Question 36
You have an Azure subscription that is linked to an Azure AD tenant named contoso.onmicrosoft.com. The subscription contains the following resources:
* A virtual network named Vnet1
* An App Service plan named ASPI
* An Azure App Service named webapp1
* An Azure private DNS zone named private.contoso.com
* Virtual machines on Vnet1 that cannot communicate outside the virtual network You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of
https:/Avwwprivate.contosocom.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
* A virtual network named Vnet1
* An App Service plan named ASPI
* An Azure App Service named webapp1
* An Azure private DNS zone named private.contoso.com
* Virtual machines on Vnet1 that cannot communicate outside the virtual network You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of
https:/Avwwprivate.contosocom.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Question 37
You are planning an Azure Front Door deployment that will contain the resources shown in the following table.
Users will connect to the App Service through Front Door by using a URL of https://www.fabrikarn.com. You obtain a certificate for the host name of www.fabfikam.com.
You need to configure a DNS record for www.fabrikam.com and upload the certificate to Azure. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Users will connect to the App Service through Front Door by using a URL of https://www.fabrikarn.com. You obtain a certificate for the host name of www.fabfikam.com.
You need to configure a DNS record for www.fabrikam.com and upload the certificate to Azure. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Question 38
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.
You have a network security group (NSG) named NSG1 associated to each subnet.
When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.
You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:
* Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.
* Minimize changes to NSG1 when a new subnet is created.
What should you use as the destination in the inbound security rule?
You have a network security group (NSG) named NSG1 associated to each subnet.
When a new subnet is created in Vnet1, an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.
You need to create an inbound security rule in NS61 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:
* Ensure that only the monitoring virtual machines receive a connection from 131.107.1.15.
* Minimize changes to NSG1 when a new subnet is created.
What should you use as the destination in the inbound security rule?
Question 39
You have two Azure subscriptions named Subscnption1 and Subscription2. Subscription1 contains a virtual network named Vnet1. Vnet1 contains an application server. Subscription2 contains a virtual network named Vnet2.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to provide the virtual machines in Vnet2 with access to the application server in Vnet1 by using a private endpoint.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Question 40
You have an Azure subscription that contains a single virtual network and a virtual network gateway.
You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD).
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that administrators can use Point-to-Site (P2S) VPN connections to access resources in the virtual network. The connections must be authenticated by Azure Active Directory (Azure AD).
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
