You have an on-premises DNS server named Server1 that hosts a primary DNS zone named fabrikam.com.
You have an Azure subscription that contains the resources shown in the following table.
Users on the on-premises network access resources on all the virtual networks by using a Site-to-Site (S2S) VPN. You need to deploy an Azure DNS Private Resolver solution that meets the following requirements:
* Resources connected to the virtual networks must be able to resolve DNS names for fabrikam.com.
* Server1 must be able to resolve the DNS names of the resources in contoso.com.
* The solution must minimize costs and administrative effort.
What is the minimum number of resolvers you should deploy?
SIMULATION
Task 1
You plan to deploy a firewall to subnetl-2. The firewall will have an IP address of 10.1.2.4.
You need to ensure that traffic from subnetl-1 to the IP address range of 192.168.10.0/24 is routed through the firewall that will be deployed to subnetl-2. The solution must be achieved without using dynamic routing protocols.
Destination: 192.168.10.0/24
Next hop type: Virtual appliance
Next hop address: 10.1.2.4
SIMULATION
Task 2
You need to create an Azure Firewall instance named FW1 that meets the following requirements:
* Has an IP address from the address range of 10.1.255.0/24
* Uses a new Premium firewall policy named FW-pohcy1
* Routes traffic directly to the internet
SIMULATION
Task 3
You plan to implement an Azure application gateway in the East US Azure region. The application gateway will have Web Application Firewall (WAF) enabled.
You need to create a policy that can be linked to the planned application gateway. The policy must block connections from IP addresses in the 131.107.150.0/24 range. You do NOT need to provision the application gateway to complete this task.
Here are the steps and explanations for creating a policy that can be linked to the planned application gateway and block connections from IP addresses in the 131.107.150.0/24 range:
On theCreate a WAF policypage,Basicstab, enter or select the following information and accept the defaults for the remaining settings:
Policy for: Regional WAF (Application Gateway)
Subscription: Select your subscription name
Resource group: Select your resource group
Policy name: Type a unique name for your WAF policy
Rule name: Type a unique name for your custom rule
Priority: Type a number that indicates the order of evaluation for this rule
Rule type: Select Match rule
Match variable: Select RemoteAddr
Operator: Select IPMatch
Match values: Type 131.107.150.0/24
Action: Select Block
On theReview + createtab, review your settings and selectCreateto create your WAF policy1.
On theWeb application firewalltab, select your WAF policy from the drop-down list and selectSave
SIMULATION
Task 4
You need to ensure that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name storage34280945.pnvatelinlcblob.core.windows.net.
Here are the steps and explanations for ensuring that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name stor-age34280945.pnvatelinlcblob.core.windows.net:
Select Save to apply your changes1.
Sign in to your domain registrar's website, and then go to the page for managing DNS settings2.
Create a CNAME record with the following information2:
Source domain name: stor-age34280945.pnvatelinlcblob.core.windows.net
Destination domain name: stor-age34280945.pnvatelinlcblob.core.windows.net
Save your changes and wait for the DNS propagation to take effect2.
Talia
8 days agoLashawna
10 days agoChaya
12 days agoBarb
25 days agoMarcos
28 days agoJerilyn
1 months agoNarcisa
2 months agoLashaunda
3 months agoGabriele
3 months agoMaurine
4 months agoTarra
4 months ago