Topic 2, Contoso Case Study 2
You need to configure GW1 to meet the network security requirements for the P2S VPN users. Which Tunnel type should you select in the Point-to-site configuration settings of GW1?
A.
IKEv2 and OpenVPN (SSL)
B.
IKEv2
C.
IKEv2 and SSTP (SSL)
D.
OpenVPN (SSL)
E.
SSTP (SSL)
OpenVPN (SSL)
You need to meet the network security requirements for the NSG flow logs.
Which type of resource do you need, and how many instances should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing the Virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
2, 4
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
Graphical user
interface, text, application, email Description automatically generated
Box 1: No
Zone2.contoso.com is not linked to any virtual networks. Therefore, no VMs are able to resolve names in the zone.
Box 2: Yes
VM4 is in VNet3. Zone1.contoso.com has a link to VNet3 and auto-registration is enabled on the link.
Box3: No
VNet3 is linked to zone1.contoso.com and auto-registration is enabled on the link. A virtual network can only have one registration zone. You can link zone2.contoso.com to VNet3 but you won’t be able to enable auto-registration on the link.
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
No
subnet1(WM1->NSG1 outbound->NSG10 outbound)->subnet2(NSG1 inbound->NSG11 inbound->VM2)
Yes
NSG10 blocks ICMP from VNet4 (source 10.10.0.0/16) but it is not blocked from VM2€™s subnet (VNet1/Subnet2).
No
NSG11 blocks RDP (port TCP 3389) destined for €˜VirtualNetwork€™. VirtualNetwork is a service tag and means the address space of the virtual network (VNet1) which in this case is 10.1.0.0/16. Therefore, RDP traffic from subnet2 to anywhere else in VNet1 is blocked.
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation: NGS1 only VM2, VM3, VM4 and VM5
You are implementing the virtual network requirements for VM Analyze.
What should you include in a custom route that is linked to Subnet2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Which virtual machines can VM1 and VM4 ping successfully? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the contoso.com zone.
Vnet1 connects to an on-premises datacenter by using ExpressRoute.
You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A.
On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.
B.
On the on-premises DNS servers, configure forwarders that point to the Azure provided DNS service at 168.63.129.16.
C.
Modify the DNS server settings of Vnet1.
D.
For FW1, enable DNS proxy.
E.
For FW1, configure a custom DNS server.
On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.
For FW1, enable DNS proxy.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to- Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You enable BGP on the gateway of Vnet1.
Does this meet the goal?
A.
Yes
B.
No
No
You have a network security group named NSG1.
You need to enable network security group (NSG) flow logs for NSG1. The solution must support retention policies.
What should you create first?
A.
A standard general-purpose v2 Azure Storage account
B.
An Azure Log Analytics workspace
C.
A premium Block blobs Azure Storage account
D.
A standard general-purpose v1 Azure Storage account
A standard general-purpose v2 Azure Storage account
| Page 2 out of 16 Pages |
| Previous |