Our team of highly skilled and experienced professionals is dedicated to delivering up-to-date and precise study materials in PDF format to our customers. We deeply value both your time and financial investment, and we have spared no effort to provide you with the highest quality work. We ensure that our students consistently achieve a score of more than 95% in the Microsoft AZ-700 exam. You provide only authentic and reliable study material. Our team of professionals is always working very keenly to keep the material updated. Hence, they communicate to the students quickly if there is any change in the AZ-700 dumps file. The Microsoft AZ-700 exam question answers and AZ-700 dumps we offer are as genuine as studying the actual exam content.
24/7 Friendly Approach:
You can reach out to our agents at any time for guidance; we are available 24/7. Our agent will provide you information you need; you can ask them any questions you have. We are here to provide you with a complete study material file you need to pass your AZ-700 exam with extraordinary marks.
Quality Exam Dumps for Microsoft AZ-700:
Pass4surexams provide trusted study material. If you want to meet a sweeping success in your exam you must sign up for the complete preparation at Pass4surexams and we will provide you with such genuine material that will help you succeed with distinction. Our experts work tirelessly for our customers, ensuring a seamless journey to passing the Microsoft AZ-700 exam on the first attempt. We have already helped a lot of students to ace IT certification exams with our genuine AZ-700 Exam Question Answers. Don't wait and join us today to collect your favorite certification exam study material and get your dream job quickly.
90 Days Free Updates for Microsoft AZ-700 Exam Question Answers and Dumps:
Enroll with confidence at Pass4surexams, and not only will you access our comprehensive Microsoft AZ-700 exam question answers and dumps, but you will also benefit from a remarkable offer – 90 days of free updates. In the dynamic landscape of certification exams, our commitment to your success doesn't waver. If there are any changes or updates to the Microsoft AZ-700 exam content during the 90-day period, rest assured that our team will promptly notify you and provide the latest study materials, ensuring you are thoroughly prepared for success in your exam."
Microsoft AZ-700 Real Exam Questions:
Quality is the heart of our service that's why we offer our students real exam questions with 100% passing assurance in the first attempt. Our AZ-700 dumps PDF have been carved by the experienced experts exactly on the model of real exam question answers in which you are going to appear to get your certification.
Microsoft AZ-700 Sample Questions
Question # 1
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine thatruns network monitoring software.You have a network security group (NSG) named NSG1 associated to each subnet.When a new subnet is created in Vnet1, an automated process creates an additionalnetwork monitoring virtual machine in the subnet and links the subnet to NSG1.You need to create an inbound security rule in NS61 that will allow connections to thenetwork monitoring virtual machines from an IP address of 131.107.1.15. The solution mustmeet the following requirements:• Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.• Minimize changes to NSG1 when a new subnet is created.What should you use as the destination in the inbound security rule?
A. a virtual network B. an IP address C. an application security group D. a service tag
Answer: C
Question # 2
Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this section, you will NOT be able to return to it as a result,these questions will not appear in the review screen.You have an Azure subscription that contains an Azure Front Door Premium profile namedAFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 isassociated with WAFT.You need to configure a rate limit for incoming requests to AFD1.Solution: You configure a custom rule for WAF1.Does this meet the goal?
A. Yes B. No
Answer: A
Question # 3
You have an Azure virtual machine named VM1.You need to capture all the network traffic of VM1 by using Azure Network Watcher.To which locations can the capture be written?
A. a file path on VM1 only B. blob storage only C. a premium storage account only D. blob storage and a file path on VM1 only E. blob storage and a premium storage account only F. blob storage, a file path on VM1, and a premium storage account
Answer: D
Question # 4
You have an Azure application gateway configured for a single website that is available athttps://www.contoso.com.The application gateway contains one backend pool and one rule. The backend poolcontains two backend servers. Each backend server has an additional website that isavailable on port 8080.You need to ensure that if port 8080 is unavailable on a backend server, all the traffic forhttps://www.contoso.com is redirected to the other backend server.What should you do?
A. Create a health probe. B. Add a new rule. C. Add a new listener. D. Change the port on the listener.
Answer: A
Question # 5
You have three on-premises networks.You have an Azure subscription that contains a Basic Azure virtual WAN. The virtual WANcontains a single virtual hub and a virtual network gateway that is limited to a throughput of1 Gbps.The on-premises networks connect to the virtual WAN by using Site-to-Site (S2S) VPNconnections.You need to increase the throughput of the virtual WAN to 3 Gbps. The solution mustminimize administrative effort.What should you do?
A. Upgrade the virtual WAN lo the Standard SKU. B. Add an additional VPN gateway to the Azure subscription, C. Create an additional virtual hub. D. Increase the number of gateway scale units.
Answer: D
Question # 6
You have an Azure subscription that contains a virtual network name Vnet1. Vnet1contains a virtual machine named VM1 and an Azure firewall named FW1.You have an Azure Firewall Policy named FP1 that is associated to FW1.You need to ensure that RDP requests to the public IP address of FW1 route to VM1.What should you configure on FP1?
A. an application rule B. a network rule C. URL filtering D. a DNAT rule
Answer: D
Question # 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.You need to configure a rate limit for incoming requests to AFD1.Solution: You configure a managed rule for WAF1.Does this meet the goal?
A. Yes B. No
Answer: B
Question # 8
You have an Azure subscription that contains the following resources:A virtual network named Vnet1Two subnets named subnet1 and AzureFirewallSubnetA public Azure Firewall named FW1A route table named RT1 that is associated to Subnet1A rule routing of 0.0.0.0/0 to FW1 in RT1After deploying 10 servers that run Windows Server to Subnet1, you discover that none ofthe virtual machines were activated.You need to ensure that the virtual machines can be activated.What should you do?
A. Deploy an application security croup mat allows outbound traffic to 1688. B. Deploy an Azure Standard Load Balancer that has an outbound NAT rule C. On fW1.configure a DNAT rule for port 1688. D. Add an internet route to RI1 for the Azure Key Management Service (KMS).
You plan to implement an Azure virtual network that will contain 10 virtual subnets. Thesubnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtualmachines.You need to recommend a load balancing solution for the virtual network. The solutionmust meet the following requirements:• The virtual machines and the load balancer must be accessible only from the virtualnetwork.• Costs must be minimized.What should you include in the recommendation?
A. Basic Azure Load Balancer B. Azure Application Gateway v1 Azure Application Gateway v2 C. Azure Standard Load Balancer D. Azure Application Gateway v2
Answer: C
Question # 10
Task 1You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 isrouted through the firewall that will be deployed to subnetl-2. The solution must beachieved without using dynamic routing protocols.
Answer: See the Explanation below for step by step instructions. Explanation:To deploy a firewall to subnetl-2, you need to create a network virtual appliance(NVA) in the same virtual network as subnetl-2. An NVA is a virtual machine thatperforms network functions, such as firewall, routing, or load balancing1.To create an NVA, you need to create a virtual machine in the Azure portal andselect an image that has the firewall software installed. You can choose from theAzure Marketplace or upload your own image2.To assign the IP address of 10.1.2.4 to the NVA, you need to create a staticprivate IP address for the network interface of the virtual machine. You can do thisin the IP configurations settings of the network interface3.To ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 isrouted through the NVA, you need to create a user-defined route (UDR) table andassociate it with subnetl-1. A UDR table allows you to override the default routingbehavior of Azure and specify custom routes for your subnets4.To create a UDR table, you need to go to the Route tables service in the Azureportal and select + Create. You can give a name and a resource group for theroute table5.To create a custom route, you need to select Routes in the route table and select +Add. You can enter the following information for the route5:To associate the route table with subnetl-1, you need to select Subnets in theroute table and select + Associate. You can select the virtual network and subnetthat you want to associate with the route table5.
Question # 11
Task 4You need to ensure that connections to the storage34280945 storage account can bemade by using an IP address in the 10.1.1.0/24 range and the namestorage34280945.pnvatelinlcblob.core.windows.net.
Answer: See the Explanation below for step by step instructions. Explanation:Here are the steps and explanations for ensuring that connections to the storage34280945storage account can be made by using an IP address in the 10.1.1.0/24 range and thename stor-age34280945.pnvatelinlcblob.core.windows.net: To allow access from a specific IP address range, you need to configure the AzureStorage firewall and virtual network settings for your storage account. You can dothis in the Azure portal by selecting your storage account and then selectingNetworking under Settings1.On the Networking page, select Firewalls and virtual networks, and then selectSelected networks under Allow access from1. This will block all access to yourstorage account except from the networks or resources that you specify.Under Firewall, select Add rule, and then enter 10.1.1.0/24 as the IP address orrange. You can also enter an optional rule name and description1. This will allowaccess from any IP address in the 10.1.1.0/24 range.Select Save to apply your changes1.To map a custom domain name to your storage account, you need to create aCNAME record with your domain provider that points to your storage accountendpoint2. A CNAME record is a type of DNS record that maps a source domainname to a destination domain name.Sign in to your domain registrar’s website, and then go to the page for managingDNS settings2.Create a CNAME record with the following information2:Save your changes and wait for the DNS propagation to take effect2.To register the custom domain name with Azure, you need to go back to the Azureportal and select your storage account. Then select Custom domain under Blobservice2.On the Custom domain page, enter storage34280945.pnvatelinlcblob.core.windows.net as the custom domain name andselect Save2.
Question # 12
Task 9You need to ensure that subnet4-3 can accommodate 507 hosts.
Answer: See the Explanation below for step by step instructions. Explanation: Here are the steps and explanations for ensuring that subnet4-3 can accommodate 507hosts:To determine the subnet size that can accommodate 507 hosts, you need to usethe formula: number of hosts = 2^(32 - n) - 2, where n is the number of bits in thesubnet mask1. You need to find the value of n that satisfies this equation for 507hosts.To solve this equation, you can use trial and error or a binary search method. Forexample, you can start with n = 24, which is the default subnet mask for Class Cnetworks. Then, plug in the value of n into the formula and see if it is too big or toosmall for 507 hosts.If you try n = 24, you get number of hosts = 2^(32 - 24) - 2 = 254, which is toosmall. You need to increase the value of n to get a larger number of hosts.If you try n = 25, you get number of hosts = 2^(32 - 25) - 2 = 510, which is justenough to accommodate 507 hosts. You can stop here or try a smaller valueof n to see if it still works.If you try n = 26, you get number of hosts = 2^(32 - 26) - 2 = 254, which is toosmall again. You need to decrease the value of n to get a larger number of hosts.Therefore, the smallest value of n that can accommodate 507 hosts is n = 25. Thismeans that the subnet mask for subnet4-3 should be /25 or 255.255.255.128 indot-decimal notation1.To change the subnet mask for subnet4-3, you need to go to the Azure portal andselect your virtual network. Then select Subnets under Settings and selectsubnet4-3 from the list2.On the Edit subnet page, under Address range (CIDR block), change the valuefrom /24 to /25. Then select Save2.
Question # 13
Task 3You plan to implement an Azure application gateway in the East US Azure region. Theapplication gateway will have Web Application Firewall (WAF) enabled.You need to create a policy that can be linked to the planned application gateway. Thepolicy must block connections from IP addresses in the 131.107.150.0/24 range. You doNOT need to provision the application gateway to complete this task.
Answer: See the Explanation below for step by step instructions. Explanation:Here are the steps and explanations for creating a policy that can be linked to the plannedapplication gateway and block connections from IP addresses in the 131.107.150.0/24range:To create a policy, you need to go to the Azure portal and select Create aresource. Search for WAF, select Web Application Firewall, then select Create1.On the Create a WAF policy page, Basics tab, enter or select the followinginformation and accept the defaults for the remaining settings:On the Custom rules tab, select Add a rule to create a custom rule that blocksconnections from IP addresses in the 131.107.150.0/24 range2. Enter or select thefollowing information for the custom rule:On the Review + create tab, review your settings and select Create to create yourWAF policy1.To link your policy to the planned application gateway, you need to go tothe Application Gateway service in the Azure portal and select your applicationgateway3.On the Web application firewall tab, select your WAF policy from the drop-down listand select Save
Question # 14
Task 6You need to ensure that all hosts deployed to subnet3-2 connect to the internet by usingthe same static public IP address. The solution must minimize administrative effort whenadding hosts to the subnet.
Answer: See the Explanation below for step by step instructions. Explanation:Here are the steps and explanations for ensuring that all hosts deployed to subnet3-2connect to the internet by using the same static public IP address:To use the same static public IP address for multiple hosts, you need to create aNAT gateway and associate it with subnet3-2. A NAT gateway is a resource thatperforms network address translation (NAT) for outbound traffic from a subnet1. Itallows you to use a single public IP address for multiple private IP addresses2.To create a NAT gateway, you need to go to the Azure portal and select Create aresource. Search for NAT gateway, select NAT gateway, then select Create3.On the Create a NAT gateway page, enter or select the following information andaccept the defaults for the remaining settings:Select Review + create and then select Create to create your NAT gateway3.To associate the NAT gateway with subnet3-2, you need to go to the Virtualnetworks service in the Azure portal and select your virtual network.On the Virtual network page, select Subnets under Settings, and then selectsubnet3-2 from the list.On the Edit subnet page, under NAT gateway, select your NAT gateway from thedrop-down list. Then select Save.
Question # 15
Task 11You are preparing to connect your on-premises network to VNET4 by using a Site-to-SiteVPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1.The on-premises network has the following configurations:• Internal address range: 10.10.0.0/16.• Firewall 1 internal IP address: 10.10.1.1.• Firewall1 public IP address: 131.107.50.60.BGP is NOT used.You need to create the object that will provide the IP addressing configuration of the onpremises network to the Site-to-Site VPN. You do NOT need to create a virtual networkgateway to complete this task.
Answer: See the Explanation below for step by step instructions. Explanation:Here are the steps and explanations for creating the object that will provide the IPaddressing configuration of the on-premises network to the Site-to-Site VPN:The object that you need to create is called a local network gateway. A localnetwork gateway represents your on-premises network and VPN device inAzure. It contains the public IP address of your VPN device and the addressprefixes of your on-premises network that you want to connect to the Azure virtualnetwork1.To create a local network gateway, you need to go to the Azure portal andselect Create a resource. Search for local network gateway, select Local network gateway, then select Create2.On the Create local network gateway page, enter or select the followinginformation and accept the defaults for the remaining settings:Select Review + create and then select Create to create your local networkgateway2.
Question # 16
Task 7You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3.The solution must prevent hosts on VNET1 and VNET3 from communicating throughVNET2.
Answer: See the Explanation below for step by step instructions. Explanation:Here are the steps and explanations for ensuring that hosts on VNET2 can access hostson both VNET1 and VNET3, but hosts on VNET1 and VNET3 cannot communicate throughVNET2:To connect different virtual networks in Azure, you need to use virtual networkpeering. Virtual network peering allows you to create low-latency, high-bandwidthconnections between virtual networks without using gateways or the internet1.To create a virtual network peering, you need to go to the Azure portal and selectyour virtual network. Then select Peerings under Settings and select + Add2.On the Add peering page, enter or select the following information:Select Add to create the peering2.Repeat the previous steps to create peerings between VNET2 and VNET1, andbetween VNET2 and VNET3. This will allow hosts on VNET2 to access hosts onboth VNET1 and VNET3.To prevent hosts on VNET1 and VNET3 from communicating through VNET2, youneed to use network security groups (NSGs) to filter traffic betweensubnets. NSGs are rules that allow or deny inbound or outbound traffic based onsource or destination IP address, port, or protocol3.To create an NSG, you need to go to the Azure portal and select Create aresource. Search for network security group and select Network securitygroup. Then select Create4.On the Create a network security group page, enter or select the followinginformation:Select Review + create and then select Create to create your NSG4.To add rules to your NSG, you need to go to the Network security groups servicein the Azure portal and select your NSG. Then select Inbound security rules orOutbound security rules under Settings and select + Add4.On the Add inbound security rule page or Add outbound security rule page, enteror select the following information:Select Add to create your rule4.Repeat the previous steps to create inbound and outbound rules for your NSG thatdeny traffic between VNET1 and VNET3 subnets. For example, you can create aninbound rule that denies traffic from 10.0.1.0/24 (VNET1 subnet 1) to 10.0.3.0/24(VNET3 subnet 1), and an outbound rule that denies traffic from 10.0.3.0/24(VNET3 subnet 1) to 10.0.1.0/24 (VNET1 subnet 1).To associate your NSG with a subnet, you need to go to the Virtual networksservice in the Azure portal and select your virtual network. Then select Subnetsunder Settings and select the subnet that you want to associate with your NSG5.On the Edit subnet page, under Network security group, select your NSG from thedrop-down list. Then select Save5.Repeat the previous steps to associate your NSG with the subnets in VNET1 andVNET3 that you want to isolate from each other.
Question # 17
Task 10You need to configure VNET1 to log all events and metrics. The solution must ensure thatyou can query the events and metrics directly from the Azure portal by using KQL.
Answer: See the Explanation below for step by step instructions.Explanation: Here are the steps and explanations for configuring VNET1 to log all events and metricsand query them by using KQL:To enable logging for VNET1, you need to create a diagnostic setting that collectsthe platform metrics and logs from the virtual network and routes them to one ormore destinations. You can choose to send the data to a Log Analytics workspace,a storage account, an event hub, or a partner solution1.To create a diagnostic setting, you need to go to the Azure portal and select yourvirtual network. Then select Diagnostic settings under Monitoring and select + Adddiagnostic setting1.On the Add diagnostic setting page, enter or select the following information:Select Save to create your diagnostic setting1.To query the events and metrics from the Azure portal by using KQL, you need togo to the Log Analytics workspace that you selected as the destination. Thenselect Logs under General and enter your KQL query in the query editor3.For example, you can use the following KQL query to get the top 10 networksecurity group events for VNET1 in the last 24 hours:NetworkSecurityGroupEvent| where TimeGenerated > ago(24h)| where ResourceId contains "VNET1"| summarize count() by EventID| top 10 by count_Copy Select Run to execute your query and view the results in a table or a chart3.
Question # 18
Task 8You need to ensure that the storage34280945 storage account will only accept connectionsfrom hosts on VNET1
Answer: See the Explanation below for step by step instructions. Explanation:Here are the steps and explanations for ensuring that the storage34280945 storageaccount will only accept connections from hosts on VNET1:To restrict network access to your storage account, you need to configure theAzure Storage firewall and virtual network settings for your storage account. Youcan do this in the Azure portal by selecting your storage account and thenselecting Networking under Settings1.On the Networking page, select Firewalls and virtual networks, and thenselect Selected networks under Allow access from1. This will block all access toyour storage account except from the networks or resources that you specify.Under Virtual networks, select + Add existing virtual network. Then select VNET1from the list of virtual networks and select the subnet that contains the hosts thatyou want to allow access to your storage account1. This will enable a serviceendpoint for Storage in the subnet and configure a virtual network rule for thatsubnet through the Azure storage firewall2.Select Add to add the virtual network and subnet to your storage account1.Select Save to apply your changes1.
Question # 19
You have an Azure subscription that contains a virtual network named VNet1. VNet1contains a subnet named Subnet1You deploy an instance of Azure Application Gateway v2 named AppGw1 to Subnet1. Youcreate a network security group (NSG) named NSG1 and link NSG1 to Subnet1.You need to ensure that AppGw1 will only load balance traffic that originates from VNet1.The solution must minimize the impact on the functionality of AppGw1.What should you add to NSG1?
A. an outbound rule that has a priority 100 and blocks all internet traffic B. an outbound rule that has a priority of 4096 and blocks all internet traffic C. an inbound rule that has a priority of 4096 and blocks all internet traffic D. an inbound rule that has a priority of 100 and blocks all internet traffic
Answer: C
Question # 20
Task 5You need to ensure that requests for wwwjelecloud.com from any of your Azure virtualnetworks resolve to frontdoor1.azurefd.net.
Answer: See the Explanation below for step by step instructions. Explanation:Here are the steps and explanations for ensuring that requests for wwwjelecloud.com fromany of your Azure virtual networks resolve to frontdoor1.azurefd.net:To use a custom domain with your Azure Front Door, you need to create aCNAME record with your domain provider that points to the Front Door defaultfrontend host. A CNAME record is a type of DNS record that maps a sourcedomain name to a destination domain name1.To create a CNAME record, you need to sign in to your domain registrar’s websiteand go to the page for managing DNS settings1.Create a CNAME record with the following information1:Save your changes and wait for the DNS propagation to take effect1.To verify the custom domain, you need to go to the Azure portal and select yourFront Door profile. Then select Domains under Settings and select Add2.On the Add a domain page, select Non-Azure validated domain as the Domaintype and enter wwwjelecloud.com as the Domain name. Then select Add2.On the Domains page, select wwwjelecloud.com and select Verify. This will checkif the CNAME record is correctly configured2.Once the domain is verified, you can associate it with your Front Door endpoint.On the Domains page, select wwwjelecloud.com and select Associateendpoint. Then select your Front Door endpoint from the drop-down list and selectAssociate2.