Topic 3, Mix Questions
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
A.
an allow rule that has the IP address range of Vnet1 as the source and destination of Sq1.EastUS
B.
a deny rule that has a source of VirtualNetwork and a destination of Sq1
C.
a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
D.
a deny rule that has the IP address range of Vnet1 as the source and destination of Storage
a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
a deny rule that has the IP address range of Vnet1 as the source and destination of Storage
Your on-premises network contains a VPN device.
You have an Azure subscription that contains a virtual network and a virtual network gateway.
You need to create a Site-to-Site VPN connection that has a custom cryptographic policy.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the public IP addresses shown in the following table.
You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1?
A.
IP3 and IP5 only
B.
IP5 only
C.
IP1, IP3, and IP5 only
D.
IP3 only
E.
IP2 and IP4 only
IP3 only
You have an Azure subscription that contains the Azure app service web apps show in the following table:
You need to deploy Azure Traffic Manager. The solution must meet the following requirements:
• Traffic to https//www.fabrikam.com must be directed to App1eu.
• If App1eu becomes unresponsive, all the traffic to https://www.fabrikam.com must be directed to App1us. You need to implement Traffic Manager to meet the requirements.
Which two resources should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A.
a Traffic Manager profile that uses the priority routing method
B.
a Traffic Manager profile that uses the geographic routing method C a CNAME record in a DNS domain named fabrikam.com
C.
a TXT record in a DNS domain named tabrikam.com
D.
a real user measurements key in Traffic Manager
a Traffic Manager profile that uses the priority routing method
a TXT record in a DNS domain named tabrikam.com
You have an Azure subscription. The subscription contains virtual machines that host websites as shown in the following table.
You have the Azure Traffic Manager profiles shown in the following table.
You have the endpoints shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise select No.
NOTE: Each connect selection is worth one point.
You have an Azure subscription that contains an Azure Firewall Premium policy named FWP1.
To FWP1, you plan to add the rule collections shown in the following table.
Which priority should you assign to each rule collection? To answer, drag the appropriate priority values to the correct rule collections- Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAFT.
You need to configure a rate limit for incoming requests to AFD1. Solution: You configure a custom rule for WAF1.
Does this meet the goal?
A.
Yes
B.
No
Yes
You have an Azure subscription that contains the virtual networks shown in the following table.
You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region. To which virtual networks can you deploy AF1?
A.
Vnet1 only
B.
Vnet1 and Vnet2 only
C.
Vnet1, Vnet2, and Vnet4 only
D.
Vnet1 and Vnet4 only
E.
Vnet1, Vnet2. Vnet3, and Vnet4
Vnet1 only
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.
You have a network security group (NSG) named NSG1 associated to each subnet.
When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.
You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:
• Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.
• Minimize changes to NSG1 when a new subnet is created.
What should you use as the destination in the inbound security rule?
A.
a virtual network
B.
an IP address
C.
an application security group
D.
a service tag
an application security group
You have an Azure subscription that contains a single virtual network and a virtual network gateway.
You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD).
What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Page 6 out of 19 Pages |
Previous |