AZ-700 exam questions

AZ-700 exam questions: Designing and Implementing Microsoft Azure Networking Solutions

Looking for AZ-700 exam questions? Our free test questions with explanatory elaborations will guide you in the assessment of the exam. So, go ahead and evaluate your preparation and knowledge of the concepts.

Who this exam is intended for?

The candidates for the AZ-700 exam are expected to have subject-level expertise in the planning, implementation, and maintenance of Azure Networking Solutions. This includes Connectivity, Routing, Security, Hybrid Networking, and Private Access to Azure Services.

To appear and pass this exam, candidates must possess expert-level Azure Administration skills, plus a considerable amount of understanding and experience on Network Security, Hybrid Connections, and Networking.

What to expect in this exam?

The AZ-700 exam tests a candidate’s ability in ascertaining the following technical tasks,

  • Designing, Implementation, and Management of Hybrid Networking
  • Designing and implementation of the core Networking Infrastructure and private access to Azure Services
  • Designing and implementation of Routing
  • Monitoring and Security of Networks

Let’s start Learning!

Domain : Design and Implement Core Networking Infrastructure

Q1 : The Domain Name System (DNS) resolves or translates a service name to an IP address. Which of the following records types can’t be used by Azure Private DNS?

A. CNAME
B. A
C. AA
D. AAA
E. AAAA
F. PTR
G. MX
H. TXT

Correct Answers: C and D

Explanation:

Azure Domain Name Service supports A, AAAA, MX, CNAME, PTR, SRV, SOA, and TXT records.

Option A is incorrect. CNAME is a valid DNS record type.
Option B is incorrect. A is a valid DNS record type.
Option C is correct. Azure DNS does not support AA type.
Option D is correct. Azure DNS does not support AAA type.
Option E is incorrect. AAAA is a valid DNS record type for Azure DNS.
Option F is incorrect. PTR is a supported record type.
Option G is incorrect. Azure Domain Name Service supports A, AAAA, MX, CNAME, PTR, SRV, SOA, and TXT records.
Option H is incorrect. Azure Domain Name Service supports A, AAAA, MX, CNAME, PTR, SRV, SOA, and TXT records.

Reference: To know more about Azure Private DNS, please visit the below-given link: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview?WT.mc_id=modinfra-33046-thmaure

 

Domain : Design and Implement Routing

Q2 : While working on Azure PowerShell, some of the values mentioned in the instructions are getting failed. One of your friends suggests that you ensure that you have installed the latest version to avoid such issues. Which of the following cmdlets would you use to find the versions of Azure PowerShell that have been installed on your computer?

A. Get-Module -ListAvailable Az 
B. Get-Module -AzList 
C. Retrieve-Module -ListAvailable Az 
D. Retrieve-Module -AzList

Correct Answer: A

Explanation:

PowerShell cmdlets are updated regularly; if you have not installed the latest version or used the earlier versions, the values defined in the instructions might fail. You can run Get-Module -ListAvailable Az cmdlet to know the version of Azure PowerShell installed on your computer.

Option A is correct. Get-Module -ListAvailable Az is the right cmdlet to be used to know the version of Azure PowerShell installed on the system.
Option B is incorrect. Get-Module-AzList is not the right cmdlet.
Option C is incorrect. There is no command like Retrieve-Module -ListAvailable Az.
Option D is incorrect. There is no such cmdlet in Azure PowerShell.

References: To know more about working with Azure PowerShell, please visit the below-given link:
https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-routing-problem?WT.mc_id=modinfra-33046-thmaure
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-radius-ps?WT.mc_id=modinfra-33046-thmaure

 

Domain : Design and Implement Routing

Q3 : You are the team leader. You are addressing your team about load balancing and various Azure load balancing services. Which of the following statements would you use to describe the Azure Front Door load balancing service?

A. A DNS-based traffic load balancing service that allows optimal distribution of the traffic to services across global Azure regions, offering high responsiveness and availability
B. A load balancing option that offers an application delivery controller (ADC) as a service, supporting different Layer 7 load balancing capabilities
C. A high-performance and ultra low-latency Layer 4 load balancing service (inbound & outbound) for all TCP and UDP protocols
D. An application delivery network that offers global load balancing and site acceleration services for web applications with its layer seven capabilities

Correct Answer: D

Explanation:

Azure Front Door is an application delivery network that offers global load balancing and site acceleration services for web applications. It provides Layer seven capabilities for applications such as SSL offload, fast failover, path-based routing, caching, etc. to enhance the performance and availability of applications.

Option A is incorrect. The given statement describes the Traffic Manager, not Front Door.
Option B is incorrect. The application gateway offers an application delivery controller (ADC) as a service, supporting different Layer 7 load balancing capabilities.
Option C is incorrect. Azure Load Balancer is a high-performance and ultra low-latency Layer 4 load balancing service (inbound & outbound) for all TCP and UDP protocols.
Option D is correct. The given statement rightly describes the Azure Front Door.

Reference: To know more about Azure load balancing, please visit the given below link: https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview

 

Domain : Secure and Monitor Networks

Q4 : Statement: If the 1st network interface allocated to an application security group titled ASBGWeb is in the virtual network titled VNet1, all subsequent network interfaces allocated to ASGWeb must exist in VNet1.
Is the statement true?

A. Yes
B. No

Correct Answer: A

Explanation:

All network interfaces allocated to an application security group (ASG) must exist in the same virtual network that the 1st network interface allocated to the application security group (ASG) is present. If the 1st network interface allocated to an application security group titled AsgWeb is in the virtual network titled VNet1, all subsequent network interfaces allocated to ASGWeb must exist in VNet1. You can’t add network interfaces from different virtual networks to the same application security group (ASG).

Reference: To know more about Application Security Groups, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups?WT.mc_id=modinfra-33046-thmaure

 

Domain : Design and Implement Private Access to Azure Services

Q5 : Azure Private Endpoint acts as a network interface to connect you to a service powered by Azure Private Link in a private and secure manner. Being the Private Link resource owner, which of the following actions can you perform over a private endpoint connection?  

A. Reviewing all private endpoint connection details
B. Approving a private endpoint connection
C. Rejecting a private endpoint connection
D. Deleting a private endpoint connection from any state
E. All the above

Correct Answer: E

Explanation:

The private link resource owner can perform the below-given actions over a private endpoint connection:

Design and Implement Private Access to Azure Services

Option A is incorrect. Besides reviewing all private endpoint connection details, the private link resource owner can approve, reject, and even delete a private endpoint connection.
Option B is incorrect. Besides approving a private endpoint connection, the private link resource owner can review, reject, and even delete a private endpoint connection.
Option C is incorrect. A private link resource owner can review, approve, reject and even delete a private endpoint connection.
Option D is incorrect. Besides deleting a private endpoint connection, the private link resource owner can review, approve, or even reject a private endpoint connection.
Option E is correct. A private link resource owner can perform all the given actions.

Reference: To know more about Azure Private Endpoint, please visit the below-given link: https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview?WT.mc_id=modinfra-33046-thmaure

Domain : Design, Implement, and Manage Hybrid Networking

Q6 : There are various configuration options available for VPN gateway connections. One of your friends wants to embrace secure access to Azure virtual networks for remote users.  But he is confused about the configuration that will fit the best. He approaches you for suggestions. Which of the following configuration would you suggest to him?

A. Point-to-Point
B. Point-to-Site
C. Site-to-Site
D. ExpressRoute 

Correct Answer: B

Explanation:

For the use cases like Secure access to Azure virtual networks for remote users, the Point-to-Site connectivity option suits the best. Below is the table to understand the various configuration needs and capabilities of various connectivity options.

Hybrid Networking in Microsoft Azure

Option A is incorrect. Point-to-point is not a valid connectivity option.
Option B is correct. For the use cases like Secure access to Azure virtual networks for remote users, the Point-to-Site connectivity option suits the best.
Option C is incorrect. For the scenarios as given in the question, the Site-to-Site connectivity is not the right option.
Option D is incorrect. ExpressRoute is not the right option.

Reference: To know more about VPN Gateway, please visit the below-given link: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways?WT.mc_id=modinfra-33046-thmaure

 

Domain : Design and Implement Core Networking Infrastructure

Q7 : You create a DNS zone using the Azure portal. After creating the Zone, you create an ‘A’ record to translate a hostname to an IPv4 address. Now, you decide to test DNS name resolution to ensure that everything works fine. Which of the following tools would you use?

A. Nslookup
B. NsDomainTest
C. Azure Traffic Manager
D. NsDNSLookup

Correct Answer: A

Explanation:

The following is the process to test DNS Name Resolution:

test DNS Name Resolution in Microsoft Azure

Option A is correct.  As seen from the above screenshot, Nslookup is the right command/tool to use.
Option B is incorrect. There is no such tool/command like NsDomainTest.
Option C is incorrect. Azure Traffic Manager is a DNS-based traffic load balancing solution that allows optimal distribution of the traffic to services across global Azure regions, offering high responsiveness and availability. It is not the right tool for the desired purpose.
Option D is incorrect. The right command is Nslookup, not NsDNSLookup.

Reference: To know more about creating an Azure DNS zone and record via the Azure portal, please visit the below-given link: https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal?WT.mc_id=modinfra-33046-thmaure

 

Domain : Design and Implement Routing

Q8 : While configuring the TLS termination, you need to provide the listener with the addition of a TLS/SSL certificate to empower the Application Gateway for deriving a symmetric key as per TLS/SSL protocol specification. Which of the following types of certificates are supported by the application gateway for TLS termination?

A. CA (Certificate Authority) certificate
B. EV (Extended Validation) certificate
C. Organization Validated certificates
D. Domain Validated certificates
E. Wildcard Certificate
F. Self-Signed certificates
G. All the above

Correct Answers: A, B, E, and F

Explanation:

Below is the list of certificates supported by the Application gateway for TLS termination:

  1. CA (Certificate Authority) certificate
  2. EV (Extended Validation) certificate
  3. Wildcard Certificate
  4. Self-Signed certificates

Option A is correct. Application gateway supports CA certificates. CA is a digital certificate issued by a certificate authority (CA).
Option B is correct. Application gateway supports EV certificates. These certificates conform to industry-standard certificate guidelines.
Option C is incorrect. Application gateway does not support organization-validated certificates.
Option D is incorrect. Application gateway does not support domain-validated certificates.
Option E is correct. Wildcard certificates are a specific type of certificate that is supported by the Application gateway.
Option F is correct. Application gateway supports self-signed certificates for TLS termination.
Option G is incorrect. Application gateway does not support organization-validated and domain-validated certificates out of the given options.

Reference: To know more about TLS termination and supported certificates, please visit the below-given link: https://docs.microsoft.com/en-us/azure/application-gateway/ssl-overview?WT.mc_id=modinfra-33046-thmaure

 

Domain : Design and Implement Routing

Q9 :  Microsoft Azure Traffic Manager empowers you to control network traffic distribution to application deployments running in various datacenters. At which of the following layers, Traffic manager does work?

A. Transport Layer
B. Application Layer
C. Physical Layer
D. Data Link Layer
E. Network Layer

Correct Answer: B

Explanation:

Azure Traffic Manager empowers you to control network traffic distribution to application deployments running in various datacenters.

When someone tries to connect to any service, it must first translate the DNS name of the service to the IP address. The person then gets connected to that IP address to access that service.

Option A is incorrect. Traffic manager works at the Application layer, not at the Transport layer.
Option B is correct. Traffic manager operates at the DNS level which exists in the Application layer, i.e., Layer-7.
Option C is incorrect. Traffic manager works at the Application layer, not the Physical layer.
Option D is incorrect. Traffic manager operates at the DNS level which exists in the Application layer, i.e., Layer-7.
Option E is incorrect. Network Layer is not the correct answer.

Reference: To know more about how Traffic Manager works, please visit the below-given link: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-how-it-works

 

Domain : Secure and Monitor Networks

Q10 : Andrew Job’s Car Dealership is an establishment in Sydney, Australia which deals in selling and purchasing automobiles. Andrew has hired you as an experienced consultant. You are leading a team session. There, you need to explain the Azure Firewall. Which of the below statement can you use to describe the Azure Firewall?

A. An Azure service that enables the management of virtual machine firewall settings from the Azure portal
B. An Azure Service that filters the inbound and outbound traffic for the Azure Resources
C. An Azure service that blocks malicious traffic from the intruders or attackers
D. An Azure service that allows you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure-hosted customer-owned/partner services over a private endpoint in your virtual network

Correct Answer: B

Explanation:

Azure Firewall is one of the cloud-based, managed network security services that protect Azure Virtual Network resources. Azure firewall enables the clients to filter inbound and outbound traffic for Azure Resources.

Option A is incorrect. Azure firewall is not the service that enables the management of virtual machine firewall settings from the Azure portal.
Option B is correct. Azure firewall enables the clients to filter inbound and outbound traffic for Azure Resources.
Option C is incorrect. Azure Firewall filters the inbound and outbound traffic.
Option D is incorrect. Azure Private Link allows you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure-hosted customer-owned/partner services over a private endpoint in your virtual network.

Reference: To know more about Azure Firewall, please visit the below-given link: https://aviatrix.com/learn-center/cloud-security/azure-firewall/

 

Domain : Design, Implement, and Manage Hybrid Networking

Q11 : You have been assigned the responsibility of connecting an Azure environment and an on-premises network. The solution must utilize ExpressRoute. In case of an ExpressRoute failure, it should support failing over to a Site-to-Site (S2S) VPN connection.
What would you configure?

A. Policy-based Routing
B. Route-based Routing
C. Static Routing
D. Weighted Routing

Correct Answer: B

Explanation:

To configure Site-to-Site (S2S) VPN and ExpressRoute coexisting connections offer several advantages as given below:

  1. A Site-to-Site (S2S) VPN can be configured as a safe failover route for the ExpressRoute.
  2. Alternatively, Site-to-Site (S2S) VPNs can be used to connect to the sites that aren’t connected via ExpressRoute.

Option A is incorrect. You need to configure Route-based routing in the given scenario.
Option B is correct. Configuring Site-to-Site (S2S) VPN and ExpressRoute coexisting connections support only route-based VPN gateway. 
Option C is incorrect. Configuring static routing is not the right option.
Option D is incorrect. Weight Routing is not a proper term. Therefore, it is not the correct answer.

Reference: To know more about Configuring ExpressRoute and Site-to-Site (S2S) coexisting connections, please visit the below-given link: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-coexist-resource-manager

 

Domain : Design and Implement Core Networking Infrastructure

Q12 : Here are some statements regarding Azure Domain Name Service (DNS).

  1. DNS servers within a VNet (Virtual Network) can forward DNS queries to recursive resolvers in Azure.

  2. Azure doesn’t provide its own default internal DNS.

  3. DNS replaces a private IP with a Public IP.

Choose the correct answer regarding the given statements.

A. Only 1
B. Only 2
C. Only 3
D. Only 1 and 2
E. Only 2 and 3
F. Only 1 and 3
G. 1, 2 and 3

Correct Answer: A

Explanation:

Azure DNS (Domain Name Service) is a hosting service for DNS domains that offer name resolution through Microsoft Azure infrastructure. You can host your domains in Azure to manage the DNS records with the same credentials, tools, APIs, and billing as any other Azure service.

Option A is correct. The statement “DNS servers within a VNet (Virtual Network) can forward DNS queries to recursive resolvers in Azure” is true. For example, all the DNS queries for its domains can be responded to by the Domain controller in the Azure and the rest of the queries can be forwarded to Azure.
Option B is incorrect. Azure provides its own default internal DNS.
Option C is incorrect. It is NAT (Network Address Translation), not DNS, that converts a private IP address to a public IP address.
Option D is incorrect. Only statement 1 is true. Statement 2 is false.
Option E is incorrect. Only statement 1 is true. Both the statements in the option are false.
Option F is incorrect. Only statement 1 is true. Statement 3 is false.
Option G is incorrect. Statements 2 and 3 are false.

Reference: To know more about DNS, please visit the below-given links: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances

 

Domain : Design, Implement, and Manage Hybrid Networking

Q13 : You have been assigned the responsibility to configure the ExpressRoute circuits. Meanwhile, you need to retrieve the list of all ExpressRoute circuits in a Resource group. Which of the following cmdlets would you use?

A. Get-ResourceProvider
B. Get-AzExpressRouteCircuit 
C. Get-AzAllExpressRouteCircuit
D. Get-AzExpressRouteCircuitStats

Correct Answer: B

Explanation:

Get-AzAllExpressRouteCircuit cmdlet is used to list all the ExpressRoute circuits in a Resource Group. The syntax for the command is:

Get-AzAllExpressRouteCircuit cmdlet

Option A is incorrect. Get-ResourceProvider is not a valid Powershell cmdlet.
Option B is correct. Get-AzAllExpressRouteCircuit cmdlet is used to list all the ExpressRoute circuits in a Resource Group.
Option C is incorrect. Get-AzAllExpressRouteCircuit is not the right cmdlet.
Option D is incorrect. Get-AzExpressRouteCircuitStats is used to get the combined primary & secondary path traffic statistics.

Reference: To know more about how to verify ExpressRoute connectivity, please visit the below-given link: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-troubleshooting-expressroute-overview?WT.mc_id=modinfra-33046-thmaure

 

Domain : Design and Implement Routing

Q14 : You need to configure an Azure Basic Load Balancer. Your boss has asked you to configure in such a way that the probes are sent every 4 seconds, and a virtual machine (VM) is considered to be down or in an unhealthy condition after two consecutive probe failures. Which of the following settings would you choose?

A. Interval = 4 and Unhealthy threshold= 2
B. Unhealthy threshold = 4 and Interval= 2
C. Protocol = TCP
D. Hop limit = 4 and threshold = 2
E. Hop limit = 4 and Unhealthy threshold = 2

Correct Answer: A

Explanation:

Adding health probes is one of the tasks needed to be performed while designing and implementing an Azure load balancer. In this task, the following information is added on the “Add Health probe” page.

Here is the screenshot of what the page looks like:

Design and Implement Routing in Microsoft Azure

Option A is correct. As per the scenario requirements, Interval should be assigned a value of 4 and Unhealthy threshold a value of 2, which is also the default value for the Unhealthy threshold.
Option B is incorrect. Unhealthy threshold = 4 and Interval= 2 is not the proper configuration as per the requirements.
Option C is incorrect. The protocol you choose, TCP or UDP, doesn’t affect the requirement.
Option D is incorrect. There is nothing like Hop Limit during the probes’ configuration. It is the unhealthy threshold, not only a threshold that should be given a value of 2.
Option E is incorrect. There is nothing like Hop Limit during the probes’ configuration.

Reference: To know more about designing and implementing Azure Load Balancer using the Azure portal, please visit the below-given link: https://docs.microsoft.com/en-us/learn/modules/load-balancing-non-https-traffic-azure/3-design-implement-azure-load-balancer-using-azure-portal

Domain : Design and Implement Routing

Q15 : You are the network engineer and you want to specify different monitoring settings for different endpoints using Azure Traffic Manager. Is that possible?

A. No
B. No, it needs using multiple instances of the traffic manager
C. Yes, automatically the system provides different monitoring settings for different endpoints
D. Yes, choose monitoring protocol as TCP
E. Yes, you need to use  nested Traffic Manager profiles

Correct Answer: E

Explanation:

Azure Traffic Manager involves built-in endpoints monitoring and automatic endpoints failover. It enables you to provide applications with higher availability that are resilient to endpoint failure and Azure region failures.

All endpoints share the monitoring setting in a Traffic Manager profile. If you desire to specify different monitoring settings for different endpoints, build nested Traffic Manager profiles.

Option A is incorrect. It is possible to specify different monitoring settings for different endpoints.
Option B is incorrect. It is possible to specify different monitoring settings for different endpoints using nested traffic manager profiles.
Option C is incorrect. By default, the Monitoring setting is shared by all endpoints in a Traffic Manager profile.
Option D is incorrect. Choosing a TCP protocol won’t help in specifying different monitoring settings for different endpoints.
Option E is correct. If you desire to specify different monitoring settings for different endpoints, build nested Traffic Manager profiles.

Reference: To know more about Traffic Manager endpoint monitoring, please visit the below-given link: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring

 

Domain : Secure and Monitor Networks

Q16 : Statement: Application rules are not applicable on inbound connections. Therefore, if you need to filter HTTP(s) traffic, you should implement a Web Application Firewall.
Is this statement correct?

A. Yes
B. No

Correct Answer: A

Explanation:

Application rules are not applicable on inbound connections. Therefore, if you need to filter HTTP(s) traffic, you should implement a Web Application Firewall (WAF). You can deploy WAF with services like Azure Front Door, Azure Application Gateway, and Azure Content Delivery Network (CDN).

References: To know more about Web Application Firewall, Please visit the below-given links:
https://docs.microsoft.com/en-us/azure/firewall/rule-processing
https://docs.microsoft.com/en-us/azure/web-application-firewall/overview

 

Domain : Design, Implement, and Manage Hybrid Networking

Q17 : You have an Azure subscription “Subscription2” containing two Azure virtual networks (VNets) VNet2 and VNet3. VNet2 has a VPN gateway, “VGW1” which utilizes static routing. There is a site-to-site (S2S) VPN connectivity between VNet2 and your on-premises network.
On a computer System “Client2” based on Windows 10, you have configured a point-to-site (P2S) VPN connectivity to VNet2.
You configure VNet peering between VNet2 and VNet3. During the verification, You notice that you can connect to VNet3 from the on-premises network, but not Client2.
You need to resolve the issue and make sure that Client2 gets connected to VNet3.
What would you do?

A. Choose Allow gateway transit on VNet3
B. Choose Allow gateway transit on VNet2
C. Enable BGP on VGW1
D. Download & re-install the VPN client configuration package on Client2

Correct Answer: D

Explanation:

How Point-to-Site (P2S) VPN routing behaves depends upon the client Operating System, the protocol involved in VPN connectivity, and how the VNets are connected/linked to each other.

Currently, Azure supports 2 protocols – SSTP and IKEv2 for remote access. Many clients Operating systems like Windows, macOS, Linux, iOS, and Android support IKEv2 while only Windows OS supports SSTP.

 If you carried out any changes to your network’s topology and have Windows VPN clients, you must download and install the VPN client package again for Windows clients to apply the changes to the client.

Option A is incorrect. Choosing Allow gateway transit on VNet3 won’t help in meeting the goal.
Option B is incorrect. Choosing Allow gateway transit on VNet2 is not the correct answer.
Option C is incorrect. Enabling BGP on VGW1 won’t ensure that Client2 gets connected to VNet3 in the given scenario.
Option D is correct. Downloading & re-installing the VPN client configuration package on Client2 is the right choice.

Reference: To know more about Point-to-Site VPN routing, please visit the below-given link: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

 

Domain : Design and Implement Core Networking Infrastructure

Q18 : While creating a link between a private DNS Zone and a virtual network (VNet), is it possible to make settings so that the DNS records are automatically created for all the VMs (virtual machines) deployed in VNet?

A. Yes
B. No

Correct Answer: A

Explanation: 

While creating a link between a private DNS zone and a VNet, there is an option to enable autoregistration. When you enable this setting, VNet becomes a registration VNet for the private DNS zone. It will automatically create a DNS record for any VMs you deploy in the VNet. DNS records will also be created for virtual machines already deployed in the virtual network.

Reference: To know more about virtual network links, please visit the below-given link: https://docs.microsoft.com/en-us/azure/dns/private-dns-virtual-network-links

 

Domain : Design and Implement Core Networking Infrastructure

Q19 : Which of the following Resource Groups will be created in the customers’ subscription when they create a network virtual appliance (NVA) in the Virtual WAN hub?

A. Customer resource group
B. Partner Resource Group
C. Managed Resource Group
D. Virtual Resource Group
E. Controlled Resource Group

Correct Answers: A and C

Explanation:

When you create a network virtual appliance (NVA) in the Virtual WAN hub, two resource groups – Customer Resource Group and Managed Resource Group are created in your subscription.

Option A is correct. Customer Resource Group is one of the two resource groups created when you create a network virtual appliance (NVA) in the Virtual WAN hub.
Option B is incorrect. Partner Resource Group is not created.
Option C is correct. Managed Resource Group is one of the two resource groups created when you create a network virtual appliance (NVA) in the Virtual WAN hub.
Option D is incorrect. Virtual Resource Group is not the right choice.
Option E is incorrect. A controlled Resource Group is not the right choice.

Reference: To know more about NVA in an Azure Virtual WAN Hub, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-wan/about-nva-hub

 

Domain : Design and Implement Routing

Q20 : Statement: In WAF_v2 and Standard_v2 SKU, Application Gateway can run only in the fixed capacity mode, not in autoscaling enabled mode.
Choose the correct option regarding the statement above.

A. True
B. False

Correct Answer: B

Explanation:

In WAF_v2 and Standard_v2 SKU, the Application Gateway can run in both modes- autoscaling enabled and fixed capacity (autoscaling disabled). Fixed capacity mode is preferable/ recommended for scenarios with predictable and consistent workloads. On the other hand, Autoscaling enabled mode is preferable in applications seeing variance in application traffic.

Reference: To know more about Autoscaling and Zone-redundant Application Gateway v2, please visit the below-given link: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-redundant

 

Domain : Design and Implement Routing

Q21 : Azure traffic manager supports six different traffic routing methods suiting different requirements and specifications. Which of the following routing methods would you use to ensure compliance with data sovereignty mandates?

A. Priority
B. Performance
C. Geographic
D. Multivalue
E. Clustered

Correct Answer: C

Explanation:

Geographic routing should be used for directing the users to specific endpoints (External, Azure, or Nested) depending upon where their DNS queries initiate from geographically. Also, this method empowers you to comply with scenarios like localization of content & user experience, data sovereignty mandates, and measuring traffic from various regions.

Option A is incorrect. Priority traffic routing method is recommended routing when you are looking to have a primary/main service endpoint for all traffic.
Option B is incorrect. Performance Routing is recommended when you have endpoints in various geographic locations, and you need end-users to utilize the “closest” endpoint for the lowest network latency.
Option C is correct. The geographic traffic routing method suits the best when you need to comply with data sovereignty mandates.
Option D is incorrect. MultiValue Routing should be selected for Traffic Manager profiles that can have only IPv6/ IPv4 addresses as endpoints.
Option E is incorrect. Clustered is not a valid traffic routing method in Azure Traffic Manager.

Reference: To know more about Traffic Manager Routing methods, please visit the below-given link: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods?WT.mc_id=modinfra-33046-thmaure

 

Domain : Secure and Monitor Networks

Q22 : Web Application Firewall offers centralized protection of web applications from common vulnerabilities and exploits. Which of the following is an optional stage in creating a WAF (Web Application Firewall) policy on Azure Front Door using Azure Portal?

A. Create a Web Application Firewall policy
B. Associate the WAF policy with a Front Door profile
C. Configure WAF policy settings and rules
D. None of the above

Correct Answer: C

Explanation:

Three key stages in creating a WAF (Web Application Firewall) policy on Azure Front Door using Azure Portal are:

Configure WAF policy settings and rules

Option A is incorrect. Creating a web application Firewall policy is a mandatory step.
Option B is incorrect. Associate the WAF policy with a Front Door profile is the 2nd key stage in creating a WAF (Web Application Firewall) policy on Azure Front Door using Azure Portal.
Option C is correct. Configuring WAF policy settings and rules is an optional stage where policy setting, custom rules, and managed rules are configured.
Option D is incorrect. Configuring WAF policy settings and rules is an optional stage.

Reference: To know about implementing a Web Application Firewall on Azure Front Door, please visit the below-given link: https://docs.microsoft.com/en-us/learn/modules/design-implement-network-security-monitoring/10-implement-web-application-firewall-on-azure-front-door

 

Domain : Design and Implement Private Access to Azure Services

Q23 : ________ virtual public IP address is utilized for facilitating a communication channel to Azure platform resources.

A. 168.63.129.26
B. 168.63.129.16
C. 164.63.129.16
D. 168.0.0.16
E. 255.0.0.0

Correct Answer: B

Explanation:

168.63.129.16 IP address is a virtual public IP address that is utilized for facilitating a communication channel to Azure platform resources. Any address space can be defined by the customers for their private Vnet in Azure. The Azure platform resources need to be represented as a unique public IP address.

Option A is incorrect. 168.63.129.26 is not the correct IP address.
Option B is correct. 168.63.129.16 IP address is a virtual public IP address that is utilized for facilitating a communication channel to Azure platform resources.
Option C is incorrect. 164.63.129.16 is not the correct answer.
Option D is incorrect. It is 168.63.129.16, not 168.0.0.16 IP address is a virtual public IP address that is utilized for facilitating a communication channel to Azure platform resources.
Option E is incorrect. 255.0.0.0 is not the correct answer.

Reference:  To know more about Integrating Private Link with DNS, please visit the below-given link: https://docs.microsoft.com/en-us/learn/modules/design-implement-private-access-to-azure-services/6-integrate-private-link-dns

 

Domain : Design, Implement, and Manage Hybrid Networking

Q24 : You are working as a network engineer in your company. You need to configure the communication between two offices of the company located in Delhi and California. Which of the following configuration would you use?

A. Use a local service provider present in both Delhi and California, and enable GlobalReach to connect to each local service provider location
B. Use GlobalReach to connect each location to a private VPN, and use local service providers for P2S (point-to-site) access
C. Use a local service provider in Delhi and a different local service provider in California. Global Reach will connect the branches using ExpressRoute and MS global network
D. None of these

Correct Answer: C

Explanation:

ExpressRoute Global Reach complements your service provider’s WAN implementation and helps connect your branch offices worldwide. You need to use a local service provider in Delhi and a different local service provider in California in the given scenario. Global Reach will connect the branches using ExpressRoute and MS global network.

Option A is incorrect. Using a local service provider in both Delhi and California, and enabling GlobalReach for connecting to each local service provider location is not the right choice.
Option B is incorrect. The given solution won’t also help in accomplishing the goal in the given scenario.
Option C is correct. You need to use a local service provider in Delhi and a different local service provider in California in the given scenario. Global Reach will connect the branches using ExpressRoute and MS global network.
Option D is incorrect. Option C suggests the right solution.

Reference: To know more about ExpressRoute Global Reach, please visit the below-given link: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-global-reach

 

Domain : Design, Implement, and Manage Hybrid Networking

Q25 : Your manager has assigned you the responsibility of changing the bandwidth of an ExpressRoute Circuit. Which of the following tools can you use to change the bandwidth?

A. Azure Portal
B. Rest API
C. PowerShell
D. Azure CLI
E. All the above

Correct Answer: E

Explanation:

The bandwidth of the ExpressRoute circuit can be changed using the REST API, PowerShell, Azure Portal, or Azure CLI.

Option A is incorrect. Any of the given tools, not only the Azure portal can be used to change the bandwidth of an ExpressRoute circuit.
Option B is incorrect. Any of the given tools, not only Rest API can be used to change the bandwidth of an ExpressRoute circuit.
Option C is incorrect. The bandwidth of the ExpressRoute circuit can be changed using the REST API, PowerShell, Azure Portal, or Azure CLI.
Option D is incorrect. The bandwidth of the ExpressRoute circuit can be changed using the REST API, PowerShell, Azure Portal, or Azure CLI.
Option E is correct. Any of the given tools can be used to change the bandwidth of an ExpressRoute circuit.

Reference: To know more about ExpressRoute, please visit the below-given link: https://docs.microsoft.com/en-ca/azure/expressroute/expressroute-introduction#

Summary

We are certain that after going through these free test questions, you must have gained knowledge on the pattern of the AZ-700 exam. To learn and practice more, go through the Practice Tests offered by us on the Whizlabs’ website. Certify and step ahead in your career. Keep learning with us!

About Vasanth Rajan

Vasantharajan Shanmugam is a highly experienced Technical Manager with over 18 years of industry experience. He has a well-rounded skill set that encompasses development, support, business analysis, and team management. With oversight of infrastructure and product development, he can make the chosen platform to operate at scale while advancing new products and technology via innovation.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top