AZ-700 Dump Free

Table of Contents

AZ-700 Dump Free – 50 Practice Questions to Sharpen Your Exam Readiness.

Looking for a reliable way to prepare for your AZ-700 certification? Our AZ-700 Dump Free includes 50 exam-style practice questions designed to reflect real test scenarios—helping you study smarter and pass with confidence.

Using an AZ-700 dump free set of questions can give you an edge in your exam prep by helping you:

Understand the format and types of questions you’ll face
Pinpoint weak areas and focus your study efforts
Boost your confidence with realistic question practice

Below, you will find 50 free questions from our AZ-700 Dump Free collection. These cover key topics and are structured to simulate the difficulty level of the real exam, making them a valuable tool for review or final prep.

Question 1

You have an on-premises datacenter and an Azure subscription.
You plan to implement ExpressRoute FastPath.
You need to create an ExpressRoute gateway. The solution must minimize downtime if a single Azure datacenter fails.
Which SKU should you use?

A. ErGw1AZ

B. High performance

C. Ultra performance

D. ErGw3AZ

E. ErGw2AZ

Question 2

Your company has offices in London, Tokyo, and New York.
The company has a web app named App1 that has the Azure Traffic Manager profile shown in the following table.

In Asia, you plan to deploy an additional endpoint that will host an updated version of App1.
You need to route 10 percent of the traffic from the Tokyo office to the new endpoint during testing.
What should you configure in Traffic Manager?

A. two profiles and five endpoints

B. two profiles and four endpoints

C. three profiles and four endpoints

D. one profile and five endpoints

Suggested Answer: B

Need two profiles. Add one Child profile using Weighted routing. One additional trial endpoint, to the existing three, for the Child Profile is needed.
Note 1: Each Traffic Manager profile specifies a single traffic-routing method. However, there are scenarios that require more sophisticated traffic routing than the routing provided by a single Traffic Manager profile. You can nest Traffic Manager profiles to combine the benefits of more than one traffic-routing method.
Note 2: Weighted routing: Select Weighted routing when you want to distribute traffic across a set of endpoints based on their weight. Set the weight the same to distribute evenly across all endpoints.
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-nested-profiles
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods

Question 3

SIMULATION
-

Username and password
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username:
User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx
-
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You need to ensure that the owner of VNET3 receives an alert if an administrative operation is performed in the virtual network.
To complete this task, sign in to the Azure portal.

Suggested Answer:

Question 4

You plan to implement an Azure virtual network that will contain 10 virtual subnets. The subnets will use IPv6 addresses. Each subnet will host up to 200 load-balanced virtual machines.
You need to recommend which subnet mask size to use for the virtual subnets.
What should you recommend?

A. /64

B. /120

C. /48

D. /24

Suggested Answer: D

Question 5

You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 is associated to a network security group (NSG) named NSG1. NSG1 blocks all outbound traffic that is not allowed explicitly.
Subnet1 contains virtual machines that must communicate with the Azure Cosmos DB service.
You need to create an outbound security rule in NSG1 to enable the virtual machines to connect to Azure Cosmos DB.
What should you include in the solution?

A. a service tag

B. a service endpoint policy

C. a subnet delegation

D. an application security group

Suggested Answer: A

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoint-policies-portal

Question 6

You have an Azure subscription that contains the resources shown in the following table.

Users on HP1 connect to App1 by using a URL of https://app1.contoso.com.
You need to ensure that the IDPS on FW1 can identify security threats in the connections from HP1 to Server1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Enable TLS inspection for FW1.

B. Import a server certificate to KV1.

C. Enable threat intelligence for FW1.

D. Add an application group to HP1.

E. Add a secured virtual network to FW1.

Suggested Answer: AB

Question 7

HOTSPOT
-
You have an Azure application gateway named AppGw1.
You need to create a rewrite rule for AppGw1. The solution must rewrite the URL of requests from https://www.contoso.com/fashion/shirts to https://www.contoso.com/buy.aspx?category=fashion&product=shirts.
How should you complete the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 8

HOTSPOT
-
You have an Azure subscription that contain a storage account named st1 in the East US Azure region.
You have the virtual networks shown in the following table.

You have the subnets shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 9

After you answer a question in this section, you will NOT be able to return it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Virtual WAN named VWAN1. VWAN1 contains a hub named Hub1.
Hub1 has a security status of Unsecured.
You need to ensure that the security status of Hub1 is marked as Secured.
Solution: You implement an Azure Front Door profile.
Does this meet the requirement?

A. Yes

B. No

Suggested Answer: B

Question 10

SIMULATION
-

Username and password
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username:
User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx
-
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You plan to implement an Azure application gateway in the East US Azure region. The
application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
To complete this task, sign in to the Azure portal.

Suggested Answer:

Question 11

SIMULATION
-

Username and password
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username:
User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx
-
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You need to block all outbound internet traffic for HTTP and HTTPS that originates from subnet1-1. All other traffic must be allowed.
To complete this task, sign in to the Azure portal.

Suggested Answer:

Question 12

SIMULATION
-

Username and password
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username:
User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx
-
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You plan to deploy two DNS servers to subnet2-1. Each server will host a DNS zone for fabrikam,com. The DNS zones will contain records from the on-premises network only. The IP address of the DNS servers will be 10.2.1.4 and 10.2.1.5.
You need to ensure that virtual machines on VNET2 can resolve the names of the on-premises servers in fabrikam.com.
To complete this task, sign in to the Azure portal.

Suggested Answer:

Question 13

You have an Azure subscription that contains an ExpressRoute Standard gateway named GW1.
You need to upgrade GW1 to support ExpressRoute FastPath. The solution must minimize downtime.
Which SKU should you use?

A. Ultra performance

B. ErGw3AZ

C. ErGw2AZ

D. High performance

Suggested Answer: B

Question 14

HOTSPOT
-
You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 has a /24 IPv4 address space.
You need to subdivide Vnet1. The solution must maximize the number of usable subnets.
What is the maximum number of IPv4 subnets you can create, and how many usable IP addresses will be available per subnet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 15

HOTSPOT
-
You have an Azure subscription that contains 10 virtual machines. The virtual machines are assigned private IP addresses. The subscription contains the resources shown in the following table.

You need to configure FWPolicy1 to meet the following requirements:
• Allow incoming connections to the virtual machines from the internet on port 4567.
• Block outbound connections from the virtual machines to an FQDN of *.fabrikam.com.
What should you configure in FWPolicy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 16

You need to provide access to storage2. The solution must meet the PaaS networking requirements and the business requirements.
Which connectivity method should you use?

A. a private endpoint

B. Azure Firewall

C. Azure Front Door

D. a service endpoint

Suggested Answer: D

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview

Question 17

You have an Azure Private Link service named PL1 that uses an Azure load balancer named LB1.
You need to ensure that PL1 can support a higher volume of outbound traffic.
What should you do?

A. Increase the number of frontend IP configurations for LB1.

B. Increase the number of NAT IP addresses assigned to PL1.

C. Deploy an Azure Application Gateway v2 instance to the source NAT subnet.

D. Redeploy LB1 with a different SKU.

Suggested Answer: B

Question 18

HOTSPOT -
In which NSGs can you use ASG1 and to which virtual machine network interfaces can you associate ASG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Question 19

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.
Solution: You disable the WAF rule that has a ruleId 920300.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: A

The log shows that WAF rule with ruleId 920300 was trigged. We should disable the WAF rule that has a ruleId 920300.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-troubleshoot

Question 20

HOTSPOT -
You are planning an Azure solution that will contain the following types of resources in a single Azure region:
✑ Virtual machine
✑ Azure App Service
✑ Virtual Network gateway
✑ Azure SQL Managed Instance
App Service and SQL Managed Instance will be delegated to create resources in virtual networks.
You need to identify how many virtual networks and subnets are required for the solution. The solution must minimize costs to transfer data between virtual networks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network

Question 21

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the following resources:
✑ A virtual network named Vnet1
✑ A subnet named Subnet1 in Vnet1
✑ A virtual machine named VM1 that connects to Subnet1
✑ Three storage accounts named storage1, storage2, and storage3
You need to ensure that VM1 can access storage1. VM1 must be prevented from accessing any other storage accounts.
Solution: You create a network security group (NSG) and associate the NSG to Subnet1.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: B

Question 22

Your company has an on-premises network and three Azure subscriptions named Subscription1, Subscription2, and Subscription3.
The departments at the company use the Azure subscriptions as shown in the following table.

All the resources in the subscriptions are in either the West US Azure region or the West US 2 Azure region.
You plan to connect all the subscriptions to the on-premises network by using ExpressRoute.
What is the minimum number of ExpressRoute circuits required?

A. 1

B. 2

C. 3

D. 4

E. 5

Suggested Answer: A

Reference:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction

Question 23

HOTSPOT
-
You have an Azure application gateway.
You need to create a rewrite rule that will remove the origin port from the HTTP header of incoming requests that are being forwarded to the backend pool.
How should you configure each setting? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 24

DRAG DROP -
You have an Azure Front Door instance named FrontDoor1.
You deploy two instances of an Azure web app to different Azure regions.
You plan to provide access to the web app through FrontDoor1 by using the name app1.contoso.com.
You need to ensure that FrontDoor1 is the entry point for requests that use app1.contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Suggested Answer:

Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain#associate-the-custom-domain-with-your-front-door
https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door

Question 25

HOTSPOT -
You need to restrict traffic from VMScaleSet1 to VMScaleSet2. The solution must meet the virtual networking requirements.
What is the minimum number of custom NSG rules and NSG assignments required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Box 2: One NSG -
The minimum requirement is one NSG. You could attach the NSG to VMScaleSet1 and restrict outbound traffic, or you could attach the NSG to VMScaleSet2 and restrict inbound traffic. Either way you would need two custom NSG rules.
Box 1: Two custom rules -
With the NSG attached to VMScaleSet2, you would need to create a custom rule blocking all traffic from VMScaleSet1. Then you would need to create another custom rule with a higher priority than the first rule that allows traffic on port 443.
The default rules in the NSG will allow all other traffic to VMScaleSet2.

Question 26

DRAG DROP -
You have Azure virtual networks named Hub1 and Spoke1. Hub1 connects to an on-premises network by using a Site-to-Site VPN connection.
You are implementing peering between Hub1 and Spoke1.
You need to ensure that a virtual machine connected to Spoke1 can connect to the on-premises network through Hub1.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Suggested Answer:

Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli#virtual-network-peering

Question 27

HOTSPOT -
You configure a route table named RT1 that has the routes shown in the following table.

You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.

You have the resources shown in the following table.

Vnet1 connects to an ExpressRoute circuit. The on-premises router advertises the following routes:
✑ 0.0.0.0/0
✑ 10.0.0.0/16
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Box 1: Yes -
NVA1 with IP (NVA-network virtual appliance) 192.168.0.4 is on the DMZ subnet. It will use route 10.0.0.0/16 to the on-premises network.
Box 2: No -
VM2 has IP address 192.168.2.4 and is on the BackEnd subnet. VM2 will not use the RT1 route table, and will not reach the on-premises network through NVA1.
Box 3: Yes -
VM1 with IP address 192.168.1.4 is on the FrontEnd subnet, and will use the RT1 routing table. It will use Route2 and Next Hop IP address 192.168.0.4, IP address of NVA1, to reach VM2.

Question 28

You have an Azure virtual network named Vnet1 and an on-premises network. The on-premises network has policy-based VPN devices.
In Vnet1, you deploy a virtual network gateway named GW1 that uses a SKU of VpnGw1 and is route-based.
You have a Site-to-Site VPN connection for GW1 as shown in the following exhibit.

You need to ensure that the on-premises network can connect to the route-based GW1.
What should you do before you create the connection?

A. Set Connection Mode to ResponderOnly.

B. Set BGP to Enabled.

C. Set Use Azure Private IP Address to Enabled.

D. Set IPsec / IKE policy to Custom.

Suggested Answer: B

BGP is the standard routing protocol commonly used in the Internet to exchange routing and reachability information between two or more networks. BGP enables the Azure VPN Gateways and your on-premises VPN devices, called BGP peers or neighbors, to exchange "routes" that will inform both gateways on the availability and reachability for those prefixes to go through the gateways or routers involved. BGP can also enable transit routing among multiple networks by propagating routes a BGP gateway learns from one BGP peer to all other BGP peers.
Incorrect:
Not C: A VPN gateway must have a Public IP address. Verify that you have an externally facing public IPv4 address for your VPN device.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-bgp-resource-manager-ps
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli

Question 29

You are planning the IP addressing for the subnets in Azure virtual networks.
Which type of resource requires IP addresses in the subnets?

A. storage account

B. internal load balancers

C. service endpoints

D. virtual network peering

Suggested Answer: B

Question 30

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the following subnets:
• AzureFirewallSubnet
• GatewaySubnet
• Subnet1
• Subnet2
• Subnet3
Subnet2 has a delegation to the Microsoft.Web/serverfarms service.
The subscription contains the resources shown in the following table.

You need to implement an Azure application gateway named AG1 that will be integrated with an Azure Web Application Firewall (WAF). AG1 will be used to publish VMSS1.
To which subnet should you connect AG1?

A. GatewaySubnet

B. AzureFirewallSubnet

C. Subnet2

D. Subnet1

E. Subnet3

Suggested Answer: E

Question 31

HOTSPOT
-
You have an Azure subscription that contains the resources shown in the following table.

The virtual network topology is shown in the following exhibit.

Firewall1 is configured as shown in following exhibit.

FirewallPolicy1 contains the following rules:
• Allow outbound traffic from Vnet1 and Vnet2 to the internet.
• Allow any traffic between Vnet1 and Vnet2.
No custom private endpoints, service endpoints, routing tables, or network security groups (NSGs) were created.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 32

HOTSPOT
-
You have an on-premises network.
You have an Azure subscription that contains the resources shown in the following table.

You need to implement an ExpressRoute circuit to access the resources in the subscription. The solution must ensure that the on-premises network connects to the Azure resources by using the ExpressRoute circuit.
Which type of peering should you use for each connection? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 33

You have an Azure application gateway for a web app named App1. The application gateway allows end-to-end encryption.
You configure the listener for HTTPS by uploading an enterprise-signed certificate.
You need to ensure that the application gateway can provide end-to-end encryption for App1.
What should you do?

A. Increase the Unhealthy threshold setting in the custom probe.

B. Enable the SSL profile to the listener.

C. Set Listener type to Multi site.

D. Upload the public key certificate to the HTTP settings.

Suggested Answer: D

Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal

Question 34

You have an Azure subscription that contains a virtual network named Vnet1. Vnet1 contains 20 subnets and 500 virtual machines. Each subnet contains a virtual machine that runs network monitoring software.
You have a network security group (NSG) named NSG1 associated to each subnet.
When a new subnet is created in Vnet1 an automated process creates an additional network monitoring virtual machine in the subnet and links the subnet to NSG1.
You need to create an inbound security rule in NSG1 that will allow connections to the network monitoring virtual machines from an IP address of 131.107.1.15. The solution must meet the following requirements:
• Ensure that only the monitoring virtual machines receive a connection from 131.1071.15.
• Minimize changes to NSG1 when a new subnet is created.
What should you use as the destination in the inbound security rule?

A. an application security group

B. a service tag

C. a virtual network

D. an IP address

Suggested Answer: A

Question 35

HOTSPOT
-
You have the Azure resources shown in the following table.

You need to link VNet2 to Circuit1.
What should you create in each subscription? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 36

SIMULATION
-

Username and password
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username:
User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx
-
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You plan to deploy an appliance to subnet3-2. The appliance will perform packet inspection and will have an IP address of 10.3.2.100.
You need to ensure that all traffic to the internet from subnet3-1 is forwarded to the appliance for inspection.
To complete this task, sign in to the Azure portal.

Suggested Answer:

Question 37

HOTSPOT
-
You have an Azure subscription that contains the resources shown in the following table.

You establish BGP peering between NVA1 and Hub1.
You need to implement transit connectivity between VNet1 and VNet3 via Hub1 by using BGP peering. The solution must minimize costs.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Suggested Answer:

Question 38

You have an internal Basic Azure Load Balancer named LB1 that has two frontend IP addresses. The backend pool of LB1 contains two Azure virtual machines named VM1 and VM2.
You need to configure the rules on LB1 as shown in the following table.

What should you do for each rule?

A. Enable Floating IP.

B. Disable Floating IP.

C. Set Session persistence to Enabled.

D. Set Session persistence to Disabled.

Suggested Answer: A

Question 39

HOTSPOT -
You have an Azure virtual network that contains the subnets shown in the following table.

In.NSG1, you create inbound rules as shown in the following table.

NSG2 has only the default rules configured.
You have the Azure virtual machines shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Suggested Answer:

Box 1: Yes -
VM3 is Subnet2. NSG2 applies. The default rule will allow communication.
Box 2: No -
VM1 & VM2 is in Subnet1. NSG1 applies. Only traffic on ports 80 and 443 will be allowed. Connection on port 9090 will be denied.
Note: Priority: A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Box 3: No -
VM1 is in Subnet1. NSG1 applies. Only traffic on ports 80 and 443 will be allowed. Connection on port 9090 will be denied.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Question 40

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains an Azure Front Door Premium profile named AFD1 and an Azure Web Application Firewall (WAF) policy named WAF1. AFD1 is associated with WAF1.
You need to configure a rate limit for incoming requests to AFD1.
Solution: You modify the policy settings of WAF1.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: B

Question 41

You have the on-premises networks shown in the following table.

You have an Azure subscription that contains an Azure virtual WAN named VWAN1 and a virtual network named VNet1. VWAN is connected to the on-premises networks and VNet1 in a full mesh topology. The virtual hub routing preference for VWAN1 is AS Path.
You need to route traffic from VNet1 to 10.61.1.5.
Which path will be used?

A. the VPN connection to Branch1

B. the VPN connection to Branch2

C. the ExpressRoute connection to Branch2

D. the ExpressRoute connection to Branch3

Suggested Answer: B

Question 42

What should you implement to meet the virtual network requirements for the virtual machines that connect to Vnet4 and Vnet5?

A. a private endpoint

B. a routing table

C. a service endpoint

D. a private link service

E. a virtual network peering

Suggested Answer: E

There is no virtual network peering between VM4's VNet (VNet3) and VM5's VNet (VNet4). To enable the VMs to communicate over the Microsoft backbone network a VNet peering is required between VNet3 and VNet4.

Question 43

You have an Azure subscription mat contains tour virtual networks named VNet1, VNet2, VNet3, and VNet4.
You plan to deploy a hub and spoke topology by using virtual network peering.
You need to configure VNet1 as the hub network. The solution must meet the following requirements:
• Support transitive routing between spokes.
• Maximize network throughput.
What should you include in the solution?

A. Azure VPN Gateway

B. Azure Route Server

C. Azure Private Link

D. Azure Firewall

Suggested Answer: A

Question 44

SIMULATION
-

Username and password
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username:
User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx
-
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You plan to configure a VPN tunnel for VNET2.
You need to ensure that all internet traffic from subnet2-1 is routed through an on-premises firewall before reaching the destination. The solution must be achieved without using dynamic routing protocols.
To complete this task, sign in to the Azure portal.

Suggested Answer:

Question 45

DRAG DROP
-
You have an Azure subscription that contains the resources shown in the following table.

You discover that users connect directly to App1.
You need to meet the following requirements:
• Administrators must only access App1 by using a private endpoint.
• All user connections to App1 must be routed through FD1.
• The downtime of connections to App1 must be minimized.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Suggested Answer:

Question 46

You have an Azure subscription that contains the following resources:
• A virtual network named Vnet1
• Two subnets named subnet1 and AzureFirewallSubnet
• A public Azure Firewall named FW1
• A route table named RT1 that is associated to Subnet1
• A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machine operating systems were activated.
You need to ensure that the virtual machines can be activated.
What should you do?

A. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.

B. On FW1, create an outbound network rule that allows traffic to the Azure Key Management Service (KMS).

C. Deploy a NAT gateway.

D. Deploy an application security group that allows outbound traffic to 1688.

Suggested Answer: B

Question 47

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway from any IP address.
Solution: You configure a custom cookie and an exclusion rule.
Does this meet the goal?

A. Yes

B. No

Suggested Answer: B

The log shows that WAF rule with ruleId 920300 was trigged. Instead we should disable the WAF rule that has a ruleId 920300.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-troubleshoot

Question 48

SIMULATION
-

Username and password
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username:
User-12345678@cloudslice.onmicrosoft.com
Azure Password: xxxxxxxxxx
-
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You need to restrict access to the storage35433841 storage account to ensure that only subnet1-2 can access the account.
To complete this task, sign in to the Azure portal.

Suggested Answer:

Question 49

You have an Azure subscription that contains the following resources:
• A virtual network named Vnet1
• Two subnets named subnet1 and AzureFirewallSubnet
• A public Azure Firewall named FW1
• A route table named RT1 that is associated to Subnet1
• A rule routing of 0.0.0.0/0 to FW1 in RT1
After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.
You need to ensure that the virtual machines can be activated.
What should you do?

A. On FW1, configure a DNAT rule for port 1688

B. Deploy a NAT gateway.

C. Add an internet route to RT1 for the Azure Key Management Service (KMS).

D. To Subnet1, associate a network security group (NSG) that allows outbound access to port 1688.

Suggested Answer: C

Question 50

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The subscription contains the following resources:
✑ A virtual network named Vnet1
✑ An App Service plan named ASP1
✑ An Azure App Service named webapp1
An Azure private DNS zone named private.contoso.com

✑ Virtual machines on Vnet1 that cannot communicate outside the virtual network
You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of https://www.private.contoso.com.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Create a CNAME record that maps www.private.contoso.com to webapp1.contoso.onmicrosoft.com.

B. Create a CNAME record that maps www.private.contoso.com to webapp1.private.contoso.com.

C. Create a service endpoint for webapp1.

D. Register an enterprise application in Azure AD for webapp1.

E. Create a private endpoint for webapp1.

F. Create a CNAME record that maps www.private.contoso.com to webapp1.privatelink.azurewebsites.net.

Suggested Answer: EF

E: You can use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve specific domains.
When you use Private Endpoint for Web App, the requested URL must match the name of your Web App. When you deploy a Private Endpoint, we update the
DNS entry to point to the canonical name mywebapp.privatelink.azurewebsites.net. For example, the name resolution will be (Name, Type, Value): mywebapp.azurewebsites.net CNAME mywebapp.privatelink.azurewebsites.net
Reference:
https://docs.microsoft.com/en-us/azure/app-service/networking/private-endpoint

Access Full AZ-700 Dump Free

Looking for even more practice questions? Click here to access the complete AZ-700 Dump Free collection, offering hundreds of questions across all exam objectives.

We regularly update our content to ensure accuracy and relevance—so be sure to check back for new material.

Begin your certification journey today with our AZ-700 dump free questions — and get one step closer to exam success!