QUESTION NO: 1
You have an Azure Front Door instance named FrontDoor1.
You deploy two instances of an Azure web app to different Azure regions.
You plan to provide access to the web app through FrontDoor1 by using the name app1.contoso.com.
You need to ensure that FrontDoor1 is the entry point for requests that use app1.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure Front Door instance named FrontDoor1.
You deploy two instances of an Azure web app to different Azure regions.
You plan to provide access to the web app through FrontDoor1 by using the name app1.contoso.com.
You need to ensure that FrontDoor1 is the entry point for requests that use app1.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation:
QUESTION NO: 2
You have an Azure subscription that contains multiple virtual networks.
From Microsoft Defender for Cloud, you select Regulatory Compliance and view the following compliance controls:
* NS-2. Secure cloud services with network controls
* NS-8 Detect and disable insecure services and protocols
* NS-9. Connect on-premises or cloud network privately
You need to recommend remediations for the controls.
What should you include in the recommendation for each control? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains multiple virtual networks.
From Microsoft Defender for Cloud, you select Regulatory Compliance and view the following compliance controls:
* NS-2. Secure cloud services with network controls
* NS-8 Detect and disable insecure services and protocols
* NS-9. Connect on-premises or cloud network privately
You need to recommend remediations for the controls.
What should you include in the recommendation for each control? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
QUESTION NO: 3
You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.
The links have auto registration enabled.
You create the virtual machines shown in the following table.
You manually add the following entry to the contoso.com zone:
* Name: VM1
* IP address: 10.1.10.9
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.
The links have auto registration enabled.
You create the virtual machines shown in the following table.
You manually add the following entry to the contoso.com zone:
* Name: VM1
* IP address: 10.1.10.9
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: No
The manual DNS record will overwrite the auto-registered DNS record so VM1 will resolve to 10.1.10.9.
Box 2: No
The DNS record for VM1 is now a manually created record rather than an auto-registered record. Only auto- registered DNS records are deleted when a VM is deleted.
Box 3: No
This answer depends on how the IP address is changed. To change the IP address of a VM manually, you would need to select 'Static' as the IP address assignment. In this case, the DNS record will not be updated because only DHCP assigned IP addresses are auto-registered.
Reference:
https://docs.microsoft.com/en-us/az ure/dns/dns-faq-private
QUESTION NO: 4
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
Correct Answer: D
Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 5
You have an Azure subscription that contains the resources shown in the following table.
NSG1 is associated to the NIC of VM1 and contains the rules shown in the following table.
You collect NSG flow logs for five minutes for the following activities:
* Two RDP sessions from VM1 to VM2, each initiated from a different TCP port
* Three SSH sessions from VM2 to VM1, each initiated from a different TCP port You analyze the logs by using Traffic Analytics in Azure Network Watcher. How many aggregated flow entries will Traffic Analytics identify?
You have an Azure subscription that contains the resources shown in the following table.
NSG1 is associated to the NIC of VM1 and contains the rules shown in the following table.
You collect NSG flow logs for five minutes for the following activities:
* Two RDP sessions from VM1 to VM2, each initiated from a different TCP port
* Three SSH sessions from VM2 to VM1, each initiated from a different TCP port You analyze the logs by using Traffic Analytics in Azure Network Watcher. How many aggregated flow entries will Traffic Analytics identify?
Correct Answer: C
Vote an answer
QUESTION NO: 6
Your on-premises network contains a DNS server named Server 1.
You have an Azure subscription that contains the resources shown in the following table.
The on-premises network is connected to VNet1 by using a Site-to-Site (S2S) VPN.
You need to ensure that Server1 can resolve the DNS name of storage1. The solution must minimize costs and administrative effort.
What should you use?
Your on-premises network contains a DNS server named Server 1.
You have an Azure subscription that contains the resources shown in the following table.
The on-premises network is connected to VNet1 by using a Site-to-Site (S2S) VPN.
You need to ensure that Server1 can resolve the DNS name of storage1. The solution must minimize costs and administrative effort.
What should you use?
Correct Answer: B
Vote an answer
QUESTION NO: 7
You have an Azure virtual network that contains the subnets shown in the following table.
You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall.
You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com.
What should you do?
You have an Azure virtual network that contains the subnets shown in the following table.
You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall.
You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com.
What should you do?
Correct Answer: C
Vote an answer
QUESTION NO: 8
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)
You have the Azure firewall shown in the Firewall 1 exhibit. (Click the Firewall tab.)
You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)
You have the Azure firewall shown in the Firewall 1 exhibit. (Click the Firewall tab.)
You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
QUESTION NO: 9
Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20.
Vnet1 contains a subnet named Subnet1 that uses an IP address space of 192.168.0.0/24.
You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48.
You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20.
Vnet1 contains a subnet named Subnet1 that uses an IP address space of 192.168.0.0/24.
You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48.
You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virt ual-network/ipv6-overview
https://docs.microsoft.com/en-us/azure/virtual-network/ipv6-add-to-existing-v net-powershell
1) Correct: /64
Explanation: The subnets for IPv6 must be exactly /64 in size. This ensures future compatibility should you decide to enable routing of the subnet to an on-premises network since some routers can only accept /64 IPv6 routes.
Source: https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/ipv6-overview
2) Correct: Public IPv6 Address
Explanation: Add IPv6 configuration to NIC. " Configure all of the VM NICs with an IPv6 address using Add- AzNetworkInterfaceIpConfig " Source: https://docs.microsoft.com/en-us/az ure/load- balancer/ipv6-add-to-existing-vn et-powershell
QUESTION NO: 10
You have an Azure subscription. The subscription contains virtual machines that host websites as shown in the following table.
You have the Azure Traffic Manager profiles shown in the following table.
You have the endpoints shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise select No.
NOTE: Each connect selection is worth one point.
You have an Azure subscription. The subscription contains virtual machines that host websites as shown in the following table.
You have the Azure Traffic Manager profiles shown in the following table.
You have the endpoints shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise select No.
NOTE: Each connect selection is worth one point.
Correct Answer:
Explanation:
QUESTION NO: 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have on Azure subscription that contains on Azure Virtual WAN named VWAN1.VWAN1 contains a hub named Hub1.
Hub! has a security status of Unsecured.
You need to ensure that the security status of Hub1 is marked as Secured.
Solution: You implement Azure Firewall.
Does this meet the requirement?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have on Azure subscription that contains on Azure Virtual WAN named VWAN1.VWAN1 contains a hub named Hub1.
Hub! has a security status of Unsecured.
You need to ensure that the security status of Hub1 is marked as Secured.
Solution: You implement Azure Firewall.
Does this meet the requirement?
Correct Answer: B
Vote an answer
QUESTION NO: 12
You have an Azure Front Door instance named FD1 that is protected by using Azure Web Application Firewall (WAF).
FD1 uses a frontend host named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region.
You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States.
What should you include in the WAF policy?
You have an Azure Front Door instance named FD1 that is protected by using Azure Web Application Firewall (WAF).
FD1 uses a frontend host named app1.contoso.com to provide access to Azure web apps hosted in the East US Azure region and the West US Azure region.
You need to configure FD1 to block requests to app1.contoso.com from all countries other than the United States.
What should you include in the WAF policy?
Correct Answer: B
Vote an answer
QUESTION NO: 13
You have a computer named CLIENT! that runs Windows 11 and has the Azure VPN Client installed.
You have an Azure virtual network gateway named VPNGW1.
You need to ensure that you can connect CLIENT1 to VPNGW1. The solution must support Microsoft Entra authentication.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have a computer named CLIENT! that runs Windows 11 and has the Azure VPN Client installed.
You have an Azure virtual network gateway named VPNGW1.
You need to ensure that you can connect CLIENT1 to VPNGW1. The solution must support Microsoft Entra authentication.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation:
