Implement and Manage Virtual Networking

A network team wants all routers to send log messages to a centralized server at 192.0.2.50. Which command should be added to the router configuration?

Which statement best explains the value of enabling both centralized logging and strong access controls on network devices?

Which statement best explains why centralized logging is valuable in security operations?

Why is centralized logging especially helpful during incident investigation?

Why is centralized logging especially useful during security investigations?

Why is centralized logging valuable during security incident response?

An operations team wants device-generated log messages collected centrally so engineers can review interface changes, warnings, and errors from one place. Which technology is most directly associated with that goal?

Which two statements accurately describe the value of centralized DHCP in enterprise networks?

A network team centralizes DHCP in a data center. Users in a remote branch stop receiving addresses after the branch router is replaced. Which missing configuration on the branch gateway is the strongest suspect?

A network team wants reliable time, name resolution, centralized logs, and visibility into traffic patterns. Which two services directly match those goals?

A network engineer wants device logs from routers and switches sent to a central server for long-term retention and analysis. Which service should be configured?

A switch administrator wants log entries from multiple devices to be collected on one central server for later review. Which service should be configured?

Exhibit: A network engineer wants a subscription-based mechanism to stream operational updates from devices as values change, instead of polling over and over. Which approach best fits?

You deploy a private endpoint for an Azure Storage account. Virtual machines in VNet-App must resolve the storage account name to the private IP address of the endpoint instead of the public endpoint. What should you configure?

VM-Web01 is connected to Subnet-Web in VNet-Prod. Users on the internet cannot access the website hosted on TCP port 443. You confirm that VM-Web01 has a public IP address and the web service is running. You need to allow inbound HTTPS traffic with the least administrative effort. What should you do?

A subnet contains several application servers. You need to allow inbound TCP 3389 only from a management subnet named Subnet-Mgmt and deny RDP from all other sources. What should you do?

Two virtual machines named VM-Web01 and VM-Web02 host the same public web application. Users on the internet must connect through a single public IP address, and incoming requests should be distributed across both VMs. What should you deploy?

Your company deploys a network virtual appliance (NVA) in a hub subnet. All outbound internet traffic from Subnet-App in a spoke VNet must pass through the NVA for inspection. What should you configure on Subnet-App?

You have two virtual networks named VNet-Hub and VNet-Spoke1 in the same Azure region. Resources in the two VNets must communicate privately over the Microsoft backbone without using a VPN gateway. What should you configure?

Traffic from Subnet-App to the internet is being routed through a virtual appliance unexpectedly. You need to identify which route is being applied to the network interface of VM-App01. Which Azure feature should you use?

You have two virtual networks in the same Azure region named VNet-App and VNet-DB. Resources in the two networks must communicate privately over the Azure backbone without using VPN gateways. What should you configure?

You need to allow RDP access from the internet to a Windows VM named VM-Admin01 in Azure. The VM already has a public IP address. Which additional configuration is required?

You have an Azure load balancer in front of two virtual machines. The load balancer reports both instances as unavailable even though the VMs are running. What is the most likely cause?

A subnet contains two NSGs: one associated with the subnet and one associated with the NIC of VM-App03. You need to determine whether inbound TCP 3389 from the internet is allowed. What is the correct interpretation?

You create a private endpoint for an Azure Storage account and disable public network access on the account. A VM in a peered VNet cannot reach the storage account by name. The private endpoint resides in VNet-App. What is the most likely missing configuration?

You need to expose a web application running on several VMs and distribute traffic across them based on HTTP request attributes such as URL path. Which service should you use?

VNet-Hub and VNet-Spoke1 are in the same region and subscription. Resources in the two VNets must communicate over the Microsoft backbone without using a VPN gateway. What should you configure?

You need to connect VNet-Hub and VNet-Spoke so that resources in both virtual networks can communicate privately over the Microsoft backbone. Both virtual networks are in the same region. What should you configure?

Traffic from VM-App01 is unexpectedly reaching the internet through a network virtual appliance. You need to determine which route is currently applied to the virtual machine network interface. Which Azure tool should you use?

A Windows VM in Azure has a public IP address, but administrators on the internet cannot connect by using Remote Desktop. You confirm that the VM is running and the guest firewall allows RDP. What is the most likely Azure-side cause?

You create a private endpoint for an Azure SQL Database server. Virtual machines in VNet-Prod must resolve the server name to the private IP address of the endpoint. What should you configure?

Traffic from VM-App01 is unexpectedly reaching the internet through a virtual appliance. You need to see which routes are currently applied to the VM network interface. Which Azure tool should you use?

You need to control inbound and outbound traffic to resources in a subnet by allowing or denying traffic based on IP address, port, and protocol. Which Azure feature should you use?

You create a private endpoint for an Azure Storage account. Virtual machines in VNet-App must resolve the storage account name to the private IP address of the endpoint. What should you configure?

Users on the internet cannot access an HTTPS website hosted on VM-Web01. The VM has a public IP address, the web service is running, and the guest OS firewall allows TCP 443. What is the most likely Azure-side issue?

Traffic from VM-App01 is taking an unexpected path to the internet through a network virtual appliance. You need to determine which routes are actually applied to the VM network interface. Which Azure feature should you use?

You create a private endpoint for an Azure Storage account. Virtual machines in VNet-Prod must resolve the storage account name to the private IP address of that endpoint. Which Azure feature should you configure?

Users on the internet cannot reach an HTTPS application hosted on VM-Web01. The VM has a public IP address, the application is listening on TCP port 443, and the guest OS firewall allows the traffic. What is the most likely Azure-side cause?

You need to allow or deny traffic to and from resources in an Azure subnet based on source IP address, destination port, and protocol. Which Azure feature should you use?