Getting AZ-700 certification is an important step in your career, but preparing for it can feel challenging. At skillcertexams, we know that having the right resources and support is essential for success. That’s why we created a platform with everything you need to prepare for AZ-700 and reach your certification goals with confidence.
Your Journey to Passing the Designing and Implementing Microsoft Azure Networking Solutions AZ-700 Exam
Whether this is your first step toward earning the Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification, or you're returning for another round, we’re here to help you succeed. We hope this exam challenges you, educates you, and equips you with the knowledge to pass with confidence. If this is your first study guide, take a deep breath—this could be the beginning of a rewarding career with great opportunities. If you’re already experienced, consider taking a moment to share your insights with newcomers. After all, it's the strength of our community that enhances our learning and makes this journey even more valuable.
Why Choose SkillCertExams for AZ-700 Certification?
Expert-Crafted Practice Tests
Our practice tests are designed by experts to reflect the actual AZ-700 practice questions. We cover a wide range of topics and exam formats to give you the best possible preparation. With realistic, timed tests, you can simulate the real exam environment and improve your time management skills.
Up-to-Date Study Materials
The world of certifications is constantly evolving, which is why we regularly update our study materials to match the latest exam trends and objectives. Our resources cover all the essential topics you’ll need to know, ensuring you’re well-prepared for the exam's current format.
Comprehensive Performance Analytics
Our platform not only helps you practice but also tracks your performance in real-time. By analyzing your strengths and areas for improvement, you’ll be able to focus your efforts on what matters most. This data-driven approach increases your chances of passing the AZ-700 practice exam on your first try.
Learn Anytime, Anywhere
Flexibility is key when it comes to exam preparation. Whether you're at home, on the go, or taking a break at work, you can access our platform from any device. Study whenever it suits your schedule, without any hassle. We believe in making your learning process as convenient as possible.
Trusted by Thousands of Professionals
Over 10000+ professionals worldwide trust skillcertexams for their certification preparation. Our platform and study material has helped countless candidates successfully pass their AZ-700 exam questions, and we’re confident it will help you too.
What You Get with SkillCertExams for AZ-700
Realistic Practice Exams: Our practice tests are designed to the real AZ-700 exam. With a variety of practice questions, you can assess your readiness and focus on key areas to improve.
Study Guides and Resources: In-depth study materials that cover every exam objective, keeping you on track to succeed.
Progress Tracking: Monitor your improvement with our tracking system that helps you identify weak areas and tailor your study plan.
Expert Support: Have questions or need clarification? Our team of experts is available to guide you every step of the way.
Achieve Your AZ-700 Certification with Confidence
Certification isn’t just about passing an exam; it’s about building a solid foundation for your career. skillcertexams provides the resources, tools, and support to ensure that you’re fully prepared and confident on exam day. Our study material help you unlock new career opportunities and enhance your skillset with the AZ-700 certification.
Ready to take the next step in your career? Start preparing for the Microsoft AZ-700 exam and practice your questions with SkillCertExams today, and join the ranks of successful certified professionals!
Microsoft AZ-700 Sample Questions
Question # 1
Task 4 You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.
Answer: See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for ensuring that connections to the storage34280945
storage account can be made by using an IP address in the 10.1.1.0/24 range and the
name stor-age34280945.pnvatelinlcblob.core.windows.net:
To allow access from a specific IP address range, you need to configure the Azure
Storage firewall and virtual network settings for your storage account. You can do
this in the Azure portal by selecting your storage account and then selecting
Networking under Settings1.
On the Networking page, select Firewalls and virtual networks, and then select
Selected networks under Allow access from1. This will block all access to your
storage account except from the networks or resources that you specify.
Under Firewall, select Add rule, and then enter 10.1.1.0/24 as the IP address or
range. You can also enter an optional rule name and description1. This will allow
access from any IP address in the 10.1.1.0/24 range.
Select Save to apply your changes1.
To map a custom domain name to your storage account, you need to create a
CNAME record with your domain provider that points to your storage account
endpoint2. A CNAME record is a type of DNS record that maps a source domain
name to a destination domain name.
Sign in to your domain registrar’s website, and then go to the page for managing
DNS settings2.
Create a CNAME record with the following information2:
Save your changes and wait for the DNS propagation to take effect2.
To register the custom domain name with Azure, you need to go back to the Azure
portal and select your storage account. Then select Custom domain under Blob
service2.
On the Custom domain page, enter stor
age34280945.pnvatelinlcblob.core.windows.net as the custom domain name and
select Save2.
Question # 2
Task 6 You need to ensure that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address. The solution must minimize administrative effort when adding hosts to the subnet.
Answer: See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for ensuring that all hosts deployed to subnet3-2
connect to the internet by using the same static public IP address:
To use the same static public IP address for multiple hosts, you need to create a
NAT gateway and associate it with subnet3-2. A NAT gateway is a resource that
performs network address translation (NAT) for outbound traffic from a subnet1. It
allows you to use a single public IP address for multiple private IP addresses2.
To create a NAT gateway, you need to go to the Azure portal and select Create a
resource. Search for NAT gateway, select NAT gateway, then select Create3.
On the Create a NAT gateway page, enter or select the following information and
accept the defaults for the remaining settings:
Select Review + create and then select Create to create your NAT gateway3.
To associate the NAT gateway with subnet3-2, you need to go to the Virtual
networks service in the Azure portal and select your virtual network.
On the Virtual network page, select Subnets under Settings, and then select
subnet3-2 from the list.
On the Edit subnet page, under NAT gateway, select your NAT gateway from the
drop-down list. Then select Save.
Question # 3
Task 2 You need to ensure that you can deploy Azure virtual machines to the France Central Azure region. The solution must ensure that virtual machines in the France Central region are in a network segment that has an IP address range of 10.5.1.0/24.
Answer: See the Explanation below for step by step instructions.
Explanation:
To deploy Azure virtual machines to the France Central region and ensure they are in a
network segment with an IP address range of 10.5.1.0/24, follow these steps:
Step-by-Step Solution
Step 1: Create a Virtual Network in France Central
Navigate to the Azure Portal.
Search for “Virtual networks” in the search bar and select it.
Click on “Create”.
Enter the following details:
Click on “Next: IP Addresses”.
Step 2: Configure the Address Space and Subnet
In the IP Addresses tab, enter the address space as 10.5.1.0/24.
Click on “Add subnet”.
Enter the following details:
Click on “Add”.
Click on “Review + create” and then “Create”.
Step 3: Deploy Virtual Machines to the Virtual Network
Navigate to the Azure Portal.
Search for “Virtual machines” in the search bar and select it.
Click on “Create” and then “Azure virtual machine”.
Enter the following details:
Click on “Next: Disks”, configure the disks as needed, and then click on “Next:
Networking”.
In the Networking tab, select the virtual network (VNet-FranceCentral) and subnet
(Subnet-1) created earlier.
Complete the remaining configuration steps and click on “Review + create” and
then “Create”.
Explanation
Virtual Network: A virtual network in Azure allows you to create a logically isolated
network that can host your Azure resources.
Address Space: The address space 10.5.1.0/24 ensures that the VMs are in a
specific network segment.
Subnet: Subnets allow you to segment the virtual network into smaller,
manageable sections.
Region: Deploying the virtual network and VMs in the France Central region
ensures that the resources are physically located in that region By following these steps, you can ensure that your Azure virtual machines in the France
Central region are deployed within the specified IP address range of 10.5.1.0/24.
Question # 4
Task 11 You are preparing to connect your on-premises network to VNET4 by using a Site-to-Site VPN. The on-premises endpoint of the VPN will be created on a firewall named Firewall 1. The on-premises network has the following configurations: • Internal address range: 10.10.0.0/16. • Firewall 1 internal IP address: 10.10.1.1. • Firewall1 public IP address: 131.107.50.60. BGP is NOT used. You need to create the object that will provide the IP addressing configuration of the onpremises network to the Site-to-Site VPN. You do NOT need to create a virtual network gateway to complete this task.
Answer: See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for creating the object that will provide the IP
addressing configuration of the on-premises network to the Site-to-Site VPN:
The object that you need to create is called a local network gateway. A local
network gateway represents your on-premises network and VPN device in
Azure. It contains the public IP address of your VPN device and the address
prefixes of your on-premises network that you want to connect to the Azure virtual
network1.
To create a local network gateway, you need to go to the Azure portal and
select Create a resource. Search for local network gateway, select Local network
gateway, then select Create2.
On the Create local network gateway page, enter or select the following
information and accept the defaults for the remaining settings:
Select Review + create and then select Create to create your local network
gateway2.
Question # 5
Task 3 You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled. You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
Answer: See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for creating a policy that can be linked to the planned
application gateway and block connections from IP addresses in the 131.107.150.0/24
range:
To create a policy, you need to go to the Azure portal and select Create a
resource. Search for WAF, select Web Application Firewall, then select Create1.
On the Create a WAF policy page, Basics tab, enter or select the following
information and accept the defaults for the remaining settings:
On the Custom rules tab, select Add a rule to create a custom rule that blocks
connections from IP addresses in the 131.107.150.0/24 range2. Enter or select the
following information for the custom rule:
On the Review + create tab, review your settings and select Create to create your
WAF policy1.
To link your policy to the planned application gateway, you need to go to
the Application Gateway service in the Azure portal and select your application
gateway3.
On the Web application firewall tab, select your WAF policy from the drop-down list
and select Save
Question # 6
Task 7 You need to ensure that hosts on VNET2 can access hosts on both VNET1 and VNET3. The solution must prevent hosts on VNET1 and VNET3 from communicating through VNET2.
Answer: See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for ensuring that hosts on VNET2 can access hosts
on both VNET1 and VNET3, but hosts on VNET1 and VNET3 cannot communicate through
VNET2:
To connect different virtual networks in Azure, you need to use virtual network
peering. Virtual network peering allows you to create low-latency, high-bandwidth
connections between virtual networks without using gateways or the internet1.
To create a virtual network peering, you need to go to the Azure portal and select
your virtual network. Then select Peerings under Settings and select + Add2.
On the Add peering page, enter or select the following information:
Select Add to create the peering2.
Repeat the previous steps to create peerings between VNET2 and VNET1, and
between VNET2 and VNET3. This will allow hosts on VNET2 to access hosts on
both VNET1 and VNET3.
To prevent hosts on VNET1 and VNET3 from communicating through VNET2, you
need to use network security groups (NSGs) to filter traffic between
subnets. NSGs are rules that allow or deny inbound or outbound traffic based on
source or destination IP address, port, or protocol3.
To create an NSG, you need to go to the Azure portal and select Create a
resource. Search for network security group and select Network security
group. Then select Create4.
On the Create a network security group page, enter or select the following
information:
Select Review + create and then select Create to create your NSG4.
To add rules to your NSG, you need to go to the Network security groups service
in the Azure portal and select your NSG. Then select Inbound security rules or
Outbound security rules under Settings and select + Add4.
On the Add inbound security rule page or Add outbound security rule page, enter
or select the following information:
Select Add to create your rule4.
Repeat the previous steps to create inbound and outbound rules for your NSG that
deny traffic between VNET1 and VNET3 subnets. For example, you can create an
inbound rule that denies traffic from 10.0.1.0/24 (VNET1 subnet 1) to 10.0.3.0/24
(VNET3 subnet 1), and an outbound rule that denies traffic from 10.0.3.0/24
(VNET3 subnet 1) to 10.0.1.0/24 (VNET1 subnet 1).
To associate your NSG with a subnet, you need to go to the Virtual networks service in the Azure portal and select your virtual network. Then select Subnets
under Settings and select the subnet that you want to associate with your NSG5.
On the Edit subnet page, under Network security group, select your NSG from the
drop-down list. Then select Save5.
Repeat the previous steps to associate your NSG with the subnets in VNET1 and
VNET3 that you want to isolate from each other.
Question # 7
Task 3 You need to ensure that hosts on VNET1 and VNET2 can communicate. The solution must minimize latency between the virtual networks.
Answer: See the Explanation below for step by step instructions.
Explanation:
To ensure that hosts on VNET1 and VNET2 can communicate with minimal latency, you
can use Virtual Network Peering. This method connects the two virtual networks directly
through the Microsoft backbone network, ensuring low-latency and high-bandwidth
communication.
Step-by-Step Solution
Step 1: Set Up Virtual Network Peering
Navigate to the Azure Portal.
Search for “Virtual networks” and select VNET1.
In the left-hand menu, select “Peerings” under the “Settings” section.
Click on “Add” to create a new peering.
Enter the following details:
Click on “Add”.
Step 2: Configure Peering on VNET2
Navigate to VNET2 in the Azure Portal.
In the left-hand menu, select “Peerings” under the “Settings” section.
Click on “Add” to create a new peering.
Enter the following details:
Click on “Add”.
Explanation
Virtual Network Peering: This feature connects two virtual networks in the same or
different regions, allowing resources in both networks to communicate with each
other as if they were part of the same network. The traffic between peered virtual
networks uses the Microsoft backbone infrastructure, ensuring low latency and
high bandwidth12.
Allow Virtual Network Access: This setting ensures that the virtual networks can
communicate with each other.
Allow Forwarded Traffic: This setting allows traffic forwarded from a network
security appliance in the peered virtual network.
Allow Gateway Transit: This setting allows the peered virtual network to use the
gateway in the local virtual network.
By following these steps, you can ensure that hosts on VNET1 and VNET2 can
communicate with minimal latency, leveraging the high-speed Microsoft backbone network.
Question # 8
Task 10 You plan to deploy several virtual machines to subnet1-2. You need to prevent all Azure hosts outside of subnetl-2 from connecting to TCP port 5585 on hosts on subnet1-2. The solution must minimize administrative effort.
Answer: See the Explanation below for step by step instructions.
Explanation:
To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts
within subnet1-2, you can use a Network Security Group (NSG). This solution is
straightforward and minimizes administrative effort.
Step-by-Step Solution
Step 1: Create a Network Security Group (NSG)
Navigate to the Azure Portal.
Search for “Network security groups” and select it.
Click on “Create”.
Enter the following details:
Click on “Review + create” and then “Create”.
Step 2: Create an Inbound Security Rule
Navigate to the newly created NSG.
Select “Inbound security rules” from the left-hand menu.
Click on “Add” to create a new rule.
Enter the following details:
Click on “Add” to create the rule.
Step 3: Associate the NSG with Subnet1-2
Navigate to the virtual network that contains subnet1-2.
Select “Subnets” from the left-hand menu.
Select subnet1-2 from the list of subnets.
Click on “Network security group”.
Select the NSG you created (NSG-Subnet1-2).
Click on “Save”.
Explanation
Network Security Group (NSG): NSGs are used to filter network traffic to and from
Azure resources in an Azure virtual network. They contain security rules that allow
or deny inbound and outbound traffic based on source and destination IP
addresses, port, and protocol1.
Inbound Security Rule: By creating a rule that denies traffic on TCP port 5585 from
any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can
connect to this port.
Association with Subnet: Associating the NSG with subnet1-2 ensures that the
security rules are applied to all resources within this subnet.
By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2
from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing
administrative effort.
Question # 9
Task 2 You need to create an Azure Firewall instance named FW1 that meets the following requirements: • Has an IP address from the address range of 10.1.255.0/24 • Uses a new Premium firewall policy named FW-pohcy1 • Routes traffic directly to the internet
Answer: See the Explanation below for step by step instructions.
Explanation:
To create an Azure Firewall instance, you need to go to the Azure portal and
select Create a resource. Type firewall in the search box and press Enter. Select
Firewall and then select Create1.
To assign an IP address from the address range of 10.1.255.0/24 to the firewall,
you need to select a public IP address that belongs to that range. You can either
create a new public IP address or use an existing one1.
To use a new Premium firewall policy named FW-policy1, you need to select
Premium as the Firewall tier and create a new policy with the name FW
policy12. A Premium firewall policy allows you to configure advanced features
such as TLS Inspection, IDPS, URL Filtering, and Web Categories3.
To route traffic directly to the internet, you need to enable SNAT (Source Network
Address Translation) for the firewall. SNAT allows the firewall to use its public IP
address as the source address for outbound traffic4.
Question # 10
Task 5You need to archive all the metrics of VNET1 to an existing storage account.
Answer: See the Explanation below for step by step instructions.
Explanation:
To archive all the metrics of VNET1 to an existing storage account, you can use Azure
Monitor’s diagnostic settings. Here’s how you can do it:
Step-by-Step Solution
Step 1: Navigate to VNET1 in the Azure Portal
Open the Azure Portal.
Search for “Virtual networks” and select VNET1 from the list.
Step 2: Configure Diagnostic Settings
In the VNET1 blade, select “Diagnostic settings” under the “Monitoring” section.
Click on “Add diagnostic setting”.
Step 3: Set Up the Diagnostic Setting
Enter a name for the diagnostic setting (e.g., VNET1-Metrics-Archive).
Select the metrics you want to archive. You can choose from various metrics
like TotalBytesReceived, TotalBytesSent, etc.
Under “Destination details”, select “Archive to a storage account”.
Choose the existing storage account where you want to archive the metrics.
Configure the retention period if needed.
Step 4: Save the Configuration
Review your settings to ensure everything is correct.
Click on “Save” to apply the diagnostic setting.
Explanation
Diagnostic Settings: These allow you to collect and route metrics and logs from
your Azure resources to various destinations, including storage accounts, Log
Analytics workspaces, and Event Hubs.
Metrics: Metrics provide numerical data about the performance and health of your
resources. Archiving these metrics helps in long-term analysis and compliance.
Storage Account: Using an existing storage account ensures that the metrics are
stored securely and can be accessed for future analysis.
By following these steps, you can ensure that all the metrics of VNET1 are archived to your
existing storage account, enabling you to monitor and analyze the performance and health of your virtual network over time.
Question # 11
Task 8 You need to ensure that the storage34280945 storage account will only accept connections from hosts on VNET1
Answer: See the Explanation below for step by step instructions.
Explanation:
Here are the steps and explanations for ensuring that the storage34280945 storage
account will only accept connections from hosts on VNET1:
To restrict network access to your storage account, you need to configure the
Azure Storage firewall and virtual network settings for your storage account. You
can do this in the Azure portal by selecting your storage account and then
selecting Networking under Settings1.
On the Networking page, select Firewalls and virtual networks, and then
select Selected networks under Allow access from1. This will block all access to
your storage account except from the networks or resources that you specify.
Under Virtual networks, select + Add existing virtual network. Then select VNET1
from the list of virtual networks and select the subnet that contains the hosts that
you want to allow access to your storage account1. This will enable a service
endpoint for Storage in the subnet and configure a virtual network rule for that
subnet through the Azure storage firewall2.
Select Add to add the virtual network and subnet to your storage account1.
Select Save to apply your changes1.
Question # 12
Task 11 You need to ensure that only hosts on VNET1 can access the slcnage42150372 storage account. The solution must ensure that access occurs over the Azure backbone network.
Answer: See the Explanation below for step by step instructions.
Explanation:
To ensure that only hosts on VNET1 can access the slcnage42150372 storage account
and that access occurs over the Azure backbone network, you can use Azure Private
Endpoints. This method secures the connection by assigning a private IP address from
your virtual network to the storage account, ensuring that traffic does not traverse the
public internet.
Step-by-Step Solution
Step 1: Create a Private Endpoint for the Storage Account
Navigate to the Azure Portal.
Search for “Storage accounts” and select the slcnage42150372 storage account.
In the storage account blade, select “Networking” under the “Security +
networking” section.
Under “Private endpoint connections”, click on “Add private endpoint”.
Enter the following details:
Click on “Next: Resource”.
Step 2: Configure the Resource
Select “Target sub-resource”: Choose the storage service you want to connect to
(e.g., blob, file, queue, table).
Click on “Next: Virtual network”.
Step 3: Select the Virtual Network and Subnet
Select the virtual network: Choose VNET1.
Select the subnet: Choose the appropriate subnet within VNET1.
Click on “Next: Configuration”.
Step 4: Configure DNS Integration (Optional)
Configure DNS settings if needed to ensure proper name resolution within your
virtual network.
Click on “Next: Tags”, add any tags if necessary, and then click on “Review +
create”.
Review your settings and click on “Create”.
Step 5: Restrict Public Network Access
Navigate back to the storage account.
Select “Networking” under the “Security + networking” section.
Under “Firewalls and virtual networks”, select “Selected networks”.
Ensure that only VNET1 is listed under the virtual networks section.
Click on “Save”.
Explanation
Private Endpoints: These provide secure connectivity to Azure services by
assigning a private IP address from your VNet to the service, ensuring that traffic
stays within the Azure backbone network12.
Firewall and Virtual Networks: Configuring the storage account to allow access
only from selected networks (VNET1) ensures that no other network can access
the storage account3.
By following these steps, you can ensure that only hosts on VNET1 can access
the slcnage42150372 storage account, and that all access occurs over the secure Azure
backbone network.
Question # 13
Task 9 You plan to use VNET4 for an Azure API Management implementation. You need to configure a policy that can be used by an Azure application gateway to protect against known web attack vectors. The policy must only allow requests that originate from IP addresses in Canada. You do NOT need to create the application gateway to complete this task.
Answer: See the Explanation below for step by step instructions.
Explanation:
To configure a policy in Azure API Management that can be used by an Azure Application
Gateway to protect against known web attack vectors and only allow requests from IP
addresses in Canada, follow these steps:
Step-by-Step Solution
Step 1: Create or Access Your API Management Instance
Navigate to the Azure Portal.
Search for “API Management services” and select your API Management instance.
Step 2: Configure the Policy
In the API Management instance, go to the “APIs” section.
Select the API you want to apply the policy to.
Go to the “Design” tab.
Select “All operations” if you want to apply the policy to all operations, or select a
specific operation.
Step 3: Add the Inbound Policy
In the Inbound processing section, click on “+ Add policy”.
Select “IP filter” from the list of policies.
Add the IP address ranges for Canada. You can find the IP ranges for Canada
from a reliable source or use a service that provides this information.
Here is an example of the XML configuration for the policy:
Save the policy to apply the changes.
Explanation
IP Filter Policy: This policy allows you to filter incoming requests based on their IP
addresses. By specifying the IP ranges for Canada, you ensure that only requests
originating from these IPs are allowed.
Inbound Processing: Applying the policy in the inbound section ensures that the
requests are filtered before they reach your API.
By following these steps, you can configure a policy in Azure API Management that
restricts access to your API to only those requests originating from IP addresses in
Canada, thereby enhancing security and compliance
Question # 14
Task 4 You need to ensure that the owner of VNET3 receives an alert if an administrative operation is performed on the virtual network.
Answer: See the Explanation below for step by step instructions.
Explanation:
To ensure that the owner of VNET3 receives an alert whenever an administrative operation
is performed on the virtual network, you can set up an Activity Log Alert in Azure Monitor.
Here’s how you can do it:
Step-by-Step Solution
Step 1: Create an Activity Log Alert
Navigate to the Azure Portal.
Search for “Monitor” and select it.
In the Monitor blade, select “Alerts” from the left-hand menu.
Click on “New alert rule”.
Step 2: Configure the Alert Rule
Select the Scope:
Define the Condition:
Set the Alert Details:
Configure the Action Group:
Review and Create:
Explanation
Activity Log Alerts: These alerts notify you when specific operations are performed
on your Azure resources. By setting up an alert for administrative operations, you
ensure that any changes to VNET3 are promptly reported.
Action Groups: These define the actions to take when an alert is triggered. You
can configure notifications via email, SMS, or other methods to ensure the owner
of VNET3 is informed immediately.
Administrative Operations: Monitoring these operations helps in tracking changes
and maintaining the security and integrity of your virtual network.
By following these steps, you can ensure that the owner of VNET3 receives timely alerts for
any administrative operations performed on the virtual network, helping to maintain
oversight and security.
Question # 15
Task 6 You have two servers that are each hosted by a separate service provider in New York and Germany. The server hosted in New York is accessible by using a host name of ny.contoso.com. The server hosted in Germany is accessible by using a host name of de.contoso.com. You need to provide a single host name to access both servers. The solution must ensure that traffic originating from Germany is routed to de contoso.com. All other traffic must be routed to ny.contoso.com.
Answer: See the Explanation below for step by step instructions.
Explanation:
To provide a single host name that routes traffic based on the origin, you can use Azure
Traffic Manager. This service allows you to route traffic to different endpoints based on
various routing methods, including geographic routing.
Navigate to the Azure Portal.
Search for “Traffic Manager profiles” and select it.
Click on “Create”.
Enter the following details:
Click on “Create”.
Navigate to the newly created Traffic Manager profile.
Select “Endpoints” from the left-hand menu.
Click on “Add” to add a new endpoint.
Enter the following details:
Click on “Add” to save the endpoint.
Repeat the process to add the second endpoint:
Navigate to the Traffic Manager profile.
Select “Configuration” from the left-hand menu.
Under “Geographic routing”, adjust the regions:
Use a DNS query tool to test the routing.
From a location in Germany, query the Traffic Manager profile’s DNS name and
ensure it resolves to de.contoso.com.
From a location outside Europe, query the Traffic Manager profile’s DNS name
and ensure it resolves to ny.contoso.com.
Azure Traffic Manager: This service uses DNS to direct client requests to the most
appropriate endpoint based on the routing method you choose. Geographic routing
ensures that traffic is directed based on the origin of the request.
Geographic Routing: This method allows you to route traffic based on the
geographic location of the DNS query origin, ensuring that users are directed to
the nearest or most appropriate endpoint.
Step-by-Step SolutionStep 1: Create a Traffic Manager ProfileStep 2: Configure
EndpointsStep 3: Adjust Geographic RoutingStep 4: Test the ConfigurationExplanationBy
following these steps, you can provide a single host name that routes traffic to
de.contoso.com for users in Germany and to ny.contoso.com for users from other
locations, ensuring efficient and appropriate traffic management.
