Updated AZ-700 Exam Dumps V14.02 – Choose the Most Updated Version to Prepare For Your Microsoft AZ-700 Exam

1. Topic 1, Litware. Inc Case Study 1

Overview

Litware. Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.

Existing Environment:

Hybrid Environment

The on-prernises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by usinq Azure AD Connect.

All the offices connect to a virtual network named Vnetl by using a Site-to-Site VPN connection.

Azure Environment

Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant.

Sub1 contains resources in the East US Azure region as shown in the following table.

There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.

Requirements:

Business Requirements

Litware wants to minimize costs whenever possible, as long as all other requirements are met.

Virtual Networking Requirements

Litware identifies the following virtual networking requirements:

* Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an ExpressRoute circuit.

* Ensure that the records in the cloud.litwareinc.com zone can be resolved from the on-premises locations.

* Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.

* Minimize the size of the subnets allocated to platform-managed services.

* Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.

Hybrid Networking Requirements

Litware identifies the following hybrid networking requirements:

* Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be authenticated by Azure AD.

* Latency of the traffic between the Boston datacenter and all the virtual networks must be minimized.

* The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute FastPath connection.

* Traffic between Vnet2 and Vnet3 must be routed through Vnet1.

PaaS Networking Requirements

Litware identifies the following networking requirements for platform as a service (PaaS):

* The storage1 account must be accessible from all on-premises locations without exposing the public endpoint of storage1.

* The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public endpoint of storage2.

DRAG DROP

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

2. HOTSPOT

You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

3. HOTSPOT

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

5. DRAG DROP

You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.

Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

6. You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.

What should you include in the solution?

7. HOTSPOT

You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

8. You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

9. HOTSPOT

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.

What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

10. You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

11. Topic 2, Contoso Case Study 2

Overview

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Existing Environment:

Azure Network Infrastructure

Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.

Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.

The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.

Zone1.contoso.com has the virtual network links shown in the following table.

Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.

Requirements:

Virtual Network Requirements

Contoso has the following virtual networks requirements:

* Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:

Two container groups that connect to Vnet6

Three virtual machines that connect to Vnet6

Allow VPN connections to be established to Vnet6

Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network

* The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.

* A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

* Configure Azure Active Directory (Azure AD) authentication for Point-to-Site (P2S) VPN users.

* Enable NSG flow logs for NSG3 and NSG4.

* Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.

* Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.

CORRECT TEXT

You are implementing the Virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

12. HOTSPOT

You need to meet the network security requirements for the NSG flow logs.

Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

13. HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

14. HOTSPOT

You create NSG10 and NSG11 to meet the network security requirements.

For each of the following statements, select Yes it the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

15. HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

16. What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

17. You need to configure GW1 to meet the network security requirements for the P2S VPN users.

Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

18. HOTSPOT

In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

19. HOTSPOT

You are implementing the virtual network requirements for VM Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

20. HOTSPOT

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

21. Topic 3, Mix Questions

You have a website that uses an FQDN of www.contoso.com. The DNS record tor www.contoso.com resolves to an on-premises web server.

You plan to migrate the website to an Azure web app named Web1. The website on Web1 will be published by using an Azure Front Door instance named ContosoFD1.

You build the website on Web1.

You plan to configure ContosoFD1 to publish the website for testing.

When you attempt to configure a custom domain for www.contoso.com on ContosoFD1, you receive the error message shown in the exhibit.

You need to test the website and ContosoFD1 without affecting user access to the on-premises web server.

Which record should you create in the contoso.com DNS domain?

22. You have an Azure subscription that contains the resources shown in the following table.

Gateway1 provides access to App1 by using a URL of http://app1.contoso.com.

You create a new web app named App2.

You need to configure Gateway1 to enable minimize administrative effort.

What should you configure on Gateway1?

23. DRAG DROP

You have two Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.

You are implementing peering between Hub1 and Spoke1.

You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.

How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

24. You have an Azure application gateway named AppGW1 that balances requests to a web app named App1.

You need to modify the server variables in the response header of App1.

What should you configure on AppGW1?

25. You have an Azure subscription that contains the Azure app service web apps show in the following table:

You need to deploy Azure Traffic Manager.

The solution must meet the following requirements:

• Traffic to https//www.fabrikam.commust be directed to App1eu.

• If App1eu becomes unresponsive, all the traffic tohttps://www.fabrikam.commust be directed to App1us. You need to implement Traffic Manager to meet the requirements.

Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

26. Your company has offices in Montreal. Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address.

You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy! that has a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that originates from the office in Montreal.

You need to apply a rate limit of 100 requests for traffic that originates from each office.

What should you do?

27. HOTSPOT

You have an Azure application gateway named AppGw1.

You need to create a rewrite rule for AppGw1. The solution must rewrite the URL of requests from https://www.contoso.com/fashion/shirts to ttps://www.contoso.com/buy.aspx?category-fashion&product=shirts.

How should you complete the rule? To answer NOTE: Each correct selection is worth one point appropriate options in the answer area.

28. You have an Azure virtual network that contains the subnets shown in the following table.

You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall.

You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com.

What should you do?

29. You have the Azure load balancer shown in the Load Balancer exhibit.

LB2 has the backend pools shown in the Backend Pools exhibit.

You need to ensure that LB2 distributes traffic to all the members of VMSS1.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

30. Your company has offices in and Amsterdam. The company has an Azure subscription.

Both offices connect to Azure by using a Site-to-Site VPN connection.

The office in Amsterdam uses resources in the North Europe Azure region. The office in New York uses resources in the East US Azure region.

You need to implement ExpressRoute circuits to connect each office to the nearest Azure region. Once the ExpressRoute circuits are connected, the on-premises computers in the Amsterdam office must be able to connect to the on-premises servers in the New York office by using the ExpressRoute circuits.

Which ExpressRoute option should you use?

31. Your company has five offices. Each office has a firewall device and a local internet connection. The offices connect to a third-party SD-WAN.

You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains a virtual network gateway named Gateway1. Each office connects to Gateway1 by using a Site-to-Site VPN connection.

You need to replace the third-party SD-WAN with an Azure Virtual WAN.

What should you include in the solution?

32. HOTSPOT

You have on-premises datacenters in New York and Seattle.

You have an Azure subscription that contains the ExpressRoute circuits shown in the following table.

You need to ensure that all the data sent between the datacenters is routed via the ExoressRoute circuits. The solution must minimize costs.

33. Your company has an office in New York.

The company has an Azure subscription that contains the virtual networks shown in the following table.

You need to connect the virtual networks to the office by using ExpressRoute.

The solution must meet the following requirements:

• The connection must have up to 1 Gbps of bandwidth.

• The office must have access to all the virtual networks.

• Costs must be minimized.

How many ExpressRoute circuits should be provisioned, and which ExpressRoute 5KU should you enable?

34. You have the Azure virtual networks shown in the following table.

You deploy Azure Firewall to Vnet3.

You need to ensure that the traffic from Subnet1-1 to Subnet2-1 passes through the firewall.

What should you configure?

35. You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines.

You need to recommend which subnet mask size to use for the virtual subnets.

What should you recommend?

36. You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks.

You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub.

You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution.

What should you include in the solution?

37. You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.

Users will authenticate by using an on premises Active Directory domain.

Which additional service should you deploy to support the VPN authentication?

38. Azure virtual networks in the East US Azure region as shown in the following table.

The virtual networks are peered to one another. Each virtual network contains four subnets.

You plan to deploy a virtual machine named VM1 that will inspect and route traffic between all the subnets on both the virtual networks.

What is the minimum number of IP addresses that you must assign to VM1?

39. You have the Azure environment shown in the exhibit.

VM1 is a virtual machine that has an instance-level public IP address (ILPIP).

Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.

NAT Gateway uses a public IP address named IP3 that is associated to Subnet A.

VNet1 has a virtual network gateway that has a public IP address named IP4.

When initiating outbound traffic to the internet from VM1, which public address is used?

40. HOTSPOT

Your on-premises network contains a VPN device.

You have an Azure subscription that contains a virtual network and a virtual network gateway.

You need to create a Site-to-Site VPN connection that has a custom cryptographic policy.

How should you complete the PowerShell script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

41. HOTSPOT

You have an Azure firewall shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

42. DRAG DROP

You have an Azure Front Door instance named FrontDoor1.

You deploy two instances of an Azure web app to different Azure regions.

You plan to provide access to the web app through FrontDoor1 by using the name app1.contoso.com.

You need to ensure that FrontDoor1 is the entry point for requests that use app1.contoso.com.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

43. HOTSPOT

Your company has 40 branch offices across North America and Europe. You have an

Azure subscription that contains the following virtual networks:

• Two networks in the East US Azure region

• Three networks in the West Europe Azure region

You need to implement Azure Virtual WAN. The solution must meet the following requirements:

• Each branch office in North America must have an ExpressRoute circuit and a Site-to-Site VPN that connects to the East US region.

• Each branch office in Europe must have an ExpressRoute circuit and a Site-to-Site VPN that connects to the West Europe region.

• Transitive connections must be supported between all the branch offices and all the virtual networks.

• Costs must be minimized.

What is the minimum number of Virtual WAN resources required? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

44. HOTSPOT

You have an Azure subscription that contains an app named Appl. App1 is hosted on the Azure App Service instances shown in the following table.

You need to implement Azure Traffic Manager to meet the following requirements:

• App1 traffic must be assigned equally to each App Service instance in each Azure region.

• App1 traffic from North Europe must be routed to the Appl instances in the North Europe region.

• App1 traffic from North America must be routed to the Appl instances in the East US Azure region.

45. DRAG DROP

You have three on-premises sites. Each site has a third-party VPN device.

You have an Azure virtual WAN named VWAN1 that has a hub named Hub1. Hub1 connects two of the three on-premises sites by using a Site-to-Site VPN connection.

You need to connect the third site to the other two sites by using Hub1.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

46. You have two Azure virtual networks named Vnet1 and Vnet2.

You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit Vnet2 can use the. You discover that Client1 cannot communicate with Vnet2.

You need to ensure that Client1 can communication with Vnet2.

Solution: You resize the gateway of Vnet1 to a larger SKU.

Does this meet the goal?

47. You have an Azure subscription that contains the virtual networks shown in the following table.

You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.

To which virtual networks can you deploy AF1?

48. You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.

Which two Azure resources should you configure? Each correct answer presents a part of the solution. NOTE: Each correct selection is worth one point. (Choose two.)

49. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

The virtual network topology is shown in the following exhibit.

Firewall1 is configured as shown in following exhibit.

FirewallPolicy1 contains the following rules:

• Allow outbound traffic from Vnet1 and Vnet2 to the internet.

• Allow any traffic between Vnet1 and Vnet2.

No custom private endpoints. service endpoints. routing tables, or network security groups (NSGs) were created.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

50. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You add a rewrite rule for the host header.

Does this meet the goal?

51. You have an Azure subscription that contains the resources shown in the following table.

Subshell contains Three virtual machines that host an app named App1. App1 is accessed by using the SFTP protocol.

From NSG1. you configure an inbound security rule named Rule2 that allows inbound SFTP connections to ASG1.

You need to ensure that the inbound SFTP connections are managed by using ASG1. The solution must minimize administrative effort.

What should you do?

52. HOTSPOT

You are planning an Azure Front Door deployment that will contain the resources shown in the following table.

Users will connect to the App Service through Front Door by using a URL of https://www.fabrikarn.com. You obtain a certificate for the host name ofwww.fabfikam.com.

You need to configure a DNS record for www.fabrikam.com and upload the certificate to Azure.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

53. HOTSPOT

You plan to deploy Azure Virtual WAN.

You need to deploy a virtual WAN hub that meets the following requirements:

✑ Supports 10 sites that will connect to the virtual WAN hub by using a Site-to-Site VPN connection

✑ Supports 8 Gbps of ExpressRoute traffic

✑ Minimizes costs

What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

54. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24.

Does this meet the goal?

55. Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New York.

The company only has Azure resources in the East US region.

You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.

Which type of ExpressRoute circuits should you create?