Microsoft

AZ-700 Exam
Azure Network Engineer Associate

Questions & Answers

(Demo Version - Limited Content)

Thank you for Downloading AZ-700 exam PDF Demo

Get Full File:

https://authorizedumps.com/az-700-exam-dumps/

www.authorizedumps.com
Questions & Answers PDF Page 2

Version:16.0

Topic 1, Litware. Inc Case Study 1

Overview
Litware. Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across
the United States. Users have Android, iOS, and Windows 10 devices.
Existing Environment:
Hybrid Environment
The on-prernises network contains an Active Directory forest named litwareinc.com that syncs to an
Azure Active Directory (Azure AD) tenant named litwareinc.com by usinq Azure AD Connect.
All the offices connect to a virtual network named Vnetl by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant.
Sub1 contains resources in the East US Azure region as shown in the following table.

There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between
Vnet1 and Vnet3. Currently, Vnet2 and Vnet3 cannot communicate directly.
Requirements:
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
* Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an
ExpressRoute circuit.

www.authorizedumps.com
Questions & Answers PDF Page 3

* Ensure that the records in the cloud.litwareinc.com zone can be resolved from the on-premises
locations.
* Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.
* Minimize the size of the subnets allocated to platform-managed services.
* Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.
Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
* Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely.
Connections must be authenticated by Azure AD.
* Latency of the traffic between the Boston datacenter and all the virtual networks must be
minimized.
* The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute
FastPath connection.
* Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
* The storage1 account must be accessible from all on-premises locations without exposing the
public endpoint of storage1.
* The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public
endpoint of storage2.

Question: 1

You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements
and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the
solution.
NOTE: Each correct selection is worth one point.

A. On the peerings from Vnet2 and Vnet3, select Use remote gateways.
B. On the peering from Vnet1, select Allow forwarded traffic.
C. On the peering from Vnet1, select Use remote gateways.
D. On the peering from Vnet1, select Allow gateway transit.
E. On the peerings from Vnet2 and Vnet3, select Allow gateway transit.

Answer: BD
Explanation:

Question: 2

DRAG DROP
You need to prepare Vnet1 for the deployment of an ExpressRoute gateway. The solution must meet
the hybrid connectivity requirements and the business requirements.

www.authorizedumps.com
Questions & Answers PDF Page 4

Which three actions should you perform in sequence for Vnet1? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.

Answer:
Explanation:

Question: 3
HOTSPOT
You need to implement a P2S VPN for the users in the branch office. The solution must meet the
hybrid networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:
Explanation:

www.authorizedumps.com
Questions & Answers PDF Page 5

Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

Question: 4
You need to provide connectivity to storage1. The solution must meet the PaaS networking
requirements and the business requirements.
What should you include in the solution?

A. a service endpoint
B. Azure Front Door
C. a private endpoint
D. Azure Traffic Manager

Answer: A
Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-
overview

Question: 5

HOTSPOT

You need to recommend a configuration for the ExpressRoute connection from the Boston
datacenter. The solution must meet the hybrid networking requirements and business requirements.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

www.authorizedumps.com
Questions & Answers PDF Page 6

Answer:
Explanation:

For the first question, only ExpressRoute GW SKU Ultra Performance support FastPath feature.
For the second question, vnet1 will connect to ExpressRoute gw, once Vnet1 peers with Vnet2, the
traffic from on-premise network will bypass GW and Vnet1, directly goes to Vnet2, while this feature
is under public preview.

Reference:

ExpressRoute virtual network gateway is designed to exchange network routes and route network
traffic. FastPath is designed to improve the data path performance between your on-premises
network and your virtual network. When enabled, FastPath sends network traffic directly to virtual
machines in the virtual network, bypassing the gateway.

To configure FastPath, the virtual network gateway must be either:

Ultra Performance
ErGw3AZ

VNet Peering - FastPath will send traffic directly to any VM deployed in a virtual network peered to
the one connected to ExpressRoute, bypassing the ExpressRoute virtual network gateway.

https://docs.microsoft.com/en-us/azure/expressroute/about-fastpath

Gateway SKU
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways

Question: 6
DRAG DROP

www.authorizedumps.com
Questions & Answers PDF Page 7

You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual
networking requirements and the business requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from
the list of actions to the answer area and arrange them in the correct order.
T

Answer:
Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/skus

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-
connections#outboundrules

Question: 7

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual
networking requirements.

What should you use to configure the default route?

A. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

B. a user-defined route assigned to GatewaySubnet in Vnet1
C. BGP route exchange

www.authorizedumps.com
Questions & Answers PDF Page 8

D. route filters

Answer: C
Explanation:

VNet 1 will get the default from BGP and propagate it to VNET 2 and 3

Question: 8

HOTSPOT

You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual
networking requirements.

What is the minimum number of custom NSG rules and NSG assignments required? To answer, select
the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:
Explanation:

www.authorizedumps.com
Questions & Answers PDF Page 9

Box 2: One NSG

The minimum requirement is one NSG. You could attach the NSG to VMScaleSet1 and restrict
outbound traffic, or you could attach the NSG to VMScaleSet2 and restrict inbound traffic. Either way
you would need two custom NSG rules.

Box 1: Two custom rules

With the NSG attached to VMScaleSet2, you would need to create a custom rule blocking all traffic
from VMScaleSet1. Then you would need to create another custom rule with a higher priority than
the first rule that allows traffic on port 443.
The default rules in the NSG will allow all other traffic to VMScaleSet2.

Question: 9
HOTSPOT

You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the
networking requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

www.authorizedumps.com
Questions & Answers PDF Page 10

Answer:
Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-autoregistration

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-
and-role-instances

Question: 10
You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual
networking requirements.

What should you use to configure the default route?

A. route filters
B. BGP route exchange
C. a user-defined route assigned to GatewaySubnet in Vnet1
D. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3

Answer: B
Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

www.authorizedumps.com
Questions & Answers PDF Page 11

Question: 11

You need to provide access to storage2. The solution must meet the PaaS networking requirements
and the business requirements.
Which connectivity method should you use?

A. a service endpoint
B. a private endpoint
C. Azure Firewall
D. Azure Front Door

Answer: A
Explanation:

Topic 2, Contoso Case Study 2

Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you
would like to complete each case. However, there may be additional case studies and sections on
this exam. You must manage your time to ensure that you are able to complete all questions included
on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is
provided in the case study. Case studies might contain exhibits and other resources that provide
more information about the scenario that is described in the case study. Each question is
independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your
answers and to make changes before you move to the next section of the exam. After you begin a
new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane
to explore the content of the case study before you answer the questions. Clicking these buttons
displays information such as business requirements, existing environment, and problem statements.
If the case study has an All Information tab. note that the information displayed is identical to the
information displayed on the subsequent tabs. When you are ready to answer a question, click the
Question button to return to the question.
Existing Environment:
Azure Network Infrastructure
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com.
The Azure subscription contains the virtual networks shown in the following table.

www.authorizedumps.com
Questions & Answers PDF Page 12

Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the
following table.

The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one
custom security rule that allows RDP connections from the internet. The firewall on each virtual
machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Private DNS Zones
The Azure subscription contains the Azure private DNS zones shown in the following table.

Zone1.contoso.com has the virtual network links shown in the following table.

Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.

Requirements:
Virtual Network Requirements
Contoso has the following virtual networks requirements:

www.authorizedumps.com
Questions & Answers PDF Page 13

* Create a virtual network named Vnet6 in West US that will contain the following resources and
configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone
network
* The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft
backbone network.
* A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the
outbound network traffic from Subnet2 to the internet.
Network Security Requirements
Contoso has the following network security requirements:
* Configure Azure Active Directory (Azure AD) authentication for Point-to-Site (P2S) VPN users.
* Enable NSG flow logs for NSG3 and NSG4.
* Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom
inbound security rules shown in the following table.

* Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom
outbound security rules shown in the following table.

Question: 12

HOTSPOT
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select
the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:
Explanation:

www.authorizedumps.com
Questions & Answers PDF Page 14

Question: 13
HOTSPOT
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate
ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:
Explanation:
NGS1 only
VM2, VM3, VM4 and VM5

Question: 14
HOTSPOT
You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

www.authorizedumps.com
Questions & Answers PDF Page 15

Answer:
Explanation:

www.authorizedumps.com
Questions & Answers PDF Page 16

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Question: 15
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select
the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer: 2, 4
Explanation:

Question: 16
What should you implement to meet the virtual network requirements for the virtual machines that
connect to Vnet4 and Vnet5?

A. a private endpoint
B. a virtual network peering
C. a private link service
D. a routing table

www.authorizedumps.com
Questions & Answers PDF Page 17

E. a service endpoint

Answer: B
Explanation:

There is no virtual network peering between VM4’s VNet (VNet3) and VM5’s VNet (VNet4). To
enable the VMs to communicate over the Microsoft backbone network a VNet peering is required
between VNet3 and VNet4.

Question: 17

HOTSPOT
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:
Explanation:

Yes
subnet1(WM1->NSG1 outbound->NSG10 outbound)->subnet2(NSG1 inbound->NSG11 inbound-
>VM2)

Yes
NSG10 blocks ICMP from VNet4 (source 10.10.0.0/16) but it is not blocked from VM2‫ג‬€™s subnet
(VNet1/Subnet2).

No
NSG11 blocks RDP (port TCP 3389) destined for ‫ג‬€˜VirtualNetwork‫ג‬€™. VirtualNetwork is a service
tag and means the address space of the virtual network (VNet1) which in this case is 10.1.0.0/16.
Therefore, RDP traffic from subnet2 to anywhere else in VNet1 is blocked.

Question: 18
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

www.authorizedumps.com
Questions & Answers PDF Page 18

Answer:
Explanation:

Question: 19

You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

A. IKEv2 and OpenVPN (SSL)

B. IKEv2
C. IKEv2 and SSTP (SSL)
D. OpenVPN (SSL)
E. SSTP (SSL)

Answer: D
Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

Question: 20

HOTSPOT

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate
options in the answer area.

NOTE: Each correct selection is worth one point.

www.authorizedumps.com
Questions & Answers PDF Page 19

Answer:
Explanation:

Box 1: VM2, VM3 and VM4.

www.authorizedumps.com
Questions & Answers PDF Page 20

VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3.

There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP
to VNet1/Subnet2, VNet2 or VNet3. Therefore, VM1 can ping VM2 in VNet1/Subnet2, VM3 in VNet2
and VM4 in VNet3.

Box 2:
VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound
ICMP from VNet3. There are no NSGs blocking inbound ICMP to VNet1/Subnet1, VNet1/Subnet2 or
VNet2 from VNet3 (NSG10 blocks inbound ICMP from VNet4 but not from VNet3). Therefore, VM4
can ping VM1 in VNet1/Subnet1, VM2 in VNet1/Subnet2 and VM3 in VNet2.

www.authorizedumps.com
 Thank You for trying AZ-700 PDF Demo

https://authorizedumps.com/az-700-exam-dumps/

Start Your AZ-700 Preparation

[Limited Time Offer] Use Coupon " SAVE20 " for extra 20%
discount the purchase of PDF file. Test your
AZ-700 preparation with actual exam questions

www.authorizedumps.com