microsoft AZ-700 Exam Questions

Questions for the AZ-700 were updated on : Jul 16 ,2024

Page 1 out of 6. Viewing questions 1-15 out of 81

Question 1 Topic 1, Case Study 1Case Study Question View Case

HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Explanation:
Box 1: No
Zone2.contoso.com is not linked to any virtual networks. Therefore, no VMs are able to resolve names in the zone.
Box 2: Yes
VM4 is in VNet3. Zone1.contoso.com has a link to VNet3 and auto-registration is enabled on the link.
Box3: No
VNet3 is linked to zone1.contoso.com and auto-registration is enabled on the link. A virtual network can only have one
registration zone. You can link zone2.contoso.com to VNet3 but you wont be able to enable auto-registration on the link.

Discussions
0 / 1000

Question 2 Topic 1, Case Study 1Case Study Question View Case

HOTSPOT
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Explanation:
Box 1: VM2, VM3 and VM4.
VM1 is in VNet1/Subnet1. VNet1 is peered with VNet2 and VNet3.
There are no NSGs blocking outbound ICMP from VNet1. There are no NSGs blocking inbound ICMP to VNet1/Subnet2,
VNet2 or VNet3. Therefore, VM1 can ping VM2 in VNet1/Subnet2, VM3 in VNet2 and VM4 in VNet3.
Box 2:
VM4 is in VNet3. VNet3 is peered with VNet1 and VNet2. There are no NSGs blocking outbound ICMP from VNet3. There
are no NSGs blocking inbound ICMP to VNet1/Subnet1, VNet1/Subnet2 or VNet2 from VNet3 (NSG10 blocks inbound ICMP
from VNet4 but not from VNet3). Therefore, VM4 can ping VM1 in VNet1/Subnet1, VM2 in VNet1/Subnet2 and VM3 in
VNet2.

Discussions
0 / 1000

Question 3 Topic 1, Case Study 1Case Study Question View Case

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and
Vnet5?

  • A. a private endpoint
  • B. a routing table
  • C. a service endpoint
  • D. a private link service
  • E. a virtual network peering
Answer:

E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Explanation:
There is no virtual network peering between VM4s VNet (VNet3) and VM5s VNet (VNet4). To enable the VMs to
communicate over the Microsoft backbone network a VNet peering is required between VNet3 and VNet4.
Topic 2, Case Study 2
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete
each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure
that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study.
Case studies might contain exhibits and other resources that provide more information about the scenario that is described
in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make
changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of
the case study before you answer the questions. Clicking these buttons displays information such as business requirements,
existing environment, and problem statements. When you are ready to answer a question, click the Question button to return
to the question.
Overview
Litware, Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States.
Users have Android, iOS, and Windows 10 devices.
Existing Environment
Hybrid Environment
The on-premises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory
(Azure AD) tenant named litwareinc.com by using Azure AD Connect.
All offices connect to a virtual network named Vnet1 by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains
resources in the East US Azure region as shown in the following table.

A diagram of the resource in the East US Azure region is shown in the Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently,
Vnet2 and Vnet3 cannot communicate directly.
Azure Environment Diagram

Requirements
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an ExpressRoute circuit.

Ensure that the records in the cloud.litwareinc.com can be resolved from the on-premises locations.

Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.

Minimize the size of the subnets allocated to platform-managed services.

Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.

Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be

authenticated by Azure AD.
Latency of the traffic between the Boston datacenter and all the virtual networks must be minimized.

The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute FastPath connection.


Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
The storage1 account must be accessible from all on-premises locations without exposing the public endpoint of storage1.

The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public endpoint of storage2.

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4 Topic 2, Case Study 2Case Study Question View Case

You need to configure the default route on Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?

  • A. route filters
  • B. BGP route exchange
  • C. a user-defined route assigned to GatewaySubnet in Vnet1
  • D. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5 Topic 2, Case Study 2Case Study Question View Case

DRAG DROP
You need to implement outbound connectivity for VMScaleSet1. The solution must meet the virtual networking requirements
and the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:

Answer:


Explanation:
Reference: https://docs.microsoft.com/en-us/azure/load-balancer/skus https://docs.microsoft.com/en-us/azure/load-
balancer/load-balancer-outbound-connections#outboundrules

Discussions
0 / 1000

Question 6 Topic 2, Case Study 2Case Study Question View Case

You need to configure the default route in Vnet2 and Vnet3. The solution must meet the virtual networking requirements.
What should you use to configure the default route?

  • A. a user-defined route assigned to GatewaySubnet in Vnet2 and Vnet3
  • B. a user-defined route assigned to GatewaySubnet in Vnet1
  • C. BGP route exchange
  • D. route filters
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal
Topic 3, Case Study 3
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete
each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure
that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study.
Case studies might contain exhibits and other resources that provide more information about the scenario that is described
in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make
changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of
the case study before you answer the questions. Clicking these buttons displays information such as business requirements,
existing environment, and problem statements. When you are ready to answer a question, click the Question button to return
to the question.
Overview
Litware, Inc. is a financial company that has a main datacenter in Boston and 20 branch offices across the United States.
Users have Android, iOS, and Windows 10 devices.
Existing Environment
Hybrid Environment
The on-premises network contains an Active Directory forest named litwareinc.com that syncs to an Azure Active Directory
(Azure AD) tenant named litwareinc.com by using Azure AD Connect.
All offices connect to a virtual network named Vnet1 by using a Site-to-Site VPN connection.
Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the litwareinc.com Azure AD tenant. Sub1 contains
resources in the East US Azure region as shown in the following table.

A diagram of the resource in the East US Azure region is shown in the Network Diagram exhibit.
There is bidirectional peering between Vnet1 and Vnet2. There is bidirectional peering between Vnet1 and Vnet3. Currently,
Vnet2 and Vnet3 cannot communicate directly.
Azure Environment Diagram

Requirements
Business Requirements
Litware wants to minimize costs whenever possible, as long as all other requirements are met.
Virtual Networking Requirements
Litware identifies the following virtual networking requirements:
Direct the default route of 0.0.0.0/0 on Vnet2 and Vnet3 to the Boston datacenter over an ExpressRoute circuit.

Ensure that the records in the cloud.litwareinc.com can be resolved from the on-premises locations.

Automatically register the DNS names of Azure virtual machines to the cloud.litwareinc.com zone.

Minimize the size of the subnets allocated to platform-managed services.

Allow traffic from VMScaleSet1 to VMScaleSet2 on the TCP port 443 only.

Hybrid Networking Requirements
Litware identifies the following hybrid networking requirements:
Users must be able to connect to Vnet1 by using a Point-to-Site (P2S) VPN when working remotely. Connections must be

authenticated by Azure AD.
Latency of the traffic between the Boston datacenter and all the virtual networks must be minimized.

The Boston datacenter must connect to the Azure virtual networks by using an ExpressRoute FastPath connection.


Traffic between Vnet2 and Vnet3 must be routed through Vnet1.
PaaS Networking Requirements
Litware identifies the following networking requirements for platform as a service (PaaS):
The storage1 account must be accessible from all on-premises locations without exposing the public endpoint of storage1.

The storage2 account must be accessible from Vnet2 and Vnet3 without exposing the public endpoint of storage2.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7 Topic 3, Case Study 3Case Study Question View Case

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business
requirements.
Which connectivity method should you use?

  • A. a private endpoint
  • B. Azure Firewall
  • C. Azure Front Door
  • D. a service endpoint
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8 Topic 3, Case Study 3Case Study Question View Case

HOTSPOT
You need to implement name resolution for the cloud.liwareinc.com. The solution must meet the networking requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Explanation:
Reference: https://docs.microsoft.com/en-us/azure/dns/private-dns-autoregistration https://docs.microsoft.com/en-
us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances
Topic 4, Mixed Questions

Discussions
0 / 1000

Question 9 Topic 4, Mixed Questions

HOTSPOT
You need to recommend a configuration for the ExpressRoute connection from the Boston datacenter. The solution must
meet the hybrid networking requirements and business requirements.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:


Discussions
0 / 1000

Question 10 Topic 4, Mixed Questions

You need to configure GW1 to meet the network security requirements for the P2S VPN users.
Which Tunnel type should you select in the Point-to-site configuration settings of GW1?

  • A. IKEv2 and OpenVPN (SSL)
  • B. IKEv2
  • C. IKEv2 and SSTP (SSL)
  • D. OpenVPN (SSL)
  • E. SSTP (SSL)
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 11 Topic 4, Mixed Questions

Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New
York.
The company only has Azure resources in the East US region.
You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The
solution must minimize costs.
Which type of ExpressRoute circuits should you create?

  • A. ExpressRoute Local
  • B. ExpressRoute Direct
  • C. ExpressRoute Premium
  • D. ExpressRoute Standard
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://azure.microsoft.com/en-us/pricing/details/expressroute/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12 Topic 4, Mixed Questions

You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.
Users will authenticate by an on-premises Active Directory domain.
Which additional service should you deploy to support the VPN authentication?

  • A. an Azure key vault
  • B. a RADIUS server
  • C. a certification authority
  • D. Azure Active Directory (Azure AD) Application Proxy
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13 Topic 4, Mixed Questions

You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.
Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

  • A. a virtual network gateway
  • B. Azure Application Gateway
  • C. Azure Firewall
  • D. a local network gateway
  • E. Azure Front Door
Answer:

A D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/bgp-howto

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 14 Topic 4, Mixed Questions

You fail to establish a Site-to-Site VPN connection between your companys main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel.
Which diagnostic log should you review?

  • A. IKEDiagnosticLog
  • B. RouteDiagnosticLog
  • C. GatewayDiagnosticLog
  • D. TunnelDiagnosticLog
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 4, Mixed Questions

You have an Azure virtual network and an on-premises datacenter.
You are planning a Site-to-Site VPN connection between the datacenter and the virtual network.
Which two resources should you include in your plan? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. a user-defined route
  • B. a virtual network gateway
  • C. Azure Firewall
  • D. Azure Web Application Firewall (WAF)
  • E. an on-premises data gateway
  • F. an Azure application gateway
  • G. a local network gateway
Answer:

B G

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
G
50%

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

Discussions
vote your answer:
A
B
C
D
E
F
G
0 / 1000
To page 2