Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
ServiceNow®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-700

AZ-700: Designing and Implementing Microsoft Azure Networking Solutions
Free Practice Exam Questions (page: 12)
Updated On: 2-Jan-2026

Page 12 of 75
PDF with 369 Questions
View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You have an Azure subscription. The subscription contains 500 virtual machines that run either Windows 11 or Linux.

You need to identify which Linux virtual machines are accessible from the internet. The solution must minimize administrative effort.

What should you use, and what should you configure? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Cloud Security Explorer in Microsoft Defender for Cloud Use

Microsoft Defender for Cloud, Build queries with cloud security explorer With the cloud security explorer, you can query all of your security issues and environment context such as assets inventory, exposure to internet, permissions, and lateral movement between resources and across multiple clouds (Azure AWS, and GCP).¨

Box 2: Agentless scanning for machines in Microsoft Defender for Cloud Configure
Microsoft Defender for Cloud improves compute posture for Azure, AWS and GCP environments with machine scanning. For requirements and support, see the compute support matrix in Defender for Cloud.

Agentless scanning for virtual machines (VM) provides:

*-> Broad, frictionless visibility into your software inventory using Microsoft Defender Vulnerability Management. Deep analysis of operating system configuration and other machine meta data. Vulnerability assessment using Defender Vulnerability Management. Secret scanning to locate plain text secrets in your compute environment. Threat detection with agentless malware scanning, using Microsoft Defender Antivirus.

Incorrect:

* A discovery group in Microsoft Defender External Attack Surface Management (Defender EASM) Discovered assets are indexed and classified in your Defender EASM Inventory, providing a dynamic record of all web infrastructure under the organization's management. Assets are categorized as recent (currently active) or historic, and can include web applications, third party dependencies, and other asset connections.

Discovery groups
Custom discoveries are organized into discovery groups. They're independent seed clusters that comprise a single discovery run and operate on their own recurrence schedules. You organize your discovery groups to delineate assets in whatever way best benefits your company and workflows. Common options include organizing by the responsible team or business unit, brands, or subsidiaries.

* An inventory filter in Microsoft Defender External Attack Surface Management (Defender EASM) Defender EASM inventory filters
Filtering helps you find specific subsets of inventory assets based on selected parameters. This article outlines each filter and operator and provides guidance on input options that yield the best results. It also explains how to save queries for easy accessibility to the filtered results.


Reference:

https://learn.microsoft.com/en-us/azure/defender-for-cloud/how-to-manage-cloud-security-explorer https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection https://learn.microsoft.com/en-us/azure/external-attack-surface-management/inventory-filters



View Related Case Study

You have an instance of Azure Web Application Firewall (WAF) on Azure Front Door.

You plan to create a WAF rule that will block high rates of requests from a single IP address.

You need to query Log Analytics to identify the optimal threshold for the rule.

Which table should you query in Log Analytics?

  1. AZFWThreatIntel
  2. AzureDiagnostics
  3. SecurityDetection
  4. AGWFirewallLogs

Answer(s): B

Explanation:

Queries for the AzureDiagnostics table
Examples:
[Azure Front Door Standard/Premium] Unique IP request count
Show unique IP request count.
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorAccessLog" | summarize dcount(clientIp_s) by bin(TimeGenerated, 1h)
| render timechart
[Azure Front Door Standard/Premium] Firewall request count by host, path, rule, and action Count firewall processed requests by host, path, rule, and action taken. Summarize request count by host, path, rule, and action.

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.CDN" and Category == "FrontDoorWebApplicationFirewallLog" | extend ParsedUrl = parseurl(requestUri_s)
| summarize RequestCount = count() by Host = tostring(ParsedUrl.Host), Path = tostring(ParsedUrl.Path), RuleName = ruleName_s, Action = action_s, ResourceId
| order by RequestCount desc


Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/reference/queries/azurediagnostics



View Related Case Study

DRAG DROP (Drag and Drop is not supported)

Your on-premises network contains two subnets named Subnet and Subnet2. Subnet2 contains a Hyper-V host that contains two virtual machines named VM1 and VM2. VM1 and VM2 are connected to Subnet2.

You have an Azure virtual network named VNet1 that contains GatewaySubnet and a subnet named VSubnet1. VNet1 is connected to the on-premises network by using a Site-to-Site (S2S) VPN connection.

You plan to migrate VM1 to VNet1 and maintain the existing IP address of VM1. VM2 will remain on Subnet2.

You need to prepare the environment to ensure that VM1 can communicate with VM2 once the migration is complete.

Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Extend your on-premises subnets into Azure using extended network for Azure Extended network for Azure enables you to stretch an on-premises subnet into Azure to let on-premises virtual machines keep their original on-premises private IP addresses when migrating to Azure.

The network is extended using a bidirectional VXLAN tunnel between two Windows Server 2019 VMs acting as virtual appliances, one running on-premises and the other running in Azure, each also connected to the subnet to be extended. Each subnet that you are going to extend requires one pair of appliances. Multiple subnets can be extended using multiple pairs.

Note
Extended network for Azure should only be used for machines that cannot have their IP address changed when migrating to Azure. It is always better to change the IP address and connect it to a subnet that wholly exists in Azure, if that is an option.

Step 1: To VNET1, add a subnet named VSubnet2 that uses the same address range as Subnet2.

Add

Configuration in Azure
Before you use Windows Admin Center, you must perform the following steps through the Azure Portal:

1. Create a Virtual network in Azure that contains at least two subnets, in addition to subnets required for your gateway connection. One of the subnets you create must use the same subnet CIDR as the on-premises subnet you want to extend [Step 1]. The subnet must be unique within your routing domain so that it does not overlap with any on-premises subnets.

2. Configure a virtual network gateway to use a site-to-site or ExpressRoute connection to connect the virtual network to your on-premises network.

Step 2: Deploy an Azure Virtual machine that runs Windows Server 2022 Azure Edition and has two NICs connected to VSubnet1 and VSubnet2.

3. Create a Windows Server 2022 Azure Edition VM in Azure that is capable of running nested virtualization. This is one of your two virtual appliances. Connect the primary network interface to the routable subnet, and the second network interface to the extended subnet. [Step 2]

Note
Extended network for Azure requires Windows Server 2022 Azure Edition for the VM that is running in Azure.

Step 3: Install the Hyper-V server role in the Azure virtual machine.
4. Start the VM, enable the Hyper-V role, and reboot. [Step 3]

5. Create two external virtual switches in the VM and connect one to each of the network interfaces. For example:

New-VMSwitch -Name "External" -AllowManagementOS $true -NetAdapterName "Ethernet" New-VMSwitch -Name "Extended" -AllowManagementOS $true -NetAdapterName "Ethernet 2"

Step 4: Create external Hyper-V virtual switches
On-premises configuration
You must also perform some manual configuration in your on-premises infrastructure, including creating a VM to serve as the on-premises virtual appliance:

1. Make sure the subnets are available on the physical machine where you will deploy the on-premises VM (virtual appliance). This includes the subnet you want to extend and a second subnet that is unique and doesn't overlap with any subnets in the Azure virtual network.

2. Create a Windows Server 2019 or 2022 VM on any hypervisor that supports nested virtualization. This is the on-premises virtual appliance. We recommend that you create this as a highly available VM in a cluster. Connect a virtual network adapter to the routable subnet and a second virtual network adapter to the extended subnet.

3. Start the VM, then run this command from a PowerShell session in the VM to enable the Hyper-V role, and restart the VM.

--> 4. Run the following commands in a PowerShell session in the VM to create two external virtual switches in the VM and connect one to each of the network interfaces: [Step 4]

New-VMSwitch -Name "External" -AllowManagementOS $true -NetAdapterName "Ethernet" New-VMSwitch -Name "Extended" -AllowManagementOS $true -NetAdapterName "Ethernet 2"

Step 5: Extend the IP address space of VNet1 to include the IP address range of Subnet2 VM1 is in Subnet2, not in Subnet1.

Deploy extended network for Azure

1. Click Set up to begin the configuration.

2. Click Next to proceed past the Overview.

3. On the Upload Package panel, you will need to download the extended network for Azure agent package and upload it to the virtual appliance. Follow the instructions on the panel.

4. Select the Subnet CIDR of the on-premises network that you want to extend. The list of subnets is read in from the virtual appliance. If you have not connected the virtual appliance to the correct set of subnets, you will not see the desired subnet CIDR in this list.

5. Click Next after selecting the Subnet CIDR.

6. Select the subscription, resource Group and virtual network that you are extending into:



7. The region (Azure location) and subnet are selected automatically. Select Next: Extended-Network Gateway Setup to proceed.

8. Etc.

Incorrect:
* Extend the IP address space of VNet1 to include the IP address range of Subnet1


Reference:

https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended- network



View Related Case Study

You have an on-premises datacenter named Site1 that contains a firewall named FW1. FW1 connects to the internet.

You have an Azure subscription that contains the resources shown in the following table.



You plan to connect Site1 to Hub1 by using a site-to-site connection.

You need to configure the site-to-site connection to FW1.

What should you create in VWAN1?

  1. a VPN site
  2. a virtual network connection
  3. a network virtual appliance (NVA)
  4. a User VPN configuration

Answer(s): A

Explanation:

Create a site-to-site connection using Azure Virtual WAN



Create a site
In this section, you create a site. Sites correspond to your physical locations. Create as many sites as you need. These sites contain your on-premises VPN device endpoints.
For example, if you have a branch office in NY, a branch office in London, and a branch office in LA, you'd create three separate sites. You can create up to 1000 sites per virtual hub in a virtual WAN. If you have multiple virtual hubs, you can create 1000 per each virtual hub.
If you have a Virtual WAN partner CPE device, check with them to learn about their automation to Azure.
Typically, automation implies a simple click experience to export large-scale branch information into Azure, and setting up connectivity from the CPE to Azure Virtual WAN VPN gateway.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal



View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You have an on-premises network.

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. VNet1 is peered with VNet2.

The on-premises network is connected to VNet1 by using an ExpressRoute circuit named Circuit1.

You need to recommend a solution to improve the routing performance between the on-premises network and the virtual networks. The solution must minimize costs.

Which configurations should you recommend? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: ExpressRoute Global Reach
Configure the ExpressRoute route to use:

For optimal routing performance when connecting an on-premises network to two peered Azure virtual networks via ExpressRoute, ExpressRoute Global Reach is the best suited option. This feature allows for seamless connectivity between on-premises networks connected to different ExpressRoute circuits, enabling efficient traffic flow between your on-premises network and both peered Azure VNets.

Box 2: Connect Vnet2 directly to Circuit1.
For the virtual networks:

With ExpressRoute Global Reach, two connections are needed when linking an on-premises network to two peered Azure virtual networks. Each connection is established between the on-premises network and a specific ExpressRoute circuit, which in turn is linked to a peered Azure virtual network.


Reference:

https://learn.microsoft.com/en-us/azure/expressroute/expressroute-global-reach



Viewing page 12 of 75
Viewing questions 56 - 60 out of 369 questions



Post your Comments and Discuss Microsoft AZ-700 exam prep with other Community members:

AZ-700 Exam Discussions & Posts