- (Exam Topic 2)
You need to configure GW1 to meet the network security requirements for the P2S VPN users. Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
Correct Answer:D
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.
You need to ensure that the URL is accessible through the application gateway. Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?
Correct Answer:A
- (Exam Topic 3)
You have 10 Azure App Service instances. Each instance hosts the same web app. Each instance is in a different Azure region.
You need to configure Azure Traffic Manager to direct users to the instance that has the lowest latency. Which routing method should you use?
Correct Answer:D
- (Exam Topic 3)
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe Azure region.
You deploy an Azure App Service app named App1 to the West Europe region.
You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs. What should you do first?
Correct Answer:B
Virtual network integration depends on a dedicated subnet.
https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration#regional-virtual-network-integrat For outgoing traffic from Web App to vnet, it will go through Internet, so the cost not the minimum.
The connection between the Private Endpoint and the Web App uses a secure Private Link. Private Endpoint is only used for incoming flows to your Web App. Outgoing flows will not use this Private Endpoint, but you can inject outgoing flows to your network in a different subnet through the VNet integration feature.
https://docs.microsoft.com/en-us/azure/app-service/networking/private-endpoint#conceptual-overview
- (Exam Topic 3)
You have three on-premises sites. Each site has a third-party VPN device.
You have an Azure virtual WAN named VWAN1 that has a hub named Hub1. Hub1 connects two of the three on-premises sites by using a Site-to-Site VPN connection.
You need to connect the third site to the other two sites by using Hub1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Solution:
Table Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal
Does this meet the goal?
Correct Answer:A
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
* A virtual network named Vnet1
* A subnet named Subnet1 in Vnet1
* A virtual machine named VM1 that connects to Subnet1
* Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You configure the firewall on storage1 to only accept connections from Vnet1. Does this meet the goal?
Correct Answer:B