Loading questions...
Loading questions...
Preview
Updated
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
You have three on-premises networks.
You have an Azure subscription that contains a Basic Azure virtual WAN. The virtual WAN contains a single virtual hub and a virtual network gateway that is limited to a throughput of 1 Gbps.
The on-premises networks connect to the virtual WAN by using Site-to-Site (S2S) VPN connections.
You need to increase the throughput of the virtual WAN to 3 Gbps. The solution must minimize administrative effort.
What should you do?
You have an on-premises network.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway.
You need to connect VNet1 to the on-premises network by using an ExpressRoute circuit.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription.
You plan to use Azure Virtual WAN.
You need to deploy a virtual WAN hub that meets the following requirements:
• Supports 4 Gbps of Site-to-Site (S2S) VPN traffic
• Supports 8 Gbps of ExpressRoute traffic
• Minimizes costs
How many scale units should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks.
You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub.
You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution.
What should you include in the solution?
You have the Azure resources shown in the following table.
You need to link VNet2 to Circuit1.
What should you create in each subscription? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1.
You deploy several web apps and configure the apps to use private endpoints on VNet1.
You need to identify which DNS records the web apps registered automatically.
Where will the records be created?
You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines.
You need to recommend which subnet mask size to use for the virtual subnets.
What should you recommend?
You have an Azure subscription that contain a storage account named st1 in the East US Azure region.
You have the virtual networks shown in the following table.
You have the subnets shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1.
You deploy an instance of Azure Application Gateway v2 named AppGw1 to Subnet1. You create a network security group (NSG) named NSG1 and link NSG1 to Subnet1.
You need to ensure that AppGw1 will only load balance traffic that originates from VNet1. The solution must minimize the impact on the functionality of AppGw1.
What should you add to NSG1?
You have the Azure virtual networks shown in the following table.
You deploy Azure Firewall to Vnet3.
You need to ensure that the traffic from Subnet1-1 to Subnet2-1 passes through the firewall.
What should you configure?
You have two on-premises datacenters.
You have an Azure subscription that contains four virtual networks named VNet1, VNet2, VNet3, and VNet4.
You create an Azure virtual WAN named VWAN1. VWAN1 contains a single virtual hub that is connected to both on-premises datacenters and all the virtual networks in a full mesh topology.
You create a route table named RT1.
You need to configure VWAN1 to meet the following requirements:
• Connectivity between VNet1 and VNet2 and both on-premises datacenters must be allowed.
• Connectivity between VNet3 and VNet4 and both on-premises datacenters must be allowed.
• VNet1 and VNet2 must be isolated from VNet3 and VNet4.
How should you configure routing for VNet1 and VNet2 and for both on-premises datacenters? To answer, drag the appropriate route tables and route table propagation to the correct requirements. Each route table and route table propagation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
HOTSPOT -
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
You create a load balancer named LB1 that has the following configurations:
• SKU: Basic
• Type: Internal
• Subnet: Subnet12
• Virtual network: VNet1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure Private Link service named PL1 that uses an Azure load balancer named LB1.
You need to ensure that PL1 can support a higher volume of outbound traffic.
What should you do?
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
You need to ensure that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contosoazure. The solution must ensure that the virtual machines on VNET1 and VNET2 can resolve the names of the virtual machines on either virtual network.
To complete this task, sign in to the Azure portal.
Your on-premises network contains a DNS server named Server1.
You have an Azure subscription that contains the resources shown in the following table.
The on-premises network is connected to VNet1 by using a Site-to-Site (S2S) VPN.
You need to ensure that Server1 can resolve the DNS name of storage1. The solution must minimize costs and administrative effort.
What should you use?
DRAG DROP -
You have an Azure subscription that contains the resources shown in the following table.
You discover that users connect directly to App1.
You need to meet the following requirements:
• Administrators must only access App1 by using a private endpoint.
• All user connections to App1 must be routed through FD1.
• The downtime of connections to App1 must be minimized.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines.
You need to recommend a load balancing solution for the virtual network. The solution must meet the following requirements:
• The virtual machines and the load balancer must be accessible only from the virtual network.
• Costs must be minimized.
What should you include in the recommendation?
You have an Azure subscription. The subscription contains an Azure application gateway that has the following configurations:
• Name: AppGW1
• Tier: Standard V2
• Autoscaling: Disabled
You create an Azure AD user named User1.
You need to ensure that User1 can change the tier of AppGW1. The solution must use the principle of least privilege.
Which role should you assign to User1, and to which tiers can AppGW1 be changed? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have the Azure firewall shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
To complete this task, sign in to the Azure portal.
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
You need to ensure that connections to the storage12345678 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage12345678.privatelink.blob.core.windows.net.
To complete this task, sign in to the Azure portal.
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com.
The Azure subscription contains the virtual networks shown in the following table.
Vnet1 contains a virtual network gateway named GW1.
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
The Azure subscription contains the Azure private DNS zones shown in the following table.
Zone1.contoso.com has the virtual network links shown in the following table.
The Azure subscription contains additional resources as shown in the following table.
Contoso has the following virtual network requirements:
• Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
o Two container groups that connect to Vnet6
o Three virtual machines that connect to Vnet6
o Allow VPN connections to be established to Vnet6
o Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network.
• The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
• A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.
Contoso has the following network security requirements:
• Configure Azure Active Directory (Azure AD) authentication for Point-to-Site (P2S) VPN users.
• Enable NSG flow logs for NSG3 and NSG4.
• Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.
• Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are planning the IP addressing for the subnets in Azure virtual networks.
Which type of resource requires IP addresses in the subnets?
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.
To complete this task, sign in to the Azure portal.
You have an Azure subscription that contains a virtual network named VNet1. VNet1 has a subnet mask of/24.
You plan to implement an Azure application gateway that will have the following configurations:
• Public endpoints: 1
• Private endpoints: 1
• Minimum instances: 1
• Maximum instances: 10
You need to configure the address space for the subnet of the application gateway. The solution must minimize the number of IP addresses allocated to the application gateway subnet.
What is the minimum number of assignable IP addresses required?
