1. Home
  2. Microsoft
  3. AZ-700

Designing and Implementing Microsoft Azure Networking Solutions

Exam Details

  • Exam Code
    :AZ-700
  • Exam Name
    :Designing and Implementing Microsoft Azure Networking Solutions
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :390 Q&As
  • Last Updated
    :Mar 31, 2025

Microsoft Microsoft Certifications AZ-700 Questions & Answers

  • Question 221:

    Your company has offices in Montreal, Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address.

    You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy1 that has a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that

    originates from the office in Montreal.

    You need to apply a rate limit of 100 requests for traffic that originates from each office.

    What should you do?

    A. Modify the rate limit threshold of Rule1.

    B. Create two additional associations.

    C. Modify the conditions of Rule1.

    D. Modify the rule type of Rule1.

  • Question 222:

    You have an Azure virtual network named Vnet1.

    You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.

    Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. a deny rule that has a source of VirtualNetwork and a destination of Sql

    B. an allow rule that has the IP address range of Vnet1 as the source and destination of Sql.EastUS

    C. a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24

    D. a deny rule that has the IP address range of Vnet1 as the source and destination of Storage

  • Question 223:

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure subscription that contains the following resources:

    1.

    A virtual network named Vnet1

    2.

    A subnet named Subnet1 in Vnet1

    3.

    A virtual machine named VM1 that connects to Subnet1

    4.

    Three storage accounts named storage1, storage2, and storage3

    You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.

    Solution: You configure the firewall on storage1 to only accept connections from Vnet1.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 224:

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure subscription that contains the following resources:

    1.

    A virtual network named Vnet1

    2.

    A subnet named Subnet1 in Vnet1

    3.

    A virtual machine named VM1 that connects to Subnet1

    4.

    Three storage accounts named storage1, storage2, and storage3

    You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.

    Solution: You create a network security group (NSG) and associate the NSG to Subnet1.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 225:

    Your company has offices in New York and Amsterdam. The company has an Azure subscription. Both offices connect to Azure by using a Site-to-Site VPN connection.

    The office in Amsterdam uses resources in the North Europe Azure region. The office in New York uses resources in the East US Azure region.

    You need to implement ExpressRoute circuits to connect each office to the nearest Azure region. Once the ExpressRoute circuits are connected, the on-premises computers in the Amsterdam office must be able to connect to the on-premises

    servers in the New York office by using the ExpressRoute circuits.

    Which ExpressRoute option should you use?

    A. ExpressRoute FastPath

    B. ExpressRoute Global Reach

    C. ExpressRoute Direct

    D. ExpressRoute Local

  • Question 226:

    You have an Azure virtual network named Vnet1 that hosts an Azure firewall named FW1 and 150 virtual machines. Vnet1 is linked to a private DNS zone named contoso.com. All the virtual machines have their name registered in the

    contoso.com zone.

    Vnet1 connects to an on-premises datacenter by using ExpressRoute.

    You need to ensure that on-premises DNS servers can resolve the names in the contoso.com zone.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Modify the DNS server settings of Vnet1.

    B. For FW1, configure custom DNS server.

    C. For FW1, enable DNS proxy.

    D. On the on-premises DNS servers, configure forwarders that point to the frontend IP address of FW1.

    E. On the on-premises DNS servers, configure forwarders that point to the Azure provided DNS service at 168.63.129.16.

  • Question 227:

    You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?

    A. internal load balancers

    B. storage account

    C. service endpoints

    D. service endpoint policies

  • Question 228:

    You have a website that uses an FQDN of www.contoso.com. The DNS record for www. contoso.com resolves to an on-premises web server.

    You plan to migrate the website to an Azure web app named Web1. The website on Web1 will be published by using an Azure Front Door instance named ContosoFD1.

    You build the website on Web1.

    You plan to configure ContosoFD1 to publish the website for testing.

    When you attempt to configure a custom domain for www.contoso.com on ContosoFD1, you receive the error message shown in the exhibit. (Click the Exhibit tab.)

    You need to test the website and ContosoFD1 without affecting user access to the on-premises web server.

    Which record should you create in the contoso.com DNS domain?

    You have a website that uses an FQDN of www.

    A. a CNAME record that maps afdverify.www.contoso.com to ContosoFD1.azurefd.net

    B. a CNAME record that maps www.contoso.com to ContosoFD1.azurefd.net

    C. a CNAME record that maps afdverify.www.contoso.com to afdverify.ContosoFD1.azurefd.net

    D. a CNAME record that maps www.contoso.com to Web1.contoso.com

  • Question 229:

    You have the Azure load balancer shown in the Load Balancer exhibit.

    LB2 has the backend pools shown in the Backend Pools exhibit.

    You need to ensure that LB2 distributes traffic to all the members of VMSS1.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Add a network interface to VMSS1.

    B. Add a load balancing rule.

    C. Configure a health probe.

    D. Add a public IP address to each member of VMSS1.

  • Question 230:

    You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly.

    Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.

    You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.

    What should you include in the solution?

    A. a service tag

    B. a private endpoint

    C. a subnet delegation

    D. an application security group

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-700 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.