Microsoft Azure Networking Solutions Exam: AZ-700 Sample Questions
Candidates must have subject-matter expertise in designing, implementing, and maintaining Azure networking solutions, which include hybrid networking, routing, connectivity, security, and private access to Azure services, in order to pass the Microsoft Azure exam AZ-700: Designing and Implementing Microsoft Azure Networking Solutions. Candidates for this exam should also possess advanced Azure administration abilities, familiarity with networking, knowledge of hybrid connections, and network security. The article provides a list of Microsoft Azure Networking Solutions Exam: AZ-700 Sample Questions that cover core exam topics including –
- Learn the process of Designing, Implementing, and Managing Hybrid Networking
- Learn the process of Designing and Implementing Core Networking Infrastructure
- Learn the process of Designing and Implementing Routing
- Learn the process of Securing and Monitoring Networks
- Understand the process of Designing and Implementing Private Access to Azure Services.
Advanced Sample Questions
You are an Azure administrator for a company. The company has an on-premises network that includes several Windows Server virtual machines (VMs) and an Azure virtual network. You need to ensure that the VMs in the on-premises network can communicate with the VMs in the Azure virtual network.
What should you use?
- A) Virtual network peering
- B) Azure ExpressRoute
- C) Azure Site-to-Site VPN
- D) Azure VNet-to-VNet VPN
Answer: C
Explanation: To establish communication between VMs in an on-premises network and VMs in an Azure virtual network, you should use an Azure Site-to-Site VPN. This type of VPN establishes a secure connection between the on-premises network and the Azure virtual network, allowing communication between the VMs.
Your company has an Azure virtual network named VNet1. VNet1 contains several subnets. You need to ensure that all network traffic from the subnets is routed through a virtual appliance before reaching the internet.
What should you use?
- A) Network security group (NSG)
- B) Azure Firewall
- C) Azure Application Gateway
- D) Azure Load Balancer
Answer: B
Explanation: To ensure that all network traffic from the subnets in an Azure virtual network is routed through a virtual appliance before reaching the internet, you should use an Azure Firewall. Azure Firewall is a managed, cloud-based network security service that can be used to secure traffic in a virtual network.
You are an Azure administrator for a company. The company has an Azure virtual network named VNet1 that contains several subnets. The company also has an on-premises network that is connected to VNet1 by using an Azure Site-to-Site VPN. You need to ensure that all network traffic from the on-premises network to the subnets in VNet1 is encrypted.
What should you use?
- A) Azure ExpressRoute
- B) Azure Site-to-Site VPN with encryption
- C) Virtual network peering
- D) Azure VNet-to-VNet VPN
Answer: B
Explanation: To ensure that all network traffic from the on-premises network to the subnets in VNet1 is encrypted, you should use an Azure Site-to-Site VPN with encryption. This type of VPN encrypts all network traffic between the on-premises network and the Azure virtual network, providing a secure connection.
You are an Azure administrator for a company. The company has an Azure virtual network named VNet1 that contains several subnets. The company also has an on-premises network that is connected to VNet1 by using an Azure Site-to-Site VPN. You need to ensure that only approved devices can access the subnets in VNet1.
What should you use?
- A) Virtual network peering
- B) Azure ExpressRoute
- C) Azure Site-to-Site VPN with conditional access
- D) Azure VNet-to-VNet VPN
Answer: C
Explanation: To ensure that only approved devices can access the subnets in VNet1, you should use an Azure Site-to-Site VPN with conditional access. This type of VPN allows you to define conditions for accessing the subnets in VNet1, such as requiring a specific device type or certificate.
Your company has an Azure virtual network named VNet1. VNet1 contains several subnets. You need to ensure that all outbound network traffic from the subnets is encrypted.
What should you use?
- A) Azure ExpressRoute
- B) Azure Firewall
- C) Azure Application Gateway with SSL offloading
- D) Azure Load Balancer with SSL offloading
Answer: C
Explanation: To ensure that all outbound network traffic from the subnets in VNet1 is encrypted, you should use an Azure Application Gateway with SSL offloading. SSL offloading allows the encryption of network traffic to be handled by the Azure Application Gateway, freeing up resources on the backend servers.
You are an Azure administrator for a company. The company has an Azure virtual network named VNet1 that contains several subnets. You need to ensure that all inbound network traffic to the subnets is logged for security and compliance purposes.
What should you use?
- A) Azure ExpressRoute
- B) Azure Firewall with logging
- C) Azure Application Gateway with logging
- D) Azure Load Balancer with logging
Answer: B
Explanation: To ensure that all inbound network traffic to the subnets in VNet1 is logged for security and compliance purposes, you should use an Azure Firewall with logging. Azure Firewall allows you to log all network traffic, providing visibility into traffic patterns and security incidents.
Your company has an Azure virtual network named VNet1. VNet1 contains several subnets. You need to ensure that all inbound network traffic to the subnets is inspected for security threats.
What should you use?
- A) Azure ExpressRoute
- B) Azure Firewall with threat detection
- C) Azure Application Gateway with threat detection
- D) Azure Load Balancer with threat detection
Answer: B
Explanation: To ensure that all inbound network traffic to the subnets in VNet1 is inspected for security threats, you should use an Azure Firewall with threat detection. Azure Firewall provides the ability to detect and mitigate security threats in real-time, helping to protect your network and data.
You are an Azure administrator for a company. The company has an Azure virtual network named VNet1 that contains several subnets. You need to ensure that all network traffic between the subnets is optimally routed.
What should you use?
- A) Azure ExpressRoute
- B) Azure Firewall
- C) Azure Application Gateway with traffic management
- D) Azure Load Balancer with traffic management
Answer: D
Explanation: To ensure that all network traffic between the subnets in VNet1 is optimally routed, you should use an Azure Load Balancer with traffic management. Azure Load Balancer provides the ability to manage network traffic and ensure that traffic is optimally routed, improving performance and availability.
Your company has an Azure virtual network named VNet1. VNet1 contains several subnets. You need to ensure that all inbound network traffic to the subnets is load balanced for performance and availability.
What should you use?
- A) Azure ExpressRoute
- B) Azure Firewall
- C) Azure Application Gateway with load balancing
- D) Azure Load Balancer with load balancing
Answer: C
Explanation: To ensure that all inbound network traffic to the subnets in VNet1 is load balanced for performance and availability, you should use an Azure Application Gateway with load balancing. Azure Application Gateway provides the ability to load balance network
Basic Sample Questions
Q1)In New York, your business has just one on-site datacenter. New York serves as a peering location for the Azure East US region. The only Azure resources the organisation has are in the East US area. To handle up to 1 Gbps, ExpressRoute must be used. Only ExpressRoute Unlimited data plans may be used. The answer must reduce expenses. Which ExpressRoute circuit type should you design?
- A. ExpressRoute Local
- B. ExpressRoute Direct
- C. ExpressRoute Premium
- D. ExpressRoute Standard
Correct Answer: A
Q2)You are preparing an OpenVPN-based Azure Point-to-Site (P2S) VPN. An on-site Active Directory domain will be used for user authentication. Which supplementary service ought to be implemented to facilitate VPN authentication?
- A. an Azure key vault
- B. a RADIUS server
- C. a certification authority
- D. Azure Active Directory (Azure AD) Application Proxy
Correct Answer: B
Q3)For a Site-to-Site VPN connection between a datacenter and Azure, you intend to configure BGP. What are the best two Azure resources to configure? Each accurate response offers a piece of the answer. (Select two.) NOTE: A point is awarded for each choice that is correct.
- A. a virtual network gateway
- B. Azure Application Gateway
- C. Azure Firewall
- D. a local network gateway
- E. Azure Front Door
Correct Answer: AD
Q4)You fail to create a Site-to-Site VPN link between the corporate headquarters of your business and an Azure virtual network. What is preventing you from establishing the IPsec tunnel needs to be investigated. Which diagnostic log ought to be examined?
- A. IKEDiagnosticLog
- B. RouteDiagnosticLog
- C. GatewayDiagnosticLog
- D. TunnelDiagnosticLog
Correct Answer: A
Q5)You have a datacenter on-site as well as an Azure virtual network. You are preparing a Site-to-Site VPN link between the virtual network and the datacenter. Which two resources ought to be a part of your strategy? Each right response offers a piece of the answer. NOTE: A point is awarded for each choice that is correct.
- A. a user-defined route
- B. a virtual network gateway
- C. Azure Firewall
- D. Azure Web Application Firewall (WAF)
- E. an on-premises data gateway
- F. an Azure application gateway
- G. a local network gateway
Correct Answer: B and G
Q6)Your business has locations in Amsterdam and New York. The business is a subscriber to Azure. A Site-to-Site VPN connection is used to link both offices to Azure. Resources from the North Europe Azure region are used by the Amsterdam office. Resources from the East US Azure area are used by the New York office. ExpressRoute circuits must be used to connect every office to the closest Azure region. The on-premises PCs in the Amsterdam office must be able to connect to the on-premises servers in the New York office utilising the ExpressRoute circuits once they are connected. Which ExpressRoute selection is best?
- A. ExpressRoute FastPath
- B. ExpressRoute Global Reach
- C. ExpressRoute Direct
- D. ExpressRoute Local
Correct Answer: B
Q7)You want to set up a virtual network on Azure. The subnets must be designed. Which three categories of resources demand their own subnet? Each accurate response offers an entire resolution.
- A. Azure Bastion
- B. Azure Active Directory Domain Services
- C. Azure Private Link
- D. Azure Application Gateway v2
- E. VPN gateway
Correct Answer: ADE
Q8) You have two virtual networks in Azure with the names Vnet1 and Vnet2. A Point-to-Site (P2S) IKEv2 VPN is being used to link Client1, a Windows 10 device, to Vnet1. Between Vnet1 and Vnet2, you put into practise virtual network peering. Gateway transport is permitted by Vnet1. The remote gateway is usable via Vnet2. You find that Client1 and Vnet2 are unable to communicate. You must make sure that Client1 and Vnet2 can communicate. The VPN client configuration is downloaded and reinstalled as a solution. Is the objective being met?
- A. Yes
- B. No
Correct Answer: A
Q9)You have 150 virtual machines hosted on an Azure virtual network called Vnet1 that is home to an Azure firewall called FW1. A private DNS zone with the name contoso.com is connected to Vnet1. The names of every virtual machine are recorded in the contoso.com zone. ExpressRoute is used to link Vnet1 to a datacenter located on-site. You must make sure that the names in the contoso.com zone can be resolved by the on-premises DNS servers. What are the two things you should do? Each right response offers a piece of the answer.
- A. Modify the DNS server settings of Vnet1.
- B. For FW1, configure custom DNS server.
- C. For FW1, enable DNS proxy.
- D. On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.
- E. On the on-premises DNS servers, configure forwarders that point to the Azure provided DNS service at 168.63.129.16.
Correct Answer: C and D
Q10)In Azure virtual networks, you are organising the IP addresses for the subnets. Which resource category needs IP addresses in the subnets?
- A. internal load balancers
- B. storage account
- C. service endpoints
- D. service endpoint policies
Correct Answer: A
Q11)You have a routing rule named Rule1 on your Azure application gateway, AGW1, which is part of Azure. For http://www.contoso.com, Rule 1 points traffic to a backend pool called Pool1. Pool 1 is intended for the VMSS1 Azure virtual machine scale set. You deploy VMSS2, a different virtual machine scale set. To make sure that VMSS2 receives all traffic for http://www.adatum.com, you must set up AGW1 to do so. The answer must guarantee that queries to http://www.contoso.com are still routed to Pool1. Which three things ought you to do? Each right response offers a piece of the answer.
- A. Add a backend pool.
- B. Modify an HTTP setting.
- C. Add an HTTP setting.
- D. Add a listener.
- E. Add a rule.
Correct Answer: ADE
Q12)An Azure App Service app is part of your Azure subscription. A URL of https://www.contoso.com is used by the app. For www.contoso.com, you must utilise a custom domain on Azure Front Door. A certificate from a recognised certifying body must be used by the custom domain (CA). What should the solution contain?
- A. an enterprise application in Azure Active Directory (Azure AD)
- B. Active Directory Certificate Services (AD CS)
- C. Azure Key Vault
- D. Azure Application Gateway
Correct Answer: C
Q13) For a web application called App1, you have an Azure application gateway. Using the application gateway, end-to-end encryption is possible. An enterprise-signed certificate must be uploaded in order to configure the listener for HTTPS. You must make sure that App1 can get end-to-end encryption from the application gateway. What ought you to do?
- A. Increase the custom probe’s Unhealthy threshold setting.
- B. Give the listener access to the SSL profile.
- C. Select Multi site as the listener type.
- D. Enter the HTTP settings after uploading the public key certificate.
Correct Answer: C
Q14)You have a web app called App1 that receives requests via a gateway in Azure called AppGW1. The server variables in App1’s response header must be changed. What settings ought to be made on AppGW1 in Microsoft Azure Networking Solutions Exam: AZ-700 ?
- A. HTTP settings
- B. rewrites
- C. rules
- D. listeners
Correct Answer: B
Q15) There are 500 session hosts in your deployment of Azure Virtual Desktop. A NAT gateway is utilised by all outgoing traffic to the internet. during the busiest period. Some users claim they are unable to access online resources. You find a large number of unsuccessful SNAT connections in Azure Monitor. The number of SNAT connections available has to be increased. What ought you to do in Microsoft Azure Networking Solutions Exam: AZ-700 ?
- A. Connect a different subnet to the NAT gateway.
- B. Include an open IP address.
- C. Set up an outbound-rules-equipped Azure Standard Load Balancer.
Correct Answer: B
Q16)In an Azure virtual network, you are setting up two network virtual appliances (NVAs). The virtual network’s whole traffic will be examined using NVAs. For the NVAs, great availability is required. The answer must require the least amount of administration. What should the solution contain in Microsoft Azure Networking Solutions Exam: AZ-700 ?
- A. Azure Standard Load Balancer
- B. Azure Application Gateway
- C. Azure Traffic Manager
- D. Azure Front Door
Correct Answer: A