Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Task 8

You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1

Full Access
Question # 5

You need to configure GW1 to meet the network security requirements for the P2S VPN users.

Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

A.

IKEv2 and OpenVPN (SSL)

B.

IKEv2

C.

IKEv2 and SSTP (SSL)

D.

OpenVPN (SSL)

E.

SSTP (SSL)

Full Access
Question # 6

You are implementing the Virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 7

You need to meet the network security requirements for the NSG flow logs.

Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 8

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

A.

a private endpoint

B.

a virtual network peering

C.

a private link service

D.

a routing table

E.

a service endpoint

Full Access
Question # 9

You create NSG10 and NSG11 to meet the network security requirements.

For each of the following statements, select Yes it the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 10

Task 1

You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.

You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.

Full Access
Question # 11

Task 7

You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.

You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.

Full Access
Question # 12

Task 9

You plan to use VNET4 for an Azure API Management implementation.

You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.

Full Access
Question # 13

Task 7

You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.

Full Access
Question # 14

Task 11

You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.

The on-premises network has the following configurations:

• Internal address range: 10.10.0.0/16.

• Firewall 1 internal IP address: 10.10.1.1.

• Firewall1 public IP address: 131.107.50.60.

BGP is NOT used.

You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.

Full Access
Question # 15

Task 4

You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.

Full Access
Question # 16

Task 9

You need to ensure that subnet4-3 can accommodate 507 hosts.

Full Access
Question # 17

Task 11

You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.

Full Access
Question # 18

You have the Azure Traffic Manager profiles shown in the following table.

You plan to add the endpoints shown in the following table.

Which endpoints can you add to Profile2?

A.

Endpoint1 and Endpoint4 only

B.

Endpoint1, Endpoint2, Endpoint3, and Endpoint4

C.

Endpoint1 only

D.

Endpoint2 and Endpoint3 only

E.

Endpoint3 only

Full Access
Question # 19

Task 2

You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.

Full Access
Question # 20

You have an on-premises network named Site1.

You have an Azure subscription that contains a storage account named storage1 and a virtual network named VNet1. VNet1 contains a subnet named Subnet1. A private endpoint for storage1 is connected to Subnet1 Site1 is connected to VNet1 by using a Site-to-Site (S2S) VPN.

You need to control access to storage1 from Site1 by using network security groups (NSGs).

What should you do first?

A.

Associate a route table with Subnet1.

B.

Associate a NAT gateway with Subnet1.

C.

Configure a network policy for private endpoints on Subnet1.

D.

Create a subnet delegation on Subnet1.

Full Access
Question # 21

You have an Azure subscription that contains an Azure Firewall Premium policy named FWP1.

To FWP1, you plan to add the rule collections shown in the following table.

Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Full Access
Question # 22

You have the Azure environment shown in the exhibit.

VM1 is a virtual machine that has an instance-level public IP address (ILPIP).

Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool.

NAT Gateway uses a public IP address named IP3 that is associated to SubnetA.

VNet1 has a virtual network gateway that has a public IP address named IP4.

When initiating outbound traffic to the internet from VM1, which public address is used?

A.

IP1

B.

IP2

C.

IP3

D.

IP4

Full Access
Question # 23

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 24

You are implementing the virtual network requirements for VM Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 25

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 26

In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 27

You have an Azure subscription that contains the resources shown in the following table.

You establish BGP peering between NVA1 and Hub1.

You need to implement transit connectivity between VNet1 and VNet3 via Hub1 by using BGP peering. The solution must minimize costs.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 28

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You add a rewrite rule for the host header.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 29

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAFT.

You need to configure a rate limit for incoming requests to AFD1.

Solution: You configure a custom rule for WAF1.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 30

You have an Azure subscription.

You plan to implement Azure Virtual WAN as shown in the following exhibit.

What is the minimum number of route tables that you should create?

A.

1

B.

2

C.

4

D.

6

Full Access
Question # 31

You have an Azure firewall shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 32

Task 10

You plan to deploy several virtual machines to subnet1-2.

You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.

Full Access
Question # 33

Task 10

You need to configure VNET1 to log all events and metrics. The solution must ensure that you can query the events and metrics directly from the Azure portal by using KQL.

Full Access
Question # 34

Task 6

You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.

Full Access
Question # 35

You have two Azure virtual networks named Vnet1 and Vnet2.

You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit Vnet2 can use the. You discover that Client1 cannot communicate with Vnet2.

You need to ensure that Client1 can communication with Vnet2.

Solution: You resize the gateway of Vnet1 to a larger SKU.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 36

You have an Azure subscription that contains an Azure key vault named Vaultl and an app registration for an Azure AD app named App1.

You have a DNS domain named contoso.com that is hosted by a third-party DNS provider.

You plan to deploy App1 by using Azure App Service. App1 will have the following configurations:

• App1 will be hosted across five App Service apps.

• Users will access App1 by using a URL of https://app1.contoso.com.

• The user traffic of App1 will be managed by using Azure Front Door.

• The traffic between Front Door and the App Service apps will be sent by using HTTP.

• App1 will be secured by using an SSL certificate from a third-party certificate authority (CA).

You need to support the Front Door deployment.

Which two DNS records should you create, and to where should you import the SSL certificate for App1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 37

You have the Azure App Service app shown in the App Service exhibit.

The VNet Integration settings for as12 are configured as shown in the Vnet Integration exhibit.

The Private Endpoint connections settings for as12 are configured as shown in the Private Endpoint connections exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 38

You have the Azure load balancer shown in the Load Balancer exhibit.

LB2 has the backend pools shown in the Backend Pools exhibit.

You need to ensure that LB2 distributes traffic to all the members of VMSS1.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Add a network interface to VMSS1.

B.

Configure a health probe.

C.

Add a public IP address to each member of VMSS1.

D.

Add a load balancing rule.

Full Access
Question # 39

Your company has four branch offices and an Azure Subscription. The subscription contains an Azure VPN gateway named GW1.

The branch offices are configured as shown in the following table.

The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.

The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.

You need to ensure that the Branch1 users can connect to the Azure Resources. The solution must meet the following requirements:

• Minimize downtime for all users.

• Minimize administrative effort.

What should you do first?

A.

Reset RTR1.

B.

Reset Connection1.

C.

Reset GW1.

D.

Recreate LNG1.

Full Access
Question # 40

Task 6

You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com.

You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de contoso.com. All other traffic must be routed to ny.contoso.com.

Full Access
Question # 41

Task 4

You need to ensure that the owner of VNET3 receives an alert if an administrative operation is performed on the virtual network.

Full Access
Question # 42

You have an on-premises datacenter named Site1 that contains a firewall named FW1. FW1 connects to the internet.

You have an Azure subscription that contains the resources shown in the following table.

You plan to connect Site1 to Hub1 by using a site-to-site connection.

You need to configure the site-to-site connection to FW1.

What should you create in VWAN1?

A.

a VPN site

B.

a virtual network connection

C.

a network virtual appliance (NVA)

D.

a User VPN configuration

Full Access
Question # 43

You have an Azure environment shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 44

Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New York.

The company only has Azure resources in the East US region.

You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.

Which type of ExpressRoute circuits should you create?

A.

ExpressRoute Local

B.

ExpressRoute Direct

C.

ExpressRoute Premium

D.

ExpressRoute Standard

Full Access
Question # 45

You have art Azure subscription that contains the resources shown in the following table.

You need to restrict access to storage1 and sqI1 by using service endpoints. The solution must meet the following requirements:

• Allow access from Subnet1 to SQIDB1

• Implement service endpoint policies to restrict access to supported resources.

• Allow access from Subnet1 to storage1 and the read-only replica of storage1 in the paired Azure region.

What is the minimum number of service endpoints and service endpoint policies you should create? To answer, select the appropriate options m the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 46

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 47

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 48

You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.

Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 49

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.

Which connectivity method should you use?

A.

a service endpoint

B.

a private endpoint

C.

Azure Firewall

D.

Azure Front Door

Full Access
Question # 50

You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

On the peerings from Vnet2 and Vnet3, select Use remote gateways.

B.

On the peering from Vnet1, select Allow forwarded traffic.

C.

On the peering from Vnet1, select Use remote gateways.

D.

On the peering from Vnet1, select Allow gateway transit.

E.

On the peerings from Vnet2 and Vnet3, select Allow gateway transit.

Full Access
Question # 51

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.

What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 52

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

T

Full Access
Question # 53

You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.

What should you include in the solution?

A.

a service endpoint

B.

Azure Front Door

C.

a private endpoint

D.

Azure Traffic Manager

Full Access
Question # 54

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

A.

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

B.

a user-defined route assigned to GatewaySubnet in Vnet1

C.

BGP route exchange

D.

route filters

Full Access