AZ-700 無料問題集「Microsoft Designing and Implementing Microsoft Azure Networking Solutions」
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You enable BGP on the gateway of Vnet1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You enable BGP on the gateway of Vnet1.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Topic 2, Litware. Inc Case Study 1
Overview
Litware. Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment:
Hybrid Environment
The on-prernises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory (Azure AD) tenant named litwareinc.com by usinq Azure AD Connect.
All the offices connect to a virtual network named Vnetl by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains resources in the East US Azure region as shown in the following table.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Requirements:
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
* Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an ExpressRoute circuit.
* Ensure that the records in the cloud.litwareinc.com zone can be resolved from the on-premises locations.
* Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
* Minimize the size of the subnets allocated to platform-managed services.
* Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.
Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
* Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely.
Connections must be authenticated by Azure AD.
* Latency of the traffic between the Boston datacenter and all the virtual networks must be minimized.
* The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute FastPath connection.
* Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
* The storage1 account must be accessible from all on-premises locations without exposing the public endpoint of storage1.
* The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public endpoint of storage2.
You have an Azure virtual network named Vnet1 and an on-premises network.
The on-premises network has policy-based VPN devices. In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.
You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.
You need to ensure that the on-premises network can connect to the route-based GW1. What should you do before you create the connection?
The on-premises network has policy-based VPN devices. In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.
You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.
You need to ensure that the on-premises network can connect to the route-based GW1. What should you do before you create the connection?
正解:B
解答を投票する
You have an Azure application gateway configured for a single website that is available at https://www.
contoso.com.
The application gateway contains one backend pool and one rule. The backend pool contains two backend servers. Each backend server has an additional website that is available on port 8080.
You need to ensure that if port 8080 is unavailable on a backend server, all the traffic for https://www.contoso.
com is redirected to the other backend server.
What should you do?
contoso.com.
The application gateway contains one backend pool and one rule. The backend pool contains two backend servers. Each backend server has an additional website that is available on port 8080.
You need to ensure that if port 8080 is unavailable on a backend server, all the traffic for https://www.contoso.
com is redirected to the other backend server.
What should you do?
正解:D
解答を投票する
You have the network topology shown in the Topology exhibit. (Click the Topology tab.)
You have the Azure firewall shown in the Firewall 1 exhibit. (Click the Firewall tab.)
You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have the Azure firewall shown in the Firewall 1 exhibit. (Click the Firewall tab.)
You have the route table shown in the RouteTable1 exhibit. (Click the RouteTable1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Task 8
You plan to deploy an appliance to subnet3-2- The appliance will perform packet inspection and will have an IP address of 10.3.2.100.
You need to ensure that all traffic to the internet from subnet3-1 is forwarded to the appliance for inspection.
You plan to deploy an appliance to subnet3-2- The appliance will perform packet inspection and will have an IP address of 10.3.2.100.
You need to ensure that all traffic to the internet from subnet3-1 is forwarded to the appliance for inspection.
正解:
See the Explanation below for step by step instructions.
Explanation:
To ensure that all traffic to the internet from subnet3-1 is forwarded to the appliance in subnet3-2 for packet inspection, you can use User-Defined Routes (UDRs) to direct the traffic. Here's how you can do it:
* Navigate to the Azure Portal.
* Search for "Route tables" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the route table (e.g., RouteTable-Subnet3-1).
* Region: Select the region where your virtual network is located.
* Click on "Review + create" and then "Create".
* Navigate to the newly created route table.
* Select "Routes" from the left-hand menu.
* Click on "Add" to create a new route.
* Enter the following details:
* Route name: Enter a name for the route (e.g., RouteToAppliance).
* Address prefix: Enter 0.0.0.0/0 to route all internet traffic.
* Next hop type: Select Virtual appliance.
* Next hop address: Enter the IP address of the appliance (10.3.2.100).
* Click on "OK" to add the route.
* Navigate to the route table.
* Select "Subnets" from the left-hand menu.
* Click on "Associate".
* Select the virtual network that contains subnet3-1.
* Select subnet3-1 from the list of subnets.
* Click on "OK".
* User-Defined Routes (UDRs): These allow you to control the routing of traffic within your virtual network. By defining a route that directs all internet-bound traffic to the appliance, you ensure that the traffic is inspected before it reaches the internet1.
* Virtual Appliance: This is a network appliance that performs specific functions, such as packet inspection, and is treated as a next hop in the routing table2.
* Route Table Association: Associating the route table with subnet3-1 ensures that all traffic from this subnet follows the defined routes.
Step-by-Step SolutionStep 1: Create a Route TableStep 2: Add a Route to the Route TableStep 3: Associate the Route Table with Subnet3-1ExplanationBy following these steps, you can ensure that all internet-bound traffic from subnet3-1 is forwarded to the appliance in subnet3-2 for inspection, thereby enhancing your network security.
Explanation:
To ensure that all traffic to the internet from subnet3-1 is forwarded to the appliance in subnet3-2 for packet inspection, you can use User-Defined Routes (UDRs) to direct the traffic. Here's how you can do it:
* Navigate to the Azure Portal.
* Search for "Route tables" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the route table (e.g., RouteTable-Subnet3-1).
* Region: Select the region where your virtual network is located.
* Click on "Review + create" and then "Create".
* Navigate to the newly created route table.
* Select "Routes" from the left-hand menu.
* Click on "Add" to create a new route.
* Enter the following details:
* Route name: Enter a name for the route (e.g., RouteToAppliance).
* Address prefix: Enter 0.0.0.0/0 to route all internet traffic.
* Next hop type: Select Virtual appliance.
* Next hop address: Enter the IP address of the appliance (10.3.2.100).
* Click on "OK" to add the route.
* Navigate to the route table.
* Select "Subnets" from the left-hand menu.
* Click on "Associate".
* Select the virtual network that contains subnet3-1.
* Select subnet3-1 from the list of subnets.
* Click on "OK".
* User-Defined Routes (UDRs): These allow you to control the routing of traffic within your virtual network. By defining a route that directs all internet-bound traffic to the appliance, you ensure that the traffic is inspected before it reaches the internet1.
* Virtual Appliance: This is a network appliance that performs specific functions, such as packet inspection, and is treated as a next hop in the routing table2.
* Route Table Association: Associating the route table with subnet3-1 ensures that all traffic from this subnet follows the defined routes.
Step-by-Step SolutionStep 1: Create a Route TableStep 2: Add a Route to the Route TableStep 3: Associate the Route Table with Subnet3-1ExplanationBy following these steps, you can ensure that all internet-bound traffic from subnet3-1 is forwarded to the appliance in subnet3-2 for inspection, thereby enhancing your network security.
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?
正解:A
解答を投票する
You have an Azure subscription that contains the virtual machines shown in the following table.
Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:
* Priority: 100
* Port: Any
* Protocol: Any
* Source: Any
* Destination: Storage
* Action: Deny
You create a private endpoint that has the following settings:
* Name: Private1
* Resource type: Microsoft.Storage/storageAccounts
* Resource: storage1
* Target sub-resource: blob
* Virtual network: Vnet1
* Subnet: Subnet1
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:
* Priority: 100
* Port: Any
* Protocol: Any
* Source: Any
* Destination: Storage
* Action: Deny
You create a private endpoint that has the following settings:
* Name: Private1
* Resource type: Microsoft.Storage/storageAccounts
* Resource: storage1
* Target sub-resource: blob
* Virtual network: Vnet1
* Subnet: Subnet1
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Yes, Yes, Yes
NSG rules applied to the subnet hosting the private endpoint are not applied to the private endpoint.So the NSG1 doesn't limit storage access from either VM1 or VM2. https://docs.microsoft.com/en-us/azure/storage
/common/storage-private-endpoints#network-security-group-rules-for-subnets-with-private-endpoints
You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure.
You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine.
What should you use?
You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine.
What should you use?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains a dual-stack virtual network named VNet1. VNet1 has the following IP address spaces:
* IPv4:192.168.0.0/24
* IPv6: fd0adbftdeca: deed: y48
You plan to deploy an Azure VPN gateway and multiple virtual machines to VNet1.
You need to configure the subnet masks for VNet1. The solution must meet the following requirements:
* Maximize the number of usable IP addresses.
* Support the deployment of the VPN gateway and the virtual machines.
Which subnet mask should you use for each address space? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
* IPv4:192.168.0.0/24
* IPv6: fd0adbftdeca: deed: y48
You plan to deploy an Azure VPN gateway and multiple virtual machines to VNet1.
You need to configure the subnet masks for VNet1. The solution must meet the following requirements:
* Maximize the number of usable IP addresses.
* Support the deployment of the VPN gateway and the virtual machines.
Which subnet mask should you use for each address space? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have a DNS domain named contoso.com that is hosted by a thud party domain name registrar.
You have an Azure subscription.
You need to ensure that all DNS queries for the contoso.com domain are resolved by using Azure DNS.
What should you create in the registrar, and what should you create in Azure? To answer, drag the appropriate options to the correct targets Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You need to ensure that all DNS queries for the contoso.com domain are resolved by using Azure DNS.
What should you create in the registrar, and what should you create in Azure? To answer, drag the appropriate options to the correct targets Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
