Valid AZ-700 Dumps shared by PassLeader for Helping Passing AZ-700 Exam! PassLeader now offer the newest AZ-700 VCE dumps and AZ-700 PDF dumps, the PassLeader AZ-700 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-700 dumps with VCE and PDF here: https://www.passleader.com/az-700.html (114 Q&As Dumps –> 217 Q&As Dumps –> 276 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader AZ-700 dumps from Cloud Storage: https://drive.google.com/drive/folders/11GBu3Jq_EWsF2NUi__ZcspE_oTcAzPym
NEW QUESTION 101
You have an Azure subscription that contains the following resources:
– A virtual network named Vnet1.
– A subnet named Subnet1 in Vnet1.
– A virtual machine named VM1 that connects to Subnet1.
– Three storage accounts named storage1, storage2, and storage3.
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You configure the firewall on storage1 to only accept connections from Vnet1.
Does this meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 102
You have two Azure virtual networks named Vnet1 and Vnet2. You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2.
Solution: You reset the gateway of Vnet1.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
NEW QUESTION 103
You have an Azure Web Application Firewall (WAF) policy in prevention mode that is associated to an Azure Front Door instance. You need to configure the policy to meet the following requirements:
– Log all connections from Australia.
– Deny all connections from New Zealand.
– Deny all further connections from a network of 131.107.100.0/24 if there are more than 100 connections during one minute.
What is the minimum number of objects you should create?
A. three custom rules that each has one condition
B. one custom rule that has three conditions
C. one custom rule that has one condition
D. one rule that has two conditions and another rule that has one condition
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview
NEW QUESTION 104
You have an Azure subscription that contains multiple virtual machines in the West US Azure region. You need to use Traffic Analytics. Which two resources should you create? (Each correct answer presents part of the solution. Choose two.)
A. an Azure Monitor workbook
B. a Log Analytics workspace
C. a storage account
D. an Azure Sentinel workspace
E. an Azure Monitor data collection rule
Answer: BC
Explanation:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
NEW QUESTION 105
You have a hybrid environment that uses ExpressRoute to connect an on-premises network and Azure. You need to log the uptime and the latency of the connection periodically by using an Azure virtual machine and an on-premises virtual machine. What should you use?
A. Azure Monitor
B. IP Flow Verify
C. Connection Monitor
D. Azure Internet Analyzer
Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor
NEW QUESTION 106
You have an Azure subscription that contains the following resources:
– A virtual network named Vnet1.
– Two subnets named subnet1 and AzureFirewallSubnet.
– A public Azure Firewall named FW1.
– A route table named RT1 that is associated to Subnet1.
– A rule routing of 0.0.0.0/0 to FW1 in RT1.
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated. You need to ensure that the virtual machines can be activated. What should you do?
A. On FW1, create an outbound service tag rule for AzureCloud.
B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).
C. Deploy a NAT gateway.
D. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.
Answer: B
Explanation:
https://ryanmangansitblog.com/2020/05/11/firewall-considerations-windows-virtual-desktop-wvd/
NEW QUESTION 107
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly. Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service. You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB. What should you include in the solution?
A. a service tag
B. a private endpoint
C. a subnet delegation
D. an application security group
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview
NEW QUESTION 108
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe Azure region. You deploy an Azure App Service app named App1 to the West Europe region. You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs. What should you do first?
A. Create a private link.
B. Create a new subnet.
C. Create a NAT gateway.
D. Create a gateway subnet and deploy a virtual network gateway.
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet
NEW QUESTION 109
While working as a network administrator, you need to do DNS based global routing and don’t have requirements for TLS (Transport Layer Security) protocol termination (“SSL offload”), per-HTTPS/HTTP request or application-layer processing. Which of the following load balancing solutions would you use?
A. Application Gateway
B. Traffic Manager
C. Front Door
D. PowerShell
Answer: B
NEW QUESTION 110
You decide to protect your Azure Virtual Network resources using Azure Firewall. But there are a number of different possible issues with the Firewall. In case of the issue “Threat intelligence alerts may get masked”, how can you mitigate the issue? (Choose two.)
A. Use https as the port: protocol value.
B. Create outbound filtering for 80/443 using application rules.
C. Change the threat intelligence mode to Alert and Deny.
D. Use authenticated SMTP relay services.
E. Use only IPv4 addresses.
Answer: BC
NEW QUESTION 111
Regional VNet Integration enables connecting to a VNet in the same region with no need for a gateway. While using VNet Integration with VNets in the same region, which of the below Azure networking features would you use to block outbound traffic?
A. Route Tables(UDRs)
B. Domain Name Service
C. Traffic Manager
D. Front Door
E. Network Security Groups (NSGs)
Answer: E
NEW QUESTION 112
HotSpot
Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20. Vnet1 contains a subnet named Subnet1 that uses an IP address space of 192.168.0.0/24. You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48. You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses. What should you do? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-network/ipv6-overview
https://docs.microsoft.com/en-us/azure/virtual-network/ipv6-add-to-existing-vnet-powershell
NEW QUESTION 113
Drag and Drop
You have an Azure virtual network named Vnet1 that connects to an on-premises network. You have an Azure Storage account named storageaccount1 that contains blob storage. You need to configure a private endpoint for the blob storage. The solution must meet the following requirements:
– Ensure that all on-premises users can access storageaccount1 through the private endpoint.
– Prevent access to storageaccount1 from being interrupted.
Which four actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Explanation:
168.63.129.16 is the IP address of Azure DNS which hosts Azure Private DNS zones. It is only accessible from within a VNet which is why we need to forward on-prem DNS requests to the VM running DNS in the VNet. The VM will then forward the request to Azure DNS for the IP of the storage account private endpoint.
https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
NEW QUESTION 114
……
Get the newest PassLeader AZ-700 VCE dumps here: https://www.passleader.com/az-700.html (114 Q&As Dumps –> 217 Q&As Dumps –> 276 Q&As Dumps)
And, DOWNLOAD the newest PassLeader AZ-700 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/11GBu3Jq_EWsF2NUi__ZcspE_oTcAzPym