You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.

You need to configure a rate limit for incoming requests to AFD1.

Solution: You add a rule to the rule set of AFD1.

Does this meet the goal?

Your company has offices in London, Tokyo, and New York.
The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.

You have a website that uses an FQDN of www.contoso.com. The DNS record for www. contoso.com resolves to an on-premises web server.
You plan to migrate the website to an Azure web app named Web1. The website on Web1 will be published by using an Azure Front Door instance named
ContosoFD1.
You build the website on Web1.
You plan to configure ContosoFD1 to publish the website for testing.
When you attempt to configure a custom domain for www.contoso.com on ContosoFD1, you receive the error message shown in the exhibit. (Click the Exhibit tab.)

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You plan to publish a website that will use an FQDN of www.contoso.com. The website will be hosted by using the Azure App Service apps shown in the following table.

You have the Azure environment shown in the exhibit.

You have an Azure subscription that contains the public IPv4 addresses shown in the following table.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You have an Azure subscription that contains the public IP addresses shown in the following table.

You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You have the Azure virtual networks shown in the following table.

You deploy Azure Firewall to Vnet3.
You need to ensure that the traffic from Subnet1-1 to Subnet2-1 passes through the firewall.
What should you configure?

You have the on-premises networks shown in the following table.

You have an application named App1 that listens for incoming requests on a preconfigured group of 50 TCP ports and UDP ports.
You install App1 on 10 Azure virtual machines.
You need to implement load balancing for App1 across all the virtual machines. The solution must minimize the number of load balancing rules.
What should you include in the solution?

You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You resize the gateway of Vnet1 to a larger SKU.
Does this meet the goal?

You have an Azure subscription that contains the virtual networks shown in the following table.

You plan to deploy an Azure firewall named AF1 to RG1 in the West US Azure region.
To which virtual networks can you deploy AF1?

Your company has four branch offices and an Azure subscription. The subscription contains an Azure VPN gateway named GW1.
The branch offices are configured as shown in the following table.

The branch office routers provide internet connectivity and Site-to-Site VPN connections to GW1.
The users in Branch1 report that they can connect to internet resources, but cannot access Azure resources.
You need to ensure that the Branch1 users can connect to the Azure resources. The solution must meet the following requirements:
• Minimize downtime for all users.
• Minimize administrative effort.
What should you do first?

You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You download and reinstall the VPN client configuration.
Does this meet the goal?

You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You reset the gateway of Vnet1.
Does this meet the goal?

You have two Azure virtual networks named Vnet1 and Vnet2.
You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.
You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit. Vnet2 can use the remote gateway.
You discover that Client1 cannot communicate with Vnet2.
You need to ensure that Client1 can communicate with Vnet2.
Solution: You enable BGP on the gateway of Vnet1.
Does this meet the goal?

You have an on-premises server named Server1 that runs Windows Server.
You have an Azure subscription that contains a virtual network named VNet1.
You plan to connect Server1 to VNet1 by using Azure Network Adapter.
You need to minimize how long it takes to deploy the adapter to Server1.
What should you create first?

You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy an Azure Virtual Network NAT gateway named Gateway1. The solution must meet the following requirements:
• VM1 will access the internet by using its public IP address.
• VM2 will access the internet by using its public IP address.
• Administrative effort must be minimized.
You need to ensure that you can deploy Gateway1 to Vnet1.
What is the minimum number of subnets that Vnet1 must have?

You have three on-premises networks.
You have an Azure subscription that contains a Basic Azure virtual WAN. The virtual WAN contains a single virtual hub and a virtual network gateway that is limited to a throughput of 1 Gbps.
The on-premises networks connect to the virtual WAN by using Site-to-Site (S2S) VPN connections.
You need to increase the throughput of the virtual WAN to 3 Gbps. The solution must minimize administrative effort.
What should you do?

You have an Azure virtual network named Vnet1 and an on-premises network. The on-premises network has policy-based VPN devices.
In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.
You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.

You need to ensure that the on-premises network can connect to the route-based GW1.
What should you do before you create the connection?

You have an Azure subscription that contains a virtual network.
You plan to deploy an Azure VPN gateway and 90 Site-to-Site VPN connections. The solution must meet the following requirements:
• Ensure that the Site-to-Site VPN connections remain available if an Azure datacenter fails.
• Minimize costs.
Which gateway SKU should you specify?

You are planning an Azure deployment that will contain three virtual networks in the East US Azure region as shown in the following table.

A Site-to-Site VPN will connect Vnet1 to your company’s on-premises network.
You need to recommend a solution that ensures that the virtual machines on all the virtual networks can communicate with the on-premises network. The solution must minimize costs.
What should you recommend for Vnet2 and Vnet3?

Your company has a single on-premises datacenter in Washington DC. The East US Azure region has a peering location in Washington DC.
The company only has Azure resources in the East US region.
You need to implement ExpressRoute to support up to 1 Gbps. You must use only ExpressRoute Unlimited data plans. The solution must minimize costs.
Which type of ExpressRoute circuits should you create?

You are planning an Azure Point-to-Site (P2S) VPN that will use OpenVPN.
Users will authenticate by an on-premises Active Directory domain.
Which additional service should you deploy to support the VPN authentication?

Your company has an on-premises network and three Azure subscriptions named Subscription1, Subscription2, and Subscription3.
The departments at the company use the Azure subscriptions as shown in the following table.

All the resources in the subscriptions are in either the West US Azure region or the West US 2 Azure region.
You plan to connect all the subscriptions to the on-premises network by using ExpressRoute.
What is the minimum number of ExpressRoute circuits required?

You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?

You have an on-premises datacenter named Site1 that contains a firewall named FW1. FW1 connects to the internet.
You have an Azure subscription that contains the resources shown in the following table.

You plan to connect Site1 to Hub1 by using a site-to-site connection.
You need to configure the site-to-site connection to FW1.
What should you create in VWAN1?

You have an Azure application gateway named AppGW1 that balances requests to a web app named App1.
You need to modify the server variables in the response header of App1.
What should you configure on AppGW1?

You have an on-premises network.
You have an Azure subscription that contains a virtual network.
You have an ExpressRoute service provider.
You plan to connect the Azure virtual network and the on-premises network by using an ExpressRoute circuit.
You create a new ExpressRoute circuit.
You need to provision the new circuit.
Which information should you provide to the service provider?

You have an instance of Azure Web Application Firewall (WAF) on Azure Front Door.
You plan to create a WAF rule that will block high rates of requests from a single IP address.
You need to query Log Analytics to identify the optimal threshold for the rule.
Which table should you query in Log Analytics?

You have an on-premises datacenter and an Azure subscription.
You plan to implement ExpressRoute FastPath.
You need to create an ExpressRoute gateway. The solution must minimize downtime if a single Azure datacenter fails.
Which SKU should you use?

You have an Azure subscription that contains an ExpressRoute Standard gateway named GW1.
You need to upgrade GW1 to support ExpressRoute FastPath. The solution must minimize downtime.
Which SKU should you use?

You have an Azure subscription that contains a virtual network named VNet1 and the virtual machines shown in the following table.

All the virtual machines are connected to Vnet1.
You need to ensure that the applications hosted on the virtual machines can be accessed from the internet. The solution must ensure that the virtual machines share a single public IP address.
What should you use?

You have 10 on-premises networks that are connected by using a 3rd party Software Defined Wide Area Network (SD-WAN) solution. You have an Azure subscription that contains five virtual networks.
You plan to connect the Azure virtual networks and the on-premises networks by using an Azure Virtual WAN with a single virtual WAN hub.
You need to ensure that the Azure Virtual WAN can act as a node in the 3rd party SD-WAN solution.
What should you include in the solution?

Your company has an office in New York.
The company has an Azure subscription that contains the virtual networks shown in the following table.

You need to connect the virtual networks to the office by using ExpressRoute. The solution must meet the following requirements:
• The connection must have up to 1 Gbps of bandwidth.
• The office must have access to all the virtual networks.
• Costs must be minimized.
How many ExpressRoute circuits should be provisioned, and which ExpressRoute SKU should you enable?

You have an Azure subscription that contains the resources shown in the following table.

You create a virtual network named Vnet2 in the West US region.
You plan to enable peering between Vnet1 and Vnet2.
You need to ensure that the virtual machines connected to Vnet2 can connect to VM1 and VM2 via LB1.
What should you do?

Your company has offices in New York and Amsterdam. The company has an Azure subscription. Both offices connect to Azure by using a Site-to-Site VPN connection.
The office in Amsterdam uses resources in the North Europe Azure region. The office in New York uses resources in the East US Azure region.
You need to implement ExpressRoute circuits to connect each office to the nearest Azure region. Once the ExpressRoute circuits are connected, the on-premises computers in the Amsterdam office must be able to connect to the on-premises servers in the New York office by using the ExpressRoute circuits.
Which ExpressRoute option should you use?

You fail to establish a Site-to-Site VPN connection between your company's main office and an Azure virtual network.
You need to troubleshoot what prevents you from establishing the IPsec tunnel.
Which diagnostic log should you review?