Free Microsoft Certified: Azure Network Engineer AssociatePractice Test

Your company is deploying a virtual network in Azure that needs to support 500 hosts. The network should use the smallest possible address space to conserve IP addresses. Which CIDR notation should you use for the virtual network address space?

You are designing a hub-and-spoke network topology in Azure. The hub virtual network contains shared services including a firewall and VPN gateway. You need to ensure that traffic between spoke virtual networks is routed through the firewall in the hub. What should you configure?

Your organization needs to connect an on-premises datacenter to Azure with predictable network performance, private connectivity, and throughput up to 10 Gbps. The connection must not traverse the public internet. Which solution should you recommend?

You have an Azure Application Gateway deployed with a Web Application Firewall (WAF). Users report that legitimate requests are being blocked. You need to identify which WAF rule is blocking the requests without disabling protection. What should you do?

Your company is deploying Azure SQL Database and wants to ensure that database traffic never traverses the public internet. The solution should allow connectivity from multiple virtual networks in different Azure regions. What should you implement?

You manage a virtual network that contains multiple subnets. You need to prevent resources in one subnet from communicating with resources in another subnet, while still allowing both subnets to access the internet. What is the most efficient solution?

Your organization has deployed Azure Virtual WAN with multiple branch offices connected via Site-to-Site VPN. You need to enable direct connectivity between branches without traffic flowing through Azure. What should you configure?

You have configured a User Defined Route (UDR) on a subnet to route traffic with destination 0.0.0.0/0 to a network virtual appliance (NVA). Virtual machines in the subnet can no longer access Azure Storage. Which type of route should you add to the route table to restore Azure Storage access while maintaining the default route through the NVA?

Your company uses Azure Firewall in a hub virtual network to inspect traffic from spoke networks. You need to ensure that Azure Firewall logs are retained for compliance purposes for 2 years and can be queried efficiently. What should you configure?

You are configuring Azure DNS Private Zones for an Azure Storage account with Private Endpoint. The private endpoint is deployed in a virtual network in the East US region, but you have additional virtual networks in West US that need to resolve the storage account's private IP. What should you do?

Your organization has an ExpressRoute circuit connecting on-premises infrastructure to Azure. You need to configure access to Microsoft 365 services over the ExpressRoute circuit while keeping Azure resource traffic on the Private Peering. What should you configure?

You have deployed Azure Application Gateway with multiple backend pools serving different applications. Users report intermittent connection failures. You discover that some backend servers are unhealthy. What is the default interval at which Application Gateway probes backend server health?

Your company is migrating applications to Azure and needs to implement a solution that provides layer-7 load balancing, SSL offloading, and URL-based routing for web applications across multiple regions with automatic failover. Which combination of Azure services should you use?

You need to troubleshoot connectivity issues between two virtual machines in different virtual networks that are connected via VNet peering. The VMs cannot communicate despite NSG rules allowing the traffic. What should you verify first?

Your organization requires that all outbound internet traffic from Azure virtual machines be inspected and logged. The solution must be highly available and support threat intelligence-based filtering. Virtual machines are deployed across multiple subnets and virtual networks. What should you implement?

You are deploying an Azure Kubernetes Service (AKS) cluster that needs private connectivity to Azure SQL Database. The SQL Database should not be accessible from the internet. What should you configure?

Your company has multiple Azure subscriptions with virtual networks in each subscription. You need to implement a centralized network security solution that can enforce policies across all subscriptions and automatically apply security rules to new virtual networks. What should you use?

You have an Azure Virtual Network Gateway configured for Point-to-Site VPN connectivity. Remote users need to access resources in the virtual network and in on-premises networks connected via ExpressRoute. What must you configure on the Virtual Network Gateway?

You need to provide secure RDP access to virtual machines in Azure without exposing RDP ports to the internet and without requiring a VPN connection. The solution should support access from any location with just a web browser. What should you deploy?

Your organization is deploying multiple Azure App Services that need to access an Azure Key Vault. The Key Vault must not be accessible from the internet. Multiple App Services across different regions need access. What is the most scalable solution?