You have an Azure Front Door instance that has a single frontend named Frontend1 and an Azure Web Application Firewall (WAF) policy named Policy1. Policy1 redirects requests that have a header containing "string1" to https://www.contoso.com/redirect1. Policy1 is associated to Frontend1. You need to configure additional redirection settings. Requests to Frontend1 that have a header containing "string2" must be redirected to https://www.contoso.com/redirect2.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

HOTSPOT

You have an Azure subscription.

You have the on-premises sites shown the following table.

You plan to deploy Azure Virtual WAN.

You are evaluating Virtual WAN Basic and Virtual WAN Standard.

Which type of Virtual WAN can you use for each site? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Azure Virtual WAN offers a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface. It supports various connection types like Site-to-Site VPN, Point-to-Site VPN, and ExpressRoute connections. Depending on the Virtual WAN tier (Basic or Standard), certain functionalities and connection types are supported.

Virtual WAN Basic typically supports basic VPN features and connectivity.

Virtual WAN Standard provides all the features of Basic, plus it supports ExpressRoute, Point-to-Site (P2S) VPN, and much more advanced features like VPN and ER connectivity, BGP routing, multiple connections, and custom BGP settings.

Given this:

Site1 with 500 users connected via ExpressRoute would require Virtual WAN Standard because Basic does not support ExpressRoute connections.

Site2 with 100 users connected via Site-to-Site VPN could be supported by either Virtual WAN Basic or Standard, as both support Site-to-Site VPN connections. However, considering the number of users and potential need for advanced features, Virtual WAN Standard might be more appropriate.

Site3 with 1 user connected via Point-to-Site VPN would typically only require Virtual WAN Basic, as it’s a single user and Basic supports P2S VPN. However, if advanced features of P2S VPN are required, such as Azure AD authentication, then Virtual WAN Standard would be necessary.

Based on these considerations, here are the selections:

Virtual WAN Basic: Can be used for Site2 and Site3 only.

Virtual WAN Standard: Can be used for Site1, Site2, and Site3.

The selection depends on the specific features and scalability requirements of each site’s connection to Azure. If the only consideration is the type of connectivity, then Basic could suffice for Site2 and Site3, while Standard is required for Site1. However, if advanced features are a consideration, Standard may be the appropriate choice across all sites.

HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1: No

Zone2.contoso.com is not linked to any virtual networks. Therefore, no VMs are able to resolve names in the zone.

Box 2: Yes

VM4 is in VNet3. Zone1.contoso.com has a link to VNet3 and auto-registration is enabled on the link.

Box3: No

VNet3 is linked to zone1.contoso.com and auto-registration is enabled on the link. A virtual network can only have one registration zone. You can link zone2.contoso.com to VNet3 but you won’t be able to enable auto-registration on the link.

HOTSPOT

You have an Azure subscription that contains two virtual networks named Vnet1 and Vnet2.

You register a public DNS zone named fabrikam.com.

The zone is configured as shown in the Public DNS Zone exhibit.

You have a private DNS zone named fabrikam.com.

The zone is configured as shown in the Private DNS Zone exhibit.

You have a virtual network link configured as shown in the Virtual Network Link exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1: Yes

DNS queries from the internet use the public DNS zone. In the public DNS zone, www.fabrikam.com is a CNAME record that resolves to appservice1.fabrikam.com which resolves to 131.107.1.1.

Box 2: No

DNS queries from the internet use the public DNS zone. There is no DNS record for server1.fabrikam.com in the public DNS zone.

Box 3: No

The private DNS zone is linked to VNet1, not VNet2. Therefore, resources in VNet2 cannot query the private DNS zone.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24.

Does this meet the goal?

Reveal Solution Hide Solution

You have an Azure subscription that contains the public IPv4 addresses shown in the following table.

You plan to create a load balancer named LB1 that will have the following settings:

* Name: LB1

* Location: West US

* Type: Public

* SKU: Standard

Which public IPv4 addresses can be used by LB1?

Reveal Solution Hide Solution

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.

You configure the application gateway to direct traffic to the URL of the application gateway.

You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.

Solution: You add a rewrite rule for the host header.

Does this meet the goal?

Reveal Solution Hide Solution

HOTSPOT

You have the hybrid network shown in the Network Diagram exhibit.

You have a peering connection between Vnet1 and Vnet2 as shown in the Peering-Vnet1-Vnet2 exhibit.

You have a peering connection between Vnet1 and Vnet3 as shown in the Peering -Vnet1-Vnet3 exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

You have an Azure virtual network that contains the subnets shown in the following table.

You deploy an Azure firewall to AzureFirewallSubnet. You route all traffic from Subnet2 through the firewall.

You need to ensure that all the hosts on Subnet2 can access an external site located at https://*.contoso.com.

What should you do?

Reveal Solution Hide Solution

You have the Azure resources shown in the following table.

You configure storage1 to provide access to the subnet in Vnet1 by using a service endpoint.

You need to ensure that you can use the service endpoint to connect to the read-only endpoint of

storage1 in the paired Azure region.

What should you do first?

Reveal Solution Hide Solution