You need to plan the deployment of LBGW1. The solution must support the planned changes.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?
You ate configuring the DNS forwarding luleset for DNSR1
You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.
Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.
What should you do first?
You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?
You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements
What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to configure the P2S VPN to meet the connectivity requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?
You need to configure a custom rule for APPGWI-WAFPolicy to allow only connections that originate from FD1. The solution must support the planned changes.
Which Match type and Match variable should you select?
You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have two Azure subscriptions named Subscnption1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2.
You have the NAT gateway shown in the NATgateway1 exhibit.
You have the virtual machine shown in the VM1 exhibit.
Subnet1 is configured as shown in the Subnet1 exhibit.
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual machine scale set named VMSS1 and a public standard Azure load balancer named LB1. VMSS1 contains eight virtual machines that have private IP addresses only VMSS1 is configured as a backend pool of LB1. LB1 has two frontend IP addresses and one outbound rule that provides internet connectivity to VMSS1.
What is the maximum number of ports available to the virtual machines in VMSS1. and what should you change to increase the maximum number of SNAT ports available to VMSS1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1.
You plan to add a private endpoint to Subnet1.
You need to ensure that you can route traffic between the private endpoint and the Azure Private Link service by using a user-defined route.
What should you do first on Subnet1?
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources:
* An Azure App Service app named App1
* An Azure DNS zone named contoso.com
* An Azure private DNS zone named private.contoso.com
* A virtual network named Vnet1
You create a private endpoint for App1. The record for the endpoint is registered automatically in Azure DNS.
You need to provide a developer with the name that is registered in Azure DNS for the private endpoint.
What should you provide?
You have an instance of Azure Web Application Firewall (WAF) on Azure Front Door.
You plan to create a WAF rule that will block high rates of requests from a single IP address.
You need to query Log Analytics to identify the optimal threshold for the rule.
Which table should you query in Log Analytics?
You have an Azure subscription that contains a virtual network named Vnetl. Vnetl has a /24 IPv4 address space.
You need to subdivide Vnet1. The solution must maxim ize the number of usable subnets.
What is the maximum number of IPv4 subnets you can create, and how many usable IP addresses will be available per subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have two Azure virtual networks named VNet1 and VNet2 that are peered with each other. VNet1 hosts 10 virtual machines that contain web servers. VNet2 hosts five virtual machines that contain database servers.
You need to configure a security solution that meets the following requirements:
• Ensures that the database servers can accept connections only from the web servers
• Ensures that the web servers can initiate connections only to the database servers
• Ensures that all network security groups (NSGs) are associated only with subnets
• Use application security groups to implement the solution
What is the minimum number of application security groups required?
You have the Azure Traffic Manager profiles shown in the following table.
You plan to add the endpoints shown in the following table.
Which endpoints can you add to Profile2?
You have an Azure subscription that is linked to a Microsoft Entra tenant.
The subscription contains a virtual network named VNet1, a storage account named storage1, an Azure App Service web app named Appl. and an Azure SQL database named DB1. VNet1 contains two subnets named Subnet1 and Subnet2. Subnet 1 and Subnet2 each has a subnet mask of 255.255.255.224.
You plan to perform the following actions:
• On Subnet1. configure a service endpoint to connect to storage1 and a service endpoint to connect to the Microsoft Entra tenant.
• On Subnet2. configure a private endpoint to connect to App1 and a private endpoint to connect to DB1
How many IP addresses will be available on each subnet once the planned actions are complete? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
Task 1
You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.
You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.
You have an on-premises datacenter named DC1 that contains two routers
You have an Azure subscription. The subscription contains a virtual network named VNet1 and a zone-redundant ExpressRoute virtual network gateway named GW1 that uses the ErGw3Az SKU. GW1 is attached to VNet1.
DO is connected to VNet1 by using an ExpressRoute Standard circuit named Circuits The DC1 routers are configured as endpoints for Circuit1. Circuit1 traffic traverses two physical links.
During a link outage, the connection takes three minutes to fail over
You need to ensure that failovers between the links take less than one second
What should you do?
You have an Azure subscription. The subscription contains an Azure application gateway that has the following configurations:
• Name: AppGW1
• Tier Standard V2
• Autoscaling: Disabled
You create a user named User1.
You need to ensure that User1 can change the tier of AppGW1. The solution must use the principle of least privilege.
Which role should you assign to User1. and to which tiers can AppGW1 be changed? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 has a subnet mask of /24. You plan to implement an Azure application gateway that will have the following configurations:
• Public endpoints: 1
• Private endpoints: 1
• Minimum instances: 1
• Maximum instances: 10
You need to configure the address space for the subnet of the application gateway. The solution must minimize the number of IP addresses allocated to the application gateway subnet.
What is the minimum number of assignable IP addresses required?
You have two Azure subscriptions named Sub1 and Sub2. Each subscription is linked to a separate Microsoft Entra tenant. Sub1 contains a virtual machine scale set that hosts an app named App1. Sub2 contains a virtual network named VNetV
You need to connect VNet1 to App1 by using an Azure Private Link service.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that contains the resources shown in the following table.
You need to control access to storage1 by using NSG1 What should you configure first?
You have an Azure virtual network and an on-premises datacenter that connect by using a Site-to-Site VPN tunnel.
You need to ensure that all traffic from the virtual network to the internet is routed through the datacenter.
How should you complete the PowerShell script to configure forced tunneling? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Task 6
You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com.
You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de contoso.com. All other traffic must be routed to ny.contoso.com.
Task 2
You need to create an Azure Firewall instance named FW1 that meets the following requirements:
• Has an IP address from the address range of 10.1.255.0/24
• Uses a new Premium firewall policy named FW-pohcy1
• Routes traffic directly to the internet
Task 1
You need to ensure that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure. The solution must ensure that the virtual machines on VNET1 and VNET2 can resolve the names of the virtual machines on either virtual network.
You have an Azure subscription that contains the resources shown in the following table.
You create a service endpoint policy that has the following settings:
• Associated subnets: Subnet 1
• Service: Microsoft.Storage
• Scope: Single account
• Resource: storage1
Which resources can VM1 access?
You have an Azure subscription.
You need to deploy an App Service web app named App1 that will use an Azure application gateway. The estimated usage for App1 is 250,000 persistent connections.
What is the minimum number of app instances you should configure?
Your company has an Azure subscription that contains a virtual network named VNet1 and an Azure VPN gateway named vGW1. The company has 50 users that have Windows 11 devices.
You need to ensure that the users can access the resources on VNet1. The solution must meet the following requirements:
• Ensure that the users can establish Point-to-Site (P2S) VPN connections to vGW1.
• Ensure that the users can authenticate by using only their Microsoft Entra credentials
Which type of tunnel should you configure, and which VPN client should you configure on the users ' devices? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
Policy1 has the following settings:
• Service: Microsoft.Storage
• Allowed Resources: storage1
Subnet1 has the following settings:
• Name: Subnet1
• Subnet address range: 10.0.0.0/24
• NAT gateway: None
• Network security group: None
• Route table: None
• Service Endpoints
o Services: 0 selected
• Subnet Delegation
o Delegate subnet to a service: None
For each of the following statements, select yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains 20 virtual machines and a virtual network named VNetl.
You plan to provide access to the virtual machines by using Azure Bastion.
You need to configure a subnet for Azure Bastion. The solution must minimize the number of IP addresses required for the subnet
How should you configure the subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an Azure Front Door named FD1.
You plan to deploy an app named App1 by using Azure App Service. Users will access App1 by using FD1.
You need to provide FD1 with access to Appl. The solution must meet the following requirements:
• Ensure that users can only access App1 by using FD1.
• Ensure that users cannot access App1 directly from the internet.
What should you create for App1?
Task 10
You plan to deploy several virtual machines to subnet1-2.
You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
Task 5
You need to ensure that requests for wwwjelecloud.com from any of your Azure virtual networks resolve to frontdoor1.azurefd.net.
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to i mplement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use?
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution mus t meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Ite rule for the 
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type s hould you select in the Point-to-site configuration settings of GW1?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Copyright © 2021-2026 CertsTopics. All Rights Reserved
