Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Microsoft
  3. AZ-700

Microsoft Designing and Implementing Azure Networking Solutions AZ-700 Exam Questions in PDF

Free Microsoft AZ-700 Dumps Questions (page: 9)

AZ-700 PDF — 379 Questions

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.

Existing Environment

Azure Network Infrastructure

Contoso has a Microsoft Entra tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2022 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.



Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.



Requirements

Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
- Two container groups that connect to Vnet6
- Three virtual machines that connect to Vnet6
- Allow VPN connections to be established to Vnet6
- Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network. The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

Configure Microsoft Entra authentication for Point-to-Site (P2S) VPN users.

Enable NSG flow logs for NSG3 and NSG4.

Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.



Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



HOTSPOT (Drag and Drop is not supported)

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: VM2, VM3 and VM4.
VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3. There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP to VNet1/Subnet2, VNet2 or VNet3. Therefore, VM1 can ping VM2 in VNet1/Subnet2, VM3 in VNet2 and VM4 in VNet3.

Box 2:
VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound ICMP from VNet3. There are no NSGs blocking inbound ICMP to VNet1/Subnet1, VNet1/Subnet2 or VNet2 from VNet3 (NSG10 blocks inbound ICMP from VNet4 but not from VNet3). Therefore, VM4 can ping VM1 in VNet1/ Subnet1, VM2 in VNet1/Subnet2 and VM3 in VNet2.




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.

Existing Environment

Azure Network Infrastructure

Contoso has a Microsoft Entra tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2022 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.



Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.



Requirements

Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
- Two container groups that connect to Vnet6
- Three virtual machines that connect to Vnet6
- Allow VPN connections to be established to Vnet6
- Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network. The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

Configure Microsoft Entra authentication for Point-to-Site (P2S) VPN users.

Enable NSG flow logs for NSG3 and NSG4.

Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.



Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

  1. a private endpoint
  2. a routing table
  3. a service endpoint
  4. a private link service
  5. a virtual network peering

Answer(s): E

Explanation:

There is no virtual network peering between VM4's VNet (VNet3) and VM5's VNet (VNet4). To enable the VMs to communicate over the Microsoft backbone network a VNet peering is required between VNet3 and VNet4.




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.

Existing Environment

Azure Network Infrastructure

Contoso has a Microsoft Entra tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2022 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.



Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.



Requirements

Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
- Two container groups that connect to Vnet6
- Three virtual machines that connect to Vnet6
- Allow VPN connections to be established to Vnet6
- Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network. The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

Configure Microsoft Entra authentication for Point-to-Site (P2S) VPN users.

Enable NSG flow logs for NSG3 and NSG4.

Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.



Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



HOTSPOT (Drag and Drop is not supported)

You are implementing the virtual network requirements for Vnet6.

What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: 3
Subnets

* One subnet for the three VMs
Virtual network and subnets
A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security. Each NIC in a VM is connected to one subnet in one virtual network. NICs connected to subnets (same or different) within a virtual network can communicate with each other without any extra configuration.

* One gateway subnet for the incoming VPN connection.
About the gateway subnet
The virtual network gateway uses specific subnet called the gateway subnet. The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network. It contains the IP addresses that the virtual network gateway resources and services use. The subnet must be named 'GatewaySubnet' in order for Azure to deploy the gateway resources.

* One subnet for the two container groups
To deploy to a new virtual network and have Azure create the network resources for you automatically, specify the following when you execute az container create:

Virtual network name
Virtual network address prefix in CIDR format
Subnet name
Subnet address prefix in CIDR format

Once you've deployed your first container group with this method, you can deploy to the same subnet by specifying the virtual network and subnet names, or the network profile that Azure automatically creates for you. Because Azure delegates the subnet to Azure Container Instances, you can deploy only container groups to the subnet.

Note:
Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
Two container groups that connect to Vnet6
Three virtual machines that connect to Vnet6
Allow VPN connections to be established to Vnet6
Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network.

Box 2: 2
* One Service Endpoint for the Azure KeyVault KeyVault1.
The virtual network service endpoints for Azure Key Vault allow you to restrict access to a specified virtual network.

* One Service Endpoint for the Azure SQL Database DB1.
Service endpoints are a networking feature in Azure designed to help you better identify traffic coming into your Azure SQL Database as originating from one or more of your VNets.

Note: Service endpoints are a networking feature in Azure designed to help you better identify traffic coming into your Azure SQL Database as originating from one or more of your VNets.

Service endpoints are available for the following Azure services and regions.
Azure SQL Database
Azure Key Vault
Etc.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-network/network-overview https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell https://learn.microsoft.com/en-us/azure/container-instances/container-instances-vnet https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview https://learn.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.

Existing Environment

Azure Network Infrastructure

Contoso has a Microsoft Entra tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2022 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.



Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.



Requirements

Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
- Two container groups that connect to Vnet6
- Three virtual machines that connect to Vnet6
- Allow VPN connections to be established to Vnet6
- Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network. The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

Configure Microsoft Entra authentication for Point-to-Site (P2S) VPN users.

Enable NSG flow logs for NSG3 and NSG4.

Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.



Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



HOTSPOT (Drag and Drop is not supported)

Which virtual machines can VM1 and VM4 ping successfully before NSG10 and NSG11 are created? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: VM2 only.
VM1

VM1 is in West US, is connected to Vnet1/Subnet1, and has NSG1. The Azure Private DNS zone zone2.contoso.com is in West US, but has no virtual network links.
VM2 is also in Vnet1.

Box 2: VM3 only
VM4

VM4 is in Central US, is connected to Vnet3/Default, and has NSG1. The Azure Private DNS zone zone1.contoso.com is in Central US. zone1.contoso.com has a virtual network link to Vnet2, and the link is not configured for Auto registration. In Vnet2 there is VM3. VM4 can reach VM3.
zone1.contoso.com has a virtual network link to Vnet3, and this link is configured for Auto registration.

Note: Registration virtual network
When creating a link between a private DNS zone and a virtual network. You have the option to enable autoregistration. With this setting enabled, the virtual network becomes a registration virtual network for the private DNS zone. A DNS record gets automatically created for any virtual machines you deploy in the virtual network. DNS records will also be created for virtual machines already deployed in the virtual network.

From the virtual network perspective, private DNS zone becomes the registration zone for that virtual network. A private DNS zone can have multiple registration virtual networks. However, every virtual network can only have one registration zone associated with it.

Resolution virtual network
If you choose to link your virtual network with the private DNS zone without autoregistration, the virtual network is treated as a resolution virtual network only. DNS records for virtual machines deployed this virtual network won't be created automatically in the private zone. However, virtual machines deployed in the virtual network can successfully query for DNS records in the private zone. These records include manually created and auto registered records from other virtual networks linked to the private DNS zone.

Note Scenario:



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.


Reference:

https://learn.microsoft.com/en-us/azure/dns/private-dns-virtual-network-links

Design and implement Core Networking Infrastructure

Question Set 4




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.

Existing Environment

Azure Network Infrastructure

Contoso has a Microsoft Entra tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2022 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.



Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.



Requirements

Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
- Two container groups that connect to Vnet6
- Three virtual machines that connect to Vnet6
- Allow VPN connections to be established to Vnet6
- Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network. The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

Configure Microsoft Entra authentication for Point-to-Site (P2S) VPN users.

Enable NSG flow logs for NSG3 and NSG4.

Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.



Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two Azure virtual networks named Vnet1 and Vnet2.

You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.

You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.

You discover that Client1 cannot communicate with Vnet2.

You need to ensure that Client1 can communicate with Vnet2.

Solution: You enable BGP on the gateway of Vnet1.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.


Reference:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.

Existing Environment

Azure Network Infrastructure

Contoso has a Microsoft Entra tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2022 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.



Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.



Requirements

Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
- Two container groups that connect to Vnet6
- Three virtual machines that connect to Vnet6
- Allow VPN connections to be established to Vnet6
- Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network. The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

Configure Microsoft Entra authentication for Point-to-Site (P2S) VPN users.

Enable NSG flow logs for NSG3 and NSG4.

Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.



Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



HOTSPOT (Drag and Drop is not supported)

You have the Azure environment shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit?toc=/azure/virtual- network/toc.json




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.

Existing Environment

Azure Network Infrastructure

Contoso has a Microsoft Entra tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2022 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.



Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.



Requirements

Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
- Two container groups that connect to Vnet6
- Three virtual machines that connect to Vnet6
- Allow VPN connections to be established to Vnet6
- Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network. The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

Configure Microsoft Entra authentication for Point-to-Site (P2S) VPN users.

Enable NSG flow logs for NSG3 and NSG4.

Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.



Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



You plan to deploy Azure virtual network.

You need to design the subnets.

Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution.

Note: Each correct selection is worth one point.

  1. Azure Bastion
  2. Microsoft Entra Domain Services
  3. Azure Private Link
  4. Azure Application Gateway v2
  5. VPN gateway

Answer(s): A,D,E

Explanation:

Correct:
* Azure Application Gateway v2
* Azure Bastion
* VPN gateway
Incorrect:
* Azure AD DS
* Azure Private Link
* Microsoft Entra Domain Services
Note:

Services that can be deployed into a virtual network


Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services




Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements.
When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.

Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.

Existing Environment

Azure Network Infrastructure

Contoso has a Microsoft Entra tenant named contoso.com.

The Azure subscription contains the virtual networks shown in the following table.



Vnet1 contains a virtual network gateway named GW1.

Azure Virtual Machines

The Azure subscription contains virtual machines that run Windows Server 2022 as shown in the following table.



The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.

An application security group named ASG1 is associated to the network interface of VM1.

Azure Network Infrastructure Diagram



Azure Private DNS Zones

The Azure subscription contains the Azure private DNS zones shown in the following table.



Zone1.contoso.com has the virtual network links shown in the following table.



Other Azure Resources

The Azure subscription contains additional resources as shown in the following table.



Requirements

Virtual Network Requirements

Contoso has the following virtual network requirements:

Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
- Two container groups that connect to Vnet6
- Three virtual machines that connect to Vnet6
- Allow VPN connections to be established to Vnet6
- Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network. The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.

Network Security Requirements

Contoso has the following network security requirements:

Configure Microsoft Entra authentication for Point-to-Site (P2S) VPN users.

Enable NSG flow logs for NSG3 and NSG4.

Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.



Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.



HOTSPOT (Drag and Drop is not supported)

You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.



The links have auto registration enabled.

You create the virtual machines shown in the following table.



You manually add the following entry to the contoso.com zone:

Name: VM1

IP address: 10.1.10.9

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: No
The manual DNS record will overwrite the auto-registered DNS record so VM1 will resolve to 10.1.10.9.

Box 2: No
The DNS record for VM1 is now a manually created record rather than an auto-registered record. Only auto- registered DNS records are deleted when a VM is deleted.

Box 3: No

This answer depends on how the IP address is changed. To change the IP address of a VM manually, you would need to select `Static' as the IP address assignment. In this case, the DNS record will not be updated because only DHCP assigned IP addresses are auto-registered.


Reference:

https://docs.microsoft.com/en-us/azure/dns/dns-faq-private



Viewing page 9 of 48

Share your comments for Microsoft AZ-700 exam with other users:

T
Thor
10/21/2025 5:16:29 AM

Anyone used this dump recently?

NEW ZEALAND
J
Jayant
11/2/2023 3:15:00 AM

thanks for az 700 dumps

Anonymous
R
Rond65
8/22/2023 4:39:00 PM

question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).

UNITED STATES
T
Thembelani
5/30/2023 2:17:00 AM

i am writing this exam tomorrow and have dumps

Anonymous
T
Thembelani
5/30/2023 2:47:00 AM

excellent material

Anonymous
T
Thembelani
5/30/2023 2:40:00 AM

does this exam have lab sections?

Anonymous
T
Thembelani
5/30/2023 2:22:00 AM

anyone who wrote this exam recently

Anonymous
T
Thembelani
5/30/2023 2:45:00 AM

need this dumps

Anonymous
AI Tutor 👋 I’m here to help!