Overview -
General Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment -
Existing Environment -
Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active
Directory domain that syncs to the Azure AD tenant.
The Azure AD tenant contains the users shown in the following table.
 
Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table.
 
User1 manages the resources in RG1. User4 manages the resources in RG2.
Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table
 
No network security groups (NSGs) are associated to the network interfaces or the subnets.
Sub1 contains the storage accounts shown in the following table.
 
Requirements -
Planned Changes -
Contoso plans to implement the following changes:
Create a blob container named container1 and a file share named share1 that will use the Cool storage tier.
Create a storage account named storage5 and configure storage replication for the Blob service.
Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table.
 
Associate NSG1 to the network interface of VM1.
Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table.
 
 
Associate NSG2 to VNET1/Subnet2.
Technical Requirements -
Contoso must meet the following technical requirements:
Create container1 and share1.
Use the principle of least privilege.
Create an Azure AD security group named Group4.
Back up the Azure file shares and virtual machines by using Azure Backup.
Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C.
Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1.
Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1
Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months.
Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares.
DRAG DROP -
You need to configure the alerts for VM1 and VM2 to meet the technical requirements.
Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.
 
VMSS1 is set to VM (virtual machines) orchestration mode.
You need to deploy a new Azure virtual machine named VM1, and then add VM1 to VMSS1.
Which resource group and location should you use to deploy VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription that contains the resources in the following table.
 
VM1 and VM2 are deployed from the same template and host line-of-business applications.
You configure the network security group (NSG) shown in the exhibit. (Click the Exhibit tab.)
 
You need to prevent users of VM1 and VM2 from accessing websites on the Internet over TCP port 80.
What should you do?

A. Disassociate the NSG from a network interface

B. Change the Port_80 inbound security rule.

C. Associate the NSG to Subnet1.

D. Change the DenyWebSites outbound security rule.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region.
VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours.
Solution: From Performance Monitor, you create a Data Collector Set (DCS).
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You have an Azure subscription.
You plan to create a role definition to meet the following requirements:
• Users must be able to view the configuration data of a storage account.
• Users must be able to perform all actions on a virtual network.
• The solution must use the principle of least privilege.
What should you include in the role definition for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Recovery Services vault named RSV1. RSV1 has a backup policy that retains instant snapshots for five days and daily backup for 14 days.
RSV1 performs daily backups of VM1. VM1 hosts a static website that was updated eight days ago.
You need to recover VM1 to a point eight days ago. The solution must minimize downtime.
What should you do first?

A. Deallocate VM1.

B. Restore VM1 by using the Replace existing restore configuration option.

C. Delete VM1.

D. Restore VM1 by using the Create new restore configuration option.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure container registry named Registry1 that contains an image named image1.
You receive an error message when you attempt to deploy a container instance by using image1.
You need to be able to deploy a container instance by using image1.
Solution: You assign the AcrPull role to ACR-Tasks-Network for Registry1.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
You have two Azure virtual machines as shown in the following table.
 
You create the Azure DNS zones shown in the following table.
 
You perform the following actions:
✑ ׀¢׀¾ fabrikam.com, you add a virtual network link to vnet1 and enable auto registration.
✑ For contoso.com, you assign vm1 and vm2 the Owner role.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs.
You have a line-of-business-app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016.
You need to ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. an internal load balancer

B. a public load balancer

C. an Azure Content Delivery Network (CDN)

D. Traffic Manager

E. an Azure Application Gateway

You have an app named App1 that runs on two Azure virtual machines named VM1 and VM2.
You plan to implement an Azure Availability Set for App1. The solution must ensure that App1 is available during planned maintenance of the hardware hosting
VM1 and VM2.
What should you include in the Availability Set?

A. one update domain

B. two fault domains

C. one fault domain

D. two update domains

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1.
Does this meet the goal?

A. Yes

B. No

You have an Azure subscription that contains the resources shown in the following table.
 
You need to assign User1 the Storage File Data SMB Share Contributor role for share1.
What should you do first?

A. Enable identity-based data access for the file shares in storage1.

B. Modify the security profile for the file shares in storage1.

C. Select Default to Azure Active Directory authorization in the Azure portal for storage1.

D. Configure Access control (IAM) for share1.

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?

A. Floating IP (direct server return) to Enabled

B. Idle Time-out (minutes) to 20

C. a health probe

D. Session persistence to Client IP

You create an Azure Storage account.
You plan to add 10 blob containers to the storage account.
For one of the containers, you need to use a different key to encrypt data at rest.
What should you do before you create the container?

A. Generate a shared access signature (SAS).

B. Modify the minimum TLS version.

C. Rotate the access keys.

D. Create an encryption scope.

You have an Azure subscription that contains 10 virtual machines and the resources shown in the following table.
 
You need to ensure that Bastion1 can support 100 concurrent SSH users. The solution must minimize administrative effort.
What should you do first?

A. Resize the subnet of Bastion1

B. Configure host scaling.

C. Create a network security group (NSG)

D. Upgrade Bastion1 to the Standard SKU

HOTSPOT -
You have an Azure Kubernetes Service (AKS) cluster named AKS1 and a computer named Computer1 that runs Windows 10. Computer1 that has the Azure CLI installed.
You need to install the kubectl client on Computer1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription named Subscription1 that has the following providers registered:
✑ Authorization
✑ Automation
✑ Resources
✑ Compute
✑ KeyVault
✑ Network
✑ Storage
✑ Billing
✑ Web
Subscription1 contains an Azure virtual machine named VM1 that has the following configurations:
✑ Private IP address: 10.0.0.4 (dynamic)
✑ Network security group (NSG): NSG1
✑ Public IP address: None
✑ Availability set: AVSet
✑ Subnet: 10.0.0.0/24
✑ Managed disks: No
✑ Location: East US
You need to record all the successful and failed connection attempts to VM1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Enable Azure Network Watcher in the East US Azure region.

B. Add an Azure Network Watcher connection monitor.

C. Register the MicrosoftLogAnalytics provider.

D. Create an Azure Storage account.

E. Register the Microsoft.Insights resource provider.

F. Enable Azure Network Watcher flow logs.

You have an Azure subscription that contains the resources shown in the following table.
 
All the resources connect to a virtual network named VNet1.
You plan to deploy an Azure Bastion host named Bastion1 to VNet1.
Which resources can be protected by using Bastion1?

A. VM1 only

B. contoso.com only

C. App1 and contoso.com only

D. VM1 and contoso.com only

E. VM1, App1, and contoso.com

HOTSPOT -
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure file share named share1.
You create a shared access signature (SAS) named SAS1 as shown in the following exhibit:
 
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
You have an Azure Load Balancer named LB1.
You assign a user named User1 the roles shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription.
You plan to deploy a container.
You need to recommend which Azure services can scale the container automatically.
What should you recommend?

A. Azure Container Apps only

B. Azure Container Instances only

C. Azure Container Apps or Azure App Service only

D. Azure Container Instances or Azure App Service only

E. Azure Container Apps, Azure Container Instances, or Azure App Service

You sign up for Azure Active Directory (Azure AD) Premium P2.
You need to add a user named
admin1@contoso.com
as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?

A. Device settings from the Devices blade

B. Providers from the MFA Server blade

C. User settings from the Users blade

D. General settings from the Groups blade

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using
Azure ExpressRoute.
You plan to prepare the environment for automatic failover in case of ExpressRoute failure.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Create a connection

B. Create a local site VPN gateway

C. Create a VPN gateway that uses the VpnGw1 SKU

D. Create a gateway subnet

E. Create a VPN gateway that uses the Basic SKU

You have an Azure subscription that contains the resources shown in the following table.
 
You need to assign Workspace1 a role to allow read, write, and delete operations for the data stored in the containers of storage1.
Which role should you assign?

A. Storage Account Contributor

B. Contributor

C. Storage Blob Data Contributor

D. Reader and Data Access

You have Azure subscription that includes data in following locations:
 
You plan to export data by using Azure import/export job named Export1.
You need to identify the data that can be exported by using Export1.
Which data should you identify?

A. DB1

B. container1

C. share1

D. Table1

You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data.
Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2.
Which Azure Network Watcher feature should you use?

A. IP flow verify

B. Connection troubleshoot

C. Connection monitor

D. NSG flow logs

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers.
You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines.
You need to ensure that visitors are serviced by the same web server for each request.
What should you configure?

A. Floating IP (direct server return) to Disabled

B. Idle Time-out (minutes) to 20

C. a health probe

D. Session persistence to Client IP

HOTSPOT
-
You have an Azure subscription.
You need to deploy a virtual machine by using an Azure Resource Manager (ARM) template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

Overview -
ADatum Corporation is consulting firm that has a main office in Montreal and branch offices in Seattle and New York.
Existing Environment -
Azure Environment -
ADatum has an Azure subscription that contains three resource groups named RG1, RG2, and RG3.
The subscription contains the storage accounts shown in the following table.
 
The subscription contains the virtual machines shown in the following table.
 
The subscription has an Azure container registry that contains the images shown in the following table.
 
The subscription contains the resources shown in the following table.
 
Azure Key Vault -
The subscription contains an Azure key vault named Vault1.
Vault1 contains the certificates shown in the following table.
 
Vault1 contains the keys shown in the following table.
 
Microsoft Entra Environment -
ADatum has a Microsoft Entra tenant named adatum.com that is linked to the Azure subscription and contains the users shown in the following table.
 
The tenant contains the groups shown in the following table.
 
The adatum.com tenant has a custom security attribute named Attribute1.
Planned Changes -
ADatum plans to implement the following changes:
• Configure a data collection rule (DCR) named DCR1 to collect only system events that have an event ID of 4648 from VM2 and VM4.
• In storage1, create a new container named cont2 that has the following access policies: o Three stored access policies named Stored1, Stored2, and Stored3 o  A legal hold for immutable blob storage
• Whenever possible, use directories to organize storage account content.
• Grant User1 the permissions required to link Zone1 to VNet1.
• Assign Attribute1 to supported adatum.com resources.
• In storage2, create an encryption scope named Scope1.
• Deploy new containers by using Image1 or Image2.
Technical Requirements -
ADatum must meet the following technical requirements:
• Use TLS for WebApp1.
• Follow the principle of least privilege.
• Grant permissions at the required scope only.
• Ensure that Scope1 is used to encrypt storage services.
• Use Azure Backup to back up cont1 and share1 as frequently as possible.
• Whenever possible, use Azure Disk Encryption and a key encryption key (KEK) to encrypt the virtual machines.
You need to configure WebApp1 to meet the technical requirements.
Which certificate can you use from Vault1?

A. Cert1 only

B. Cert1 or Cert2 only

C. Cert1 or Cert3 only

D. Cert3 or Cert4 only

E. Cert1, Cert2 Cert3, or Cert4

HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.
 
NSG1 is configured as shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You plan to create the Azure web apps shown in the following table.
 
What is the minimum number of App Service plans you should create for the web apps?

A. 1

B. 2

C. 3

D. 4

HOTSPOT -
You have the App Service plans shown in the following table.
 
You plan to create the Azure web apps shown in the following table.
 
You need to identify which App Service plans can be used for the web apps.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Your company has an Azure subscription that includes a Recovery Services vault.
You want to use Azure Backup to schedule a backup of your company's virtual machines (VMs) to the Recovery Services vault.
Which of the following VMs can you back up? Choose all that apply.

A. VMs that run Windows 10.

B. VMs that run Windows Server 2012 or higher.

C. VMs that have NOT been shut down.

D. VMs that run Debian 8.2+.

E. VMs that have been shut down.

You have an Azure Active Directory (Azure AD) tenant.
You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center.
You need to create and upload a file for the bulk delete.
Which user attributes should you include in the file?

A. The user principal name and usage location of each user only

B. The user principal name of each user only

C. The display name of each user only

D. The display name and usage location of each user only

E. The display name and user principal name of each user only

You have a Microsoft Entra tenant named contoso.com.
You collaborate with an external partner named fabrikam.com.
You plan to invite users in fabrikam.com to the contoso.com tenant.
You need to ensure that invitations can be sent only to fabrikam.com users.
What should you do in the Microsoft Entra admin center?

A. From Cross-tenant access settings, configure the Tenant restrictions settings.

B. From Cross-tenant access settings, configure the Microsoft cloud settings.

C. From External collaboration settings, configure the Guest user access restrictions settings.

D. From External collaboration settings, configure the Collaboration restrictions settings.

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.
 
You create two user accounts that are configured as shown in the following table.
 
Of which groups are User1 and User2 members? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
You have an Azure App Service plan named ASP1.
CPU usage for ASP1 is shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager.
Subscription1 contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent.
What should you do first?

A. Create an automation runbook

B. Deploy a function app

C. Deploy the IT Service Management Connector (ITSM)

D. Create a notification

Your company has an Azure subscription.
You need to deploy a number of Azure virtual machines (VMs) using Azure Resource Manager (ARM) templates. You have been informed that the VMs will be included in a single availability set.
You are required to make sure that the ARM template you configure allows for as many VMs as possible to remain accessible in the event of fabric failure or maintenance.
Which of the following is the value that you should configure for the platformUpdateDomainCount property?

A. 10

B. 20

C. 30

D. 40

You have an Azure subscription that contains the storage accounts shown in the following table.
 
You deploy a web app named App1 to the West US Azure region.
You need to back up App1. The solution must minimize costs.
Which storage account should you use as the target for the backup?

A. storage1

B. storage2

C. storage3

D. storage4

HOTSPOT
-
You have a Microsoft Entra tenant that contains the groups shown in the following table.
 
The tenant contains the users shown in the following table.
 
Which users and groups can you delete? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
 
In storage1, you create a blob container named blob1 and a file share named share1.
Which resources can be backed up to Vault1 and Vault2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1?

A. Get-Event Event | where {$_.EventType == “error”}

B. search in (Event) “error”

C. select * from Event where EventType == “error”

D. search in (Event) * | where EventType -eq “error”

HOTSPOT
-
You have an Azure subscription that contains the resource groups shown in the following table.
 
You create the following Azure Resource Manager (ARM) template named deploy.json.
 
You deploy the template by running the following cmdlet.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
 
You create virtual machines in Subscription1 as shown in the following table.
 
You plan to use Vault1 for the backup of as many virtual machines as possible.
Which virtual machines can be backed up to Vault1?

A. VM1 only

B. VM3 and VMC only

C. VM1, VM2, VM3, VMA, VMB, and VMC

D. VM1, VM3, VMA, and VMC only

E. VM1 and VM3 only

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.
VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA.
You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between
VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.
You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.
Solution: You download and re-install the VPN client configuration package on the Windows 10 workstation.
Does the solution meet the goal?

A. Yes

B. No

You have an Azure subscription that contains the resources shown in the following table.
 
You create a route table named RT1 in the East US Azure region.
To which resources can you associate RT1?

A. VNet1 only

B. Subnet1 only

C. VNet1 and NIC1 only

D. Subnet1 and NIC1 only

E. VNet1, Subnet1, and NIC1

Overview -
Litware, Inc. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Litware are hosted on-premises.
Litware creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named litware.onmicrosoft.com. The tenant uses the
Premium P1 pricing tier.
Existing Environment -
The network contains an Active Directory forest named litware.com. All domain controllers are configured as DNS servers and host the litware.com DNS zone.
Litware has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Litware.com contains a user named User1.
All the offices connect by using private connections.
Litware has data centers in the Montreal and Seattle offices. Each office has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
 
Litware uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory.
The Azure subscription contains the resources in the following table.
 
The network security team implements several network security groups (NSGs)
Requirements -
Planned Changes -
Litware plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.
Technical Requirements -
Litware must meet the following technical requirements:
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
 
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.litware.com.
Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified.
Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.
HOTSPOT -
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure subscription.
You plan to deploy an Azure Kubernetes Service (AKS) cluster to support an app named App1. On-premises clients connect to App1 by using the IP address of the pod.
For the AKS cluster, you need to choose a network type that will support App1.
What should you choose?

A. kubenet

B. Azure Container Networking Interface (CNI)

C. Hybrid Connection endpoints

D. Azure Private Link

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company's Azure subscription includes two Azure networks named VirtualNetworkA and VirtualNetworkB.
VirtualNetworkA includes a VPN gateway that is configured to make use of static routing. Also, a site-to-site VPN connection exists between your company's on- premises network and VirtualNetworkA.
You have configured a point-to-site VPN connection to VirtualNetworkA from a workstation running Windows 10. After configuring virtual network peering between
VirtualNetworkA and VirtualNetworkB, you confirm that you are able to access VirtualNetworkB from the company's on-premises network. However, you find that you cannot establish a connection to VirtualNetworkB from the Windows 10 workstation.
You have to make sure that a connection to VirtualNetworkB can be established from the Windows 10 workstation.
Solution: You choose the Allow gateway transit setting on VirtualNetworkB.
Does the solution meet the goal?

A. Yes

B. No