Special Summer Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Questions and Answers

Questions 4

You have an Azure subscription that contains an Azure App Service web app named WebApp1 and an Azure Front Door profile named FDProfile1 FDProfile1 forwards requests addressed to https://www.contoso.com to WebApp1.

You need to ensure that only requests addressed to https://www.contoso.com/users/are forwarded to WebApp1.

What should you modify in FDProfile1?

Options:

A.

the origin group

B.

the endpoint

C.

the routes

D.

the domain

Buy Now
Questions 5

You have an Azure subscription that contains an Azure VPN gateway named GW1. GW1 provides Point-to Site (P2S) VPN connectivity.

Users connect to GW1 from a Windows 11 device by using an SSTP connection.

You need to ensure that the P2S VPN connections support Microsoft Entra authentication.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for and of the correct orders you select.

AZ-700 Question 5

Options:

Buy Now
Questions 6

You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFW1. You plan to enable the following:

• TLS inspection

• Threat intelligence

• A network intrusion detection and prevention system (IDPS)

What can you enable by using AzFW1?

Options:

A.

TLS inspection only

B.

threat intelligence only

C.

TLS inspection and the IDPS only

D.

threat intelligence and the IDPS only

E.

TLS inspection, threat intelligence, and the IDPS

Buy Now
Questions 7

You have an Azure subscription that contains an app named Appl. App1 is deployed to the Azure App Service apps show in the following table.

AZ-700 Question 7

You need to publish App1 by using Azure Front Door. The solution must ensure that all the requests to App1 are load balanced between all the available worker instances.

What is the minimum number of origin groups and origins that you should configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 7

Options:

Buy Now
Questions 8

You have two Azure virtual networks named Vnet1 and Vnet2 in an Azure region that has three availability zones.

You deploy 12 virtual machines to each virtual network, deploying four virtual machines per zone. The virtual machines in Vnet1 host an app named App1. The virtual machines in Vnet2 host an app named App2.

You plan to use Azure Virtual Network NAT to implement outbound connectivity for App1 and App2.

You need to identify the minimum number of subnets and Virtual Network NAT instances required to meet the following requirements:

• A failure of two zones must NOT affect the availability of either App1 or App2.

• A failure of two zones must NOT affect the outbound connectivity of either App1 or App2.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 8

Options:

Buy Now
Questions 9

You have an Azure subscription that contains the public IP addresses shown in the following table.

AZ-700 Question 9

You plan to deploy a NAT gateway named NAT1.

Which public IP addresses can be used as the public IP address for NAT1?

Options:

A.

IP3 and IP5 only

B.

IP5 only

C.

IP1, IP3, and IP5 only

D.

IP3 only

E.

IP2 and IP4 only

Buy Now
Questions 10

You need to use Traffic Analytics to monitor the usage of applications deployed to Azure virtual machines.

Which Azure Network Watcher feature should you implement first?

Options:

A.

Connection monitor

B.

Packet capture

C.

NSG flow logs

D.

IP flow verify

Buy Now
Questions 11

You have an Azure subscription. The subscription contains 500 virtual machines that run either Windows 11 or Linux.

You need to identify which Linux virtual machines are accessible from the internet. The solution must minimize administrative effort.

What should you use, and what should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 11

Options:

Buy Now
Questions 12

You have a network security group named NSG1.

You need to enable network security group (NSG) flow logs for NSG1. The solution must support retention policies.

What should you create first?

Options:

A.

A standard general-purpose v2 Azure Storage account

B.

An Azure Log Analytics workspace

C.

A premium Block blobs Azure Storage account

D.

A standard general-purpose v1 Azure Storage account

Buy Now
Questions 13

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a subnet named Subnet1

You deploy an instance of Azure Application Gateway v2 named AppGw1 to Subnet1. You create a network security group (NSG) named NSG1 and link NSG1 to Subnet1.

You need to ensure that AppGw1 will only load balance traffic that originates from VNet1. The solution must minimize the impact on the functionality of AppGw1.

What should you add to NSG1?

Options:

A.

an outbound rule that has a priority 100 and blocks all internet traffic

B.

an outbound rule that has a priority of 4096 and blocks all internet traffic

C.

an inbound rule that has a priority of 4096 and blocks all internet traffic

D.

an inbound rule that has a priority of 100 and blocks all internet traffic

Buy Now
Questions 14

You have an Azure Private Link service named PL1 that uses an Azure load balancer named LB1. You need to ensure that PL1 can support a higher volume of outbound traffic. What should you do?

Options:

A.

Redeploy LB1 with a different SKU.

B.

Increase the number of NAT IP addresses assigned to PL1.

C.

Deploy an Azure Application Gateway v2 instance to the source NAT subnet.

D.

Increase the number of frontend IP configurations for LB1.

Buy Now
Questions 15

Task 3

You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.

You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.

Options:

Buy Now
Questions 16

You have an Azure subscription that contains an Azure key vault named Vaultl and an app registration for an Azure AD app named App1.

You have a DNS domain named contoso.com that is hosted by a third-party DNS provider.

You plan to deploy App1 by using Azure App Service. App1 will have the following configurations:

• App1 will be hosted across five App Service apps.

• Users will access App1 by using a URL of https://app1.contoso.com.

• The user traffic of App1 will be managed by using Azure Front Door.

• The traffic between Front Door and the App Service apps will be sent by using HTTP.

• App1 will be secured by using an SSL certificate from a third-party certificate authority (CA).

You need to support the Front Door deployment.

Which two DNS records should you create, and to where should you import the SSL certificate for App1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 16

Options:

Buy Now
Questions 17

Task 9

You plan to use VNET4 for an Azure API Management implementation.

You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.

Options:

Buy Now
Questions 18

Task 6

You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com.

You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de contoso.com. All other traffic must be routed to ny.contoso.com.

Options:

Buy Now
Questions 19

Task 11

You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.

The on-premises network has the following configurations:

• Internal address range: 10.10.0.0/16.

• Firewall 1 internal IP address: 10.10.1.1.

• Firewall1 public IP address: 131.107.50.60.

BGP is NOT used.

You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.

Options:

Buy Now
Questions 20

You have an Azure subscription that contains 100 network security groups (NSGs).

You need to ensure that you log the application of specific NSG rules.

Which type of log should you configure?

Options:

A.

flow log

B.

activity log

C.

Azure resource log

D.

audit log

Buy Now
Questions 21

Task 7

You plan to deploy 100 virtual machines to subnet4-1. The virtual machines will NOT be assigned a public IP address. The virtual machines will call the same API. which is hosted by a third party. The virtual machines will make more than 10,000 calls per minute to the API.

You need to minimize the risk of SNAT port exhaustion. The solution must minimize administrative effort.

Options:

Buy Now
Questions 22

Task 3

You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.

Options:

Buy Now
Questions 23

Task 4

You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.

Options:

Buy Now
Questions 24

You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.

What should you include in the solution?

Options:

A.

a service endpoint

B.

Azure Front Door

C.

a private endpoint

D.

Azure Traffic Manager

Buy Now
Questions 25

You need to implement a P2S VPN for the users in the branch office. The solution must meet the hybrid networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 25

Options:

Buy Now
Questions 26

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

Options:

A.

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

B.

a user-defined route assigned to GatewaySubnet in Vnet1

C.

BGP route exchange

D.

route filters

Buy Now
Questions 27

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-700 Question 27

Options:

Buy Now
Questions 28

ESTION NO: 1

You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.

What should you use to configure the default route?

Options:

A.

route filters

B.

BGP route exchange

C.

a user-defined route assigned to GatewaySubnet in Vnet1

D.

a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

Buy Now
Questions 29

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.

Which connectivity method should you use?

Options:

A.

a service endpoint

B.

a private endpoint

C.

Azure Firewall

D.

Azure Front Door

Buy Now
Questions 30

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.

What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 30

Options:

Buy Now
Questions 31

You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 31

Options:

Buy Now
Questions 32

You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet the hybrid connectivity requirements and the business requirements.

Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-700 Question 32

Options:

Buy Now
Questions 33

You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.

Which two actions should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

On the peerings from Vnet2 and Vnet3, select Use remote gateways.

B.

On the peering from Vnet1, select Allow forwarded traffic.

C.

On the peering from Vnet1, select Use remote gateways.

D.

On the peering from Vnet1, select Allow gateway transit.

E.

On the peerings from Vnet2 and Vnet3, select Allow gateway transit.

Buy Now
Questions 34

You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 34

Options:

Buy Now
Questions 35

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains the following resources:

* A virtual network named Vnet1

* A subnet named Subnet1 in Vnet1

* A virtual machine named VM1 that connects to Subnet1

* Three storage accounts named storage1, storage2, and storage3

You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.

Solution: You create a network security group (NSG) and associate the NSG to Subnet1.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 36

You have a website that uses an FQDN of www.contoso.com. The DNS record tor www.contoso.com resolves to an on-premises web server.

You plan to migrate the website to an Azure web app named Web1. The website on Web1 will be published by using an Azure Front Door instance named ContosoFD1.

You build the website on Web1.

You plan to configure ContosoFD1 to publish the website for testing.

When you attempt to configure a custom domain for www.contoso.com on ContosoFD1, you receive the error message shown in the exhibit.

AZ-700 Question 36

You need to test the website and ContosoFD1 without affecting user access to the on-premises web server.

Which record should you create in the contoso.com DNS domain?

Options:

A.

a CNAME record that maps www.contoso.com to ContosoFD1.azurefd.net

B.

a CNAME record that maps www.contoso.com to Web1.contoso.com

C.

a CNAME record that maps afdverify.www.contoso.com to ContosoFD1.azurefd.net

D.

a CNAME record that maps afdverify.www.contoso.com to afdverify.ContosoFD1.azurefd.net

Buy Now
Questions 37

You need to manage connectivity from NYCNet to the Azure services that use private endpoints. The solution must meet the security requirements. What should you do first?

Options:

A.

Add a route table to SUBNET-PL

B.

Enable a network policy for SUBNET-PE.

C.

From Azure Virtual Network Manager, create a security admin configuration.

D.

From Azure Viitual Network Manager, create a network group that has Member type set to Subnet

Buy Now
Questions 38

You need to configure connectivity between NYCNet and SFONet. The solution must meet the connectivity requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

AZ-700 Question 38

Options:

Buy Now
Questions 39

You need to configure the P2S VPN to meet the connectivity requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 39

Options:

Buy Now
Questions 40

You need to configure APPGW1 to support end-to-end encryption. The solution must meet the security requirements. What should you do?

Options:

A.

From the SSL settings, upload a TLS client certificate that is issued by the internal root CA and includes the full certificate chain.

B.

From the Backend settings, upload a wildcard TLS certificate that has a private key issued by the internal root CA

C.

From the Backend settings, upload the internal root CA certificate.

D.

From the SSL settings, upload a TLS client certificate that is issued by the internal root CA.

Buy Now
Questions 41

You need to identify which IP address space to allocate for the planned deployment of PRDNS1 to HubVNet and SpokeVNet. The solution must meet the general requirements

What should you identify for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

AZ-700 Question 41

Options:

Buy Now
Questions 42

You ate configuring the DNS forwarding luleset for DNSR1

You need to configure the destination IP address for azure.proseware.com and for corp.proseware.com. The solution must meet the general requirements.

Which IP addiesses should you configure for each namespace? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 42

Options:

Buy Now
Questions 43

You need to configure FD1 to provide user access to app2.proseware.com. The solution must meet the security requirements and the general requirements.

What should you do first?

Options:

A.

Add a custom domain to FD1.

B.

Add a security policy to FD1.

C.

Request a certificate from a trusted root CA.

D.

Export the TLS certificate and the private key from App2.

Buy Now
Questions 44

You need to deploy Azure Virtual Network Manager. The solution must support the planned changes and meet the connectivity requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-700 Question 44

Options:

Buy Now
Questions 45

You need to configure a custom rule for APPGWI-WAFPolicy to allow only connections that originate from FD1. The solution must support the planned changes.

Which Match type and Match variable should you select?

Options:

A.

String and RequestCookies

B.

IP address and RemoteAddr

C.

String and RequestHeaders

D.

Geo location and RemoteAddr

Buy Now
Questions 46

You need to configure a security rule for APPGW1-NSG1. The solution must support the planned changes. Which service tag should you use?

Options:

A.

AzureFrontDoor.FirstParty

B.

AzureFrontDoor.Infra

C.

AzureFrontDoor.Backend

D.

AzureFrontDoor.Frontend

Buy Now
Questions 47

You need to plan the deployment of LBGW1. The solution must support the planned changes.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 47

Options:

Buy Now
Questions 48

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 48

Options:

Buy Now
Questions 49

You need to meet the network security requirements for the NSG flow logs.

Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 49

Options:

Buy Now
Questions 50

In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 50

Options:

Buy Now
Questions 51

You are implementing the virtual network requirements for VM Analyze.

What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 51

Options:

Buy Now
Questions 52

You are implementing the Virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-700 Question 52

Options:

Buy Now
Questions 53

You create NSG10 and NSG11 to meet the network security requirements.

For each of the following statements, select Yes it the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-700 Question 53

Options:

Buy Now
Questions 54

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-700 Question 54

Options:

Buy Now
Exam Code: AZ-700
Exam Name: Designing and Implementing Microsoft Azure Networking Solutions
Last Update: Mar 28, 2025
Questions: 295

PDF + Testing Engine

$52.5  $174.99

Testing Engine

$40.5  $134.99
buy now AZ-700 testing engine

PDF (Q&A)

$34.5  $114.99
buy now AZ-700 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 02 Apr 2025