Why Dumpsforsure is the best choice for Microsoft AZ-700 exam preparation?
Secure your position in Highly Competitive IT Industry:
Microsoft AZ-700 exam certification is the best way to demonstrate your understanding, capability and talent. DumpsforSure is here to provide you with best knowledge on AZ-700 certification. By using our AZ-700 questions & answers you can not only secure your current position but also expedite your growth process.
Verified by IT and Industry Experts:
We are devoted and dedicated to providing you with real and updated AZ-700 exam dumps, along with explanations. Keeping in view the value of your money and time, all the questions and answers on Dumpsforsure has been verified by Microsoft experts. They are highly qualified individuals having many years of professional experience.
Ultimate preparation Source:
Dumpsforsure is a central tool to help you prepare your Microsoft AZ-700 exam. We have collected real exam questions & answers which are updated and reviewed by professional experts regularly. In order to assist you understanding the logic and pass the Microsoft exams, our experts added explanation to the questions.
Instant Access to the Real and Updated Microsoft AZ-700 Questions & Answers:
Dumpsforsure is committed to update the exam databases on regular basis to add the latest questions & answers. For your convenience we have added the date on the exam page showing the most latest update. Getting latest exam questions you'll be able to pass your Microsoft AZ-700 exam in first attempt easily.
Free AZ-700 Dumps DEMO before Purchase:
Dumpsforsure is offering free Demo facility for our valued customers. You can view Dumpsforsure's content by downloading AZ-700 free Demo before buying. It'll help you getting the pattern of the exam and form of AZ-700 dumps questions and answers.
Three Months Free Updates:
Our professional expert's team is constantly checking for the updates. You are eligible to get 90 days free updates after purchasing AZ-700 exam. If there will be any update found our team will notify you at earliest and provide you with the latest PDF file.
SAMPLE QUESTIONS
Question # 1
Task 4 You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.
Answer: See the Explanation below for step by step instructions. Explanation: Here are the steps and explanations for ensuring that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name stor-age34280945.pnvatelinlcblob.core.windows.net: To allow access from a specific IP address range, you need to configure the Azure Storage firewall and virtual network settings for your storage account. You can do this in the Azure portal by selecting your storage account and then selecting Networking under Settings1. On the Networking page, select Firewalls and virtual networks, and then select Selected networks under Allow access from1. This will block all access to your storage account except from the networks or resources that you specify. Under Firewall, select Add rule, and then enter 10.1.1.0/24 as the IP address or range. You can also enter an optional rule name and description1. This will allow access from any IP address in the 10.1.1.0/24 range. Select Save to apply your changes1. To map a custom domain name to your storage account, you need to create a CNAME record with your domain provider that points to your storage account endpoint2. A CNAME record is a type of DNS record that maps a source domain name to a destination domain name. Sign in to your domain registrar’s website, and then go to the page for managing DNS settings2. Create a CNAME record with the following information2: Save your changes and wait for the DNS propagation to take effect2. To register the custom domain name with Azure, you need to go back to the Azure portal and select your storage account. Then select Custom domain under Blob service2. On the Custom domain page, enter storage34280945.pnvatelinlcblob.core.windows.net as the custom domain name and select Save2.
Question # 2
Task 6 You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
Answer: See the Explanation below for step by step instructions. Explanation: Here are the steps and explanations for ensuring that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address: To use the same static public IP address for multiple hosts, you need to create a NAT gateway and associate it with subnet3-2. A NAT gateway is a resource that performs network address translation (NAT) for outbound traffic from a subnet1. It allows you to use a single public IP address for multiple private IP addresses2. To create a NAT gateway, you need to go to the Azure portal and select Create a resource. Search for NAT gateway, select NAT gateway, then select Create3. On the Create a NAT gateway page, enter or select the following information and accept the defaults for the remaining settings: Select Review + create and then select Create to create your NAT gateway3. To associate the NAT gateway with subnet3-2, you need to go to the Virtual networks service in the Azure portal and select your virtual network. On the Virtual network page, select Subnets under Settings, and then select subnet3-2 from the list. On the Edit subnet page, under NAT gateway, select your NAT gateway from the drop-down list. Then select Save.
Question # 3
Task 2 You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.
Answer: See the Explanation below for step by step instructions. Explanation: To deploy Azure virtual machines to the France Central region and ensure they are in a network segment with an IP address range of 10.5.1.0/24, follow these steps: Step-by-Step Solution Step 1: Create a Virtual Network in France Central Navigate to the Azure Portal. Search for “Virtual networks” in the search bar and select it. Click on “Create”. Enter the following details: Click on “Next: IP Addresses”. Step 2: Configure the Address Space and Subnet In the IP Addresses tab, enter the address space as 10.5.1.0/24. Click on “Add subnet”. Enter the following details: Click on “Add”. Click on “Review + create” and then “Create”. Step 3: Deploy Virtual Machines to the Virtual Network Navigate to the Azure Portal. Search for “Virtual machines” in the search bar and select it. Click on “Create” and then “Azure virtual machine”. Enter the following details: Click on “Next: Disks”, configure the disks as needed, and then click on “Next: Networking”. In the Networking tab, select the virtual network (VNet-FranceCentral) and subnet (Subnet-1) created earlier. Complete the remaining configuration steps and click on “Review + create” and then “Create”. Explanation Virtual Network: A virtual network in Azure allows you to create a logically isolated network that can host your Azure resources. Address Space: The address space 10.5.1.0/24 ensures that the VMs are in a specific network segment. Subnet: Subnets allow you to segment the virtual network into smaller, manageable sections. Region: Deploying the virtual network and VMs in the France Central region ensures that the resources are physically located in that region By following these steps, you can ensure that your Azure virtual machines in the France
Central region are deployed within the specified IP address range of 10.5.1.0/24.
Question # 4
Task 11 You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1. The on-premises network has the following configurations: • Internal address range: 10.10.0.0/16. • Firewall 1 internal IP address: 10.10.1.1. • Firewall1 public IP address: 131.107.50.60. BGP is NOT used. You need to create the object that will provide the IP addressing configuration of the onpremises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.
Answer: See the Explanation below for step by step instructions. Explanation: Here are the steps and explanations for creating the object that will provide the IP addressing configuration of the on-premises network to the Site-to-Site VPN: The object that you need to create is called a local network gateway. A local network gateway represents your on-premises network and VPN device in Azure. It contains the public IP address of your VPN device and the address prefixes of your on-premises network that you want to connect to the Azure virtual network1. To create a local network gateway, you need to go to the Azure portal and select Create a resource. Search for local network gateway, select Local network gateway, then select Create2. On the Create local network gateway page, enter or select the following information and accept the defaults for the remaining settings: Select Review + create and then select Create to create your local network gateway2.
Question # 5
Task 3 You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled. You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
Answer: See the Explanation below for step by step instructions. Explanation: Here are the steps and explanations for creating a policy that can be linked to the planned application gateway and block connections from IP addresses in the 131.107.150.0/24 range: To create a policy, you need to go to the Azure portal and select Create a resource. Search for WAF, select Web Application Firewall, then select Create1. On the Create a WAF policy page, Basics tab, enter or select the following information and accept the defaults for the remaining settings: On the Custom rules tab, select Add a rule to create a custom rule that blocks connections from IP addresses in the 131.107.150.0/24 range2. Enter or select the following information for the custom rule: On the Review + create tab, review your settings and select Create to create your WAF policy1. To link your policy to the planned application gateway, you need to go to the Application Gateway service in the Azure portal and select your application gateway3. On the Web application firewall tab, select your WAF policy from the drop-down list and select Save
Question # 6
Task 7 You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.
Answer: See the Explanation below for step by step instructions. Explanation: Here are the steps and explanations for ensuring that hosts on VNET2 can access hosts on both VNET1 and VNET3, but hosts on VNET1 and VNET3 cannot communicate through VNET2: To connect different virtual networks in Azure, you need to use virtual network peering. Virtual network peering allows you to create low-latency, high-bandwidth connections between virtual networks without using gateways or the internet1. To create a virtual network peering, you need to go to the Azure portal and select your virtual network. Then select Peerings under Settings and select + Add2. On the Add peering page, enter or select the following information: Select Add to create the peering2. Repeat the previous steps to create peerings between VNET2 and VNET1, and between VNET2 and VNET3. This will allow hosts on VNET2 to access hosts on both VNET1 and VNET3. To prevent hosts on VNET1 and VNET3 from communicating through VNET2, you need to use network security groups (NSGs) to filter traffic between subnets. NSGs are rules that allow or deny inbound or outbound traffic based on source or destination IP address, port, or protocol3. To create an NSG, you need to go to the Azure portal and select Create a resource. Search for network security group and select Network security group. Then select Create4. On the Create a network security group page, enter or select the following information: Select Review + create and then select Create to create your NSG4. To add rules to your NSG, you need to go to the Network security groups service in the Azure portal and select your NSG. Then select Inbound security rules or Outbound security rules under Settings and select + Add4. On the Add inbound security rule page or Add outbound security rule page, enter or select the following information: Select Add to create your rule4. Repeat the previous steps to create inbound and outbound rules for your NSG that deny traffic between VNET1 and VNET3 subnets. For example, you can create an inbound rule that denies traffic from 10.0.1.0/24 (VNET1 subnet 1) to 10.0.3.0/24 (VNET3 subnet 1), and an outbound rule that denies traffic from 10.0.3.0/24 (VNET3 subnet 1) to 10.0.1.0/24 (VNET1 subnet 1). To associate your NSG with a subnet, you need to go to the Virtual networks service in the Azure portal and select your virtual network. Then select Subnets under Settings and select the subnet that you want to associate with your NSG5. On the Edit subnet page, under Network security group, select your NSG from the drop-down list. Then select Save5. Repeat the previous steps to associate your NSG with the subnets in VNET1 and VNET3 that you want to isolate from each other.
Question # 7
Task 3 You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.
Answer: See the Explanation below for step by step instructions. Explanation: To ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, you can use Virtual Network Peering. This method connects the two virtual networks directly through the Microsoft backbone network, ensuring low-latency and high-bandwidth communication. Step-by-Step Solution Step 1: Set Up Virtual Network Peering Navigate to the Azure Portal. Search for “Virtual networks” and select VNET1. In the left-hand menu, select “Peerings” under the “Settings” section. Click on “Add” to create a new peering. Enter the following details: Click on “Add”. Step 2: Configure Peering on VNET2 Navigate to VNET2 in the Azure Portal. In the left-hand menu, select “Peerings” under the “Settings” section. Click on “Add” to create a new peering. Enter the following details: Click on “Add”. Explanation Virtual Network Peering: This feature connects two virtual networks in the same or different regions, allowing resources in both networks to communicate with each other as if they were part of the same network. The traffic between peered virtual networks uses the Microsoft backbone infrastructure, ensuring low latency and high bandwidth12. Allow Virtual Network Access: This setting ensures that the virtual networks can communicate with each other. Allow Forwarded Traffic: This setting allows traffic forwarded from a network security appliance in the peered virtual network. Allow Gateway Transit: This setting allows the peered virtual network to use the gateway in the local virtual network. By following these steps, you can ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, leveraging the high-speed Microsoft backbone network.
Question # 8
Task 10 You plan to deploy several virtual machines to subnet1-2. You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
Answer: See the Explanation below for step by step instructions. Explanation: To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, you can use a Network Security Group (NSG). This solution is straightforward and minimizes administrative effort. Step-by-Step Solution Step 1: Create a Network Security Group (NSG) Navigate to the Azure Portal. Search for “Network security groups” and select it. Click on “Create”. Enter the following details: Click on “Review + create” and then “Create”. Step 2: Create an Inbound Security Rule Navigate to the newly created NSG. Select “Inbound security rules” from the left-hand menu. Click on “Add” to create a new rule. Enter the following details: Click on “Add” to create the rule. Step 3: Associate the NSG with Subnet1-2 Navigate to the virtual network that contains subnet1-2. Select “Subnets” from the left-hand menu. Select subnet1-2 from the list of subnets. Click on “Network security group”. Select the NSG you created (NSG-Subnet1-2). Click on “Save”. Explanation Network Security Group (NSG): NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network. They contain security rules that allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and protocol1. Inbound Security Rule: By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port. Association with Subnet: Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet. By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.
Question # 9
Task 2 You need to create an Azure Firewall instance named FW1 that meets the following requirements: • Has an IP address from the address range of 10.1.255.0/24 • Uses a new Premium firewall policy named FW-pohcy1 • Routes traffic directly to the internet
Answer: See the Explanation below for step by step instructions. Explanation: To create an Azure Firewall instance, you need to go to the Azure portal and select Create a resource. Type firewall in the search box and press Enter. Select Firewall and then select Create1. To assign an IP address from the address range of 10.1.255.0/24 to the firewall, you need to select a public IP address that belongs to that range. You can either create a new public IP address or use an existing one1. To use a new Premium firewall policy named FW-policy1, you need to select Premium as the Firewall tier and create a new policy with the name FWpolicy12. A Premium firewall policy allows you to configure advanced features such as TLS Inspection, IDPS, URL Filtering, and Web Categories3. To route traffic directly to the internet, you need to enable SNAT (Source Network Address Translation) for the firewall. SNAT allows the firewall to use its public IP address as the source address for outbound traffic4.
Question # 10
Task 5You need to archive all the metrics of VNET1 to an existing storage account.
Answer: See the Explanation below for step by step instructions. Explanation: To archive all the metrics of VNET1 to an existing storage account, you can use Azure Monitor’s diagnostic settings. Here’s how you can do it: Step-by-Step Solution Step 1: Navigate to VNET1 in the Azure Portal Open the Azure Portal. Search for “Virtual networks” and select VNET1 from the list. Step 2: Configure Diagnostic Settings In the VNET1 blade, select “Diagnostic settings” under the “Monitoring” section. Click on “Add diagnostic setting”. Step 3: Set Up the Diagnostic Setting Enter a name for the diagnostic setting (e.g., VNET1-Metrics-Archive). Select the metrics you want to archive. You can choose from various metrics like TotalBytesReceived, TotalBytesSent, etc. Under “Destination details”, select “Archive to a storage account”. Choose the existing storage account where you want to archive the metrics. Configure the retention period if needed. Step 4: Save the Configuration Review your settings to ensure everything is correct. Click on “Save” to apply the diagnostic setting. Explanation Diagnostic Settings: These allow you to collect and route metrics and logs from your Azure resources to various destinations, including storage accounts, Log Analytics workspaces, and Event Hubs. Metrics: Metrics provide numerical data about the performance and health of your resources. Archiving these metrics helps in long-term analysis and compliance. Storage Account: Using an existing storage account ensures that the metrics are stored securely and can be accessed for future analysis. By following these steps, you can ensure that all the metrics of VNET1 are archived to your existing storage account, enabling you to monitor and analyze the performance and health of your virtual network over time.