Designing and Implementing Microsoft Azure Networking Solutions
Exam Details
Exam Code
:AZ-700
Exam Name
:Designing and Implementing Microsoft Azure Networking Solutions
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:390 Q&As
Last Updated
:Apr 08, 2025
Microsoft Microsoft Certifications AZ-700 Questions & Answers
Question 141:
You need to validate outbound connectivity from an Azure virtual machine to an external host. What should you use?
A. Connection Troubleshoot
B. Next hop
C. NSG flow logs
D. Traffic Analytics
Correct Answer: A
Correct Answer(s):
Connection Troubleshoot - The connection troubleshoot capability enables you to test a connection between a VM and another VM, an FQDN, a URI, or an IPv4 address. The test returns similar information returned when using the
connection monitor capability, but tests the connection at a point in time, rather than monitoring it over time, as connection monitor does
Next hop -- Next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent nowhere.
NSG flow logs -- NSG flow logs is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through an NSG.
Traffic Analytics It provides visibility into user and application activity in cloud networks.
Question 142:
You have an Azure environment.
Your Azure environment contains multiple VNets peered with the VNet that is connected to ExpressRoute.
How should the ExpressRoute FastPath deployment be modified?
A. Connect all the virtual networks to the ExpressRoute FastPath circuit directly.
B. Connect the VNet gateways to ExpressRoute FastPath.
C. Modify the VNet peering configuration.
Correct Answer: A
Correct Answer(s):
Connect all the virtual networks to the ExpressRoute FastPath circuit directly - To avoid traffic being routed through the VNet gateways, connect all the VNets to ExpressRoute FastPath circuit directly.
Wrong Answers:
Connect the VNet gateways to ExpressRoute FastPath. - The VNet gateways still support VNet-to-Vnet peering and should not be connected directly to FastPath.
Modify the VNet peering configuration. - The VNet gateways can still support VNet-to-Vnet peering and do not have to be modified.
Question 143:
You need to identify a security rule that prevents a network packet from reaching an Azure virtual machine. What should you use?
A. IP flow verify
B. Next hop
C. Packet capture
D. Security group view
E. Traffic Analytics
Correct Answer: A
Correct Answer(s):
IP flow verify - The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verify then tests the communication and informs you if
Next hop -- Next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent nowhere.
Packet capture --Packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine.
Security group view --Using Effective security rules view, you can assess a VM for network vulnerabilities such as open ports.
Traffic Analytics It provides visibility into user and application activity in cloud networks.
Question 144:
You have an Azure subscription and an on-premises environment that is connected via ExpressRoute circuit.
You have two additional branch offices that you need to connect to the network.
Several employees work remotely.
Employees change locations frequently but still need access to Azure resources.
You need to deploy a solution at the earliest. The costs must be minimal.
What should you deploy?
A. Point-to-Site VPN
B. Site-to-Site VPN
C. Virtual WAN
D. Hub-and-Spoke Network Topology
Correct Answer: C
Correct Answer(s):
The Virtual WAN architecture is a hub and spoke architecture for branches and users. It enables global transit network architecture, where the cloud-hosted network 'hub' enables transitive connectivity between endpoints that may be
distributed across different types of 'spokes'. All hubs are connected in full mesh in a Standard Virtual WAN making it easy for the user to use the Microsoft backbone for any-to-any (any spoke) connectivity. This satisfies the requirement to
Point-to-Site VPN - A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.
Site-to-Site VPN Site-to-Site VPN gateways provide cross-premises connectivity between customer premises and Azure.
Hub-and-Spoke Network Topology This is one of the architecture model used to deploy Azure environment.
Question 145:
You plan to deploy five virtual machines to a subnet named Subnet1.
Each virtual machine requires the same inbound and outbound security rules.
What is the minimum number of network security groups that you require?
A. 1
B. 5
C. 10
Correct Answer: A
The rules are same for all virtual machines, so one NSG should suffice the requirement.
You plan to implement Point-to-Site(P2S) VPN connection. Which of the following authentication methods you can use?
A. Native Azure certificate authentication
B. Native Azure active directory authentication
C. RADIUS Server
Correct Answer: ABC
Before Azure accepts a P2S VPN connection, the user has to be authenticated first. There are multiple mechanisms that Azure offers to authenticate a connecting user.
Authenticate using native Azure certificate authentication - When using the native Azure certificate authentication, a client certificate that is present on the device is used to authenticate the connecting user.
Authenticate using native Azure Active Directory authentication - Azure AD authentication allows users to connect to Azure using their Azure Active Directory credentials. Native Azure AD authentication is only supported for OpenVPN
protocol and Windows 10 and requires the use of the Azure VPN Client
Authenticate using Active Directory (AD) Domain Server - AD Domain authentication allows users to connect to Azure using their organization domain credentials. It requires a RADIUS server that integrates with the AD server. Organizations
can also leverage their existing RADIUS deployment.
You need to ensure that the URL is accessible through the application gateway. To achieve the requirement, you disable the WAF rule that has a ruleId 920300. Did you achieve the requirement?
A. Yes
B. No
Correct Answer: A
This will disable the WAF rule that is generating the error.
Question 148:
You need to monitor the latency between your on-premises network and the Azure virtual machines.
What should you use?
A. Service Map
B. Connection troubleshoot
C. Network Performance Monitor
D. Effective routes
Correct Answer: C
Correct Answer(s):
Network Performance Monitor - Network Performance Monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor
network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.
You can monitor network connectivity across cloud deployments and on-premises locations, multiple data centers, and branch offices and mission-critical multitier applications or microservices. With Performance Monitor, you can detect
Service Map - Service Map automatically discovers application components on Windows and Linux systems.
Connection troubleshoot - enable you to troubleshoot network performance and connectivity issues in Azure.
Effective routes You can use effective routes to determinewhy you can't connect to the VM.
Question 149:
You need to implement name resolution for the cloud.healthengine.com.
The solution must meet the networking requirements.
What should you do to implement name resolution of clould.healthengine.com DNS records from on-premises locations?
A. Enable the Azure Firewall DNS proxy
B. Create SRV records in cloud.healthengine.com
C. Deploy an Azure virtual machine configured as DNS server to Vnet1
Correct Answer: C
DNS forwarding also enables DNS resolution between virtual networks, and allows your on-premises machines to resolve Azure-provided host names. In order to resolve a VM's host name, the DNS server VM must reside in the same virtual network, and be configured to forward host name queries to Azure.
The following image shows two virtual networks and an on-premises network doing DNS resolution between virtual networks.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-700 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
