Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Microsoft
  3. AZ-700

Microsoft Designing and Implementing Azure Networking Solutions AZ-700 Exam Questions in PDF

Free Microsoft AZ-700 Dumps Questions (page: 6)

AZ-700 PDF — 379 Questions

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.



NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.



The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.



The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.

Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.

Deploy Azure Virtual Network Manager and implement the following rules:

- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.

Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.

Deploy a gateway load balancer named LBGW1 to HubVNet.

Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and

NVA2.
Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
Minimize the complexity of the Azure Virtual Network Manager deployment.

Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.

Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S)

VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
Whenever possible, use the internal CA.

Ensure that all connections routed via APPGW1 use end-to-end encryption.

Ensure that user connections to Azure-hosted apps use end-to-end encryption.

Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.

Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.

Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
Minimize the IP address space required to deploy platform-managed resources to the virtual networks.

From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
Whenever possible, minimize administrative effort.

HOTSPOT (Drag and Drop is not supported)

You have an Azure subscription that contains the virtual networks shown in the following table.



You have devices that run either Windows or macOS. The devices connect to VGW1 by using the OpenVPN protocol.

Which virtual networks can each device access? To answer, select the appropriate options in the answer area.

Note: Each correct answer is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: VNet1 VNet2, and VNet3
Windows

Note 1: About Point-to-Site VPN routing
Azure Point-to-Site VPN routing behavior is dependent on the client OS, the protocol used for the VPN connection, and how the virtual networks (VNets) are connected to each other.

Multiple peered VNets
In this example, the Point-to-Site VPN gateway connection is for VNet1. VNet1 is peered with VNet2. VNet 2 is peered with VNet3. VNet1 is peered with VNet4. There is no direct peering between VNet1 and VNet3. VNet1 has "Allow gateway transit" and VNet2 and VNet4 have "Use remote gateways" enabled.

Clients using Windows can access directly peered VNets, but the VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Non-Windows clients can access directly peered VNets. Access isn't transitive and is limited to only directly peered VNets.



Note 2:
Can I configure a point-to-site client to connect to multiple virtual networks at the same time? Yes, point-to-site client connections to a virtual network gateway that is deployed in a VNet that is peered with other VNets may have access to other peered VNets. point-to-site clients will be able to connect to peered VNets as long as the peered VNets are using the UseRemoteGateway / AllowGatewayTransit features.

Box 2: VNet1 and VNet2 only.
macOS


Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.



NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.



The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.



The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.

Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.

Deploy Azure Virtual Network Manager and implement the following rules:

- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.

Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.

Deploy a gateway load balancer named LBGW1 to HubVNet.

Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and

NVA2.
Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
Minimize the complexity of the Azure Virtual Network Manager deployment.

Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.

Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S)

VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
Whenever possible, use the internal CA.

Ensure that all connections routed via APPGW1 use end-to-end encryption.

Ensure that user connections to Azure-hosted apps use end-to-end encryption.

Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.

Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.

Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
Minimize the IP address space required to deploy platform-managed resources to the virtual networks.

From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
Whenever possible, minimize administrative effort.

You have an Azure subscription that contains the resources shown in the following table.



You plan to deploy an Azure Virtual Network NAT gateway named Gateway1. The solution must meet the following requirements:

VM1 will access the internet by using its public IP address.

VM2 will access the internet by using its public IP address.

Administrative effort must be minimized.

You need to ensure that you can deploy Gateway1 to Vnet1.

What is the minimum number of subnets that Vnet1 must have?

  1. 2
  2. 3
  3. 4
  4. 5

Answer(s): C




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.



NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.



The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.



The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.

Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.

Deploy Azure Virtual Network Manager and implement the following rules:

- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.

Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.

Deploy a gateway load balancer named LBGW1 to HubVNet.

Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and

NVA2.
Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
Minimize the complexity of the Azure Virtual Network Manager deployment.

Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.

Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S)

VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
Whenever possible, use the internal CA.

Ensure that all connections routed via APPGW1 use end-to-end encryption.

Ensure that user connections to Azure-hosted apps use end-to-end encryption.

Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.

Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.

Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
Minimize the IP address space required to deploy platform-managed resources to the virtual networks.

From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
Whenever possible, minimize administrative effort.

DRAG DROP (Drag and Drop is not supported)

You have 100 on-premises servers with IP addresses from the 10.0.0.0/24 IP address space.

You have an Azure subscription that contains a virtual network named VNet1, an Azure VPN gateway named VGW1, and 100 virtual machines. VNet1 has an IP address space of 10.0.0.0/22. VGW1 uses the VpnGw1 SKU.

You need to ensure that the Azure virtual machines and the on-premises servers can communicate by using VGW1. The solution must minimize administrative effort.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Create a site-to-site VPN connection



Step 1: Resize VNet1
For the extended network in step 4 we need to take some action. The address space are overlapping, but they are of different size. Need to increase to size of VNet1 to match the on-premises 10.0.0.0/24 IP address space.

Step 2: On VGW1, create a local gateway
Create a local network gateway
The local network gateway is a specific object deployed to Azure that represents your on-premises location (the site) for routing purposes. You give the site a name by which Azure can refer to it, and then specify the IP address of the on-premises VPN device to which you create a connection. You also specify the IP address prefixes that are routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.

Step 3: On VGW1, add a connection.

Step 4: Configure an Azure extended network
Extend your on-premises subnets into Azure using extended network for Azure

Extended network for Azure enables you to stretch an on-premises subnet into Azure to let on-premises virtual machines keep their original on-premises private IP addresses when migrating to Azure.

The network is extended using a bidirectional VXLAN tunnel between two Windows Server 2019 VMs acting as virtual appliances, one running on-premises and the other running in Azure, each also connected to the subnet to be extended. Each subnet that you are going to extend requires one pair of appliances.

Incorrect:
* Resize VGW1

No need to resize VGW1.
VpnGw1, Supported Number of VMs in the Virtual Network: 450


Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended- network




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.



NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.



The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.



The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.

Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.

Deploy Azure Virtual Network Manager and implement the following rules:

- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.

Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.

Deploy a gateway load balancer named LBGW1 to HubVNet.

Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and

NVA2.
Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
Minimize the complexity of the Azure Virtual Network Manager deployment.

Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.

Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S)

VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
Whenever possible, use the internal CA.

Ensure that all connections routed via APPGW1 use end-to-end encryption.

Ensure that user connections to Azure-hosted apps use end-to-end encryption.

Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.

Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.

Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
Minimize the IP address space required to deploy platform-managed resources to the virtual networks.

From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
Whenever possible, minimize administrative effort.

DRAG DROP (Drag and Drop is not supported)

You have a computer named CLIENT1 that runs Windows 11 and has the Azure VPN Client installed.

You have an Azure virtual network gateway named VPNGW1.

You need to ensure that you can connect CLIENT1 to VPNGW1. The solution must support Microsoft Entra authentication.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Step 1: From the Azure portal, authorize the Azure VPN application Configure P2S VPN Gateway for Microsoft Entra ID authentication

Authorize the Azure VPN application
1. Sign in to the Azure portal as a user that is assigned the Global administrator role.

2. Next, grant admin consent for your organization. This allows the Azure VPN application to sign in and read user profiles.

3. Etc.

Step 2: From the Azure portal, configure the tunnel type and authentication type for VPNGW1.
Configure the VPN gateway
1. Locate the tenant ID of the directory that you want to use for authentication. It's listed in the properties section of the Active Directory page.

2. If you don't already have a functioning point-to-site environment, follow the instruction to create one. [Skip]

3. Go to the virtual network gateway. In the left pane, click Point-to-site configuration.



Configure the following values:

Address pool: client address pool
Tunnel type: OpenVPN (SSL) [Step 2]
Authentication type: Microsoft Entra ID [Step 2]

* Details omitted*

4. Once you finish configuring settings, click Save at the top of the page.

Step 3: From the Azure portal, download the Azure VPN Client profile configuration package to CLIENT1.

Download the Azure VPN Client profile configuration package
In this section, you generate and download the Azure VPN Client profile configuration package. This package contains the settings that you can use to configure the Azure VPN Client profile on client computers.

1. At the top of the Point-to-site configuration page, click Download VPN client. It takes a few minutes for the client configuration package to generate.

2. Your browser indicates that a client configuration zip file is available. It's named the same name as your gateway.

3. Extract the downloaded zip file.

4. Browse to the unzipped "AzureVPN" folder.

5. Make a note of the location of the "azurevpnconfig.xml" file. The azurevpnconfig.xml contains the setting for the VPN connection. You can also distribute this file to all the users that need to connect via e-mail or other means. The user will need valid Microsoft Entra ID credentials to connect successfully.

Step 4: To CLIENT1, import the Azurevpnconfig.xml file.
After you obtain the VPN client profile configuration package, extract the zip file. The file contains the following folders:

AzureVPN: The AzureVPN folder contains the Azurevpnconfig.xml file that is used to configure the Azure VPN Client.
Generic: The generic folder contains the public server certificate and the VpnSettings.xml file. The VpnSettings.xml file contains information needed to configure a generic client.

Import client profile configuration settings
When your P2S configuration specifies Microsoft Entra ID authentication, the VPN client profile configuration settings are contained in the azurevpnconfig.xml file. This file is located in the AzureVPN folder of the VPN client profile configuration package.

1. On the page, select Import.

2. Browse to the Azure VPN Client profile configuration folder that you extracted. In the AzureVPN folder, select azurevpnconfig.xml. With the file selected, select Open.

3. Change the name of the Connection name (optional). In this example, you'll notice that the Audience value shown is the new Azure Public value associated to the Microsoft-registered Azure VPN Client App ID. The value in this field must match the value that your P2S VPN gateway is configured to use.

4. Click Save to save the connection profile.

5. In the left pane, select the connection profile that you want to use. Then click Connect to initiate the connection.

6. Authenticate using your credentials, if prompted.

7. Once connected, the icon turns green and shows Connected.


Reference:

https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-entra-vpn-client-windows




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.



NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.



The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.



The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.

Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.

Deploy Azure Virtual Network Manager and implement the following rules:

- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.

Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.

Deploy a gateway load balancer named LBGW1 to HubVNet.

Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and

NVA2.
Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
Minimize the complexity of the Azure Virtual Network Manager deployment.

Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.

Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S)

VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
Whenever possible, use the internal CA.

Ensure that all connections routed via APPGW1 use end-to-end encryption.

Ensure that user connections to Azure-hosted apps use end-to-end encryption.

Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.

Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.

Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
Minimize the IP address space required to deploy platform-managed resources to the virtual networks.

From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
Whenever possible, minimize administrative effort.

HOTSPOT (Drag and Drop is not supported)

You have an on-premises server named Server1 that runs Windows Server and has the DNS Server role installed.

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. VNet1 contains an Azure Firewall instance named FW1. VNet1 peers with VNet2.

The on-premises network is connected to VNet1 by using ExpressRoute. The on-premises network is inaccessible from VNet2.

You need to ensure that virtual machines connected to VNet2 use Server1 to perform name resolution. The solution must minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area.

Note: Each correct answer is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: A custom DNS server
On VNet1, configure:

Hybrid DNS resolution
This article provides guidance on how to configure hybrid DNS resolution by using an Azure DNS Private Resolver with a DNS forwarding ruleset. In this scenario, your Azure DNS resources are connected to an on- premises network using a VPN or ExpressRoute connection.

Azure DNS Private Resolver
The Azure DNS Private Resolver is a service that can resolve on-premises DNS queries for Azure DNS private zones. Previously, it was necessary to deploy a VM-based custom DNS resolver, or use non-Microsoft DNS, DHCP, and IPAM (DDI) solutions to perform this function.

Box 2: The private IP address of FW1
On VNET2, set DNS to:

Gateways and on-premises connectivity
Each virtual network, including a peered virtual network, can have its own gateway. A virtual network can use its gateway to connect to an on-premises network. You can also configure virtual network-to-virtual network connections by using gateways, even for peered virtual networks.

When you configure both options for virtual network interconnectivity, the traffic between the virtual networks flows through the peering configuration. The traffic uses the Azure backbone.

You can also configure the gateway in the peered virtual network as a transit point to an on-premises network. In this case, the virtual network that is using a remote gateway can't have its own gateway. A virtual network could have only one gateway, the gateway should be either local or remote gateway in the peered virtual network as shown in the following diagram:


Reference:

https://learn.microsoft.com/en-us/azure/dns/private-resolver-hybrid-dns https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.



NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.



The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.



The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.

Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.

Deploy Azure Virtual Network Manager and implement the following rules:

- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.

Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.

Deploy a gateway load balancer named LBGW1 to HubVNet.

Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and

NVA2.
Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
Minimize the complexity of the Azure Virtual Network Manager deployment.

Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.

Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S)

VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
Whenever possible, use the internal CA.

Ensure that all connections routed via APPGW1 use end-to-end encryption.

Ensure that user connections to Azure-hosted apps use end-to-end encryption.

Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.

Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.

Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
Minimize the IP address space required to deploy platform-managed resources to the virtual networks.

From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
Whenever possible, minimize administrative effort.

HOTSPOT (Drag and Drop is not supported)

You create an ExpressRoute circuit named ERC1 that is enabled by your connectivity provider.

You need to ensure that the routes for Azure Backup and Azure Cosmos DB are advertised to the on-premises network via ECR1.

The solution must minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Microsoft Peering
On the ExpressRoute circuit, configure:

Microsoft Peering on ExpressRoute allows customers to connect privately to Microsoft public services like Azure Storage and SQL. We are now [July 2019] announcing the addition of the Azure Cosmos DB community on ExpressRoute, which will allow for regional advertisements of Azure Cosmos DB. Microsoft peering also supports Azure Storage and Azure SQL.

Box 2: A route filter and a single filter rule
Associate the ExpressRoute circuit with:

Configure the filter rule to allow both the Azure Backup and Azure Cosmos DB services.
Incorrect:
* A route filter and two filter rules
A route filter can have only one rule, and the rule must be of type 'Allow'. This rule can have a list of BGP community values associated with it.

Note:
Connectivity to all Azure and Microsoft 365 services causes a large number of prefixes gets advertised through BGP. The large number of prefixes significantly increases the size of the route tables maintained by routers within your network. If you plan to consume only a subset of services offered through Microsoft peering, you can reduce the size of your route tables in two ways. You can:

Filter out unwanted prefixes by applying route filters on BGP communities. Route filtering is a standard networking practice and is used commonly within many networks.

Define route filters and apply them to your ExpressRoute circuit. A route filter is a new resource that lets you select the list of services you plan to consume through Microsoft peering. ExpressRoute routers only send the list of prefixes that belong to the services identified in the route filter.


Reference:

https://azure.microsoft.com/en-us/updates/azure-cosmos-db-expressroute-bgp-community-now-available/ https://learn.microsoft.com/en-us/azure/expressroute/how-to-routefilter-portal




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.



NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.



The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.



The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.

Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.

Deploy Azure Virtual Network Manager and implement the following rules:

- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.

Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.

Deploy a gateway load balancer named LBGW1 to HubVNet.

Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and

NVA2.
Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
Minimize the complexity of the Azure Virtual Network Manager deployment.

Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.

Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S)

VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
Whenever possible, use the internal CA.

Ensure that all connections routed via APPGW1 use end-to-end encryption.

Ensure that user connections to Azure-hosted apps use end-to-end encryption.

Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.

Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.

Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
Minimize the IP address space required to deploy platform-managed resources to the virtual networks.

From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
Whenever possible, minimize administrative effort.

HOTSPOT (Drag and Drop is not supported)

You plan to implement an Azure Virtual WAN named VWAN1 that will contain a hub named Hub1. VWAN1 will include the virtual networks shown in the following table.



You need to ensure that hosts connected to VNet1 can communicate with hosts connected to VNet3.

How should you configure the routing tables for VWAN1? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: From destination 10.2.0.0/16 to next hop Conn2.
Default route table

To reach VNet2 use Conn2, the hubs connection to VNet2.

Note:
Hub virtual network connection: Connects virtual networks to a virtual hub.

Association
Each connection is associated to one route table. Associating a connection to a route table allows the traffic (from that connection) to be sent to the destination indicated as routes in the route table. The routing configuration of the connection shows the associated route table. Multiple connections can be associated to the same route table. All VPN, ExpressRoute, and User VPN connections are associated to the same (default) route table.

By default, all connections are associated to a Default route table in a virtual hub. Each virtual hub has its own Default route table, which can be edited to add a static route(s). Routes added statically take precedence over dynamically learned routes for the same prefixes.



Box 2: From destination 10.2.3.0/24 to the next hop 10.2.0.5 Route table for Conn1

VNet1 connect to VNet3 (10.2.3.0/24) through the Network Virtual Appliance (10.2.0.5) in VNet2.

Configuring static routes in a virtual network connection
Configuring static routes provides a mechanism to steer traffic from the hub through a next hop IP, which could be of a Network Virtual Appliance (NVA) provisioned in a Spoke VNet attached to a virtual hub. The static route is composed of a route name, list of destination prefixes, and a next hop IP.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-wan/about-virtual-hub-routing




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.
Overview
Proseware, Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Existing Environment. Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Existing Environment. Network Infrastructure
The offices contain the resources shown in the following table.



NYCNet connects to Azure by using an ExpressRoute circuit.
SFONet connects to Azure by using a Site-to-Site (S2S) VPN.
Existing Environment. Azure Resources
The Azure subscription contains the virtual networks and subnets shown in the following table.



The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet.
The subscription contains Application Gateway resources shown in the following table.



The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.

HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
Planned Changes and Requirements. Planned Changes
Proseware plans to implement the following changes:
Deploy an Azure Private DNS Resolver named PRDNS1 to HubVNet and link PRDNS1 to SpokeVNet.

Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNS1.

Deploy Azure Virtual Network Manager and implement the following rules:

- Allow inbound connections on TCP port 3389 from the on-premises networks to SUBNET-JUMPHOSTS.
- Block inbound connections on TCP port 80 from the internet to SpokeVNet.
Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.

Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.

Deploy a gateway load balancer named LBGW1 to HubVNet.

Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and

NVA2.
Ensure that all the traffic to App2 is processed by using FD1.

Planned Changes and Requirements. Connectivity requirements
Proseware identifies the following connectivity requirements:
Minimize the complexity of the Azure Virtual Network Manager deployment.

Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN.

Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S)

VPN and their proseware.com credentials.
Planned Changes and Requirements. Security requirements
Proseware identifies the following security requirements:
Whenever possible, use the internal CA.

Ensure that all connections routed via APPGW1 use end-to-end encryption.

Ensure that user connections to Azure-hosted apps use end-to-end encryption.

Ensure that all inbound internet traffic to app2.proseware.com is routed via FD1.

Prevent devices that connect to NYCNet from accessing Azure services that use private endpoints.

Enable the virtual machines that connect to HubVNet and SpokeVNet to access Azure services that use private endpoints.
Planned Changes and Requirements. General requirements
Proseware identifies the following general requirements:
Minimize the IP address space required to deploy platform-managed resources to the virtual networks.

From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.proseware.com namespace by using PRDNS1.
Whenever possible, minimize administrative effort.

HOTSPOT (Drag and Drop is not supported)

You have 50 on-premises networks. Each network contains a server that runs Windows Server.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a database server named DB1.

You plan to deploy an app named App1 that will be hosted on the on-premises servers and will connect to DB1 by using Azure Network Adapter.

What should you use to support the Azure Network Adapter connections to VNet1? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Azure VPN Gateway
For inbound connections to the subscription.

Windows Server, Use Azure Network Adapter to connect a server to an Azure Virtual Network

Windows Admin Center and Azure Network Adapter provide a one-click experience to connect the server with your virtual network using a Point-to-Site VPN connection. The process automates configuring the virtual network gateway and the on-premises VPN client.

If there is no existing Azure Virtual Network gateway, Windows Admin Center creates one for you. The setup process can take up to 25 minutes. After the Azure Network Adapter is created, you can start to access VMs in the virtual network directly from your server.

Note: A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.

Box 2: Point-to-Site VPN
For the connections beetween the on-premises servers and VNet1:

Note:
A lot of workloads running on-premises and in multi-cloud environments require connections to virtual machines (VMs) running in Microsoft Azure. To connect a server to an Azure Virtual Network, you have several options, including Site-to-Site VPN, Azure Express Route, and Point-to-Site VPN.


Reference:

https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/use-azure-network- adapter



Viewing page 6 of 48

Share your comments for Microsoft AZ-700 exam with other users:

T
Thor
10/21/2025 5:16:29 AM

Anyone used this dump recently?

NEW ZEALAND
J
Jayant
11/2/2023 3:15:00 AM

thanks for az 700 dumps

Anonymous
R
Rond65
8/22/2023 4:39:00 PM

question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).

UNITED STATES
T
Thembelani
5/30/2023 2:17:00 AM

i am writing this exam tomorrow and have dumps

Anonymous
T
Thembelani
5/30/2023 2:47:00 AM

excellent material

Anonymous
T
Thembelani
5/30/2023 2:40:00 AM

does this exam have lab sections?

Anonymous
T
Thembelani
5/30/2023 2:22:00 AM

anyone who wrote this exam recently

Anonymous
T
Thembelani
5/30/2023 2:45:00 AM

need this dumps

Anonymous
AI Tutor 👋 I’m here to help!