Designing and Implementing Microsoft Azure Networking Solutions
Exam Details
Exam Code
:AZ-700
Exam Name
:Designing and Implementing Microsoft Azure Networking Solutions
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:390 Q&As
Last Updated
:Apr 08, 2025
Microsoft Microsoft Certifications AZ-700 Questions & Answers
Question 171:
You have a web application that will be deployed to an Azure App Service Web App.
The web application has following requirements:
Secure all communications by using Secured Socket layer (SSL).
SSL encryption and decryption must be processed efficiently to support high traffic load on the web application.
What should you consider?
A. Use Azure Application Gateway
B. Use Azure Monitor
C. Use Azure Security Centre
D. Use Azure Traffic Manager
Correct Answer: A
Correct Answer(s):
Use Azure Application Gateway - Azure Application Gateway supports end-to-end encryption of traffic. Application Gateway terminates the SSL connection at the application gateway. The gateway then applies the routing rules to the traffic,
re-encrypts the packet, and forwards the packet to the appropriate back-end server
Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking for Transport Layer Security (TLS) protocol termination ("SSL offload") or per-HTTP/HTTPS request, application-layer processing, review
Application Gateway. If you are looking for regional load balancing, review Load Balancer.
Wrong Answers:
Use Azure Monitor - Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
Use Azure Security Centre - Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the
cloud.
Use Azure Traffic Manager - Traffic Manager does not support SSL offloading.
Question 172:
You have a web application that uses a hostname of www.healthengine.com
You have an Azure Front Door instance that provides access to the web application.
You have the routing rules shown in the following table.
Which rule will apply to www.healthengine.com/default.htm incoming request?
A. RuleA
B. RuleB
C. RuleC
D. RuleD
Correct Answer: C
Correct Answer(s):
RuleC - When a request lands on a Front Door environment one of the first things that Front Door does is determine which particular routing rule to match the request to and then take the defined action in the configuration. It uses the below
logic.
Look for any routing rule with an exact match on the Path.
If no exact match Paths, look for routing rules with a wildcard Path that matches.
If no routing rules are found with a matching Path, then reject the request and return a 400: Bad Request error HTTP response.
The path defined in RuleC is not an exact match, but it matches with wildcard path.
RuleA The path defined in the RuleA is not a match with incoming request.
RuleB The path defined in the RuleA is not a match with incoming request.
RuleD The path defined in the RuleA is not a match with incoming request.
Question 173:
Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources:
A web app named webapp1
A virtual network named VNET1
You need to ensure that webapp1 can connect to Share1.
What should you deploy?
A. an Azure Application Gateway
B. an Azure Active Directory (Azure AD) Application Proxy
C. an Azure Virtual Network Gateway
Correct Answer: C
Correct Answer(s):
an Azure Virtual Network Gateway - A Site-to-Site VPN gateway connection can be used to connect your on- premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a
VPN device, a VPN gateway, located on-premises that has an externally facing public IP address assigned to it.
an Azure Application Gateway -- Azure Application Gateway is a web traffic load balancer. It does not provide connectivity to on-premises resources.
an Azure Active Directory (Azure AD) Application Proxy -- Azure Active Directory's Application Proxy provides secure remote access to on-premises web applications. It does not provide connectivity to on-premises file shares.
Question 174:
You have a web application that uses a hostname of www.healthengine.com
You have an Azure Front Door instance that provides access to the web application.
You have the routing rules shown in the following table.
Which rule will apply to www.healthengine.com/abc/def incoming request?
A. RuleA
B. RuleB
C. RuleC
D. RuleD
Correct Answer: A
Correct Answer(s):
RuleA - When a request lands on a Front Door environment one of the first things that Front Door does is determine which particular routing rule to match the request to and then take the defined action in the configuration. It uses the below
logic.
Look for any routing rule with an exact match on the Path.
If no exact match Paths, look for routing rules with a wildcard Path that matches.
If no routing rules are found with a matching Path, then reject the request and return a 400: Bad Request error HTTP response.
RuleB The path defined in the RuleB is not a match with incoming request.
RuleC There is an exact match with RuleA. The path defined in the RuleB is not an exact match with incoming request.
RuleD There is an exact match with RuleA. The path defined in the RuleB is not an exact match with incoming request.
Question 175:
You have a web app named App1 that is hosted in on-premises servers and on four Azure virtual machines (VMs).
Each Azure region has one virtual machine.
You need to recommend a solution to ensure that users will always connect to the closest instance of App1.
The solution must prevent the users from attempting to connect to a failed instance of App1.
Which two possible should you recommendation achieve the goal?
A. Azure Front Door Service
B. Azure Load Balancer
C. round-robin DNS
D. Azure Traffic Manager
E. Azure Application Gateway
Correct Answer: AD
Correct Answers:
Azure Front Door Service - Front Door is an application delivery network that provides global load balancing and site acceleration service for web applications. It offers Layer 7 capabilities for your application like SSL offload, path-based
routing, fast failover, caching, etc. to improve performance and high-availability of your applications.
Azure Traffic Manager - Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.
Azure Load Balancer - It is a regional load balancing solution.
round-robin DNS - Round-robin DNS is a load balancing technique where the balancing is done by a type of DNS server called an authoritative nameserver, rather than using a dedicated piece of load-balancing hardware.
Azure Application Gateway - It is a regional load balancing solution.
Question 176:
You have a web application that uses a hostname of www.healthengine.com
You have an Azure Front Door instance that provides access to the web application.
You have the routing rules shown in the following table.
Which rule will apply to www.healthengine.com/abc/def/default.htm incoming request?
A. RuleA
B. RuleB
C. RuleC
D. RuleD
Correct Answer: D
Correct Answer(s):
RuleD - When a request lands on a Front Door environment one of the first things that Front Door does is determine which particular routing rule to match the request to and then take the defined action in the configuration. It uses the below logic.
4.
Look for any routing rule with an exact match on the Path.
5.
If no exact match Paths, look for routing rules with a wildcard Path that matches.
6.
If no routing rules are found with a matching Path, then reject the request and return a 400: Bad Request error HTTP response.
The path defined in RuleD is not an exact match, but it matches with wildcard path.
RuleA The path defined in the RuleA is not a match with incoming request. RuleB The path defined in the RuleA is not a match with incoming request. RuleC The path defined in the RuleA is not a match with incoming request.
Question 177:
You plan to deploy the following types of resources in a single Azure region:
1.
Virtual machine
2.
Azure App Service
3.
Virtual Network gateway
4.
Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks. You need to identify how many virtual networks and subnets are required for the solution.
The solution must minimize costs to transfer data between virtual networks.
What should you identify?
A. Virtual Networks: 1
B. Virtual Networks: 2
C. Virtual Networks: 3
D. Virtual Networks: 4
E. Subnets: 1
F. Subnets: 2
G. Subnets: 3
H. Subnets: 4
Correct Answer: AH
None of these resources has a requirement for dedicated virtual network. So, you can deploy all these resources in a single virtual network.
Azure virtual machine must be deployed to a subnet. So, you need at least one subnet for virtual machine.
Azure app service is delegate to create resources in the virtual network. So you need configure vNet integration for Azure app service. An integration subnet is required to integrate Azure App service with virtual network.
You need a dedicated subnet called as gateway subnet for virtual network gateway.
SQL Managed Instance is placed inside the Azure virtual network and the subnet that's dedicated to managed instances.
You have an on-premises and Azure environment connected with ExpressRoute circuit.
You need to open a support ticket with ExpressRoute circuit provider.
What property of an ExpressRoute circuit is useful?
A. Service key.
B. Circuit name.
C. Circuit number.
Correct Answer: A
Correct Answer(s):
Service key - A service key uniquely identifies an ExpressRoute circuit. If you need assistance from Microsoft or from an ExpressRoute partner to troubleshoot an ExpressRoute issue, provide the service key to readily identify the circuit.
Wrong Answers:
Circuit name - The Circuit name may not be unique or easily searchable for the service provider.
Circuit number - This may help you, but it is not the quickest way to check.
Question 179:
Which rules should you configure in Azure firewall to allow inbound internet connections?
A. Application rules
B. Network rules
C. NAT rules
Correct Answer: C
Correct Answer(s):
NAT rules: Configure DNAT rules to allow incoming Internet connections.
Application rules - Configure fully qualified domain names (FQDNs) that can be accessed from a subnet.
Network rules - Configure rules that contain source addresses, protocols, destination ports, and destination addresses.
Question 180:
You have an Azure subscription that contains two virtual networks named VritualNetwork1 and VritualNetwork2.
You have a Windows 10 device that connects to VritualNetwork1 by using a Point-to-Site (P2S) IKEv2 VPN. You have implemented virtual network peering between VritualNetwork1 and VritualNetwork2.
VritualNetwork1 allows gateway transit. VritualNetwork2 can use the remote gateway. You discover that you cannot communicate with VritualNetwork2 from Windows 10 device. You need to ensure that you can communicate with
VritualNetwork2 from Windows 10 device.
To achieve the requirement, you reset the gateway of VritualNetwork1.
Did you achieve the requirement?
A. Yes
B. No
Correct Answer: B
The VPN client must be downloaded again if any changes are made to VNet peering or the network topology.
If you make a change to the topology of your network and have Windows VPN clients, the VPN client package for Windows clients must be downloaded and installed again in order for the changes to be applied to the client.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-700 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
