Lead4Pass AZ-700 dumps are verified and audited by a Microsoft professional team, and they really meet the requirements of the AZ-700 certification exam, covering more than 95% of the exam questions in the exam room!
And, offer the most popular study methods: AZ-700 dumps PDF, and AZ-700 dumps VCE, both study formats contain the latest certification exam questions and answers!
Therefore, the best exam solution is to use AZ-700 dumps with PDF and VCE formats: https://www.leads4pass.com/az-700.html (222 Q&A), to help you practice easily and achieve exam success.
What’s more! Part of the Lead4Pass AZ-700 dumps exam questions online for free download: https://drive.google.com/file/d/10XspYFbduQfcZYsOBWlkx-2p1a_bdW1E/
You can also practice some of the Lead4Pass AZ-700 dumps exam questions online
Type | Number of exam questions | Exam name | Exam code | Last updated |
Free | 15 | Designing and Implementing Microsoft Azure Networking Solutions | AZ-700 | AZ-700 dumps |
Question 1:
You have an Azure virtual network named Hub1.
Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.
You created an Azure Virtual network named Spoke1.
You are implementing peering between Hub1 and Spoke1.
You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.
How should you complete the PowerShell script?
A. Code Block1: -AllowForwardedTraffic
B. Code Block1: -AllowGatewayTransit
C. Code Block1: -UseRemoteGateways
D. Code Block2: -AllowForwardedTraffic
E. Code Block2: -AllowGatewayTransit
F. Code Block2: -UseRemoteGateways
Correct Answer: BF
Virtual network peering is a non-transitive relationship between two virtual networks. You can configure spokes to use the hub gateway to communicate with remote networks. To allow gateway traffic to flow from spoke to the hub and connect to
remote networks, you must:
Configure the peering connection in the hub to allow gateway transit.
Configure the peering connection in each spoke to use remote gateways.
Configure all peering connections to allow forwarded traffic.
Below is the sample code.
# Peer hub to spoke
Add-AzVirtualNetworkPeering -Name HubtoSpoke -VirtualNetwork $VNetHub -RemoteVirtualNetworkId $VNetSpoke.Id -AllowGatewayTransit
# Peer spoke to hub
Add-AzVirtualNetworkPeering -Name SpoketoHub -VirtualNetwork $VNetSpoke -RemoteVirtualNetworkId $VNetHub.Id -AllowForwardedTraffic UseRemoteGateways
https://docs.microsoft.com/en-us/azure/firewall/tutorial-hybrid-ps#peer-the-hub-and-spoke-virtual-networks https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli#virtual-networkpeering
Wrong Answers:
Code Block1: -AllowForwardedTraffic and Code Block2: -AllowForwardedTraffic
Allow forwarded traffic to be used if you require connectivity between spokes. You can create routes to forward traffic from the spoke to the firewall or network virtual appliance, which can then route to the second spoke.
Question 2:
You plan to implement Point-to-Site(P2S) VPN connection. Which of the following authentication methods you can use?
A. Native Azure certificate authentication
B. Native Azure active directory authentication
C. RADIUS Server
Correct Answer: ABC
Before Azure accepts a P2S VPN connection, the user has to be authenticated first. There are multiple mechanisms that Azure offers to authenticate a connecting user.
Authenticate using native Azure certificate authentication – When using native Azure certificate authentication, a client certificate that is present on the device is used to authenticate the connecting user.
Authenticate using native Azure Active Directory authentication – Azure AD authentication allows users to connect to Azure using their Azure Active Directory credentials. Native Azure AD authentication is only supported for OpenVPN
protocol and Windows 10 and requires the use of the Azure VPN Client
Authenticate using Active Directory (AD) Domain Server – AD Domain authentication allows users to connect to Azure using their organization domain credentials. It requires a RADIUS server that integrates with the AD server. Organizations can also leverage their existing RADIUS deployment. https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
Question 3:
You need to recommend a configuration for the ExpressRoute connection from the Boston data center. The solution must meet the hybrid networking requirements and business requirements. What type of ExpressRoute gateway should you recommend?
A. High Performance (ERGw2AZ)
B. Standard Performance (ERGw1AZ)
C. Ultra-Performance (ERGw3AZ)
Correct Answer: C
Scenario: The Boston data center must connect to the Azure virtual networks by using an ExpressRoute FastPath connection. To configure FastPath, the virtual network gateway must be either: Ultra-Performance ErGw3AZ https://docs.microsoft.com/en-us/azure/expressroute/about-fastpath#gateways
Question 4:
You need to recommend a configuration for the ExpressRoute connection from the Boston data center. The solution must meet the hybrid networking requirements and business requirements. What should you recommend for minimizing the latency of traffic to Vnet2?
A. Create a dedicated ExpressRoute circuit for Vnet2
B. Connect Vnet2 directly to the ExpressRoute circuit
C. Configure gateway transit for the peering between Vnet1 and Vnet2
Correct Answer: C
Scenario:
Health Engine wants to minimize costs whenever possible, as long as all other requirements are met.
The latency of the traffic between the Boston data center and all the virtual networks must be minimized. The Boston data center must connect to the Azure virtual networks by using an ExpressRoute FastPath connection.
Gateway transit allows you to share an ExpressRoute or VPN gateway with all peered VNets and lets you manage the connectivity in one place. Sharing enables cost-savings and reduction in management overhead.
https://azure.microsoft.com/en-us/blog/create-a-transit-vnet-using-vnet-peering/
Question 5:
Which three actions should you perform in sequence from the below list of actions?
1.
Create a health probe
2.
Create a public load balancer in the Standard SKU
3.
Create a public load balancer in the Basic SKU
4.
Create a backend pool that contains VMScaleSet1
5.
Create a NAT rule
6.
Create an outbound rule
A. 1,4,6
B. 3,4,5
C. 3,4,6
D. 2,4,6
E. 2,4,5
Correct Answer: D
Only standard SKU load balancer supports outbound connections.
The backend pool must be VMScaleSet1 since the requirement is to implement outbound connectivity for VMScaleSet1.
Outbound rules allow you to explicitly define SNAT(source network address translation) for a public standard load balancer.
https://docs.microsoft.com/en-us/azure/load-balancer/skus
https://docs.microsoft.com/en-us/azure/load-balancer/outbound-rules
Question 6:
You have a web app named App1 that is hosted in on-premises servers and on four Azure virtual machines (VMs).
Each Azure region has one virtual machine.
You need to recommend a solution to ensure that users will always connect to the closest instance of App1.
The solution must prevent the users from attempting to connect to a failed instance of App1.
Which two possible should your recommendation achieve the goal?
A. Azure Front Door Service
B. Azure Load Balancer
C. round-robin DNS
D. Azure Traffic Manager
E. Azure Application Gateway
Correct Answer: AD
Correct Answers:
Azure Front Door Service – Front Door is an application delivery network that provides global load balancing and site acceleration service for web applications. It offers Layer 7 capabilities for your application like SSL offload, path-based
routing, fast failover, caching, etc. to improve the performance and high availability of your applications.
Azure Traffic Manager – Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions while providing high availability and responsiveness.
https://docs.microsoft.com/en-au/azure/architecture/guide/technology-choices/load-balancing-overview
Wrong Answers:
Azure Load Balancer – It is a regional load-balancing solution.
round-robin DNS – Round-robin DNS is a load-balancing technique where the balancing is done by a type of DNS server called an authoritative nameserver, rather than using a dedicated piece of load-balancing hardware.
Azure Application Gateway – It is a regional load-balancing solution.
Question 7:
Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources:
A web app named webapp1
A virtual network named VNET1
You need to ensure that webapp1 can connect to Share1.
What should you deploy?
A. an Azure Application Gateway
B. an Azure Active Directory (Azure AD) Application Proxy
C. an Azure Virtual Network Gateway
Correct Answer: C
Correct Answer(s):
an Azure Virtual Network Gateway – A Site-to-Site VPN gateway connection can be used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a
VPN devise, a VPN gateway, located on-premises that has an externally facing public IP address assigned to it.
Wrong Answers:
an Azure Application Gateway — Azure Application Gateway is a web traffic load balancer. It does not provide connectivity to on-premises resources.
an Azure Active Directory (Azure AD) Application Proxy — Azure Active Directory\’s Application Proxy provides secure remote access to on-premises web applications. It does not provide connectivity to on-premises file shares.
Question 8:
You plan to deploy the following types of resources in a single Azure region:
Virtual machine
Azure App Service
Virtual Network gateway
Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks. You need to identify how many virtual networks and subnets are required for the solution.
The solution must minimize costs to transfer data between virtual networks.
What should you identify?
A. Virtual Networks: 1
B. Virtual Networks: 2
C. Virtual Networks: 3
D. Virtual Networks: 4
E. Subnets: 1
F. Subnets: 2
G. Subnets: 3
H. Subnets: 4
Correct Answer: AH
None of these resources has a requirement for a dedicated virtual network. So, you can deploy all these resources in a single virtual network.
Azure virtual machine must be deployed to a subnet. So, you need at least one subnet for virtual machine.
Azure app service is delegated to create resources in the virtual network. So you need to configure vNet integration for Azure app service. An integration subnet is required to integrate Azure App service with a virtual network.
You need a dedicated subnet called a gateway subnet for the virtual network gateway.
SQL Managed Instance is placed inside the Azure virtual network and the subnet that\’s dedicated to managed instances.
So, in total, you need a minimum of 4 subnets.
Question 9:
You have a web application that uses a hostname of www.healthengine.com
You have an Azure Front Door instance that provides access to the web application.
You have the routing rules shown in the following table.
Which rule will apply to www.healthengine.com/abc/def incoming requests?
A. RuleA
B. RuleB
C. RuleC
D. RuleD
Correct Answer: A
Correct Answer(s):
RuleA – When a request lands on a Front Door environment one of the first things that Front Door does is determine which particular routing rule to match the request to and then take the defined action in the configuration. It uses the below
logic.
Look for any routing rule with an exact match on the Path.
If no exact match Paths, look for routing rules with a wildcard Path that matches.
If no routing rules are found with a matching Path, then reject the request and return a 400: Bad Request error HTTP response.
The path defined in Rule A is an exact match.
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-route-matching
Wrong Answers:
RuleB The path defined in RuleB is not a match with the incoming request.
RuleC There is an exact match with RuleA. The path defined in RuleB is not an exact match with the incoming requests.
RuleD There is an exact match with RuleA. The path defined in RuleB is not an exact match with the incoming request.
Question 10:
You have a web application that uses a hostname of www.healthengine.com
You have an Azure Front Door instance that provides access to the web application.
You have the routing rules shown in the following table.
Which rule will apply to www.healthengine.com/default.htm incoming requests?
A. RuleA
B. RuleB
C. RuleC
D. RuleD
Correct Answer: C
Correct Answer(s):
RuleC – When a request lands on a Front Door environment one of the first things that Front Door does is determine which particular routing rule to match the request to and then take the defined action in the configuration. It uses the below
logic.
Look for any routing rule with an exact match on the Path.
If no exact match Paths, look for routing rules with a wildcard Path that matches.
If no routing rules are found with a matching Path, then reject the request and return a 400: Bad Request error HTTP response.
The path defined in RuleC is not an exact match, but it matches the wildcard path.
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-route-matching
Wrong Answers:
RuleA The path defined in RuleA is not a match with the incoming request.
RuleB The path defined in RuleA is not a match with the incoming request.
RuleD The path defined in RuleA is not a match with the incoming request.
Question 11:
You have a web application that uses a hostname of www.healthengine.com
You have an Azure Front Door instance that provides access to the web application.
You have the routing rules shown in the following table.
Which rule will apply to www.healthengine.com/abc/def/default.htm incoming request?
A. RuleA
B. RuleB
C. RuleC
D. RuleD
Correct Answer: D
Correct Answer(s):
RuleD – When a request lands on a Front Door environment one of the first things that Front Door does is determine which particular routing rule to match the request to and then take the defined action in the configuration. It uses the below logic.
4.
Look for any routing rule with an exact match on the Path.
5.
If no exact match Paths, look for routing rules with a wildcard Path that matches.
6.
If no routing rules are found with a matching Path, then reject the request and return a 400: Bad Request error HTTP response.
The path defined in RuleD is not an exact match, but it matches the wildcard path.
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-route-matching
Wrong Answers:
RuleA The path defined in RuleA is not a match with the incoming request.
RuleB The path defined in RuleA is not a match with the incoming request.
RuleC The path defined in RuleA is not a match with the incoming request.
Question 12:
You have an Azure Virtual Desktop deployment that has 500 session hosts.
All outbound traffic to the internet uses a NAT gateway.
Some users report that they cannot access internet resources during peak hours.
In Azure Monitor, you discover many failed SNAT connections.
You need to increase the available SNAT connections.
What should you do?
A. Bind the NAT gateway to another subnet.
B. Add a public IP address.
C. Deploy Azure Standard Load Balancer that has outbound rules.
Correct Answer: B
Correct Answer(s):
Add a public IP address – A single NAT gateway resource supports from 64,000 up to 1 million concurrent flows. Each IP address provides 64,000 SNAT ports to the available inventory. You can use up to 16 IP addresses per NAT gateway
resource.
Frequently the root cause of SNAT exhaustion is an anti-pattern for how outbound connectivity is established, managed, or configurable timers changed from their default values.
Steps
1.
Check if you have modified the default idle timeout to a value higher than 4 minutes.
2.
Investigate how your application is creating outbound connectivity (for example, code review or packet capture).
3.
Determine if this activity is expected behavior or whether the application is misbehaving. Use metrics in Azure Monitor to substantiate your findings. Use “Failed” category for SNAT Connections metric.
4.
Evaluate if appropriate patterns are followed.
5.
Evaluate if SNAT port exhaustion should be mitigated with additional IP addresses assigned to NAT gateway resource.
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/troubleshoot-nat#snat-exhaustion
Wrong Answers:
Binding the NAT gateway to another subnet is Not a valid solution to mitigate the issue.
Deploy Azure Standard Load Balancer that has outbound rules This replaces the need for outbound rules for backend pool outbound SNAT.
Question 13:
You have an Azure environment that contains two subscriptions named Subscription1 and Subscription2.
Each subscription is associated with a different Azure AD tenant.
Subscription1 contains a virtual network named VNet1.
VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.3.0/24.
Subscription2 contains a virtual network named VNet2.
Vnet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.190.0.0/24.
You need to connect VNet1 to VNet2.
What should you do first?
A. Modify the IP address space of VNet2
B. Provision virtual network gateways
C. Move VM1 to Subscription2
D. Move VNet1 to Subscription2
Correct Answer: B
Correct Answer(s):
Provision virtual network gateways – Virtual network gateway allows to the establishment of connectivity between two virtual networks. Virtual networks can be in different regions and from different subscriptions. When you connect VNets from different
subscriptions, the subscriptions don’t need to be associated with the same Active Directory tenant.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
Wrong Answers:
Modify the IP address space of VNet2 – IP addresses are not overlapping. So, modification to IP range is not required.
Move VM1 to Subscription2 – The requirement is to connect VNets. Moving a VM to a different VNet does not provide connectivity between VNets. Move VNet1 to Subscription2 – VNets are logical isolation of cloud resources. Moving VNet1 to
Subscription2 does not provide connectivity between VNets. Also, Subscription2 is in a different Azure AD tenant.
Question 14:
You have an Azure subscription that contains two virtual networks named VritualNetwork1 and VritualNetwork2.
You have a Windows 10 device that connects to VritualNetwork1 by using a Point-to-Site (P2S) IKEv2 VPN. You have implemented virtual network peering between VritualNetwork1 and VritualNetwork2.
VritualNetwork1 allows gateway transit. VritualNetwork2 can use the remote gateway. You discover that you cannot communicate with VritualNetwork2 from Windows 10 device. You need to ensure that you can communicate with
VritualNetwork2 from Windows 10 device.
To achieve the requirement, you reset the gateway of VritualNetwork1.
Did you achieve the requirement?
A. Yes
B. No
Correct Answer: B
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Question 15:
You have an Azure subscription that contains two virtual networks named VritualNetwork1 and VritualNetwork2.
You have a Windows 10 device that connects to VritualNetwork1 by using a Point-to-Site (P2S) IKEv2 VPN. You have implemented virtual network peering between VritualNetwork1 and VritualNetwork2.
VritualNetwork1 allows gateway transit. VritualNetwork2 can use the remote gateway. You discover that you cannot communicate with VritualNetwork2 from Windows 10 device. You need to ensure that you can communicate with
VritualNetwork2 from Windows 10 device.
To achieve the requirement, you enable BGP on the gateway of VritualNetwork1.
Did you achieve the requirement?
A. Yes
B. No
Correct Answer: B
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology. If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
Lead4Pass AZ-700 dumps share two study materials for free: you can download them online and practice exams online!
Now! Download the AZ-700 best practice solution! Use Lead4Pass AZ-700 dumps with PDF and VCE: https://www.leads4pass.com/az-700.html Contains 222 latest exam questions and answers to help you pass the exam 100%.