virtual network peering
There is no virtual network peering between VM4's VNet (VNet3) and VM5's VNet (VNet4). To enable the VMs to communicate over the Microsoft backbone network a VNet peering is required between VNet3 and VNet4.

Question 228
DRAG DROP -
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer.
Select and Place:
AZ-700_228Q.jpg related to the Microsoft AZ-700 Exam
Image AZ-700_228R.jpg related to the Microsoft AZ-700 Exam
Step 1: Delete the VPN GW1.
The existing VPN GW1 GatewaySubnet is too small with /29.
Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
AZ-700_228E.png related to the Microsoft AZ-700 Exam
Step 2: Create a VPN gateway by using Basic SKU.
Basic SKU is good enough.
Note -
The Basic gateway SKU does not support IKEv2 or RADIUS authentication. If you plan on having Mac clients connect to your virtual network, do not use the Basic
SKU.
Step 3: Set the subnet mask of Gateway Subnet to /27.
When you create the gateway subnet, you specify the number of IP addresses that the subnet contains. The number of IP addresses needed depends on the VPN gateway configuration that you want to create. Some configurations require more IP addresses than others. We [Microsoft] recommend that you create a gateway subnet that uses a /27 or /28.
It's best to specify /27 or larger (/26,/25 etc.). This allows enough IP addresses for future changes, such as adding an ExpressRoute gateway.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

Question 229
DRAG DROP -
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-700_229Q.jpg related to the Microsoft AZ-700 Exam
Image AZ-700_229R.jpg related to the Microsoft AZ-700 Exam
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/skus
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections#outboundrules

Question 230
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
A. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3
B. a user-defined route assigned to GatewaySubnet in Vnet1
C. BGP route exchange
D. route filters
Reference:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal