HOTSPOT
-
Overview
-
Contoso, Ltd. is a consulting company that has a main office in San Francisco and a branch office in Dallas.
Contoso recently purchased an Azure subscription and is performing its first pilot project in Azure.
Existing Environment
-
Azure Network Infrastructure
-
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com.
The Azure subscription contains the virtual networks shown in the following table.
 
Vnet1 contains a virtual network gateway named GW1.
Azure Virtual Machines
-
The Azure subscription contains virtual machines that run Windows Server 2019 as shown in the following table.
 
The NSGs are associated to the network interfaces on the virtual machines. Each NSG has one custom security rule that allows RDP connections from the internet. The firewall on each virtual machine allows ICMP traffic.
An application security group named ASG1 is associated to the network interface of VM1.
Azure Network Infrastructure Diagram
 
Azure Private DNS Zones
-
The Azure subscription contains the Azure private DNS zones shown in the following table.
 
Zone1.contoso.com has the virtual network links shown in the following table.
 
Other Azure Resources
-
The Azure subscription contains additional resources as shown in the following table.
 
Requirements
-
Virtual Network Requirements
-
Contoso has the following virtual network requirements:
•	Create a virtual network named Vnet6 in West US that will contain the following resources and configurations:
o	 Two container groups that connect to Vnet6
o	 Three virtual machines that connect to Vnet6
o	 Allow VPN connections to be established to Vnet6
o	 Allow the resources in Vnet6 to access KeyVault1, DB1, and Vnet1 over the Microsoft backbone network.
•	The virtual machines in Vnet4 and Vnet5 must be able to communicate over the Microsoft backbone network.
•	A virtual machine named VM-Analyze will be deployed to Subnet1. VM-Analyze must inspect the outbound network traffic from Subnet2 to the internet.
Network Security Requirements
-
Contoso has the following network security requirements:
•	Configure Azure Active Directory (Azure AD) authentication for Point-to-Site (P2S) VPN users.
•	Enable NSG flow logs for NSG3 and NSG4.
•	Create an NSG named NSG10 that will be associated to Vnet1/Subnet1 and will have the custom inbound security rules shown in the following table.
 
•	Create an NSG named NSG11 that will be associated to Vnet1/Subnet2 and will have the custom outbound security rules shown in the following table.
 
You are implementing the virtual network requirements for Vnet6.
What is the minimum number of subnets and service endpoints you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 
















 

Suggested Answer: 
    



This question is in AZ-700 Designing and Implementing Microsoft Azure Networking Solutions Exam
For getting Microsoft Certified: Azure Network Engineer Associate Certificate





Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.