AZ-700 Free Practice Test

- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled. You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24. Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
The parameter here should be RemoteAddr not Request header.
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview#match-variable

- (Exam Topic 1)
You need to connect Vnet2 and Vnet3. The solution must meet the virtual networking requirements and the business requirements.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

1. A. On the peerings from Vnet2 and Vnet3, select Use remote gateways.
2. B. On the peering from Vnet1, select Allow forwarded traffic.
3. C. On the peering from Vnet1, select Use remote gateways.
4. D. On the peering from Vnet1, select Allow gateway transit.
5. E. On the peerings from Vnet2 and Vnet3, select Allow gateway transit.

Correct Answer: BD

- (Exam Topic 3)
You have the Azure environment shown in the exhibit.

VM1 is a virtual machine that has an instance-level public IP address (ILPIP).
Basic Load Balancer uses a public IP address. VM1 and VM2 are in the backend pool. NAT Gateway uses a public IP address named IP3 that is associated to SubnetA. VNet1 has a virtual network gateway that has a public IP address named IP4.
When initiating outbound traffic to the internet from VM1, which public address is used?

1. A. IP1
2. B. IP2
3. C. IP3
4. D. IP4

Correct Answer: A

- (Exam Topic 3)
You have an Azure virtual network named Vnet1 that has one subnet. Vnet1 is in the West Europe Azure region.
You deploy an Azure App Service app named App1 to the West Europe region.
You need to provide App1 with access to the resources in Vnet1. The solution must minimize costs. What should you do first?

1. A. Create a private link.
2. B. Create a new subnet.
3. C. Create a NAT gateway.
4. D. Create a gateway subnet and deploy a virtual network gateway.

Correct Answer: B
Virtual network integration depends on a dedicated subnet.
https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration#regional-virtual-network-integrat For outgoing traffic from Web App to vnet, it will go through Internet, so the cost not the minimum.
The connection between the Private Endpoint and the Web App uses a secure Private Link. Private Endpoint is only used for incoming flows to your Web App. Outgoing flows will not use this Private Endpoint, but you can inject outgoing flows to your network in a different subnet through the VNet integration feature.
https://docs.microsoft.com/en-us/azure/app-service/networking/private-endpoint#conceptual-overview

- (Exam Topic 3)
You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.

The links have auto registration enabled.
You create the virtual machines shown in the following table.

You manually add the following entry to the contoso.com zone:
Name: VM1
IP address: 10.1.10.9
For each of the following statements, select Yes of the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Solution:
Graphical user interface, text, application Description automatically generated
Box 1: No
The manual DNS record will overwrite the auto-registered DNS record so VM1 will resolve to 10.1.10.9. Box 2: No
The DNS record for VM1 is now a manually created record rather than an auto-registered record. Only auto-registered DNS records are deleted when a VM is deleted.
Box 3: No
This answer depends on how the IP address is changed. To change the IP address of a VM manually, you would need to select ‘Static’ as the IP address assignment. In this case, the DNS record will not be updated because only DHCP assigned IP addresses are auto-registered.
Reference:
https://docs.microsoft.com/en-us/azure/dns/dns-faq-private

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A