Pass the AZ-700 Designing and Implementing Microsoft Azure Networking Solutions exam you need to know these:
Exam Name: Designing and Implementing Microsoft Azure Networking Solutions
Exam Code: AZ-700
Delivery languages: English, Japanese, Chinese (Simplified), Korean, German, French, Spanish, Portuguese (Brazil), Arabic (Saudi Arabia), Russian, Chinese (Traditional), Italian
Actual Exam Duration: 120 minutes
Exam Price: $165 USD
Pass Score: 700
AZ-700 Prerequisites: Cloud networking basics, Hybrid connections, Implementing Network security protocols, Skilled Azure administration abilities.
AZ-700 dumps: https://www.leads4pass.com/az-700.html
AZ-700 Dumps Questions: 110 Q&A
Official Information: https://docs.microsoft.com/en-us/learn/certifications/exams/az-700
AZ-700 Dumps Benefits:
- AZ-700 dumps offer two learning methods: (PDF file, VCE exam engine), easy to learn, and suitable for any learning environment.
- AZ-700 dumps were reviewed by several experienced IT exam experts to ensure that each question was authentic and valid, resulting in a successful AZ-700 Designing and Implementing Microsoft Azure Networking Solutions exam.
- AZ-700 Dumps Questions are for Designing and Implementing Microsoft Azure Networking Solutions core (subject matter expertise in planning, implementing, and maintaining Azure networking solutions, including hybrid networking, connectivity, routing, security, and private access to Azure services)
- AZ-700 Dumps Year-round Update Latest Updated on May 05, 2022, ensures instant validity
Try some of the AZ-700 free exam questions first:
Question 1:
Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New York.
The company only has Azure resources in the East US region.
You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.
Which type of ExpressRoute circuits should you create?
A. ExpressRoute Local
B. ExpressRoute Direct
C. ExpressRoute Premium
D. ExpressRoute Standard
Correct Answer: A
Reference: https://azure.microsoft.com/en-us/pricing/details/expressroute/
Question 2:
You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.
Users will authenticate by an on-premises Active Directory domain.
Which additional service should you deploy to support the VPN authentication?
A. an Azure key vault
B. a RADIUS server
C. a certification authority
D. Azure Active Directory (Azure AD) Application Proxy
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
Question 3:
You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.
Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.
A. a virtual network gateway
B. Azure Application Gateway
C. Azure Firewall
D. a local network gateway
E. Azure Front Door
Correct Answer: AD
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/bgp-howto
Question 4:
You fail to establish a Site-to-Site VPN connection between your company\’s main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel.
Which diagnostic log should you review?
A. IKEDiagnosticLog
B. RouteDiagnosticLog
C. GatewayDiagnosticLog
D. TunnelDiagnosticLog
Correct Answer: A
IKEDiagnosticLog = The IKEDiagnosticLog table offers verbose debug logging for IKE/IPsec. This is very useful to review when troubleshooting disconnections, or failure to connect VPN scenarios.
GatewayDiagnosticLog = Configuration changes are audited in the GatewayDiagnosticLog table.
TunnelDiagnosticLog = The TunnelDiagnosticLog table is very useful to inspect the historical connectivity statuses of the tunnel.
RouteDiagnosticLog = The RouteDiagnosticLog table traces the activity for statically modified routes or routes received via BGP.
P2SDiagnosticLog = The last available table for VPN diagnostics is P2SDiagnosticLog. This table traces the activity for Point to Site.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
Question 5:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to- Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You reset the gateway of Vnet1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Question 6:
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You enable BGP on the gateway of Vnet1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Question 7:
You plan to deploy Azure virtual network.
You need to design the subnets.
Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Azure Bastion
B. Azure Active Directory Domain Services
C. Azure Private Link
D. Azure Application Gateway v2
E. VPN gateway
Correct Answer: ADE
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services
Question 8:
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You download and reinstall the VPN client configuration.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Question 9:
You have an Azure subscription that contains the public IP addresses shown in the following table.
You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1?
A. IP3 only
B. IP5 only
C. IP2 and IP4 only
D. IP1, IP3 and IP5 only
E. IP3 and IP5 only
Correct Answer: A
Only static IPv4 addresses in the Standard SKU are supported. IPv6 doesn\’t support NAT.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview
Question 10:
You have an Azure application gateway named AGW1 that has a routing rule named Rule1. Rule 1 directs traffic for http://www.contoso.com to a backend pool named Pool1. Pool1 targets an Azure virtual machine scale set named VMSS1.
You deploy another virtual machine scale set named VMSS2.
You need to configure AGW1 to direct all traffic for http://www.adatum.com to VMSS2.
The solution must ensure that requests to http://www.contoso.com continue to be directed to Pool1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add a backend pool.
B. Modify an HTTP setting.
C. Add an HTTP setting.
D. Add a listener.
E. Add a rule.
Correct Answer: ADE
Reference: https://docs.microsoft.com/en-us/azure/application-gateway/configuration-overview
Question 11:
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You add a rewrite rule for the host header.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Question 12:
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You disable the WAF rule that has a ruleId 920300.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Question 13:
You have an Azure subscription that contains an Azure App Service app. The app uses a URL of https://www.contoso.com.
You need to use a custom domain on Azure Front Door for www.contoso.com. The custom domain must use a certificate from an allowed certification authority (CA).
What should you include in the solution?
A. an enterprise application in Azure Active Directory (Azure AD)
B. Active Directory Certificate Services (AD CS)
C. Azure Key Vault
D. Azure Application Gateway
Correct Answer: C
Reference: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https
Question 14:
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.
You configure the listener for HTTPS by uploading an enterprise-signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1.
What should you do?
A. Increase the Unhealthy threshold setting in the custom probe.
B. Enable the SSL profile to the listener.
C. Set Listener type to Multi site.
D. Upload the public key certificate to the HTTP settings.
Correct Answer: D
Reference: https://docs.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal https://docs.microsoft.com/en-us/azure/application-gateway/create-ssl-portal#configuration-tab
Question 15:
You have an Azure application gateway named AppGW1 that balances requests to a web app named App1.
You need to modify the server variables in the response header of App1.
What should you configure on AppGW1?
A. HTTP settings
B. rewrites
C. rules
D. listeners
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url
……
View 110 questions:
Real AZ-700 Designing and Implementing Microsoft Azure Networking Solutions exam program uses 110 AZ-700 dumps exam questions.