Microsoft AZ-700 Real Exam Questions
The questions for AZ-700 were last updated at Dec 19,2024.
- Exam Code: AZ-700
- Exam Name: Designing and Implementing Microsoft Azure Networking Solutions
- Certification Provider: Microsoft
- Latest update: Dec 19,2024
You have a website that uses an FQDN of www.contoso.com. The DNS record tor www.contoso.com resolves to an on-premises web server.
You plan to migrate the website to an Azure web app named Web1. The website on Web1 will be published by using an Azure Front Door instance named ContosoFD1. You build the website on Web1.
You plan to configure ContosoFD1 to publish the website for testing.
When you attempt to configure a custom domain for www.contoso.com on ContosoFD1, you receive the error message shown in the exhibit.
You need to test the website and ContosoFD1 without affecting user access to the on-premises web server.
Which record should you create in the contoso.com DNS domain?
- A . a CNAME record that maps www.contoso.com to ContosoFD1.azurefd.net
- B . a CNAME record that maps www.contoso.com to Web1.contoso.com
- C . a CNAME record that maps afdverify.www.contoso.com to ContosoFD1.azurefd.net
- D . a CNAME record that maps afdverify.www.contoso.com to afdverify.ContosoFD1.azurefd.net
C
Explanation:
When configuring an Azure Front Door instance with a custom domain, you typically encounter this issue if you’re trying to add a domain to Azure Front Door that is already in use elsewhere. To avoid affecting user access to the on-premises web server while testing, you would use an afdverify subdomain to test the custom domain configuration with Azure Front Door.
The correct record to create is:
C. a CNAME record that maps afdverify.www.contoso.com to ContosoFD1.azurefd.net
This record allows Azure Front Door to verify the domain without affecting the current DNS setup for www.contoso.com. After verification, you can complete the configuration for the custom domain in Azure Front Door. Once testing is successful and you’re ready to go live, you can then update the CNAME record for www.contoso.com to point to ContosoFD1.azurefd.net, which would direct all traffic to the Azure Front Door instance.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: No
Zone2.contoso.com is not linked to any virtual networks. Therefore, no VMs are able to resolve names in the zone.
Box 2: Yes
VM4 is in VNet3. Zone1.contoso.com has a link to VNet3 and auto-registration is enabled on the link.
Box3: No
VNet3 is linked to zone1.contoso.com and auto-registration is enabled on the link. A virtual network can only have one registration zone. You can link zone2.contoso.com to VNet3 but you won’t be able to enable auto-registration on the link.
DRAG DROP
You have an Azure subscription that contains the resources shown in the following table.
The IP Addresses settings for Vnet1 are configured as shown in the exhibit.
You need to ensure that you can integrate WebApp1 and Vnet1.
Which three actions should you perform in sequence before you can integrate WebApp1 and Vnet1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
To integrate WebApp1 with Vnet1, the following actions need to be performed in sequence:
Modify the address space of Vnet1:
The address space for Vnet1 currently is 10.3.0.0/16, and the subnet also has the same address range which leaves no room for further subnetting. You would need to create a smaller subnet within this address space for the integration with WebApp1.
Create a service endpoint:
Service endpoints are needed to secure your critical Azure service resources to only your virtual networks. By enabling a service endpoint, traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network.
Add a private endpoint:
A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. The private endpoint uses an IP address from your VNet, effectively bringing the service into your VNet.
These actions would enable private connectivity between WebApp1 and Vnet1, ensuring that the traffic between your web app and the virtual network is kept on the Azure backbone network, secure from the public internet.
You have an Azure subscription that contains the public IP addresses shown in the following table.
You plan to deploy a NAT gateway named NAT1.
Which public IP addresses can be used as the public IP address for NAT1?
- A . IP3 and IP5 only
- B . IP5 only
- C . IP1, IP3, and IP5 only
- D . IP3 only
- E . IP2 and IP4 only
A
Explanation:
For a NAT gateway in Azure, you need to use a Standard SKU public IP address with a static allocation method. Basic SKU public IP addresses and dynamically assigned IP addresses are not supported with NAT gateways.
Based on the table provided:
IP3 is IPv4, uses Standard SKU, and is static.
IP5 is IPv6, uses Standard SKU, and is static.
Therefore, the public IP addresses that can be used as the public IP address for NAT1 are:
You have an Azure application gateway named AppGW1 that balances requests to a web app named App1.
You need to modify the server variables in the response header of App1.
What should you configure on AppGW1?
- A . HTTP settings
- B . rewrites
- C . rules
- D . listeners
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url
HOTSPOT
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
NGS1 only
VM2, VM3, VM4 and VM5
HOTSPOT
You have the Azure environment shown in the exhibit.
You have virtual network peering between Vnet1 and Vnet2. You have virtual network peering between Vnet4 and Vnet5.
The virtual network peering is configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
For the first question, only ExpressRoute GW SKU Ultra Performance support FastPath feature. For the second question, vnet1 will connect to ExpressRoute gw, once Vnet1 peers with Vnet2, the traffic from on-premise network will bypass GW and Vnet1, directly goes to Vnet2, while this feature is under public preview.
Reference: ExpressRoute virtual network gateway is designed to exchange network routes and route network traffic. FastPath is designed to improve the data path performance between your on-premises network and your virtual network. When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing the gateway.
To configure FastPath, the virtual network gateway must be either:
Ultra Performance
ErGw3AZ
VNet Peering – FastPath will send traffic directly to any VM deployed in a virtual network peered to the one connected to ExpressRoute, bypassing the ExpressRoute virtual network gateway.
https://docs.microsoft.com/en-us/azure/expressroute/about-fastpath
Gateway SKU
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways
HOTSPOT
You have an Azure application gateway named AppGW1 that provides access to the following hosts:
* www.adatum.com
* www.contoso.com
* www.fabrikam.com
AppGW1 has the listeners shown in the following table.
You create Azure Web Application Firewall (WAF) policies for AppGW1 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/per-site-policies
You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.
You configure the listener for HTTPS by uploading an enterprise signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1.
What should you do?
- A . Set Listener type to Multi site.
- B . Increase the Unhealthy threshold setting in the custom probe.
- C . Upload the public key certificate to the HTTPS settings.
- D . Enable the SSL profile for the listener.
C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal
https://docs.microsoft.com/en-us/azure/application-gateway/create-ssl-portal#configuration-tab