QUESTION: 21 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

Your company has an office in New York.

The company has an Azure subscription that contains the virtual networks shown in the following table.

You need to connect the virtual networks to the office by using ExpressRoute. The solution must meet the following requirements:

The connection must have up to 1 Gbps of bandwidth.

The office must have access to all the virtual networks.

Costs must be minimized.

How many ExpressRoute circuits should be provisioned, and which ExpressRoute SKU should you enable?

one ExpressRoute Premium circuit
two ExpressRoute Premium circuits
four ExpressRoute Standard circuits
one ExpressRoute Standard circuit

Answer(s): A

Explanation:

One SKU Premium required.
Azure ExpressRoute offers three different circuit SKUs, known as Local, Standard, and Premium, which provide varying degrees of connectivity scope.
Standard: a Standard SKU ExpressRoute circuit provides connectivity to resources in all Azure regions in a geopolitical area. Under this scenario, the on-premises network in London can connect to resources and access Azure's cloud services hosted in regions such as West Europe (Amsterdam, Netherlands) and France Central (Paris, France) through ExpressRoute
Premium: a Premium SKU ExpressRoute circuit facilitates connectivity to resources and cloud services globally across all Azure regions. Specifically, this global connectivity is delivered over the Microsoft core network. In this case, the on-premises network in London can link a virtual network created in West Europe (Amsterdam, Netherlands) to an Azure ExpressRoute circuit created in Japan East (Tokyo, Japan)

Reference:

https://dgtlinfra.com/azure-expressroute-benefits-pricing-providers-locations/

Show Answer Next Question

QUESTION: 22 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

You have an Azure subscription that contains a virtual network.

You plan to deploy an Azure VPN gateway and 90 Site-to-Site VPN connections. The solution must meet the following requirements:

Ensure that the Site-to-Site VPN connections remain available if an Azure datacenter fails.

Minimize costs.

Which gateway SKU should you specify?

VpnGw1AZ
VpnGw2AZ
VpnGw4AZ
VpnGw5AZ

Answer(s): C

Explanation:

VpnGw4AZ supports 90 Site-to-Site VPN connections at a lower cost than VpnGw5AZ.
VpnGw1AZ, VpnGw2AZ, and VpnGw4AZ supports max 30.
Gateway SKUs by tunnel, connection, and throughput

Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

Show Answer Next Question

QUESTION: 23 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

You have an Azure subscription that contains the resources shown in the following table.

You create a virtual network named Vnet2 in the West US region.

You plan to enable peering between Vnet1 and Vnet2.

You need to ensure that the virtual machines connected to Vnet2 can connect to VM1 and VM2 via LB1.

What should you do?

From the Peerings settings of Vnet2, set Traffic forwarded from remote virtual network to Allow.
Change the Floating IP configurations of LB1.
From the Peerings settings of Vnet1, set Traffic forwarded from remote virtual network to Allow.
Change the SKU of LB1.

Answer(s): D

Explanation:

What are the constraints related to Global VNet Peering and Load Balancers? If the two virtual networks in two different regions are peered over Global VNet Peering, you cannot connect to resources that are behind a Basic Load Balancer through the Front End IP of the Load Balancer. This restriction does not exist for a Standard Load Balancer.
Note: The following resources can use Basic Load Balancers which means you cannot reach them through the Load Balancer's Front End IP over Global VNet Peering. You can however use Global VNet peering to reach the resources directly through their private VNet IPs, if permitted.
VMs behind Basic Load Balancers
Virtual machine scale sets with Basic Load Balancers
Redis Cache
Application Gateway (v1) SKU
Service Fabric
API Management (stv1)
Active Directory Domain Service (ADDS)
Logic Apps
HDInsight
Azure Batch
App Service Environment
You can connect to these resources via ExpressRoute or VNet-to-VNet through VNet Gateways.

Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#what-are-the- constraints-related-to-global-vnet-peering-and-load-balancers

Show Answer Next Question

QUESTION: 24 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

DRAG DROP (Drag and Drop is not supported)

Your on-premises network contains an Active Directory Domain Services (AD DS) domain named contoso.com that has an internal certification authority (CA).

You have an Azure subscription.

You deploy an Azure application gateway named AppGwy1 and perform the following actions:

Configure an HTTP listener

Associate a routing rule with the listener

You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

See Explanation section for answer.

Answer(s): A

Explanation:

Step 1: From AppGw1, create a frontend IP configuration

Step 2: From AppGw1, create an SSL profile
Set up a listener-specific SSL policy.

To set up a listener-specific SSL policy, you'll need to first go to the SSL settings tab in the Portal and create a new SSL profile.
When you create an SSL profile, you'll see two tabs: Client Authentication and SSL Policy. The SSL Policy tab is to configure a listener-specific SSL policy. The Client Authentication tab is where to upload a client certificate(s) for mutual authentication. (Step 3)

Step 3: From an on-premises computer, upload a certificate to Appgwy1.
Configure mutual authentication
To configure an existing Application Gateway with mutual authentication, you'll need to first go to the SSL settings tab in the Portal and create a new SSL profile. (Step 2)

When you create an SSL profile, you'll see two tabs: Client Authentication and SSL Policy. The Client Authentication tab is where you'll upload your client certificate(s).

Step 4: From AppGw1, add an HTTP listener and associate the listener to the SSL profile Now that we've created an SSL profile with a listener-specific SSL policy, we need to associate the SSL profile to the listener to put the listener-specific policy in action.

1. Navigate to your existing Application Gateway. If you just completed the steps above, you don't need to do anything here.

2. Select Listeners from the left-side menu.

3. Click on Add listener if you don't already have an HTTPS listener set up. If you already have an HTTPS listener, click on it from the list.

4. Fill out the Listener name, Frontend IP, Port, Protocol, and other HTTPS Settings to fit your requirements.
(Frontend IP created in Step 1)

5. Check the Enable SSL Profile checkbox so that you can select which SSL Profile to associate with the listener.

6. Select the SSL profile you created from the dropdown list.

7. Etc.

Reference:

https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-configure-listener-specific-ssl- policy https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-portal

Show Answer Next Question

QUESTION: 25 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

SIMULATION

Username and password

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:
Lab Instance: 12345678

You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on- premises endpoint of the VPN will be created on a firewall named Firewall1.

The on-premises network has the following configuration:

internal address range: 10.10.0.0/16

Firewall1 internal IP address: 10.10.1.1

Firewall public IP address: 131.107.50.60

BGP is NOT used.

You need to create the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.

To complete this task, sign in to the Azure portal.

See Explanation section for answer.

Answer(s): A

Explanation:

Create a site-to-site VPN connection in the Azure portal
We only create a local network gateway

The local network gateway is a specific object that represents your on-premises location (the site) for routing purposes. You give the site a name by which Azure can refer to it, then specify the IP address of the on- premises VPN device to which you'll create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.

Step 1: From the Azure portal, in Search resources, services, and docs (G+/) type local network gateway. Locate local network gateway under Marketplace in the search results and select it. This opens the Create local network gateway page.

Step 2: On the Create local network gateway page, on the Basics tab, specifiy the values for your local network gateway.

* Select Endpoint type: IP address

* Endpoint: Enter 131.107.50.60 (The Firewall public IP address) (IP address: If you have a static public IP address allocated from your Internet service provider for your VPN device, select the IP address option and fill in the IP address as shown in the example. This is the public IP address of the VPN device that you want Azure VPN gateway to connect to. If you don't have the IP address right now, you can use the values shown in the example, but you'll need to go back and replace your placeholder IP address with the public IP address of your VPN device. Otherwise, Azure won't be able to connect.)
* Address Space: Enter 10.10.0.0/16 (The internal address range)

Select the endpoint type for the on-premises VPN device - IP address or FQDN (Fully Qualified Domain Name).
IP address: If you have a static public IP address allocated from your Internet service provider for your VPN device.

Step 3: On the Advanced tab, you can configure BGP settings if needed. Skip this.

Step 4: When you have finished specifying the values, select Review + create at the bottom of the page to validate the page.

Step 5: Select Create to create the local network gateway object.

Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

Show Answer Next Question

Free Microsoft AZ-700 Exam Questions (page: 6)

QUESTION: 21 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

QUESTION: 22 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

QUESTION: 23 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

QUESTION: 24 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

QUESTION: 25 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

AZ-700 Exam Discussions & Posts