You have an Azure subscription that contains a dual-stack virtual network named VNet1. VNet1 has the following IP address sp aces:
• IPv4:192.168.0.0/24
• IPv6: fd0adbftdeca: deed: y48
You plan to deploy an Azure VPN gateway and multiple virtual machines to VNet1.
You need to configure the subnet masks for VNet1. The solution must meet the following requirements:
• Maximize the number of usable IP addresses.
• Support the deployment of the VPN gateway and the virtual machines.
Which subnet mask should you use for each address space? To answer, select the appropriate options in the answer area.
NOTE: Each corre ct selection is worth one point.
You have an Azure virtual network that contains two subnets named Subnet1 and Subnet2. Subnet1 contains a virtual machine named VM1. Subnet2 contains a virtual machine named VM2.
You have two network security groups (NSGs) named NSG1 and NSG2. NSG1 has 100 inbound security rules and is associated to VM1. NSG2 has 200 inbound security rules and is associated to Subnet1.
VM2 cannot connect to VM1.
You suspect that an NSG rule blocks connectivity.
You need to identify which rule blocks the connection. The issue must be resolved as quickly as possible.
Which Azure Network Watcher feature should you use?
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.
You configure the listener for HTTPS by uploading an enterprise signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1. What should you do?
You have two Azure virtual networks named VNet1 and VNet2 that are peered with each other. VNet1 hosts 10 virtual machines that contain web servers. VNet2 hosts five virtual machines that contain database servers.
You need to configure a security solution that meets the following requirements:
• Ensures that the database servers can accept connections only from the web servers
• Ensures that the web servers can initiate connections only to the database servers
• Ensures that all network security groups (NSGs) are associated only with subnets
• Use application security groups to implement the solution
What is the minimum number of application security groups required?
You have an on-premises network
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains an ExpressRoute gateway named Gateway 1.
You need to implement an ExpressRoute solution from a third-party provider named Fabrikam, Inc. The solution must ensure that devices on the on-premises network can connect to the Azure resources on VNet1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have two Azure App Service instances that host the web apps shown the following table.
You deploy an Azure application gateway that has one public frontend IP address and two backend pools.
You need to publish all the web apps to the application gateway. Requests must be routed based on the HTTP host headers.
What is the minimum number of listeners and routing rules you should configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an Azure application gateway named AG1 and two Azure App Service apps named App1 and App2 that have the following configurations:
• Both apps are accessible by using HTTP and HTTPS.
• HTTP host headers are used to route requests to the appropriate apps.
• Both apps are hosted in a single App Service Environment in the West Europe Azure region.
You need to publish the apps by using AG1. The solution must ensure that AG1 provides both HTTP and HTTPS access.
What is the minimum number of resources required for AG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the virtual machines shown in the following table.
Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:
Priority: 100
Port: Any
Protocol: Any
Source: Any
Destination: Storage
Action: Deny
You create a private endpoint that has the following settings:
Name: Private1
Resource type: Microso ft.Storage/storageAccounts
Resource: storage1
Target sub-resource: blob
Virtual network: Vnet1
Subnet: Subnet1
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point .
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that the virtual machines can access storage1, storage2, and DB1 by using service endpoints.
What is the minimum number of service endpoints you should create?
You have an Azure subscription
You plan to use Azure Virtual WAN.
You need to deploy a virtual WAN hub that meets the following requirements:
• Supports 4 Gbps of Site-to-Site (S2S) VPN traffic
• Supports 8 Gbps of ExpressRoute traffic
• Minimizes costs
How many scale units should you configure? To answer select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
