- (Topic 3)
You have an Azure Virtual Desktop deployment that has 500 session hosts. All outbound traffic to the internet uses a NAT gateway.
During peak business hours, some users report that they cannot access internet resources. In Azure Monitor, you discover many failed SNAT connections.
You need to increase the available SNAT connections. What should you do?

1. A. Add a public IP address.
2. B. Bind the NAT gateway to another subnet.
3. C. Deploy Azure Standard Load Balancer that has outbound rules.

Correct Answer: A

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource

- (Topic 3)
Your company has offices in and Amsterdam. The company has an Azure subscription. Both offices connect to Azure by using a Site-to-Site VPN connection.
The office in Amsterdam uses resources in the North Europe Azure region. The office in New York uses resources in the East US Azure region.
You need to implement ExpressRoute circuits to connect each office to the nearest Azure region. Once the ExpressRoute circuits are connected, the on-premises computers in the Amsterdam office must be able to connect to the on-premises servers in the New York office by using the ExpressRoute circuits.
Which ExpressRoute option should you use?

1. A. ExpressRoute Local
2. B. ExpressRoute FastPath
3. C. ExpressRoute Direct
4. D. ExpressRoute Global Reach

Correct Answer: D

Reference:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-global-reach

- (Topic 1)
You need to provide connectivity to storage1. The solution must meet the PaaS networking requirements and the business requirements.
What should you include in the solution?

1. A. a service endpoint
2. B. Azure Front Door
3. C. a private endpoint
4. D. Azure Traffic Manager

Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints- overview

HOTSPOT - (Topic 3)
You have an Azure virtual network named Vnet1 that contains two subnets named Subnet1 and Subnet2. Both subnets contain virtual machines. You create a NAT gateway named NATgateway1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 3)
You have an Azure virtual network named Vnet1.
You need to ensure that the virtual machines in Vnet1 can access only the Azure SQL resources in the East US Azure region. The virtual machines must be prevented from accessing any Azure Storage resources.
Which two outbound network security group (NSG) rules should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

1. A. an allow rule that has the IP address range of Vnet1 as the source and destination ofSq1.EastUS
2. B. a deny rule that has a source of VirtualNetwork and a destination of Sq1
3. C. a deny rule that has a source of VirtualNetwork and a destination of 168.63.129.0/24
4. D. a deny rule that has the IP address range of Vnet1 as the source and destination of Storage

Correct Answer: CD
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview