Which two options can you use to connect Azure virtual networks VNets to each other each correct answer presents a complete solution?

Microsoft AZ-700 Exam Actual Questions The questions for AZ-700 were last updated at Dec 15, 2021. 62 questions + 56 MS Learn Questions Topic 1 - Question Set 1 Question #1Topic 1 Your company has a single on-premises datacenter in New York. The East US Azure region has a peering location in New York. The company only has Azure resources in the East US region. You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs. Which type of ExpressRoute circuits should you create?  A. ExpressRoute Local  B. ExpressRoute Direct  C. ExpressRoute Premium  D. ExpressRoute Standard Correct Answer: A Reference: https://azure.microsoft.com/en-us/pricing/details/expressroute/ Question #2Topic 1 You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN. Users will authenticate by an on-premises Active Directory domain. Which additional service should you deploy to support the VPN authentication?  A. an Azure key vault  B. a RADIUS server  C. a certification authority  D. Azure Active Directory (Azure AD) Application Proxy Correct Answer: B Reference: Point-to-site authentication methods - Native Azure certificate and Active Directory (It requires a RADIUS server that integrates with the AD server) https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about Question #3Topic 1 You plan to configure BGP for a Site-to-Site VPN connection between a datacenter and Azure. Which two Azure resources should you configure? Each correct answer presents a part of the solution. (Choose two.) NOTE: Each correct selection is worth one pgoint.  A. a virtual network gateway  B. Azure Application Gateway  C. Azure Firewall  D. a local network gateway  E. Azure Front Door Correct Answer: AD Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/bgp-howto Question #4Topic 1 You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network. You need to troubleshoot what prevents you from establishing the IPsec tunnel. Which diagnostic log should you review?  A. IKEDiagnosticLog  B. RouteDiagnosticLog  C. GatewayDiagnosticLog  D. TunnelDiagnosticLog Correct Answer: A Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics IKEDiagnosticLog = The IKEDiagnosticLog table offers verbose debug logging for IKE/IPsec. This is very useful to review when troubleshooting disconnections, or failure to connect VPN scenarios. Topic 2 - Question Set 2 Question #1Topic 2 You have two Azure virtual networks named Vnet1 and Vnet2. You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You reset the gateway of Vnet1. Does this meet the goal?  A. Yes  B. No Correct Answer: B The VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing Question #2Topic 2 You have two Azure virtual networks named Vnet1 and Vnet2. You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN. You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway. You discover that Client1 cannot communicate with Vnet2. You need to ensure that Client1 can communicate with Vnet2. Solution: You enable BGP on the gateway of Vnet1. Does this meet the goal?  A. Yes  B. No Correct Answer: B The VPN client must be downloaded again if any changes are made to VNet peering or the network topology. Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing Question #3Topic 2 HOTSPOT - You have an Azure environment shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway- transit?toc=/azure/virtual-network/toc.json Question #4Topic 2 You plan to deploy Azure virtual network. You need to design the subnets. Which three types of resources require a dedicated subnet? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.  A. Azure Bastion  B. Azure Active Directory Domain Services  C. Azure Private Link  D. Azure Application Gateway v2  E. VPN gateway Correct Answer: ADE Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services Question #5Topic 2 HOTSPOT - You have an Azure private DNS zone named contoso.com that is linked to the virtual networks shown in the following table. The links have auto registration enabled. You create the virtual machines shown in the following table. You manually add the following entry to the contoso.com zone: ✑ Name: VM1 IP address: 10.1.10.9 - For each of the following statements, select Yes of the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Box 1: No - The manual DNS record will overwrite the auto-registered DNS record so VM1 will resolve to 10.1.10.9. Box 2: No - The DNS record for VM1 is now a manually created record rather than an auto-registered record. Only auto-registered DNS records are deleted when a VM is deleted. Box 3: No - This answer depends on how the IP address is changed. To change the IP address of a VM manually, you would need to select Static as the IP address assignment. In this case, the DNS record will not be updated because only DHCP assigned IP addresses are auto-registered. Reference: https://docs.microsoft.com/en-us/azure/dns/dns-faq-private Question #6Topic 2 HOTSPOT - Your company has an Azure virtual network named Vnet1 that uses an IP address space of 192.168.0.0/20. Vnet1 contains a subnet named Subnet1 that uses an IP address space of 192.168.0.0/24. You create an IPv6 address range to Vnet1 by using a CIDR suffix of /48. You need to enable the virtual machines on Subnet1 to communicate with each other by using IPv6 addresses assigned by the company. The solution must minimize the number of additional IPv4 addresses. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Reference: https://docs.microsoft.com/en-us/azure/virtual-network/ipv6-overview https://docs.microsoft.com/en-us/azure/virtual-network/ipv6-add-to-existing-vnet-powershell 1) Correct: /64 Explanation: The subnets for IPv6 must be exactly /64 in size. This ensures future compatibility should you decide to enable routing of the subnet to an on-premises network since some routers can only accept /64 IPv6 routes. Source: https://docs.microsoft.com/en-us/azure/virtual-network/ip-services/ipv6-overview 2) Correct: Public IPv6 Address Explanation: Add IPv6 configuration to NIC. "Configure all of the VM NICs with an IPv6 address using Add-AzNetworkInterfaceIpConfig" Source: https://docs.microsoft.com/en-us/azure/load-balancer/ipv6-add-to-existing-vnet-powershell Question #7Topic 2 HOTSPOT - You plan to deploy Azure Virtual WAN. You need to deploy a virtual WAN hub that meets the following requirements: ✑ Supports 10 sites that will connect to the virtual WAN