- (Exam Topic 6)
You have an Azure subscription named Subscription1 that contains the resources in the following table.
VM1 and VM2 run the websites in the following table.
AppGW1 has the backend pools in the following table.
DNS resolves site1.contoso.com, site2.contoso.com, and site3.contoso.com to the IP address of AppGW1. AppGW1 has the listeners in the following table.
AppGW1 has the rules in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Vm1 is in Pool1. Rule2 applies to Pool1, Listener 2, and site2.contoso.com
Does this meet the goal?
Correct Answer:A
- (Exam Topic 6)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Network Contributor role at the subscription level to Admin1. Does this meet the goal?
Correct Answer:A
Your account must meet one of the following to enable traffic analytics:
Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq
- (Exam Topic 5)
You have an Azure subscription that contains the Azure virtual machines shown in the following table.
You add inbound security rules to a network security group (NSG) named NSG1 as shown in the following table.
You run Azure Network Watcher as shown in the following exhibit.
You run Network Watcher again as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: No
It limits traffic to VM2, but not VM1 traffic. Box 2: Yes
Yes, the destination is VM2. Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Does this meet the goal?
Correct Answer:A
- (Exam Topic 5)
You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNet1.
You need to ensure that you can configure a point-to-site connection from an on-premises computer to VNet1. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer:CE
C: A VPN gateway is used when creating a VPN connection to your on-premises network.
Route-based VPN devices use any-to-any (wildcard) traffic selectors, and let routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).
E: Policy-based VPN devices use the combinations of prefixes from both networks to define how traffic is encrypted/decrypted through IPsec tunnels. It is typically built on firewall devices that perform packet filtering.
IPsec tunnel encryption and decryption are added to the packet filtering and processing engine. Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-portal https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps
- (Exam Topic 5)
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.
To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box 1: will have no access
The IP 193.77.134.1 does not have access on the SAS since this IP falls outside of the allowed IP address range for SAS. Hence "will have no access" is correct.
Box 2: will be prompted for credentials
The net use command is used to connect to file shares.To mount an Azure file share, you will need the primary (or secondary) storage key. SAS keys are not currently supported for mounting. Based on the provided SAS exhibit, IP address is an allowed IP and also on given date SAS is active, but account storage key is must to have to run the "net use" command , which is not provided in the question. Hence "will be prompted for credentials" is correct option for this.
net use R: rebelsa1.file.core.windows.netrebelshare
https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows https://feedback.azure.com/forums/217298-storage/suggestions/14498352-allow-azure-files-shares-to-be-mount https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
http://www.rebeladmin.com/2018/03/step-step-guide-create-azure-file-share-map-windows-10/
Does this meet the goal?
Correct Answer:A