Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure application gateway that has Azure Web Application Firewall (WAF) enabled.
You configure the application gateway to direct traffic to the URL of the application gateway.
You attempt to access the URL and receive an HTTP 403 error. You view the diagnostics log and discover the following error.

You need to ensure that the URL is accessible through the application gateway.
Solution: You create a WAF policy exclusion for request headers that contain 137.135.10.24.
Does this meet the goal?

A.

Yes

B.

No

You have an Azure subscription that contains the resources shown in the following table.

Subshell contains Three virtual machines that host an app named App1. App1 is accessed by using the SFTP protocol.
From NSG1. you configure an inbound security rule named Rule2 that allows inbound SFTP connections to ASG1.
You need to ensure that the inbound SFTP connections are managed by using ASG1. The solution must minimize administrative effort.
What should you do?

A.

From NSG1. modify the priority of Rule2.

B.

From each virtual machine, associate the network interface to ASG1

C.

From Subnet1 create a subnet delegation.

D.

From ASG1, modify the role assignments.

You configure a route table named RT1 that has the routes shown in the following table.

You have an Azure virtual network named Vnet1 that has the subnets shown in the following table.

You have the resources shown in the following table.

Vnet1 connects to an ExpressRoute circuit. The on-premises router advertises the following routes:
* 0.0.0.0/0

* 10.0.0.0/16

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Your company has offices in Montreal. Seattle, and Paris. The outbound traffic from each office originates from a specific public IP address.
You create an Azure Front Door instance named FD1 that has Azure Web Application Firewall (WAF) enabled. You configure a WAF policy named Policy! that has a rule named Rule1. Rule1 applies a rate limit of 100 requests for traffic that originates from the office in Montreal.
You need to apply a rate limit of 100 requests for traffic that originates from each office. What should you do?

A.

Modify the conditions of Rule1.

B.

Create two additional associations.

C.

Modify the rule type of Rule1.

D.

Modify the rate limit threshold of Rule1.

Your on-premises network contains an Active Directory Domain Services {AD DS) domain named contoso.com that has an internal certification authority (CA).
You have an Azure subscription.

You deploy an Azure application gateway named AppGwy1 and perform the following actions:
•    Configure an HTTP listener.
•    Associate a routing rule with the listener.

You need to configure AppGwy1 to perform mutual authentication for requests from domain-joined computers to contoso.com.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription that is linked to an Azure AD tenant named contoso.onmicrosoft.com. The subscription contains the following resources:

• A virtual network named Vnet1
• An App Service plan named ASPI
• An Azure App Service named webapp1
• An Azure private DNS zone named private.contoso.com
• Virtual machines on Vnet1 that cannot communicate outside the virtual network

You need to ensure that the virtual machines on Vnet1 can access webapp1 by using a URL of https:/Avwwprivate.contosocom.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.

Create a private endpoint for webapp1.

B.

Create a service endpoint for webapp1.

C.

Create a CNAME record that maps www.pnvate.contoso.com to webapp1.privatelink.azurewebsites.net.

D.

Create a CNAME record that maps wwwprivatemntoso.com to webapp1.contoso.onmicrosoft.com.

E.

Register an enterprise application in Azure AD for webapp1.

F.

Create a CNAME record that maps wow.private.contoso.com to webapp 1 private@ntoso.com.

You have an Azure application gateway named AppGW1 that balances requests to a web app named App1.
You need to modify the server variables in the response header of App1. What should you configure on AppGW1?

A.

HTTP settings

B.

rewrites

C.

rules

D.

listeners

You have an Azure subscription that contains the resource groups shown in the following table.

You have the virtual networks shown in the following table.
Vne1l contains two virtual machines named VM1 and VM2. Vnet2 contains two virtual machines named VM3 and VM4. You have the network security groups (NSGs) shown in the following table that include only default rules.

You have the Azure load balancers shown in the following table.

You have an Azure subscription that contains the resources shown in the following table.

Gateway1 provides access to App1 by using a URL of http://app1.contoso.com. You create a new web app named App2.
You need to configure Gateway1 to enable minimize administrative effort. What should you configure on Gateway1?

A.

a backend pool and a routing

B.

a listener and a routing rule

C.

a listener, a backend pool, and a rule

D.

a listener and a backend pool

You have an Azure subscription that contains the virtual machines shown in the following table.
 

Subnet1 and Subnet2 are associated to a network security group (NSG) named NSG1 that has the following outbound rule:
Priority: 100 Port: Any Protocol: Any Source: Any
Destination: Storage Action: Deny
You create a private endpoint that has the following settings:

Name: Private1
Resource type: Microsoft.Storage/storageAccounts Resource: storage1
Target sub-resource: blob Virtual network: Vnet1 Subnet: Subnet1
For each of the following statements, select Yes of the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have an Azure application gateway configured for a single website that is available at https://www.contoso.com.
The application gateway contains one backend pool and one rule. The backend pool contains two backend servers. Each backend server has an additional website that is available on port 8080.
You need to ensure that if port 8080 is unavailable on a backend server, all the traffic for https://www.contoso.com is redirected to the other backend server.
What should you do?

A.

Create a health probe.

B.

Add a new rule.

C.

Add a new listener.

D.

Change the port on the listener.

You are planning the IP addressing for the subnets in Azure virtual networks. Which type of resource requires IP addresses in the subnets?

A.

internal load balancers

B.

storage account

C.

serviice endpoints

D.

service endpoint policies