Microsoft Azure

Designing and Implementing Microsoft Azure Networking Solutions

AZ-700

The AZ-700 exam tests your skills in designing and implementing Azure networking solutions.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 1–10 of 147

Q1

Which service is best for controlling network access within Azure?

  • A Azure Firewall
  • B Azure Blob Storage
  • C Azure AD
  • D Azure Monitor
Explanation Azure Firewall provides centralized network security, while the others are unrelated services.
Q2

A company needs to use private IP addresses for its virtual machines. Which Azure feature allows this?

  • A Public IP Prefix
  • B Azure VNet
  • C Traffic Manager
  • D Reserved IPs
Explanation Azure VNet enables private IP addressing; the others do not serve this purpose.
Q3

You are configuring a VPN gateway to connect your Azure VNet to on-premises networks. What happens when you select the 'Route-Based' gateway type?

  • A Only static routes are supported
  • B Dynamic routing is used
  • C IPsec policies are not applied
  • D No encryption for traffic
Explanation Route-Based gateways support dynamic routing, while others describe incorrect capabilities.
Q4

Which Azure service provides a secure way to manage encryption keys?

  • A Azure Key Vault
  • B Azure Blob Storage
  • C Azure SQL Database
  • D Azure Active Directory
Explanation Azure Key Vault is designed for managing keys, whereas the others serve different purposes.
Q5

A company needs to allow their VMs to communicate over an isolated network segment. What should they configure?

  • A Virtual Network Peering
  • B Network Security Groups
  • C VNet Subnets
  • D Azure Application Gateway
Explanation VNet Subnets create isolated segments for communication; the other options do not create network isolation.
Q6

What happens when a Network Security Group (NSG) rule is configured with 'Deny All' at the subnet level?

  • A All traffic is denied immediately.
  • B Only allowed traffic is denied.
  • C All inbound traffic is allowed.
  • D No traffic is affected.
Explanation A 'Deny All' rule blocks all traffic, making option A correct; the others are incorrect as they contradict the deny nature.
Q7

Which Azure service is best for creating private connections between on-premises and Azure resources?

  • A Azure ExpressRoute
  • B Azure VPN Gateway
  • C Azure Load Balancer
  • D Azure Application Gateway
Explanation Azure ExpressRoute provides a dedicated private connection; VPNs use public networks, and Load Balancers are for traffic distribution.
Q8

A company needs to secure its Azure Web Apps; which service should they implement for advanced threat protection?

  • A Azure Firewall
  • B Azure Application Gateway WAF
  • C Azure DDoS Protection
  • D Azure Security Center
Explanation Azure Application Gateway WAF protects web apps against common threats; Firewalls and DDoS Protection serve different purposes.
Q9

You are configuring a Virtual Network (VNet) peering; what happens if regional restrictions apply to your VNets?

  • A Peering is not possible
  • B Traffic will be local only
  • C Peering connections are allowed
  • D Access to services is restricted
Explanation VNet peering cannot occur between VNets in different regions if regional restrictions apply.
Q10

Which Azure service enables network traffic filtering at the application layer?

  • A Azure Firewall
  • B Azure Load Balancer
  • C Azure Application Gateway
  • D Azure VPN Gateway
Explanation Azure Application Gateway includes a Web Application Firewall feature for application-layer traffic filtering, while others serve different roles.