QUESTION: 36 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You have an Azure subscription that contains the resources shown in the following table.

You establish BGP peering between NVA1 and Hub1.

You need to implement transit connectivity between VNet1 and VNet3 via Hub1 by using BGP peering. The solution must minimize costs.

What should you do? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Box 1: The defaultRouteTable and associate routes with the defaultRouteTable Routes from VNET1 and VNET2

Note: Association
Each connection is associated to one route table. Associating a connection to a route table allows the traffic (from that connection) to be sent to the destination indicated as routes in the route table. The routing configuration of the connection will show the associated route table. Multiple connections can be associated to the same route table. All VPN, ExpressRoute, and User VPN connections are associated to the same (default) route table.

By default, all connections are associated to a Default route table in a virtual hub. Each virtual hub has its own Default route table, which can be edited to add a static route(s). Routes added statically take precedence over dynamically learned routes for the same prefixes.

Propagation
Connections dynamically propagate routes to a route table. With a VPN connection, ExpressRoute connection, or P2S configuration connection, routes are propagated from the virtual hub to the on-premises router using BGP. Routes can be propagated to one or multiple route tables.

A None route table is also available for each virtual hub. Propagating to the None route table implies that no routes are required to be propagated from the connection. VPN, ExpressRoute, and User VPN connections propagate routes to the same set of route tables.

Box 2: User-defined routes
On VNET3 implement:

BGP peering scenarios
This section describes scenarios where BGP peering feature can be utilized to configure routing.

Transit VNet connectivity

In this scenario, the virtual hub named "Hub 1" is connected to several virtual networks. The goal is to establish routing between virtual networks VNET1 and VNET5.

Configuration steps with BGP peering

Virtual hub configuration

* On Hub 1, configure VNET2 NVA as a BGP peer. Also, configure VNET2 NVA, to have a BGP peering with Hub 1. (Already done)

* For Box 1: On Hub 1, propagate routes from connections for VNET1 and VNET2 to the defaultRouteTable, and associate them to the defaultRouteTable.
Virtual network configuration

* For Box 2: On VNET5, set up a user-defined route (UDR) to point to VNET2 NVA IP.

Incorrect:
* Route Server

* Azure VPN Gateway on a dedicated subnet

Reference:

https://learn.microsoft.com/en-us/azure/virtual-wan/about-virtual-hub-routing https://learn.microsoft.com/en-us/azure/virtual-wan/scenario-bgp-peering-hub

Show Answer Next Question

QUESTION: 37 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

You have an Azure subscription that contains an ExpressRoute Standard gateway named GW1.

You need to upgrade GW1 to support ExpressRoute FastPath. The solution must minimize downtime.

Which SKU should you use?

Ultra performance
ErGw3AZ
ErGw2AZ
High performance

Answer(s): A

Show Answer Next Question

QUESTION: 38 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

HOTSPOT (Drag and Drop is not supported)

Your on-premises network uses an IP address range of 10.1.0.0 to 10.1.255.255.

You plan to deploy a new Azure virtual network solution that will include the following elements:

A virtual network named VNet1

A Site-to-Site (S2S) VPN connection between VNet1 and the on-premises network

GatewaySubnet in VNet1, which will be used as a route-based virtual network gateway

You need to recommend which subnet masks to assign to VNet1 and GatewaySubnet. The solution must meet the following requirements:

Maximize the number of available IP addresses on VNet1.

Minimize the number of available IP addresses on GatewaySubnet.

Which address spaces should you assign to VNet1 and GatewaySubnet? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Box 1: 10.0.0.0/24
Maximize the number of available IP addresses on VNet1.

Box 2: 10.0.0.0/27
Minimize the number of available IP addresses on GatewaySubnet.

Create a gateway subnet
The virtual network gateway requires a specific subnet named GatewaySubnet. The gateway subnet is part of IP address range for your virtual network and contains the IP addresses that the virtual network gateway resources and services use.

When you create the gateway subnet, you specify the number of IP addresses that the subnet contains. The number of IP addresses needed depends on the VPN gateway configuration that you want to create. Some configurations require more IP addresses than others. It's best to specify /27 or larger (/26,/25 etc.) for your gateway subnet.

Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

Show Answer Next Question

QUESTION: 39 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

SIMULATION

Username and password

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:
Lab Instance: 12345678

You have two servers that are each hosted by a separate service provider in New York and California. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in California is accessible by using a host name of ca.contoso.com.

You need to implement an Azure solution to route users to the server that has the lowest latency. The solution must minimize costs.

To complete this task, sign in to the Azure portal.

See Explanation section for answer.

Answer(s): A

Explanation:

Azure front Door route lowest latency

Set up Azure Front Door to route user traffic based on the lowest latency between the two web app servers.
Start by adding a frontend host for Azure Front Door.

If there is already an Azure Front Door available, select it and skip phase 1. Start with phase 2. If there is already an Azure Front Door and a backpool available, select them and skip phase 1 and phase 2.
Start with phase 3.

Phase 1: Setup an Azure Front Door.

Step 1: From the home page or the Azure menu, select + Create a resource. Select Networking > Front Door and CDN profiles.

Step 2: On the Compare offerings page, select Explore other offerings. Then select Azure Front Door (classic).
Then select Continue.

Step 3: In the Basics tab of Create a Front Door page, provide or select the following information, and then select Next: Configuration.

Example:
Subscription - Select your subscription.
Resource group - Select Create new and type FrontDoorQS_rg0 in the text box.
Resource group location - Select Central US.

Step 4: In Frontends/domains, select + to open Add a frontend host page.

Step 5: For Host name, type a globally unique hostname. For example, contoso-frontend. Select Add

Next, set up a backend pool.

Step 1: Still in Create a Front Door, in Backend pools, select + to open the Add a backend pool page.

Step 2: For Name, type myBackendPool, then select Add a backend.

Step 3: Provide or select the following information in the Add a backend pane and select Add.

Example:
Backend host type - Select App service.
Subscription - Select your subscription.
Backend host name - Select the first web app you created. For example, WebAppContoso-1.

Step 4: Select Add a backend again. Provide or select the following information and select Add.

Step 5: Select Add on the Add a backend pool page to finish the configuration of the backend pool.

Phase 3: Create a routing rule

Lastly, create a routing rule. A routing rule links your frontend host to the backend pool. The rule routes a request for contoso-frontend.azurefd.net to myBackendPool.

Step 1: Still in Create a Front Door, in Routing rules, select + to set up a routing rule.

Step 2: In Add a rule, for Name, type LocationRule. Keep all the default values, then select Add to create the routing rule."

Warning
It's essential that you associate each of the frontend hosts in your Azure Front Door with a routing rule that has a default path /*. This means that you need to have at least one routing rule for each of your frontend hosts at the default path /* among all of your routing rules. Otherwise, your end-user traffic may not be routed properly.

Step 3: Select Review + create and verify the details. Then, select Create to start the deployment.

Note: Lowest latencies based traffic-routing
Deploying origins in two or more locations across the globe can improve the responsiveness of your applications by routing traffic to the destination that is 'closest' to your end users. Latency is the default traffic- routing method for your Front Door configuration. This routing method forwards requests from your end users to the closest origin behind Azure Front Door. This routing mechanism combined with the anycast architecture of Azure Front Door ensures that each of your end users gets the best performance based on their location.

The 'closest' origin isn't necessarily closest as measured by geographic distance. Instead, Azure Front Door determines the closest origin by measuring network latency.

Reference:

https://learn.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door https://learn.microsoft.com/en-us/azure/frontdoor/routing-methods

Show Answer Next Question

QUESTION: 40 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You have an Azure subscription that contains a virtual network named VNet1.

You need to implement hybrid connectivity between an on-premises network and VNet1. The solution must meet the following requirements:

All cross-premises network traffic must traverse an ExpressRoute circuit.

All cross-premises network traffic must be encrypted by using a Site-to-Site (S2S) VPN.

What should you include in the solution? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Box 1: Private
Type of ExpressRoute peering:

Configure a Site-to-Site VPN connection over ExpressRoute private peering You can configure a Site-to-Site VPN to a virtual network gateway over an ExpressRoute private peering using an RFC 1918 IP address. This configuration provides the following benefits:

Traffic over private peering is encrypted.

Point-to-site users connecting to a virtual network gateway can use ExpressRoute (via the Site-to-Site tunnel) to access on-premises resources.

It's possible to deploy Site-to-Site VPN connections over ExpressRoute private peering at the same time as Site-to-Site VPN connections via the Internet on the same VPN gateway.

Box 2: A more specific prefixes on the VPN BGP session than the ExpressRoute BGP session. Prefixes to advertise for the ExpressRoute and VPN connections

Traffic from on-premises networks to Azure
For traffic from on-premises networks to Azure, the Azure prefixes are advertised via both the ExpressRoute private peering BGP, and the VPN BGP if BGP is configured on your VPN Gateway. The result is two network routes (paths) toward Azure from the on-premises networks.

Traffic from Azure to on-premises networks
The same requirement applies to the traffic from Azure to on-premises networks. To ensure that the IPsec path is preferred over the direct ExpressRoute path (without IPsec), you have two options:

*-> Advertise more specific prefixes on the VPN BGP session for the VPN-connected network. You can advertise a larger range that encompasses the VPN-connected network over ExpressRoute private peering, then more specific ranges in the VPN BGP session. For example, advertise 10.0.0.0/16 over ExpressRoute,

and 10.0.1.0/24 over VPN.

* Advertise disjoint prefixes for VPN and ExpressRoute. If the VPN-connected network ranges are disjoint from other ExpressRoute connected networks, you can advertise the prefixes in the VPN and ExpressRoute BGP sessions respectively.

Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/site-to-site-vpn-private-peering

Show Answer Next Question

Free Microsoft AZ-700 Exam Questions (page: 9)

QUESTION: 36 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

QUESTION: 37 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

QUESTION: 38 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

QUESTION: 39 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

QUESTION: 40 Exam Topic: Design, implement, and manage connectivity services (Testlet 3)

Explanation:

Reference:

AZ-700 Exam Discussions & Posts