You have an Azure subscription that contains an Azure App Service web app named WebApp1 and an Azure Front Door profile named FDProfile1 FDProfile1 forwards requests addressed to https://www.contoso.com to WebApp1.
You need to ensure that only requests addressed to https://www.contoso.com/users/are forwarded to WebApp1.
What should you modify in FDProfile1?
You have an Azure subscription that contains an Azure VPN gateway named GW1. GW1 provides Point-to Site (P2S) VPN connectivity.
Users connect to GW1 from a Windows 11 device by using an SSTP connection.
You need to ensure that the P2S VPN connections support Microsoft Entra authentication.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for and of the correct orders you select.
You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFW1. You plan to enable the following:
• TLS inspection
• Threat intelligence
• A network intrusion detection and prevention system (IDPS)
What can you enable by using AzFW1?
You have an Azure subscription that contains an app named Appl. App1 is deployed to the Azure App Service apps show in the following table.
You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the available worker instances.
What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have two Azure virtual networks named Vnet1 and Vnet2 in an Azure region that has three availability zones.
You deploy 12 virtual machines to each virtual network, deploying four virtual machines per zone. The virtual machines in Vnet1 host an app named App1. The virtual machines in Vnet2 host an app named App2.
You plan to use Azure Virtual Network NAT to implement outbound connectivity for App1 and App2.
You need to identify the minimum number of subnets and Virtual Network NAT instances required to meet the following requirements:
• A failure of two zones must NOT affect the availability of either App1 or App2.
• A failure of two zones must NOT affect the outbound connectivity of either App1 or App2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the public IP addresses shown in the following table.
You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1?
You need to use Traffic Analytics to monitor the usage of applications deployed to Azure virtual machines.
Which Azure Network Watcher feature should you implement first?
You have an Azure subscription. The subscription contains 500 virtual machines that run either Windows 11 or Linux.
You need to identify which Linux virtual machines are accessible from the internet. The solution must minimize administrative effort.
What should you use, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a network security group named NSG1.
You need to enable network security group (NSG) flow logs for NSG1. The solution must support retention policies.
What should you create first?
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1
You deploy an instance of Azure Application Gateway v2 named AppGw1 to Subnet1. You create a network security group (NSG) named NSG1 and link NSG1 to Subnet1.
You need to ensure that AppGw1 will only load balance traffic that originates from VNet1. The solution must minimize the impact on the functionality of AppGw1.
What should you add to NSG1?
You have an Azure Private Link service named PL1 that uses an Azure load balancer named LB1. You need to ensure that PL1 can support a higher volume of outbound traffic. What should you do?
Task 3
You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
You have an Azure subscription that contains an Azure key vault named Vaultl and an app registration for an Azure AD app named App1.
You have a DNS domain named contoso.com that is hosted by a third-party DNS provider.
You plan to deploy App1 by using Azure App Service. App1 will have the following configurations:
• App1 will be hosted across five App Service apps.
• Users will access App1 by using a URL of https://app1.contoso.com.
• The user traffic of App1 will be managed by using Azure Front Door.
• The traffic between Front Door and the App Service apps will be sent by using HTTP.
• App1 will be secured by using an SSL certificate from a third-party certificate authority (CA).
You need to support the Front Door deployment.
Which two DNS records should you create, and to where should you import the SSL certificate for App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Task 9
You plan to use VNET4 for an Azure API Management implementation.
You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.
Task 6
You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com.
You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de contoso.com. All other traffic must be routed to ny.contoso.com.
Task 11
You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.
The on-premises network has the following configurations:
• Internal address range: 10.10.0.0/16.
• Firewall 1 internal IP address: 10.10.1.1.
• Firewall1 public IP address: 131.107.50.60.
BGP is NOT used.
You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.
You have an Azure subscription that contains 100 network security groups (NSGs).
You need to ensure that you log the application of specific NSG rules.
Which type of log should you configure?
Task 7
You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.
You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.
Task 3
You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.
Task 4
You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?
You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
ESTION NO: 1
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?
You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use?
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.
Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You create a network security group (NSG) and associate the NSG to Subnet1.
Does this meet the goal?
You have a website that uses an FQDN of www.contoso.com. The DNS record tor www.contoso.com resolves to an on-premises web server.
You plan to migrate the website to an Azure web app named Web1. The website on Web1 will be published by using an Azure Front Door instance named ContosoFD1.
You build the website on Web1.
You plan to configure ContosoFD1 to publish the website for testing.
When you attempt to configure a custom domain for www.contoso.com on ContosoFD1, you receive the error message shown in the exhibit.
You need to test the website and ContosoFD1 without affecting user access to the on-premises web server.
Which record should you create in the contoso.com DNS domain?
You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?
You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to configure the P2S VPN to meet the connectivity requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?
You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements
What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You ate configuring the DNS forwarding luleset for DNSR1
You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.
Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.
What should you do first?
You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to configure a custom rule for APPGWI-WAFPolicy to allow only connections that originate from FD1. The solution must support the planned changes.
Which Match type and Match variable should you select?
You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?
You need to plan the deployment of LBGW1. The solution must support the planned changes.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.
TESTED 02 Apr 2025
