- (Exam Topic 6)
You have an Azure virtual machine named VM1.
The network interface for VM1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You deploy a web server on VM1, and then created a secure website that is accessible by using the HTTPS protocol. VM1 is used as a web server only.
You need to ensure that users can connect to the website from the internet. What should you do?
Correct Answer:D
- (Exam Topic 4)
N NO: 26 HOTSPOT
You plan to deploy five virtual machines to a virtual network subnet.
Each virtual machine will have a public IP address and a private IP address. Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: 5
A public and a private IP address can be assigned to a single network interface. Box 2: 1
You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-addresses
Does this meet the goal?
Correct Answer:A
- (Exam Topic 3)
You need to move the blueprint files to Azure.
What should you do?
Correct Answer:D
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include: Copy the blueprint files to Azure over the Internet. References:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-us
- (Exam Topic 6)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer.
The effective network security configurations for VM2 are shown in the following exhibit.
You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You verify that the Load Balancer rules are configured correctly.
You need to ensure that connections to App1 can be established successfully from 131.107.100.50 over TCP port 443.
Solution: You delete the BlockAllOther443 inbound security rule. Does this meet the goal?
Correct Answer:B
Reference:
https://fastreroute.com/azure-network-security-groups-explained/ We have a higher priority rule which allows the traffic.
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
- (Exam Topic 2)
You are evaluating the name resolution for the virtual machines after the planned implementation of the Azure networking infrastructure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Solution:
Statement 1: Yes
All client computers in the Paris office will be joined to an Azure AD domain.
A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2. Microsoft Windows Server Active Directory domains, can resolve DNS names between virtual networks.
Automatic registration of virtual machines from a virtual network that's linked to a private zone with
auto-registration enabled. Forward DNS resolution is supported across virtual networks that are linked to the private zone.
Statement 2: Yes
A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
As this is a registration network so this will work.
Statement 3: No
Only VMs in the registration network, here the ClientResources-VNet, will be able to register hostname records. Since Subnet4 not connected to Client Resources Network thus not able to register its hostname with humongoinsurance.local
Reference:
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-insta
Does this meet the goal?
Correct Answer:A
- (Exam Topic 5)
You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table.
Subnet1 contains a virtual appliance named VM1 that operates as a router. You create a routing table named RT1.
You need to route all inbound traffic to VNet1 through VM1.
How should you configure RT1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box1 : 10.0.0.0/16
Address prefix in networking refer to the destination IP address range. In this scenario, destination is Vnet1 , hence Address prefix will be the address space of Vnet1.
Box 2 : Virtual appliance
Next hop gets the next hop type and IP address of a packet from a specific VM and NIC. Knowing the next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent nowhere
Next Hop --> VM1 --> Virtual Appliance (You can specify IP address of VM 1 when configuring next hop as virtual appliance)
Box 3 : GatewaySubnet
In the scenario it is asked for all the inbound traffic to Vnet1. Inbound traffic is flowing through SubnetGW. You need to route all inbound traffic from the VPN gateway to VNet1 through VM1.So its traffic from Gateway subnet only.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-route-table https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-next-hop-overview
Does this meet the goal?
Correct Answer:A