SIMULATION - (Topic 4)
Task 7
You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.
Solution:
Here are the steps and explanations for ensuring that hosts on VNET2 can access hosts on both VNET1 and VNET3, but hosts on VNET1 and VNET3 cannot communicate through VNET2:
✑ To connect different virtual networks in Azure, you need to use virtual network
peering. Virtual network peering allows you to create low-latency, high-bandwidth connections between virtual networks without using gateways or the internet1.
✑ To create a virtual network peering, you need to go to the Azure portal and select your virtual network. Then select Peerings under Settings and select + Add2.
✑ On the Add peering page, enter or select the following information:
✑ Select Add to create the peering2.
✑ Repeat the previous steps to create peerings between VNET2 and VNET1, and between VNET2 and VNET3. This will allow hosts on VNET2 to access hosts on both VNET1 and VNET3.
✑ To prevent hosts on VNET1 and VNET3 from communicating through VNET2, you need to use network security groups (NSGs) to filter traffic between subnets. NSGs are rules that allow or deny inbound or outbound traffic based on source or destination IP address, port, or protocol3.
✑ To create an NSG, you need to go to the Azure portal and select Create a resource. Search for network security group and select Network security group. Then select Create4.
✑ On the Create a network security group page, enter or select the following information:
✑ Select Review + create and then select Create to create your NSG4.
✑ To add rules to your NSG, you need to go to the Network security groups service in the Azure portal and select your NSG. Then select Inbound security rules or Outbound security rules under Settings and select + Add4.
✑ On the Add inbound security rule page or Add outbound security rule page, enter or select the following information:
✑ Select Add to create your rule4.
✑ Repeat the previous steps to create inbound and outbound rules for your NSG that deny traffic between VNET1 and VNET3 subnets. For example, you can create an inbound rule that denies traffic from 10.0.1.0/24 (VNET1 subnet 1) to 10.0.3.0/24 (VNET3 subnet 1), and an outbound rule that denies traffic from 10.0.3.0/24 (VNET3 subnet 1) to 10.0.1.0/24 (VNET1 subnet 1).
✑ To associate your NSG with a subnet, you need to go to the Virtual networks service in the Azure portal and select your virtual network. Then select Subnets under Settings and select the subnet that you want to associate with your NSG5.
✑ On the Edit subnet page, under Network security group, select your NSG from the drop-down list. Then select Save5.
✑ Repeat the previous steps to associate your NSG with the subnets in VNET1 and VNET3 that you want to isolate from each other.
Does this meet the goal?
Correct Answer:
A
DRAG DROP - (Topic 3)
You have an Azure subscription that contains the resources shown in the following table.
You need to associate Gateway 1 with Subnet1. The solution must minimize downtime on VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Solution:
Does this meet the goal?
Correct Answer:
A
HOTSPOT - (Topic 2)
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
No
subnet1(WM1->NSG1 outbound->NSG10 outbound)->subnet2(NSG1 inbound->NSG11 inbound->VM2)
Yes
NSG10 blocks ICMP from VNet4 (source 10.10.0.0/16) but it is not blocked from VM2€™s subnet (VNet1/Subnet2).
No
NSG11 blocks RDP (port TCP 3389) destined for €˜VirtualNetwork€™. VirtualNetwork is a service tag and means the address space of the virtual network (VNet1) which in this case is 10.1.0.0/16. Therefore, RDP traffic from subnet2 to anywhere else in VNet1 is blocked.
Does this meet the goal?
Correct Answer:
A
HOTSPOT - (Topic 3)
You have the hybrid network shown in the Network Diagram exhibit.
You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1- Vnet2 exhibit.
You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1- Vnet3 exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
HOTSPOT - (Topic 3)
You have an Azure subscription that contains the virtual networks.shown in the following table.
You have a virtual machine named VM5 that has the following IP address configurations:
• IP address: 10.4.0.5
• Subnet mask:255.255.255.0
• Default gateway:10.4.0.1
• DNSserver:168.63.129.16
You have an Azure Private DNS zone named, fabrikam.com that contains the records shown in, the following table.
The virtual network links in the fabrikam.com DNS /one are configured as shown in the exhibit. (Click the Exhibit tab.)
VMS fails to resolve the IP address for.appKfabrik3in.com.
For each of the following statements, select Yes if, the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
