- (Topic 3)
You have an Azure subscription that contains an Azure App Service app. The app uses a URL of https://www.contoso.com.
You need to use a custom domain on Azure Front Door for www.contoso.com. The custom domain must use a certificate from an allowed certification authority (CA).
What should you include in the solution?
Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https
- (Topic 3)
You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure.
Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.
Correct Answer:
AD
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/bgp-howto
HOTSPOT - (Topic 2)
You create NSG10 and NSG11 to meet the network security requirements.
For each of the following statements, select Yes it the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
No
subnet1(WM1->NSG1 outbound->NSG10 outbound)->subnet2(NSG1 inbound->NSG11 inbound->VM2)
Yes
NSG10 blocks ICMP from VNet4 (source 10.10.0.0/16) but it is not blocked from VM2€™s subnet (VNet1/Subnet2).
No
NSG11 blocks RDP (port TCP 3389) destined for €˜VirtualNetwork€™. VirtualNetwork is a service tag and means the address space of the virtual network (VNet1) which in this case is 10.1.0.0/16. Therefore, RDP traffic from subnet2 to anywhere else in VNet1 is blocked.
Does this meet the goal?
Correct Answer:
A
- (Topic 3)
You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?
Correct Answer:
B
SIMULATION - (Topic 4)
Task 10
You need to configure VNET1 to log all events and metrics. The solution must ensure that you can query the events and metrics directly from the Azure portal by using KQL.
Solution:
Here are the steps and explanations for configuring VNET1 to log all events and metrics and query them by using KQL:
✑ To enable logging for VNET1, you need to create a diagnostic setting that collects the platform metrics and logs from the virtual network and routes them to one or more destinations. You can choose to send the data to a Log Analytics workspace, a storage account, an event hub, or a partner solution1.
✑ To create a diagnostic setting, you need to go to the Azure portal and select your virtual network. Then select Diagnostic settings under Monitoring and select + Add diagnostic setting1.
✑ On the Add diagnostic setting page, enter or select the following information:
✑ Select Save to create your diagnostic setting1.
✑ To query the events and metrics from the Azure portal by using KQL, you need to go to the Log Analytics workspace that you selected as the destination. Then select Logs under General and enter your KQL query in the query editor3.
✑ For example, you can use the following KQL query to get the top 10 network security group events for VNET1 in the last 24 hours:
NetworkSecurityGroupEvent
| where TimeGenerated > ago(24h)
| where ResourceId contains "VNET1"
| summarize count() by EventID
| top 10 by count_ Copy
✑ Select Run to execute your query and view the results in a table or a chart3.
Does this meet the goal?
Correct Answer:
A