최신 AZ-700 Deutsch 무료덤프 - Microsoft Designing and Implementing Microsoft Azure Networking Solutions (AZ-700 Deutsch Version)

Explanation:

Explanation:
"All network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in."
https://learn.microsoft.com/en-us/azure/virtual-network/application-security-groups

See the Explanation below for step by step instructions.
Explanation:
To provide a single host name that routes traffic based on the origin, you can use Azure Traffic Manager. This service allows you to route traffic to different endpoints based on various routing methods, including geographic routing.
* Navigate to the Azure Portal.
* Search for "Traffic Manager profiles" and select it.
* Click on "Create".
* Enter the following details:
* Name: Enter a name for the Traffic Manager profile (e.g., ContosoTrafficManager).
* Routing method: Select Geographic.
* Subscription: Select your subscription.
* Resource group: Select an existing resource group or create a new one.
* Resource group location: Choose a location (this does not affect the routing).
* Click on "Create".
* Navigate to the newly created Traffic Manager profile.
* Select "Endpoints" from the left-hand menu.
* Click on "Add" to add a new endpoint.
* Enter the following details:
* Type: Select External endpoint.
* Name: Enter a name for the endpoint (e.g., NewYorkEndpoint).
* FQDN: Enter ny.contoso.com.
* Geographic region: Select "World" (this will be adjusted later).
* Click on "Add" to save the endpoint.
* Repeat the process to add the second endpoint:
* Type: Select External endpoint.
* Name: Enter a name for the endpoint (e.g., GermanyEndpoint).
* FQDN: Enter de.contoso.com.
* Geographic region: Select Europe.
* Navigate to the Traffic Manager profile.
* Select "Configuration" from the left-hand menu.
* Under "Geographic routing", adjust the regions:
* For the GermanyEndpoint, ensure that the geographic region is set to Europe.
* For the NewYorkEndpoint, ensure that the geographic region is set to World (excluding Europe).
* Use a DNS query tool to test the routing.
* From a location in Germany, query the Traffic Manager profile's DNS name and ensure it resolves to de.contoso.com.
* From a location outside Europe, query the Traffic Manager profile's DNS name and ensure it resolves to ny.contoso.com.
* Azure Traffic Manager: This service uses DNS to direct client requests to the most appropriate endpoint based on the routing method you choose. Geographic routing ensures that traffic is directed based on the origin of the request.
* Geographic Routing: This method allows you to route traffic based on the geographic location of the DNS query origin, ensuring that users are directed to the nearest or most appropriate endpoint.
Step-by-Step SolutionStep 1: Create a Traffic Manager ProfileStep 2: Configure EndpointsStep 3: Adjust Geographic RoutingStep 4: Test the ConfigurationExplanationBy following these steps, you can provide a single host name that routes traffic to de.contoso.com for users in Germany and to ny.contoso.com for users from other locations, ensuring efficient and appropriate traffic management.

See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for ensuring that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name stor-age34280945.pnvatelinlcblob.core.
windows.net:
* To allow access from a specific IP address range, you need to configure the Azure Storage firewall and virtual network settings for your storage account. You can do this in the Azure portal by selecting your storage account and then selecting Networking under Settings1.
* On the Networking page, select Firewalls and virtual networks, and then select Selected networks under Allow access from1. This will block all access to your storage account except from the networks or resources that you specify.
* Under Firewall, select Add rule, and then enter 10.1.1.0/24 as the IP address or range. You can also enter an optional rule name and description1. This will allow access from any IP address in the 10.1.1.0
/24 range.
* Select Save to apply your changes1.
* To map a custom domain name to your storage account, you need to create a CNAME record with your domain provider that points to your storage account endpoint2. A CNAME record is a type of DNS record that maps a source domain name to a destination domain name.
* Sign in to your domain registrar's website, and then go to the page for managing DNS settings2.
* Create a CNAME record with the following information2:
* Source domain name: stor-age34280945.pnvatelinlcblob.core.windows.net
* Destination domain name: stor-age34280945.pnvatelinlcblob.core.windows.net
* Save your changes and wait for the DNS propagation to take effect2.
* To register the custom domain name with Azure, you need to go back to the Azure portal and select your storage account. Then select Custom domain under Blob service2.
* On the Custom domain page, enter stor-age34280945.pnvatelinlcblob.core.windows.net as the custom domain name and select Save2.

Explanation:

Box 1: No
VM1 is in Zone2 whereas the NAT Gateway is in Zone1. The VM would need to be in the same zone as the NAT Gateway to be able to use it. Therefore, VM1 cannot use the NAT gateway.
Box 2: Yes
NATgateway1 is configured in the settings for Subnet2.
Box 3: No
The NAT gateway does not have a single public IP address, it has an IP prefix which means more than one IP address. The VMs the use the NAT Gateway can use different public IP addresses contained within the IP prefix.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource

Explanation:

Box 1: No
Zone2.contoso.com is not linked to any virtual networks. Therefore, no VMs are able to resolve names in the zone.
Box 2: Yes
VM4 is in VNet3. Zone1.contoso.com has a link to VNet3 and auto-registration is enabled on the link.
Box3: No
VNet3 is linked to zone1.contoso.com and auto-registration is enabled on the link. A virtual network can only have one registration zone. You can link zone2.contoso.com to VNet3 but you won't be able to enable auto- registration on the link.
Topic 3, Proseware. Inc
Overview
Existing Environment
Proseware. Inc. is a financial services company that has a main office in New York City and a branch office in San Francisco.
Hybrid Environment
Proseware has an on-premises Active Directory Domain Services (AD DS) forest named corp.proseware.com that syncs with a Microsoft Entra tenant named proseware.com.
Proseware has an Azure subscription that is linked to proseware.com.
Proseware has an internal certification authority (CA).
Network infrashtructure
The offices contain the resources shown in the following table.
NYCNet connects to Azure by using an ExptessRoute circuit.
SFONet connects to Azure by using a Site to-Site (S2S) VPN.
The Azure subscriotion contains the virtual networks and subnets shown in the followina table.

The subscription contains four virtual machines named VM1, VM2, VM3, and VM4. VM1 and VM2 host an app named App1.
VM3 and VM4 host a web app named App2 that is accessed by using a FQDN of app2.proseware.com. Users access app2.proseware.com by using HTTP or HTTPS.
VM1, VM2, and VM4 are connected to SpokeVNet
The subscription contains Application Gateway resources shown in the following table.

The subscription contains an Azure Front Door Standard profile named FD1. FD1 contains a single origin group that targets APPGW1 by using the default endpoint name.
HubVNet connects to NYCNet by using an ExpressRoute gateway named ERGW1.
The subscription contains an Azure Private DNS zone named DNSZonel in the East US region. DNSZonel hosts a namespace of azure.piosewaie.com and is linked to HubVNet The subscription contains a Standard Azure load balancer named LBS1 in the East US region. LBS1 contains a backend pool that hosts VM1 and VM2.
Planned Changes
Proseware plans to implement the following changes:
* Deploy an Azure Private DNS Resolver named PRDNSl to HubVNet and link PRDNS1 to SpokeVNet.
* Create a DNS forwarding ruleset named DNSRS1 and associate DNSRS1 with PRDNSl
* Deploy Azure Virtual Network Manager and implement the following rules:
o Allow inbound connections on TCP port 3389 from the on-premises networks to SU8NET-JUMPHOSTS. o Block inbound connections on TCP poit 80 from the internet to SpokeVNet.
* Ensure that Azure Virtual Network Manager rules take precedence over conflicting NSG rules.
* Deploy two network virtual appliances (NVAs) named NVA1 and NVA2 to HubVNet.
* Deploy a gateway load balancer named L8GW1 to HubVNet.
* Configure LBGW1 to inspect traffic on TCP ports 443, 1433, and 1434 from LBS1 by using NVA1 and NVA2.
* Ensure that all the traffic to App2 is processed by using FD1.
Connectivity Requirements
Proseware identifies the following connectivity requirements:
* Minimize the complexity of the Azure Virtual Network Manager deployment.
* Route traffic between NYCNet and SFONet via the ExpressRoute circuit and the S2S VPN
* Ensure that remote users on Windows 11 devices can connect to HubVNet by using a Point-to-Site (P2S) VP and their proseware.com credentials.
Security Requirements
Proseware identifies the following general requirements:
* Minimize the IP address space required to deploy platform-managed resources to the virtual networks.
* From SpokeVNet, resolve name resolution requests for the azure.proseware.com namespace and the corp.
proseware.com namespace by using PRDNS1.
* Whenever possible, minimize administrative effort.

See the Explanation below for step by step instructions.
Explanation:
To minimize the risk of SNAT port exhaustion for your 100 virtual machines in subnet4-1, while ensuring minimal administrative effort, you can use an Azure NAT Gateway. This service provides scalable and resilient outbound connectivity for virtual networks, dynamically allocating SNAT ports to avoid exhaustion.
* Navigate to the Azure Portal.
* Search for "NAT gateways" and select it.
* Click on "Create".
* Enter the following details:
* Subscription: Select your subscription.
* Resource Group: Select an existing resource group or create a new one.
* Name: Enter a name for the NAT gateway (e.g., NATGateway-Subnet4-1).
* Region: Select the region where your virtual network is located.
* Click on "Next: Outbound IP".
* Choose whether to use existing public IP addresses or create new ones.
* If creating new ones, click on "Add new" and configure the new public IP addresses.
* Click on "Next: Subnet".
* Click on "Associate subnet".
* Select the virtual network that contains subnet4-1.
* Select subnet4-1 from the list of subnets.
* Click on "OK".
* Review your settings to ensure everything is correct.
* Click on "Review + create" and then "Create".
* Azure NAT Gateway: This service provides outbound connectivity for virtual networks, dynamically allocating SNAT ports across all VM instances within a subnet. This dynamic allocation helps prevent SNAT port exhaustion, especially in scenarios with high outbound connection volumes12.
* Dynamic SNAT Port Allocation: Unlike static allocation methods, NAT Gateway dynamically allocates SNAT ports based on demand, ensuring efficient use of available ports and reducing the risk of exhaustion2.
Step-by-Step SolutionStep 1: Create a NAT GatewayStep 2: Configure Outbound IP AddressesStep 3:
Associate the NAT Gateway with Subnet4-1Step 4: Review and CreateExplanationBy following these steps, you can ensure that your 100 virtual machines in subnet4-1 can make the necessary API calls without running into SNAT port exhaustion, all while minimizing administrative effort.

See the Explanation below for step by step instructions.
Explanation:
To archive all the metrics of VNET1 to an existing storage account, you can use Azure Monitor's diagnostic settings. Here's how you can do it:
Step-by-Step Solution
Step 1: Navigate to VNET1 in the Azure Portal
* Open the Azure Portal.
* Search for "Virtual networks" and select VNET1 from the list.
Step 2: Configure Diagnostic Settings
* In the VNET1 blade, select "Diagnostic settings" under the "Monitoring" section.
* Click on "Add diagnostic setting".
Step 3: Set Up the Diagnostic Setting
* Enter a name for the diagnostic setting (e.g., VNET1-Metrics-Archive).
* Select the metrics you want to archive. You can choose from various metrics like TotalBytesReceived, TotalBytesSent, etc.
* Under "Destination details", select "Archive to a storage account".
* Choose the existing storage account where you want to archive the metrics.
* Configure the retention period if needed.
Step 4: Save the Configuration
* Review your settings to ensure everything is correct.
* Click on "Save" to apply the diagnostic setting.
Explanation:
* Diagnostic Settings: These allow you to collect and route metrics and logs from your Azure resources to various destinations, including storage accounts, Log Analytics workspaces, and Event Hubs.
* Metrics: Metrics provide numerical data about the performance and health of your resources. Archiving these metrics helps in long-term analysis and compliance.
* Storage Account: Using an existing storage account ensures that the metrics are stored securely and can be accessed for future analysis.
By following these steps, you can ensure that all the metrics of VNET1 are archived to your existing storage account, enabling you to monitor and analyze the performance and health of your virtual network over time.

Explanation:

설명: (DumpTOP 회원만 볼 수 있음)

Explanation:

Explanation:

Explanation:

설명: (DumpTOP 회원만 볼 수 있음)

Explanation:

설명: (DumpTOP 회원만 볼 수 있음)

Explanation: