You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

You are planning an Azure solution that will contain the following types of resources in a single Azure region:
* Virtual machine
* Azure App Service
* Virtual Network gateway
* Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks.
You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table.

The links have auto registration enabled.
You create the virtual machines shown in the following table.

You manually add the following entry to the contoso.com zone:
Name: VM1
IP address: 10.1.10.9
For each of the following statements, select Yes of the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel.
Which diagnostic log should you review?