Exact2Pass
Task 6
You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
Task 1
You need to ensure that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure. The solution must ensure that the virtual machines on VNET1 and VNET2 can resolve the names of the virtual machines on either virtual network.
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?
You plan to implement an Azure Virtual WAN named VWAN1 that will contain a hub named Hub1. VWAN1 will include the virtual networks shown in the following table.
You need to ensure that hosts connected to VNet1 can communicate with hosts connected to VNet3.
How should you configure the routing tables for VWAN1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network named Vnet1 and an on-premises network.
The on-premises network has policy-based VPN devices. In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.
You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.
You need to ensure that the on-premises network can connect to the route-based GW1. What should you do before you create the connection?
You have two on-premises datacenters.
You have an Azure subscription that contains four virtual networks named VNet1 VNet2, VNet3, and VNet4
You create an Azure virtual WAN named VWAN1. VWAN1 contains a single virtual hub that is connected to both on-premises datacenters and all the virtual networks in a full mesh topology.
You create a route table named RT1.
You need to configure VWAN1 to meet the following requirements:
• Connectivity between VNet1 and VNet2 and both on-premises datacenters must be allowed.
• Connectivity between VNet3 and VNet4 and both on-premises datacenters must be allowed.
• VNet1 and VNet2 must be isolated from VNet3 and VNet4.
How should you configure routing for VNet1 and VNet2 and for both on-premises datacenters? To answer, drag the appropriate route tables and route table propagation to the correct requirements. Each route table and route table propagation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have two Azure subscriptions.
You need to perform the following actions in the East US Azure region of each subscription:
• Deploy 50 virtual machines to availability zone 1.
• Deploy 50 virtual machines to availability zone 2.
• Deploy 50 virtual machines to availability zone 3.
What is the minimum number of virtual networks and /25 subnets you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the virtual machines shown in the following table.
VNet1 and VNet2 are NOT connected to each other.
You need to block traffic from SQL Server 2019 to IIS by using application security groups. The solution must minimize administrative effort.
How should you configure the application security groups? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an on-premises network.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that on-premises devices can communicate with Azure resources that are connected to Subnet4.
What should you do on each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
ION NO: 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24.
Does this meet the goal?
You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance.
You need to configure the policy to meet the following requirements:
Log all connections from Australia.
Deny all connections from New Zealand.
Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute.
What is the minimum number of objects you should create?
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the public IPv4 addresses shown in the following table.
You plan to create a load balancer named LB1 that will have the following settings:
* Name: LB1
* Location: West US
* Type: Public
* SKU: Standard
Which public IPv4 addresses can be used by LB1?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway.
Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Your company has five offices. Each office has a firewall device and a local internet connection. The offices connect to a third-party SD-WAN.
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains a virtual network gateway named Gateway1. Each office connects to Gateway1 by using a Site-to-Site VPN connection.
You need to replace the third-party SD-WAN with an Azure Virtual WAN. What should you include in the solution?
You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines.
You need to recommend a load balancing solution for the virtual network. The solution must meet the following requirements:
• The virtual machines and the load balancer must be accessible only from the virtual network.
• Costs must be minimized.
What should you include in the recommendation?
You have an Azure subscription that contains the resources shown in the following table.
The virtual network topology is shown in the following exhibit.
Firewall1 is configured as shown in following exhibit.
FirewallPolicy1 contains the following rules:
• Allow outbound traffic from Vnet1 and Vnet2 to the internet.
• Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints. service endpoints. routing tables, or network security groups (NSGs) were created. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an app named Appl. App1 is hosted on the Azure App Service instances shown in the following table.
You need to implement Azure Traffic Manager to meet the following requirements:
• App1 traffic must be assigned equally to each App Service instance in each Azure region.
• App1 traffic from North Europe must be routed to the Appl instances in the North Europe region.
• App1 traffic from North America must be routed to the Appl instances in the East US Azure region.
You have an Azure subscription that contains six Azure App Service apps. The apps have an identical configuration and are deployed across multiple Azure regions.
You plan to deploy Azure Front Door to load balance traffic across the apps.
You need to ensure that the round robin load-balancing algorithm will send traffic only to a limited number App Service apps based on their proximity to a user. The solution must minimize administrative effort.
What should you modify, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the virtual networks.shown in the following table.
You have a virtual machine named VM5 that has the following IP address configurations:
• IP address: 10.4.0.5
• Subnet mask:255.255.255.0
• Default gateway:10.4.0.1
• DNSserver:168.63.129.16
You have an Azure Private DNS zone named, fabrikam.com that contains the records shown in, the following table.
The virtual network links in the fabrikam.com DNS /one are configured as shown in the exhibit. (Click the Exhibit tab.)
VMS fails to resolve the IP address for.appKfabrik3in.com.
For each of the following statements, select Yes if, the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have art Azure subscription that contains the resources shown in the following table.
You need to restrict access to storage1 and sqI1 by using service endpoints. The solution must meet the following requirements:
• Allow access from Subnet1 to SQIDB1
• Implement service endpoint policies to restrict access to supported resources.
• Allow access from Subnet1 to storage1 and the read-only replica of storage1 in the paired Azure region.
What is the minimum number of service endpoints and service endpoint policies you should create? To answer, select the appropriate options m the answer area.
NOTE: Each correct selection is worth one point.
Task 9
You plan to use VNET4 for an Azure API Management implementation.
You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.
Task 7
You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.
You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.
Task 8
You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1
ESTION NO: 1
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use?
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements
What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You ate configuring the DNS forwarding luleset for DNSR1
You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.
Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?
You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?
You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?
You need to configure the P2S VPN to meet the connectivity requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.
What should you do first?
