az-104-exam-networking

Scenario: Contoso must meet technical requirements including: Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office. You discover that VM3 does NOT meet the technical requirements. You need to verify whether the issue relates to the NSGs. What should you use?. IP flow verify in Azure Network Watcher. The security recommendations in Azure Advisor. Diagnose and solve problems in Traffic Manager profiles. Diagnostic settings in Azure Monitor. Diagram in VNet1.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Yes. No.

You have an existing Azure subscription that contains 10 virtual machines. You need to monitor the latency between your on-premises network and the virtual machines. What should you use?. Network Performance Monitor. Service Map. Connection troubleshoot. Effective routes.

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1. Subscription1 has a user named User1. User1 has the following roles: · Reader · Security Admin · Security Reader You need to ensure that User1 can assign the Reader role for VNet1 to other users. What should you do?. Assign User1 the Owner role for VNet1. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Network Contributor role for RG1.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Network Contributor role at the subscription level to Admin1. Does this meet the goal?. Yes. No.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Owner role at the subscription level to Admin1. Does this meet the goal?. Yes. No.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. Solution: You assign the Reader role at the subscription level to Admin1. Does this meet the goal?. Yes. No.

You have an Azure DNS zone named adatum.com. You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure. What should you do?. Create an NS record named research in the adatum.com zone. Create an PTR record named research in the adatum.com zone. Modify the SOA record of adatum.com. Create an A record named *.research in the adatum.com zone.

You have an Azure subscription that contains a storage account named account1. You plan to upload the disk files of a virtual machine to account1 from your on-premises network. The on- premises network uses a public IP address space of 131.107.1.0/24. You plan to use the disk files to provision an Azure virtual machine named VM1. VM1 will be attached to a virtual network named VNet1. VNet1 uses an IP address space of 192.168.0.0/24. You need to configure account1 to meet the following requirements: Ensure that you can upload the disk files to account1. Ensure that you can attach the disks to VM1. Prevent all other access to account1. Which two actions should you perform? (choose 2). From the Firewalls and virtual networks blade of account1, select Selected networks. From the Firewalls and virtual networks blade of account1, select Allow trusted Microsoft services to access this storage account. From the Firewalls and virtual networks blade of account1, add the 131.107.1.0/24 IP address range. From the Service endpoints blade of VNet1, add a service endpoint. From the Firewalls and virtual networks blade of account1, add VNet1.

You have an Azure subscription that contains a web app named webapp1. You need to add a custom domain named www.contoso.com to webapp1. What should you do first?. Create a DNS record. Add a connection string. Upload a certificate. Stop webapp1.

You have an Azure subscription that contains the resources shown in the table below. VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You move VM1 to RG2, and then you add a new network interface to VM1. Does this meet the goal?. No. Yes.

You have an Azure subscription that contains the resources shown in the table below. VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You delete VM1. You recreate VM1, and then you create a new network interface for VM1 and connect it to VNET2. Does this meet the goal?. No. Yes.

You have an Azure subscription that contains the resources shown in the table below. VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You turn off VM1, and then you add a new network interface to VM1. Does this meet the goal?. No. Yes.

You deploy an Azure Kubernetes Service (AKS) cluster named Cluster1 that uses the IP addresses shown in the table below. You need to provide internet users with access to the applications that run in Cluster1. Which IP address should you include in the DNS record for Cluster1?. 131.107.2.1. 10.0.10.11. 172.17.7.1. 192.168.10.2.

You have an Azure subscription that contains the resources shown in the table below. VM1 connects to VNET1. You need to connect VM1 to VNET2. Solution: You create a new network interface, and then you add the network interface to VM1. Does this meet the goal?. No. Yes.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You configure a custom policy definition, and then you assign the policy to the subscription. Yes. No.

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2. VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual. You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?. Connection monitor. NSG flow logs. Connection troubleshoot. IP flow verify.

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1. Which two actions should you perform? (choose 2). Add a service endpoint to VNet1. Reset GW1. Create a route-based virtual network gateway. Add a connection to GW1. Delete GW1. Add a public IP address space to VNet1.

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure? What should you configure?. Floating IP (direct server return) to Enabled. Floating IP (direct server return) to Disabled. a health probe. Session persistence to Client IP and Protocol.

Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: · A web app named webapp1. · A virtual network named VNET1. You need to ensure that webapp1 can connect to Share1. What should you deploy?. an Azure Application Gateway. an Azure Active Directory (Azure AD) Application Proxy. an Azure Virtual Network Gateway.

Your company has three offices. The offices are located in Miami, Los Angeles, and New York. Each office contains datacenter. You have an Azure subscription that contains resources in the East US and West US Azure regions. Each region contains a virtual network. The virtual networks are peered. You need to connect the datacenters to the subscription. The solution must minimize network latency between the datacenters. What should you create?. three Azure Application Gateways and one On-premises data gateway. three virtual hubs and one virtual WAN. three virtual WANs and one virtual hub. three On-premises data gateways and one Azure Application Gateway.

You have the Azure virtual networks shown in the table below. To which virtual networks can you establish a peering connection from VNet1?. VNet2 andVNet3 only. VNet3 and VNet4 only. VNet2 only. VNet2, VNet3, and VNet4.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains four subnets named Gateway, Perimeter, NVA, and Production. The NVA subnet contains two network virtual appliances (NVAs) that will perform network traffic inspection between the Perimeter subnet and the Production subnet. You need to implement an Azure load balancer for the NVAs. The solution must meet the following requirements: · The NVAs must run in an active-active configuration that uses automatic failover. · The NVA must load balance traffic to two services on the Production subnet. The services have different IP addresses. Which three actions should you perform?. Action 1. Action 2. Action 3.

You have an Azure subscription named Subscription1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1. On a computer named Client1 that runs Windows 10, you configure a point-to-site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2 from the on-premises network. Client1 is unable to connect to VNet2. You need to ensure that you can connect Client1 to VNet2. What should you do?. Download and re-install the VPN client configuration package on Client1. Enable BGP on VPNGW1. Select Allow gateway transit on VNet2. Select Allow gateway transit on VNet1.

You have an Azure subscription that contains the resources in the table below. To which subnets can you apply NSG1?. the subnets on VNet1 only. the subnets on VNet2 and VNet3 only. the subnets on VNet2 only. the subnets on VNet3 only. the subnets on VNet1, VNet2, and VNet3.

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks. The virtual networks have the address spaces and the subnets configured as shown in the table below. You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate. Which three actions should you perform in sequence?. Action 1. Action 2. Action 3.

You have an Azure web app named webapp1. You have a virtual network named VNET1 and an Azure virtual machine named VM1 that hosts a MySQL database. VM1 connects to VNET1. You need to ensure that webapp1 can access the data hosted on VM1. What should you do?. Deploy an internal load balancer. Peer VNET1 to another virtual network. Connect webapp1 to VNET1. Deploy an Azure Application Gateway.

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to ensure that visitors are serviced by the same web server for each request. What should you configure?. Idle Time-out (minutes) to 20. Floating IP (direct server return) to Disabled. Session persistence to Client IP. Protocol to UDP.

You have an Azure subscription that contains the following resources: · A virtual network that has a subnet named Subnet1 · Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 · A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: · Priority: 100 · Source: Any · Source port range: * Destination: * · Destination port range: 3389 · Protocol: UDP · Action: Allow VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the Any source to the *destination for port range 3389 and uses the TCP protocol. You remove NSG-VM1 from the network interface of VM1. Does this meet the goal?. Yes. No.

You have an Azure subscription that contains the following resources: · A virtual network that has a subnet named Subnet1 · Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 · A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: · Priority: 100 · Source: Any · Source port range: * Destination: * · Destination port range: 3389 · Protocol: UDP · Action: Allow VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the UDP protocol. Does this meet the goal?. Yes. No.

You have an Azure subscription that contains the following resources: · A virtual network that has a subnet named Subnet1 · Two network security groups (NSGs) named NSG-VM1 and NSG-Subnet1 · A virtual machine named VM1 that has the required Windows Server configurations to allow Remote Desktop connections NSG-Subnet1 has the default inbound security rules only. NSG-VM1 has the default inbound security rules and the following custom inbound security rule: · Priority: 100 · Source: Any · Source port range: * Destination: * · Destination port range: 3389 · Protocol: UDP · Action: Allow VM1 has a public IP address and is connected to Subnet1. NSG-VM1 is associated to the network interface of VM1. NSG-Subnet1 is associated to Subnet1. You need to be able to establish Remote Desktop connections from the internet to VM1. Solution: You add an inbound security rule to NSG-Subnet1 and NSG-VM1 that allows connections from the internet source to the VirtualNetwork destination for port range 3389 and uses the TCP protocol. Does this meet the goal?. Yes. No.

You have an Azure subscription that contains a virtual network named VNET1. VNET1 contains the subnets shown in the table below. Each virtual machine uses a static IP address. You need to create network security groups (NSGs) to meet following requirements: · Allow web requests from the internet to VM3, VM4, VM5, and VM6. · Allow all connections between VM1 and VM2. · Allow Remote Desktop connections to VM1. · Prevent all other network traffic to VNET1. What is the minimum number of NSGs you should create?. 1. 3. 4. 12.

You have an Azure subscription that contains the resources shown in the table below. The Not allowed resource types Azure policy is assigned to RG1 and uses the following parameters: · Microsoft.Network/virtualNetworks · Microsoft.Compute/virtualMachines In RG1, you need to create a new virtual machine named VM2, and then connect VM2 to VNET1. What should you do first?. Remove Microsoft.Compute/virtualMachines from the policy. Create an Azure Resource Manager template. Add a subnet to VNET1. Remove Microsoft.Network/virtualNetworks from the policy.

You have a public load balancer that balances ports 80 and 443 across three virtual machines. You need to direct all the Remote Desktop Protocol (RDP) connections to VM3 only. What should you configure?. an inbound NAT rule. a new public load balancer for VM3. a frontend IP configuration. a load balancing rule.

You have an on-premises network that you plan to connect to Azure by using a site-to-site VPN. In Azure, you have an Azure virtual network named VNet1 that uses an address space of 10.0.0.0/16 VNet1 contains a subnet named Subnet1 that uses an address space of 10.0.0.0/24. You need to create a site-to-site VPN to Azure. Which four actions should you perform in sequence?. Action 1. Action 2. Action 3. Action 4.

You have an Azure subscription that contains the resources in the next table: --NAME-- | --------TYPE-------- | --DETAILS-- Vnet1---- | Virtual Network---- | Not applicable Subnet1--| Subnet-------------- | Hosted on Vnet1 VM1------ | Virtual Machine---- | On subnet1 VM2------ | Virtual Machine---- | On subnet1 VM1 and VM2 are deployed from the same template and host line-of-business applications. You configure the network security group (NSG) shown in the image below. You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80. What should you do?. Disassociate the NSG from a network interface. Associate the NSG to Subnet1. Change the Port_80 inbound security rule. Change the DenyWebSites outbound security rule.

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network named VNet2. VNet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2. What should you do first?. Move VM1 to Subscription2. Modify the IP address space of VNet2. Move VNet1 to Subscription2. Provision virtual network gateways.

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You modify the Azure Active Directory (Azure AD) authentication policies. Does this meet the goal?. No. Yes.

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You join Computer2 to Azure Active Directory (Azure AD) Does this meet the goal?. No. Yes.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You create a resource lock, and then you assign the lock to the subscription. Does this meet the goal?. No. Yes.

You have an Azure subscription named Subscription1. Subscription1 contains a virtual machine named VM1. You have a computer named Computer1 that runs Windows 10. Computer1 is connected to the Internet. You add a network interface named vm1173 to VM1 as shown in the image. From Computer1, you attempt to connect to VM1 by using Remote Desktop, but the connection fails. You need to establish a Remote Desktop connection to VM1. What should you do first?. Change the priority of the RDP rule. Start VM1. Attach a network interface. Delete the DenyAllInBound rule.

You have the Azure virtual machines shown in the following table: --NAME--| ---IP ADDRESS--- | --CONECTED TO-- VM1------| 10.1.0.4-----------| VNet1/Subnet1 VM2------| 10.1.10.4--------- | VNet1/Subnet2 VM3------| 172.16.0.4--------| VNet2/SubnetA VM4------| 10.2.0.8---------- | VNet3/SubnetB A DNS service is installed on VM1. You configure the DNS servers settings for each virtual network as shown in the image below. You need to ensure that all the virtual machines can resolve DNS names by using the DNS service on VM1. What should you do?. Configure peering between VNET1, VNET2, and VNET3. Add service endpoints on VNET2 and VNET3. Add service endpoints on VNET1. Configure a conditional forwarder on VM1.

You have the Azure virtual network named VNet1 that contains a subnet named Subnet1. Subnet1 contains three Azure virtual machines. Each virtual machine has a public IP address. The virtual machines host several applications that are accessible over port 443 to users on the Internet. Your on-premises network has a site-to-site VPN connection to VNet1. You discover that the virtual machines can be accessed by using the Remote Desktop Protocol (RDP) from the Internet and from the on-premises network. You need to prevent RDP access to the virtual machines from the Internet, unless the RDP connection is established from the on-premises network. The solution must ensure that all the applications can still be accessed by the Internet users. What should you do?. Create a deny rule in a network security group (NSG) that is linked to Subnet1. Remove the public IP addresses from the virtual machines. Modify the address space of Subnet1. Modify the address space of the local network gateway.

You have an Azure subscription that contains the resources in the following table. ---NAME--- | -------- TYPE -------- ASG1------ | Application Security Group NSG1------ | Network Security Group Subnet1--- | Subnet VNet1------ | Virtual Network NIC1------- | Network Interface VM1------- | Virtual Machine Subnet1 is associated to VNet1. NIC1 attaches VM1 to Subnet1. You need to apply ASG1 to VM1. What should you do?. Associate NIC1 to ASG1. Modify the properties of ASG1. Modify the properties of NSG1.

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute. You plan to prepare the environment for automatic failover in case of ExpressRoute failure. You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost. Which three actions should you perform?. Create a connection. Create a local site VPN gateway. Create a VPN gateway that uses the VpnGw1 SKU. Create a gateway subnet. Create a VPN gateway that uses the Basic SKU.

You have an Azure subscription that contains the resources shown in the following table. --NAME-- | ---------TYPE--------- | --LOCATION-- VNET1--- | Virtual Network------ | East US IP1------- | Public IP Address---- | WestEurope RT1------ | Route Table----------- | NorthEurope You need to create a network interface named NIC1. In which location can you create NIC1?. East US and North Europe only. East US only. East US, West Europe, and North Europe. East US and West Europe only.

You have Azure virtual machines that run Windows Server 2019 and are configured as shown in the following table: --- NAME --- | -- VNET NAME -- | -- DNS suffix configured in W. Server-- VM1-------- | VNET1 ---------- | Contoso.com VM2-------- | VNET2 ---------- | Contoso.com You create a public Azure DNS zone named adatum.com and a private Azure DNS zone named contoso.com. For controso.com, you create a virtual network link named link1 as shown in the image below. You discover that VM1 can resolve names in contoso.com but cannot resolve names in adatum.com. VM1 can resolve other hosts on the Internet. You need to ensure that VM1 can resolve host names in adatum.com. What should you do?. Configure the name servers for adatum.com at the domain registrar. Create an SRV record in the contoso.com zone. Update the DNS suffix on VM1 to be adatum.com. Modify the Access control (IAM) settings for link1.

You have an Azure subscription that contains the virtual machines shown in the table below. You deploy a load balancer that has the following configurations: · Name: LB1 · Type: Internal · SKU: Standard · Virtual network: VNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of LB1. Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1. Does this meet the goal?. Yes. No.

You have an Azure subscription that contains the virtual machines shown in the table below. You deploy a load balancer that has the following configurations: · Name: LB1 · Type: Internal · SKU: Standard · Virtual network: VNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of LB1. Solution: You create a Standard SKU public IP address, associate the address to the network interface of VM1, and then stop VM2. Does this meet the goal?. Yes. No.

You have an Azure subscription that contains the virtual machines shown in the table below. You deploy a load balancer that has the following configurations: · Name: LB1 · Type: Internal · SKU: Standard · Virtual network: VNET1 You need to ensure that you can add VM1 and VM2 to the backend pool of LB1. Solution: You create two Standard public IP addresses and associate a Standard SKU public IP address to the network interface of each virtual machine. Does this meet the goal?. Yes. No.

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN client configuration package on a computer named Computer2. You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You export the client certificate from Computer1 and install the certificate on Computer2. Does this meet the goal?. Yes. No.

You have an Azure virtual machine named VM1. The network interface for VM1 is configured as shown in the image below. You deploy a web server on VM1, and then create a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only. You need to ensure that users can connect to the website from the Internet. What should you do?. Modify the protocol of Rule4. For Rule5, change the Action to Allow and change the priority to 401. Create a new inbound rule that allows TCP protocol 443 and configure the rule to have a priority of 501. Delete Rule1.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: From the Resource providers blade, you unregister the Microsoft.ClassicNetwork provider. Yes. No.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the image below. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You create an inbound security rule that denies all traffic from the 131.107.100.50 source and has a cost of 64999. No. Yes.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the image below. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You modify the priority of the Allow_131.107.100.50 inbound security rule. Does this meet the goal?. No. Yes.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the image below. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You delete the BlockAllOther443 inbound security rule. Does this meet the goal?. No. Yes.

You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups. Another administrator plans to create several network security groups (NSGs) in the subscription. You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks. Solution: You assign a built-in policy definition to the subscription. Does this meet the goal?. No. Yes.

Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: · A SQL database · A web front end · A processing middle tier Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. You are planning the move of App1 to Azure. You create a network security group (NSG). You need to recommend a solution to provide users with access to App1. What should you recommend?. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

You have an existing Azure subscription that contains 10 virtual machines. You need to monitor the latency between your on-premises network and the virtual machines. What should you use?. Service Map. Connection troubleshoot. Network Performance Monitor. Effective routes.

You have an Azure web app named webapp1. Users report that they often experience HTTP 500 errors when they connect to webapp1. You need to provide the developers of webapp1 with real-time access to the connection errors. The solution must provide all the connection error details. What should you do first?. From webapp1, enable Web server logging. From Azure Monitor, create a workbook. From Azure Monitor, create a Service Health alert. From webapp1, turn on Application Logging.

You have an Azure subscription that contains the identities shown in the table below. User1, Principal1, and Group1 are assigned the Monitoring Reader role. An action group named AG1 has the Email Azure Resource Manager Role notification type and is configured to email the Monitoring Reader role. You create an alert rule named Alert1 that uses AG1. You need to identity who will receive an email notification when Alert1 is triggered. Who should you identify?. User1 and User2 only. User1 only. User1 and Principal1 only. User1, User2, Principal1, and Principal2.

What type of connection should we choose to connect two Vnet that reside in the same azure region, minimizing the administrative workload?. ExpressRoute. Site-To-Site connection. Peering Vnet-To-Vnet. Routing and Remote Access (RAS).

What port should we enable to connect to an Azure Virtual Machine using the RDP protocol?. 443. 3389. 80. 8080.

Your company registers a domain name of contoso.com. You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10. You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address. You need to resolve the name resolution issue. Solution: You modify the SOA record in the contoso.com zone. Does this meet the goal?. No. Yes.

Your company registers a domain name of contoso.com. You create an Azure DNS zone named contoso.com, and then you add an A record to the zone for a host named www that has an IP address of 131.107.1.10. You discover that Internet hosts are unable to resolve www.contoso.com to the 131.107.1.10 IP address. You need to resolve the name resolution issue. Solution: You modify the NS record in the contoso.com zone. Does this meet the goal?. No. Yes.

You are troubleshooting a performance issue for an Azure Application Gateway. You need to compare the total requests to the failed requests during the past six hours. What should you use?. NSG flow logs in Azure Network Watcher. Metrics in Application Gateway. Connection monitor in Azure Network Watcher. Diagnostics logs in Application Gateway.

Is this statement correct? “VPN gateways are virtual network gateways which are deployed with gateway type VPN. VPN gateways are used for terminating site-to-site VPN connections.”. The statement is correct. The statement is incorrect.

State whether the given statement is true or not. “Azure Load Balancer can only be deployed with a public (Internet) frontend IP address but not private (Intranet).”. True. False.

State whether the given statement holds true or not. “Effective security rules can be reviewed for all network interfaces.”. True. False.

You have an Azure subscription named Subscription1 that has the following providers registered: · Authorization · Automation · Resources · Compute · KeyVault · Network · Storage · Billing · Web Subscription1 contains an Azure virtual machine named VM1 that has the following configurations: · Private IP address: 10.0.0.4 (dynamic) · Network security group (NSG): NSG1 · Public IP address: None · Availability set: AVSet · Subnet: 10.0.0.0/24 · Managed disks: No · Location: East US You need to record all the successful and failed connection attempts to VM1. Which three actions should you perform? (choose 3). Add an Azure Network Watcher connection monitor. Enable Azure Network Watcher in the East US Azure region. Register the Microsoft.Insights resource provider. Register the MicrosoftLogAnalytics provider. Enable Azure Network Watcher flow logs. Create an Azure Storage account.

You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1. You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1. Which two actions should you perform?. Action 1. Action 2.

You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the image below. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly. You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443. Solution: You create an inbound security rule that allows any traffic from the AzuteLoadBalancer source and has a cost of 150. Does this meet the goal?. No. Yes.

You have an Azure subscription named Subscription1 that contains the resources shown in the table. VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new Network Interface named NIC2 for VM1. Solution: You create NIC2 in RG2 and Central US. Does this meet the goal?. Yes. No.

AG1 has two backend pools named Pool11 and Pool12. AG1 must load balance incoming traffic in the following manner: * http://corporate.adatum.com/video/* will be load balanced across Pool11. * http://corporate.adatum.com/images/* will be load balanced across Pool12. What should you create to AG1?. multi-site listener. URL path-based routing table. basic listener. a basic routing table.

AG2 has two backend pools named Pool21 and Pool22. AG2 must load balance incoming traffic in the following manner: * http://www.adatum.com will be load balanced across Pool21. * http://www.fabrikam.com will be load balanced across Pool22. What should you configure to AG2?. multi-site listener. URL path-based routing table. basic listener. a basic routing table. an additional public IP address.

A company is planning on using Azure Site recovery for migrating a set of On-premise servers onto Azure. As an IT Administrator you are going to setup Azure and the configuration/process servers in your on-premise environment. Which of the following needs to be configured to ensure that the replication can be carried out? (Choose two.). Ensure that the machines that need to be replicated can communicate with Azure on port 443. Ensure that the process server can communicate with Azure on port 443. Ensure that the machines that need to be replicated can communicate with the process server on port 443. Ensure that the process server can communicate with Azure on port 359.

Which of the following tools can be used by the security department to check for any network intrusions?. IP Flow Verify. Variable Packet Capture. Azure Connection Monitor. Application Insights.

You have an Azure subscription that contains three virtual networks named VNet1, VNet2 and VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router. You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network. You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3. You need to provide connectivity between VNet1 and VNet3 through VNet2. Which two configurations should you perform?. On the peering connections, allow forwarded traffic. On the peering connections, allow gateway transit. Create route tables and assign the table to subnets. Create a route filter. On the peering connections, use remote gateways.

You have an Azure subscription. The subscription includes a virtual network named VNet1. Currently, VNet1 does not contain any subnets. You plan to create subnets on VNet1 and to use application security groups to restrict the traffic between the subnets. You need to create the application security groups and to assign them to the subnets. Which four cmdlets should you run in sequence?. Action1. Action2. Action3. Action4.

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name. You have a domain name of contoso.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com. Which three actions should you perform?. Configure company branding. Add the custom domain name. Add Azure AD tenant. Verify the domain. Add a record to the public contoso.com DNS zone. Create an Azure DNS zone.

You have an Azure Active Directory (Azure AD) tenant that has the initial domain name. You have a domain name of contoso.com registered at a third-party registrar. You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com. Which three actions should you perform in sequence?. Action1. Action2. Action3.

You have an Azure subscription that contains the following resources: LB1 - Load Balancer VM1 - Virtual Machine VM2 - Virtual Machine VM1 and VM2 run a website that is configured: --- Name ---|--------- Physical path ---------|-- Alias -- Root folder | C:\inetpub \wwwroot\SiteA -| / Temp ------ | C:\inetpub \wwwroot\Temp -| Temp LB1 is configured to balance requests to VM1 and VM2. You configure a health probe as shown in the image. You need to ensure that the health probe functions correctly. What should you do?. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\SiteA\Temp folder. On VM1 and VM2, create a file named Probe1.htm in the C:\intepub\wwwroot\Temp folder. On LB1, change the port to 8080. On LB1, change the Unhealthy threshold to 65536.

You have an Azure subscription named Subscription1 that contains the resources shown in the table. VM1 connects to a virtual network named VNET2 by using a network interface named NIC1. You need to create a new Network Interface named NIC2 for VM1. Solution: You create NIC2 in RG2 and West US. Does this meet the goal?. Yes. No.

You need to configure public IP addressing for four backend virtual machines (VMs) that are identically configured and reside on an Azure virtual network (VNet). Your solution must meet the following technical and business requeriments: - Minimize the VM's attack surface - Minimize administrative/maintenance complexity - Minimize cost What shoul you do?. Assign a public IP address to a public load balancer and user Network Address Translation (NAT) to reach the VM's. Assign a public IP address to each VM and use netwok security groups (NSGs) to reach the VMs. Assign a public IP address to each VM virtual network interface card (VNIC) and use Just-in-Time (JIT) VM Access to reach the VMs. Assign a public IP address to an Azure Virtual Private Network (VPN) Gateway and use a public load balancer to reach the VMs.