AZ-700 Online Practice Questions and Answers

Correct Answer: A

Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview

Correct Answer: C

Correct Answer: B

As per MS guidelines *Region: Select a region for your connection monitor. You can select only the source VMs that are created in this region. Here you see only VMs or Virtual Machine Scale Sets that are bound to the region that you specified when you created the connection monitor. By default, VMs and Virtual Machine Scale Sets are grouped into the subscription that they belong to

* Destination can be anywhere as per this Destinations: You can monitor connectivity to an Azure VM, an on-premises machine, or any endpoint (a public IP, URL, or FQDN) by specifying it as a destination. In a single test group, you can add Azure VMs, on-premises machines, Office 365 URLs, Dynamics 365 URLs, and custom endpoints. https://learn.microsoft.com/en-us/azure/network-watcher/connection-monitor-create-using-portal

Correct Answer: D

Correct Answer(s):

Use Azure Traffic Manager - Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.

Traffic Manager improves application responsiveness by directing traffic to the endpoint with the lowest network latency for the client.

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

Wrong Answers:

Use Azure Application Gateway - Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Application Gateway cannot distribute traffic based on network latency.

Use Azure Monitor - Azure Monitor delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It is not a load balancer.

Use Azure Security Centre - Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in

the cloud. It is not a load balancer.

Correct Answer: A

Correct Answer(s):

IP flow verify - The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if

the connection succeeds or fails.

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Wrong Answers:

Next hop -- Next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent nowhere.

Packet capture --Packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine.

Security group view --Using Effective security rules view, you can assess a VM for network vulnerabilities such as open ports.

Traffic Analytics It provides visibility into user and application activity in cloud networks.

Correct Answer: C

Application Gateway uses one private IP address per instance, plus another private IP address if a private frontend IP is configured. https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet

Correct Answer: A

wsrudmen Highly Voted 1 year ago Selected Answer: A Azure Service Endpoint provides secure and direct connectivity to Azure PaaS services over an optimized route over the Azure backbone network. Traffic still left your VNet and hit the public endpoint of PaaS service. ==> Then it can't meet the goal because of the public IP

Azure Private Link (or Private Endpoint) allows you to access Azure PaaS services over Private IP address within the VNet. It's then OK

Correct Answer:

Box 1: Yes

NVA1 with IP (NVA-network virtual appliance) 192.168.0.4 is on the DMZ subnet. It will use route 10.0.0.0/16 to the on-premises network.

Box 2: No

VM2 has IP address 192.168.2.4 and is on the BackEnd subnet. VM2 will not use the RT1 route table, and will not reach the on-premises network through NVA1.

Box 3: Yes

VM1 with IP address 192.168.1.4 is on the FrontEnd subnet, and will use the RT1 routing table. It will use Route2 and Next Hop IP address 192.168.0.4, IP address of NVA1, to reach VM2.

Correct Answer:

Box 1: No

VM1, which is hosting site1.contoso.com, is located in East US. The VM1 endpoint status is degraded. Endpoint monitoring health checks are failing. The endpoint isn't included in DNS responses and doesn't receive traffic.

When an endpoint has a Degraded status, it's no longer returned in response to DNS queries. Instead, an alternative endpoint is chosen and returned. The traffic-routing method configured in the profile determines how the alternative

endpoint is chosen.

Priority. Endpoints form a prioritized list. The first available endpoint on the list is always returned. If an endpoint status is Degraded, then the next available endpoint is returned.

The user will connect to site2.us.contoso.com instead.

Box 2: No

VM3, which is hosting site2.contoso.com, is located in in East US. The VM3 endpoint status is CheckingEndpoint. The endpoint is monitored, but the results of the first probe haven't been received yet. CheckingEndpoint is a temporary state

that usually occurs immediately after adding or enabling an endpoint in the profile. An endpoint in this state is included in DNS responses and can receive traffic.

User will connect to site2.contoso.com, not to site2.uk.contoso.com

Box 3: No

VM3, which is hosting site2.contoso.com, is located in in East US. The VM1 endpoint status is CheckingEndpoint, which is OK (see above).

User will connect to site2.contoso.com, not to site2.japan.contoso.com

Reference:

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring

Correct Answer:

VM5 is in VNET3 and VNET3 isn't linked to the fabrikam.com private DNS zone. This means it won't be able to resolve anything in that private DNZ zone until it is linked.