Microsoft AZ-500 Quiz 5 Topic 4 Questions 21-25

Question: 1

You need to configure network connectivity between a virtual network named VNET1 and a virtual network named VNET2. The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2.

To complete this task, sign in to the Azure portal and modify the Azure resources.

AExplanation:
You need to configure VNet Peering between the two networks. The questions states, ''The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2''. It doesn't say the VMs on VNET2 should be able to communicate with VMs on VNET1. Therefore, we need to configure the peering to allow just the one-way communication.
1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to Virtual Networks in the left navigation pane.
2. In the properties of VNET1, click on Peerings.
3. In the Peerings blade, click Add to add a new peering.
4. In the Name of the peering from VNET1 to remote virtual network box, enter a name such as VNET1-VNET2 (this is the name that the peering will be displayed as in VNET1)
5. In the Virtual Network box, select VNET2.
6. In the Name of the peering from remote virtual network to VNET1 box, enter a name such as VNET2-VNET1 (this is the name that the peering will be displayed as in VNET2).
There is an option Allow virtual network access from VNET to remote virtual network. This should be left as Enabled.
7. For the option Allow virtual network access from remote network to VNET1, click the slider button to Disabled.
8. Click the OK button to save the changes.

Show Answer

Question: 2

You need to deploy an Azure firewall to a virtual network named VNET3.

To complete this task, sign in to the Azure portal and modify the Azure resources.

This task might take several minutes to complete. You can perform other tasks while the task completes.

AExplanation:
To add an Azure firewall to a VNET, the VNET must first be configured with a subnet named AzureFirewallSubnet (if it doesn't already exist).
Configure VNET3.
In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET3. Alternatively, browse to Virtual Networks in the left navigation pane.
In the Overview section, note the Location (region) and Resource Group of the virtual network. We'll need these when we add the firewall.
Click on Subnets.
Click on + Subnet to add a new subnet.
Enter AzureFirewallSubnet in the Name box. The subnet must be named AzureFirewallSubnet.
Enter an appropriate IP range for the subnet in the Address range box.
Click the OK button to create the subnet.
Add the Azure Firewall.
In the settings of VNET3 click on Firewall.
Click the Click here to add a new firewall link.
The Resource group will default to the VNET3 resource group. Leave this default.
Enter a name for the firewall in the Name box.
In the Region box, select the same region as VNET3.
In the Public IP address box, select an available public IP address if one exists, or click Add new to add a new public IP address.
Click the Review + create button.
Review the settings and click the Create button to create the firewall.

Show Answer

Question: 3

You need to configure a virtual network named VNET2 to meet the following requirements:

Administrators must be prevented from deleting VNET2 accidentally.

Administrators must be able to add subnets to VNET2 regularly.

To complete this task, sign in to the Azure portal and modify the Azure resources.

AExplanation:
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.
1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET2. Alternatively, browse to Virtual Networks in the left navigation pane.
2. In the Settings blade for virtual network VNET2, select Locks.

3. To add a lock, select Add.

4. For Lock type select Delete lock, and click OK

Show Answer

Question: 4

You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests.

To complete this task, sign in to the Azure portal.

You do not need to wait for the task to complete.

AExplanation:
You need to enable the Web Application Firewall on the Application Gateway.
In the Azure portal, type Application gateways in the search box, select Application gateways from the search results then select the gateway named Homepage-AGW. Alternatively, browse to Application Gateways in the left navigation pane.
In the properties of the application gateway, click on Web application firewall.
For the Tier setting, select WAF V2.
In the Firewall status section, click the slider to switch to Enabled.
In the Firewall mode section, click the slider to switch to Prevention.
Click Save to save the changes.

Show Answer

Question: 5

You need to create a web app named Intranet11597200 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD).

To complete this task, sign in to the Azure portal.

AExplanation:
In the Azure portal, type App services in the search box and select App services from the search results.
Click the Create app service button to create a new app service.
In the Resource Group section, click the Create new link to create a new resource group.
Give the resource group a name such as Intranet11597200RG and click OK.
In the Instance Details section, enter Intranet11597200 in the Name field.
In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
Click the Review + create button.
Click the Create button to create the web app.
Click the Go to resource button to open the properties of the new web app.
In the Settings section, click on Authentication / Authorization.
Click the App Service Authentication slider to set it to On.
In the Action to take when request is not authentication box, select Log in with Azure Active Directory.
Click Save to save the changes.

Show Answer

Microsoft AZ-500 Quiz:5 Topic:4 Questions:21-25