HomeCertificationsPMIProject Management Professional (PMP)Agile Certified Practitioner (PMI-ACP)Program Management Professional (PgMP)Oracle1Z0-1127-25:OCI Generative AI ProfessionalPython InstitutePCEP™ 30-02 – Certified Entry-Level Python ProgrammerScrumProfessional Scrum Master PSM IGoogleMachine Learning EngineerAssociate Cloud EngineerProfessional Cloud ArchitectProfessional Cloud DevOps EngineerProfessional Data EngineerProfessional Cloud Security EngineerProfessional Cloud Network EngineerCloud Digital LeaderProfessional Cloud DeveloperGenerative AI LeaderGitHubGitHub CopilotAmazonAWS Certified AI Practitioner (AIF-C01)AWS Certified Cloud Practitioner (CLF-C02)AWS Certified Data Engineer - Associate (DEA-C01)AWS Certified Developer - Associate (DVA-C02)AWS Certified DevOps Engineer - Professional (DOP-C02)AWS Certified Solutions Architect - Associate (SAA-C03)AWS Certified Security - Specialty (SCS-C02)AWS Certified SysOps Administrator - Associate (SOA-C02)AWS Certified Advanced Networking - Specialty (ANS-C01)AWS Certified Solutions Architect - Professional (SAP-C02)AWS Certified Machine Learning - Specialty (MLS-C01)AWS Certified Machine Learning - Associate (MLA-C01)MicrosoftAZ-900: Microsoft Azure FundamentalsAI-900: Microsoft Azure AI FundamentalsDP-900: Microsoft Azure Data FundamentalsAI-102: Designing and Implementing a Microsoft Azure AI SolutionAZ-204: Developing Solutions for Microsoft AzureAZ-400: Designing and Implementing Microsoft DevOps SolutionsAZ-500: Microsoft Azure Security TechnologiesAZ-305: Designing Microsoft Azure Infrastructure SolutionsDP-203: Data Engineering on Microsoft AzureAZ-104: Microsoft Azure AdministratorAZ-120: Planning and Administering Azure for SAP WorkloadsMS-900: Microsoft 365 FundamentalsAZ-700: Designing and Implementing Microsoft Azure Networking SolutionsPL-900: Microsoft Power Platform FundamentalsPRINCE2PRINCE2 FoundationITILITIL® 4 Foundation - IT Service Management CertificationSign In
logo
Home
Sign In
logo

A cutting-edge learning platform that provides professionals with the latest industry insights and skills. Stay ahead with up-to-date courses and resources designed for continuous growth.

About Us

  • Home
  • About

Links

  • Privacy policy
  • Terms of Service
  • Contact Us

Copyright © 2026 Nxt Exam

shapeshape

What Our Friends Say

Microsoft Certification

Microsoft Practice Questions, Discussions & Exam Topics by our Authors

DRAG DROP - You have an Azure subscription that contains the resources shown in the following table. You need to load balance HTTPS connections to vm1 and vm2 by using lb1. Which three actions should you perform in sequence? To answer, move the appropria...

Author: Ava · Last updated May 17, 2026

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines n...

Key Concepts: 1. Azure Monitor: This is a comprehensive monitoring service in Azure that collects, analyzes, and acts on telemetry from your cloud and on-premises environments. It helps track resource performance, health, and logs but is not focused on detailed network traffic inspection. 2. Metrics (Network In/Network Out): Metrics in Azure Monitor can track high-level network statistics such as Network In (the amount of incoming network traffic) and Network Out (the amount of outgoing network traffic). These metrics give an overview of network activity but do not provide detailed packet-level information or allow for deep inspection of network traffic between VMs. 3. Detailed Network Traffic Inspection: For inspecting all network traffic between VM1 and VM2, a deeper level of inspection (such as packet-level capture) is required. Azure Network Watcher's Packet Capture tool would be suitable for this, as it allows you to capture detailed traffic between VMs over a period of time. Solution Analysis: The soluti...

Author: Ming88 · Last updated May 17, 2026

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an app named App1 that is installed on two Azure virtual machines named VM1 and VM2. Connections to App1 are managed by using an Azure Load Balancer. The effective network security configurations for VM2 are shown in the following exhibit. You discover that connections to App1 from 131.107.100.50 over TCP port 443 fail. You ...

Key Concepts: 1. Azure Network Security Groups (NSGs): These are used to filter network traffic to and from Azure resources, such as virtual machines (VMs). NSGs allow inbound and outbound traffic based on rules defined by the administrator. Each rule includes a source, destination, protocol, port, and action (allow or deny). 2. Azure Load Balancer: The Azure Load Balancer distributes traffic to VMs based on the configured rules. If the rules are correctly set up, it ensures that traffic is properly routed to the backends (VMs) for the specified port and protocol. 3. Inbound Security Rule: An inbound rule in an NSG specifies what traffic is allowed or denied from external sources (like IP address `131.107.100.50`) into the virtual network. Situation Overview: - VM2 is the target of connections over TCP port 443 from IP address 131.107.100.50. - Load Balancer rules have been verified as correct, so the issue likely lies in the NSG configur...

Author: Emily · Last updated May 17, 2026

DRAG DROP - You have an Azure subscription that contains two on-premises locations named site1 and site2. You need to connect site1 and site2 by using an Azure Virtual WAN. Which four actions should you perform in sequence? To answer, move the appropriat...

Author: Noah · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. You have the virtual machines shown in the following table. You have the virtual network interfaces shown in the following table. Server1 is a DNS server that contains the resources shown in the following table. You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records ...

Author: Nia · Last updated May 17, 2026

You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.) No devices are connected to VNet1. You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an a...

To peer two virtual networks (VNet1 and VNet2), the first step should be ensuring that both virtual networks have the proper address spaces, subnets, and configurations for peering. The options provided each address different aspects of networking. Let’s evaluate each option: 1. A) Modify the address space of VNet1: - Reasoning: Virtual network peering requires that the address spaces of the two VNets do not overlap. If VNet1 and VNet2 are to be peered, you need to confirm that their address spaces are not conflicting. - Scenario: If VNet1’s address space overlaps with VNet2’s address space, you may need to modify VNet1’s address space to avoid a conflict. - Why this option is rejected: Since the exhibit doesn't indicate an address conflict or specify a requirement to change VNet1’s address space, modifying the address space may not be required at this stage. 2. B) Add a gateway subnet to VNet1: - Reasoning: A gateway subnet is needed if you plan to connect VNet1 to an on-premises network or to enable VPN gateways between the VNets. However, peering between VNets does not require a gateway subnet unless you're planning to route traffic to on-premises networks or use VPN gateways. - Scenario: This would be required if you were configuring a VPN or ExpressRoute connection, but it is not necessary for just peering. - Why this option is rejected: Adding a gateway subnet is not required to create VNet peering unless the peering setup involves connecting to on-premises or other external networks. 3. C) Create a sub...

Author: RadiantJaguar56 · Last updated May 17, 2026

You have the Azure virtual machines shown in the following table. VNET1 is linked to a private DNS zone named contoso.com that contains the records shown in the following table...

To determine which DNS names can be used to ping VM2 from VM1, let's consider the setup and key factors involved in the resolution of DNS names within Azure: Key Considerations: 1. Private DNS Zone and VNET: - The virtual machines (VMs) in question are part of a VNET (VNET1), which is linked to a private DNS zone (`contoso.com`). - The private DNS zone contains DNS records for these VMs. This implies that only VMs within this VNET will be able to resolve DNS names for the machines listed in the DNS zone (assuming the VMs are properly registered). 2. DNS Resolution: - The DNS names can be resolved only if the DNS records exist in the private DNS zone linked to VNET1. For a machine to resolve a DNS name, that name must be present in the private DNS zone and be accessible from the same VNET or be part of the DNS configuration of that VNET. 3. The DNS Records for the Machines: - Each VM will have a DNS record in the private DNS zone (`contoso.com`) for its respective name. - From the provided information, we can assume that VM1 (being part of VNET1) can resolve the DNS names of the VMs listed in the DNS zone, based on the records shown in the table. Options Review: - A) comp2.contoso.com and comp4.contoso.com only: - This option restricts the ping to only `comp2.contoso.com` and `comp4.contoso.com`. However, unless there is specific information stating that only these two names are resolvable from VM1, this option is incomplete. No such restriction is indicated, so it can't be the correct choice. - B) comp1.contoso.com, comp2.contoso.com, comp3.contoso.com, and comp4.contoso.com: - This option includes all the records from the private DNS z...

Author: Vikram · Last updated May 17, 2026

HOTSPOT - You have a network security group (NSG) named NSG1 that has the rules defined in the exhibit. (Click the Exhibit tab.) NSG1 is associated to a subnet named Subnet1. Subnet1 contains the virtual machines shown in the following table. You need to add a rule to NSG1 to ensure that VM1 can ping VM2. The solution must use the principle of least privilege....

Author: Rohan · Last updated May 17, 2026

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate. From Azure, you download and install the VPN ...

To determine if the solution meets the goal of establishing a point-to-site VPN connection from Computer2 to VNet1, let's break down the question and the proposed solution: Goal: You need to ensure that Computer2 can establish a point-to-site VPN connection to VNet1. Computer2 has already downloaded and installed the VPN client configuration package from Azure. Proposed Solution: The solution suggests setting the Startup type for the IPSec Policy Agent service to Automatic on Computer2. Key Considerations: 1. Point-to-Site VPN Setup: - Point-to-site VPNs use client certificates (in this case, a self-signed certificate) for authentication. The connection to the Azure VNet is established by using the VPN client configuration package, which contains the necessary settings. - The IPSec Policy Agent service is part of the configuration that manages IPsec connections, but its role is primarily for managing IPsec VPN configurations on Windows machines. 2. IPSec Policy Agent Service: - The IPSec Policy Agent service is used for managing the configuration of IPsec policies and helps establish IPsec VPN connections on Windows computers. - This service is relevant when using IPsec (e.g., in Site-to-Site VPNs) but is not required for Point-to-Site (P2S) VPNs that rely on...

Author: Zara · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, you need to configure session persistence with the appropriate settings in the Azure load balancer. Let’s break down the options: Key Considerations: 1. Session Persistence (Sticky Sessions): - Session persistence ensures that once a user is directed to a specific backend server, they continue to interact with the same server for subsequent requests. This is important for scenarios like web applications that rely on user sessions (such as maintaining login states or session data). 2. Load Balancer Protocol: - The Azure Load Balancer supports different types of persistence options depending on the protocol (TCP/UDP). For web servers, TCP is typically used, and session persistence (also known as sticky sessions) is the way to ensure traffic is directed to the same VM for the duration of a user's session. Option Breakdown: - A) Session persistence to Client IP and protocol: - Explanation: This option configures the load balancer to direct requests from the same client IP address (and protocol) to the same backend server. This is exactly what you need, as it ensures that a user will always be directed to the same web server during their session based on their IP address and the protocol used. - Why this option is selected: This is the correct configuration because it enables sticky sessions based on the client's IP and protocol, which is typically required for web applications where maintaining the session on the same server is critical. - B) Protocol to UDP: - Explanation: UDP is a connectionless protocol typically used for scenarios like DNS, streaming, or other real-time services. F...

Author: VenomousSerpent42 · Last updated May 17, 2026

You have an Azure subscription that uses the public IP addresses shown in the following table. You need to create a public Azure Stan...

To determine which public IP addresses can be used with a Standard Azure Load Balancer, we need to understand the restrictions and requirements for assigning public IPs to a Standard Load Balancer. Key Considerations: 1. Public IP Address Types: Azure has two types of public IP addresses: - Static Public IP: These IPs are reserved and do not change over time. - Dynamic Public IP: These IPs may change if the associated resource is stopped and restarted. 2. Standard Load Balancer and Public IPs: - A Standard Load Balancer requires Static Public IPs. You cannot use a Dynamic Public IP for a Standard Load Balancer. 3. Public IP SKU: Azure has two SKUs for public IPs: - Basic SKU: Works with Basic Load Balancers. - Standard SKU: Works with Standard Load Balancers. - For a Standard Load Balancer, you must have Standard SKU public IPs. Scenario Breakdown: 1. IP1: Could be either Sta...

Author: Deepak · Last updated May 17, 2026

You have an Azure subscription. You are deploying an Azure Kubernetes Service (AKS) cluster that will contain multiple pods. The pods will use kubernet networking. You need to restrict...

To restrict network traffic between pods in an Azure Kubernetes Service (AKS) cluster, the most appropriate option involves controlling network-level interactions between the pods. Here’s a breakdown of the available options and their relevance: Key Considerations: 1. Network Policies: Network policies allow you to control the communication between pods. These policies can define which pods can communicate with other pods, effectively restricting network traffic. The control happens at the IP address or port level. 2. Pod Security Policies: Pod Security Policies (PSPs) are used to define security-related configurations for pods, such as preventing privileged containers or restricting access to host resources. They do not control networking or traffic restrictions. 3. Application Security Groups (ASGs): ASGs are used to control network security at the Azure level, primarily in Virtual Networks (VNets) or between virtual machines. They cannot be used to restrict communication at the pod level in AKS. 4. Calico Network Policy: Calico is a powerful network plugin for Kubernetes that supports network policies. It can be used to enforce fine-grained control over traffic between pods, including allowing or denying traffic based on labels or selectors. 5. Azure Network Policy: Azure Network Policy is a Kubernetes network policy plugin that provides network traffic restrictions similar to Calic...

Author: Abigail · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains a virtual network named VNet1. VNet1 uses an IP address space of 10.0.0.0/16 and contains the VPN Gateway and subnets in the following table: Subnet1 contains a virtual appliance named VM1 that operates as a router. You create a routing table named RT1. You need to route all inbound traffic from the VPN gateway to VNet1 t...

Author: Scarlett · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request in an Azure environment with an Azure Load Balancer, you need to configure session persistence. Here’s the reasoning behind each option and its relevance: Key Considerations: 1. Session Persistence: Also known as sticky sessions, session persistence ensures that once a client establishes a connection with a particular server (in this case, a virtual machine), all subsequent requests from that client are routed to the same server. This is especially important for web applications where maintaining state between requests (such as user sessions) is critical. 2. Floating IP (Direct Server Return): Floating IP allows the load balancer to forward traffic to back-end servers in certain configurations. Direct server return (DSR) refers to the server returning traffic directly to the client without passing through the load balancer after the initial request. This is typically used in scenarios where the client does not need to know about the load balancer after the initial connection is made. DSR does not guarantee that the same server will handle future requests from the same client. 3. Health Probe: A health probe is used by the Azure Load Balancer to determine whether a virtual machine is healthy and able to handle traffic. While important for routing traffic only to healthy VMs, it does not ensure that a client is directed to the same VM for every request. 4. Session Persistence to Client IP and Protocol: This option enables session persistence based on the client's IP...

Author: FrozenWolf2022 · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the virtual machines shown in the following table: VM1 and VM2 use public IP addresses. From Windows Server 2019 on VM1 and VM2, you allow inbound Remote Desktop connections. Subnet1 and Subnet2 are in a virtual network named VNET1. The subscription contains two network security groups (NSGs) named NSG1 and NSG2. NSG1 uses only the default rules. NSG2 uses the default rules and the following custom incoming rule: * Priority: 100 * Name: Rule1 * Port: 3389 * Protocol: TCP * Source: Any * Destination: Any * A...

Author: Alexander · Last updated May 17, 2026

You have an Azure subscription that contains two virtual machines named VM1 and VM2. You create an Azure load balancer. You plan to create a load balancing rule that will load balance HTTPS traffic between VM1 and VM2. Which two additional load balancer resources should you create before you can cr...

To create a load balancing rule for HTTPS traffic between VM1 and VM2 using an Azure load balancer, you need to set up certain prerequisites. Let's go through each option: A) a frontend IP address - Explanation: A frontend IP address is necessary for the load balancer to receive traffic from clients and direct it to the appropriate backend pool. The frontend IP address is associated with the load balancer and serves as the entry point for external traffic (in this case, HTTPS traffic). Without a frontend IP address, the load balancer won't be able to receive traffic to distribute. - Why this is needed: It's critical to have a frontend IP to route the incoming traffic to the appropriate backend pool. For a load balancing rule to work, you need an IP address that clients can access. B) an inbound NAT rule - Explanation: Inbound NAT rules are used to map specific ports on the load balancer to virtual machine ports. These are typically used for scenarios where individual VMs are exposed via a public IP address and need direct access to specific services like RDP or SSH. However, this is not needed for the general load balancing of traffic between VMs. The use of NAT rules would interfere with the load balancing itself. - Why this is not needed: NAT rules are typically used for management or diagnostic purposes, not for load balancing HTTPS traffic. Since we're aiming to balance traffic across multiple VMs, the NAT rule doesn't apply. C) a virtual network - Explanation: A virtual network (VNet) is essential for the communication between the load balancer and the virtual machines. The VNet ensures that VM1 and VM2, as well as the load balancer, can communicate with each other. Without a VNet, there would be no net...

Author: Michael · Last updated May 17, 2026

You have an on-premises network that contains a database server named dbserver1. You have an Azure subscription. You plan to deploy three Azure virtual machines. Each virtual machine will be deployed to a separate availability zone. You need to configure an Azure VPN gateway for a site-to-site VPN. The solution must ens...

To configure an Azure VPN gateway for a site-to-site VPN that ensures the virtual machines (VMs) in Azure can connect to the on-premises database server (dbserver1), you need to carefully select the appropriate public IP address SKU and assignment for the gateway. Let's break down each option and explain which one is correct. A) a basic SKU and a static IP address assignment - Explanation: A basic SKU for public IP addresses is typically used for scenarios with less critical applications and lower performance requirements. It has limited features compared to the standard SKU, such as lower availability and reliability. Also, a static IP address ensures that the public IP address does not change, which is necessary for a site-to-site VPN connection because the on-premises network needs a fixed IP address to establish the VPN tunnel. - Why this is not ideal: While a static IP is necessary, the basic SKU has limitations in terms of scalability, performance, and availability. Azure recommends using the standard SKU for production-level VPN gateways as it offers higher reliability, availability, and features suited for business-critical applications, including site-to-site VPN configurations. B) a standard SKU and a static IP address assignment - Explanation: The standard SKU for public IP addresses offers enhanced features such as better performance, higher availability, and support for advanced networking configurations like VPN gateways. It also provides better redundancy and can handle more traffic compared to the basic SKU. A static IP assignment ensures that the IP address remains ...

Author: Amelia · Last updated May 17, 2026

HOTSPOT - You have two Azure virtual machines as shown in the following table. You create the Azure DNS zones shown in the following table. You perform the following actions: * =D7=80=C2=A2=D7=80=C2=BE fabrikam.com, you add a virtual network link to vnet1 and enable auto registration. * For contoso.com, you assign vm1 and vm2 the Owner role. Fo...

Author: Krishna · Last updated May 17, 2026

You have an on-premises datacenter and an Azure subscription. You plan to connect the datacenter to Azure by using ExpressRoute. You need to deploy an ExpressRoute gateway. The solution must meet the following requirements: * Support up to 10 Gbps of tra...

When choosing an ExpressRoute gateway SKU to meet the given requirements, we need to carefully consider the specifications for each option. Let's analyze the requirements and then evaluate each SKU. Requirements: 1. Support up to 10 Gbps of traffic: This means we need a SKU that supports high throughput. 2. Support availability zones: The solution must support deployment across multiple availability zones for high availability and resilience. 3. Support FastPath: FastPath is a feature that provides faster routing of traffic by bypassing some of the standard gateway processing, which can reduce latency. 4. Minimize costs: We want to choose the SKU that satisfies the requirements but also ensures cost efficiency. Evaluation of Each SKU: A) ERGw1AZ - Support up to 10 Gbps: The ERGw1AZ SKU supports up to 2 Gbps, so it does not meet the requirement for 10 Gbps. - Support availability zones: This SKU does support availability zones, as indicated by "AZ" in the name. - Support FastPath: ERGw1AZ supports FastPath. - Minimize costs: While it might be cheaper, it doesn't meet the 10 Gbps requirement, making it unsuitable for this case. - Why this option is rejected: While it supports availability zones and FastPath, it doesn’t meet the traffic throughput requirement of 10 Gbps. B) ERGw2 - Support up to 10 Gbps: The ERGw2 SKU supports up to 10 Gbps of throughput, so it meets this requirement. - Support availability zones: ERGw2 does not support availability zones. This means it can't fulfill the requirement for zone redundancy. - Support FastPath: ERGw2 does ...

Author: Alexander · Last updated May 17, 2026

HOTSPOT - You have a virtual network named VNET1 that contains the subnets shown in the following table: You have Azure virtual machines that have the network configurations shown in the following table: For NSG1, you create the inbound security rule shown in the following table: For NSG2, you create the inbound security rule shown in the following table: ...

Author: Sofia · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription named Subscription1. Subscription1 contains the virtual machines in the following table: Subscription1 contains a virtual network named VNet1 that has the subnets in the following table: VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3. You create a route table named RT1 that contains the routes in the following table: ...

Author: Jack · Last updated May 17, 2026

Your on-premises network contains an SMB share named Share1. You have an Azure subscription that contains the following resources: * A web app named webapp1 * A virtual network named VNE...

To ensure that webapp1 in your Azure subscription can connect to Share1 (the SMB share on your on-premises network), you need to establish a secure connection between your Azure resources (webapp1) and the on-premises network where the SMB share resides. Let’s evaluate the options to find the most appropriate solution. A) An Azure Application Gateway - Explanation: The Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It is designed for HTTP/HTTPS traffic and provides features such as SSL termination, web application firewall (WAF), and URL-based routing. - Why this is not ideal: Since SMB (Server Message Block) is a protocol used for file sharing, not HTTP/HTTPS, the Application Gateway won't work for connecting webapp1 to Share1. Application Gateway is not designed to handle SMB traffic. B) An Azure Active Directory (Azure AD) Application Proxy - Explanation: Azure AD Application Proxy is a solution that provides secure remote access to internal applications. It allows users to access on-premises applications over the internet through Azure AD. - Why this is not ideal: The Azure AD Application Proxy is designed to enable access to web applications and HTTP-b...

Author: Sofia2021 · Last updated May 17, 2026

You have an Azure subscription that contains the resources shown in the following table. You create a public IP address named IP1. Which two resources can you associate to IP1? Each correct a...

To determine which resources can be associated with the public IP address (IP1), we need to understand the types of resources that can support public IP associations in Azure. Here’s an analysis of each option: A) VM1 - Why it's rejected: - A VM (Virtual Machine) in Azure can be associated with a public IP address, but the public IP must be assigned to the network interface (NIC) of the VM, not the VM itself. - The public IP is typically assigned to the NIC to allow internet communication directly with the VM, not to the VM as a resource. - Scenario it can be used: If a public IP is needed for a VM, the IP would be associated with the VM’s NIC, not the VM resource itself. B) LB1 (Load Balancer) - Why it's selected: - A Load Balancer (LB1) can be associated with a public IP in order to distribute traffic to the backend VMs or services. Azure Public Load Balancers are associated with public IP addresses to route external traffic to internal resources. - A public load balancer is specifically designed to handle traffic from the internet and distribute it to resources within the virtual network. - Scenario it fits: When you need to expose multiple services to the internet via a load balancer, you would assign a public IP to the load balancer to handle traffic routing. C) NIC1 (Network Interface Card) - Why it's selected: - A Network Interface Card (NIC) can be directly associated with a public IP address to allow the associated virtual machine or service to be accessible from the internet. - The NIC serves as the interface for VM1 or other resources to communicate with external networks, and public IPs are associated directly with NICs to ...

Author: Vikram · Last updated May 17, 2026

Your on-premises network contains a VPN gateway. You have an Azure subscription that contains the resources shown in the following table. You need to ensure that all the traffic from VM1 to...

To ensure that all traffic from VM1 to Storage1 travels across the Microsoft backbone network, we need to focus on options that enable private, direct, and optimized routing within Azure's network infrastructure. Let's analyze each option based on the requirement: A) Network Security Group (NSG) - NSGs are used to control inbound and outbound traffic to and from resources within a virtual network. They are primarily used for traffic filtering and security, not for controlling routing paths. While an NSG can restrict access to resources, it doesn't specifically influence how traffic between VM1 and Storage1 travels across the network. - Rejection Reason: NSGs do not control traffic routing over the backbone network; they only manage security policies. B) Service Endpoints - Service Endpoints allow resources within a virtual network (such as VMs) to securely connect to Azure services (like Storage, SQL, etc.) over the Azure backbone network. With service endpoints, traffic between the VM and the storage account is directed over the Microsoft backbone network, bypassing the public internet. - Key Factor: This option explicitly ensures that traffic between VM1 and Storage1 will flow over the Microsoft backbone network, as it enables secure connectivity to Azure services. - Selected Option: Service Endpoints are the most appropriate solution for ensuring that traffic travels across the Microsoft backbone ...

Author: Elijah · Last updated May 17, 2026

You plan to deploy route-based Site-to-Site VPN connections between several on-premises locations and an Azure virtual...

To deploy route-based Site-to-Site VPN connections between several on-premises locations and an Azure virtual network, you need to choose a tunneling protocol that is both secure and reliable for this type of deployment. Let's evaluate each option: A) IKEv1: - Explanation: IKEv1 (Internet Key Exchange version 1) is an older protocol used to establish secure communication between devices. - Reasons for rejection: While IKEv1 is supported, it is considered less secure and less efficient compared to newer protocols. It has vulnerabilities and lacks some of the advanced security features found in IKEv2. - Scenarios for Use: IKEv1 is still supported for backward compatibility in environments with legacy systems that don’t support IKEv2, but it is not the best choice for modern deployments. B) PPTP: - Explanation: PPTP (Point-to-Point Tunneling Protocol) is an older VPN protocol primarily used for remote access VPNs. - Reasons for rejection: PPTP is highly insecure and vulnerable to attacks. It is considered obsolete and unsuitable for production environments requiring robust security. - Scenarios for Use: It’s not recommended for any production-level Site-to-Site or secure communications in modern networks. C) IKEv2: - Explanation: IKEv2 (Internet Key Exchange version 2) is a modern and secure tunneling protocol that provides several improvements o...

Author: Victoria · Last updated May 17, 2026

You have an Azure subscription that contains the resources shown in the following table. You configure Azure Site Recovery to replicate VM1 between the US East and West US regions. You perform a test failover of VM1 and specify VNET2 as the target vir...

When performing a test failover with Azure Site Recovery (ASR), the test version of the VM will be deployed in the specified target virtual network (VNET2), and it will be connected to a subnet within that network. The key factor to understand here is that Azure Site Recovery creates a test VM that simulates a failover but does not affect the production resources. Let's analyze each option based on the provided information. Given Information: - The target virtual network for the test failover is VNET2. - A test failover of VM1 is performed from US East to US West regions. - The test version of VM1 will be connected to a subnet in VNET2. Options Analysis: A) TestSubnet1: - Explanation: This subnet could potentially be associated with VNET2, but there's no indication in the question that this subnet is specifically designed for failovers or recovery purposes. It might be a test network, but this option lacks the specific context that makes it the correct subnet for a recovery scenario. B) DemoSubnet1: - Explanation: This subnet might be used for other demo or non-production purposes, but there's no indication in the question that this subnet is the designated recovery subnet. It does not appear relevant to the failover setup. ...

Author: Emma Brown · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request when using an Azure load balancer, the key feature you need to configure is session persistence. Session persistence ensures that once a client connects to a particular server, subsequent requests from the same client are routed to the same server, creating a sticky session. Let's analyze the options one by one: A) Protocol to UDP: - Explanation: UDP (User Datagram Protocol) is used for stateless protocols, such as streaming services or DNS queries, where session persistence is typically not needed. - Reason for rejection: Since this scenario involves web servers (which use HTTP/HTTPS), TCP is the more appropriate protocol for maintaining a persistent connection, and UDP would not be ideal for maintaining sticky sessions. Therefore, this option does not address the session persistence requirement for web traffic. B) Session persistence to None: - Explanation: If session persistence is set to None, there will be no persistence between requests from the same client. This means that the load balancer will distribute requests without any consideration for which server the client is connected to, potentially routing requests to different servers. - Reason for rejection: This is the opposite of what is needed in this scenario, where you want to ensure the same server is used for each request from a client. Therefore, setting session persis...

Author: CrystalWolfX · Last updated May 17, 2026

HOTSPOT - You have an Azure subscription that contains the virtual networks shown in the following table. You have the peering options shown in the following exhibit. You need to design a communication strategy for the resources on the virtual networks. For each of the follo...

Author: Grace · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request in an Azure load balancing scenario, session persistence (also known as sticky sessions) is required. Session persistence guarantees that subsequent requests from the same client are routed to the same backend server, ensuring a consistent experience. Let's analyze each option in the context of your requirement: A) Floating IP (direct server return) to Disabled: - Explanation: The Floating IP setting is related to how traffic is handled once it reaches the backend server. It allows the load balancer to bypass itself and direct traffic straight to the backend server. This is typically used in scenarios with direct server return (DSR) setups for performance optimization. - Reason for rejection: Disabling Floating IP does not directly address the need for session persistence. While it can impact how traffic is routed after the initial connection, it does not ensure that subsequent requests from the same client are sent to the same server. Therefore, this option is not relevant to ensuring sticky sessions. B) Session persistence to Client IP: - Explanation: Session persistence to Client IP ensures that requests from the same client IP address are routed to the same backend server. This is the key feature needed for the requirement of servicing visitors with the same web server for each request. - Reason for selection: This option directly addresses the need for sticky sessions, which is exactly what is required in this scenario. By configuring session persistence to Client IP, you ensure that each visitor’s requests are consistently handled by the same web server, impr...

Author: Olivia · Last updated May 17, 2026

You have an Azure subscription that contains 20 virtual machines, a network security group (NSG) named NSG1, and two virtual networks named VNET1 and VNET2 that are peered. You plan to deploy an Azure Bastion Basic SKU host named Bastion1 to VNET1. You need to configure NSG1 to a...

To allow inbound access to the virtual machines via Azure Bastion, the correct port that needs to be configured in the inbound security rule is 443. Reasoning: 1. Azure Bastion uses the TLS (Transport Layer Security) protocol on port 443 for secure, encrypted RDP (Remote Desktop Protocol) and SSH (Secure Shell) connections to virtual machines. This is the standard port for HTTPS traffic, and it is used by Azure Bastion to access VMs securely without exposing the VMs directly to the public internet. 2. Why other options are rejected: - A) Port 22: Port 22 is typically used for SSH access directly to Linux-based virtual machines. However, when using Azure Bastion, you don't need to expose SSH directly. Azure Bastion provides a secure connection through port 443. ...

Author: NebulaEagle11 · Last updated May 17, 2026

HOTSPOT - Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the servers shown in the following table. You plan to migrate contoso.com to Azure. You create an Azure virtual network named VNET1 that has the following settings: * Address space: 10.0.0.0/16 * Subnet: o Name: Subnet1 o IPv4: 10.0.1.0/24 You need to move DC1 to VNET1. The solution must ensure that the mem...

Author: Amira · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, you should configure Session persistence to Client IP on your Azure load balancer. Reasoning: 1. Session Persistence (also known as Sticky Sessions): - Session persistence ensures that once a client is connected to a specific web server, subsequent requests from that client are directed to the same server, instead of being load-balanced to any of the available VMs. - Client IP session persistence ties a user's session to a specific virtual machine based on their IP address. This ensures that all requests from the same client (based on their IP) go to the same VM for the duration of the session. This is important for applications like web servers where session data may be stored locally on the server, and it would be inefficient or problematic for requests to be distributed to different servers. 2. Why other options are rejected: - A) Session persistence to None: If you set session persistence to None, the load balancer will route each request independently to different VMs, without ensuring that subsequent requests from the same client go to the same VM. This would not meet the requirement to keep users on the same server....

Author: Vivaan · Last updated May 17, 2026

You have an Azure subscription that contains the virtual networks shown in the following table. You need to deploy an Azure firewall named AF1 to RG1 in the...

To determine which virtual networks can be used to deploy the Azure firewall (AF1), we need to understand how Azure firewall deployment works and consider the region and resource group requirements for deployment. Key Points for Deployment: - Azure Firewall can only be deployed in a region and resource group that supports it. - Azure Firewall requires a virtual network (VNet) that is in the same region as the firewall itself. - The virtual network used for the deployment should be in the same region as the Azure firewall (West US in this case) and can either be peered or directly connected to other VNets if needed. Given: - The firewall AF1 needs to be deployed in RG1 in the West US region. - Virtual networks in the table should be checked to ensure they align with these requirements. Explanation: - VNET1: If VNET1 is in the West US region, it can host the Azure firewall. - VNET2: If VNET2 is in the West US region, it can also host the Azure firewall. - VNET3: If VNET3 is not in the West US region, it cannot h...

Author: Nia · Last updated May 17, 2026

You have an on-premises network. You have an Azure subscription that contains three virtual networks named VNET1. VNET2. and VNET3. The virtual networks are peered and connected to the on-premises network. The subscription contains the virtual machines shown in the following table. You need to monitor connectivity between the ...

Reasoning: To determine the minimum number of Connection Monitors to deploy, we need to understand how Connection Monitor works and the requirements of monitoring connectivity between virtual machines (VMs) and the on-premises network. Here are the key factors: 1. Connection Monitor allows you to track the connectivity between various network resources, such as virtual machines, virtual networks, and on-premises networks. It works by monitoring the connection between the source (e.g., VM) and a destination (e.g., on-premises network or another VM). 2. Virtual Network Peering: In your scenario, VNET1, VNET2, and VNET3 are peered. This means that, depending on the routing and the network configuration, a connection between a VM in VNET1 and a VM in VNET2 or VNET3 might need monitoring for connectivity. Additionally, monitoring should include the connection from these VMs to the on-premises network. 3. Minimum Number of Connection Monitors: - You need to monitor the connectivity from each VM to the on-premises network. If you have multiple VMs in different VNets, ideally, you should deploy a separate Connection Monitor for each connection path to the on-premises network. - If VMs in VNET1, VNET2, and VNET3 are all located on different virtual networks, you need at least one Connection Monitor in each VNet to ensure connectivity is verified be...

Author: Oscar · Last updated May 17, 2026

HOTSPOT - You plan to deploy the following Azure Resource Manager (ARM) template. For each of the following statements, select Yes if the statement is true. ...

Author: Ella · Last updated May 17, 2026

You have an Azure subscription that contains a storage account. The account stores website data. You need to ensure that inbound user traffic uses the Microsoft point-of-p...

To ensure that inbound user traffic uses the Microsoft point-of-presence (POP) closest to the user's location, the correct solution is C) Routing preference. Reasoning: 1. Routing Preference in Azure refers to the feature that allows you to configure the traffic routing to use the closest point of presence (POP) when accessing services like storage accounts. This ensures that users' requests are directed to the nearest regional entry point for the service, reducing latency and improving performance. - Microsoft Point-of-Presence (POP): When a user requests content from your storage account, Azure can route the request to the nearest POP (typically located in the region closest to the user) for faster access. This is especially important for global applications to ensure minimal latency for users from different regions. Why other options are rejected: - A) Private endpoints: Private endpoints are used for securely connecting to Azure resources over a private IP address within a virtual network. While they enhance security, they do not help with routing user traffic to the nearest POP. They are typically use...

Author: GlowingTiger · Last updated May 17, 2026

You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual machines are in a subnet named Subnet1. Subnet1 is in a virtual network named VNet1. Y...

To prevent VM1 from accessing VM2 on port 3389, the correct option is A) Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1. Explanation: 1. Network Security Groups (NSGs) control inbound and outbound traffic to network interfaces (NICs) and subnets in Azure. You can use NSGs to define rules that allow or deny traffic based on source IP, destination IP, ports, and protocols. 2. The requirement is to prevent VM1 from accessing VM2 on port 3389. - Port 3389 is used for Remote Desktop Protocol (RDP), which allows access to virtual machines running Windows. - If you want to prevent VM1 from initiating traffic to VM2 on port 3389, you would need to deny outbound traffic from VM1 to VM2 on that port. - Option A: - Create an NSG with an outbound rule that denies traffic on destination port 3389. - Apply this NSG to VM1's network interface. - This would stop VM1 from reaching VM2 on port 3389, as the outbound traffic from VM1 to VM2 on port 3389 would be blocked. Why other options are rejected: - Option B (Configure Azure Bastion in VNet1): - Azure Bastion is a service that allows secure and seamless RDP or SSH co...

Author: FlamePhoenix2025 · Last updated May 17, 2026

You have an Azure subscription that contains the resources shown in the following table. You need to manage outbound traffic f...

To manage outbound traffic from VNET1 using Firewall1, the first step is to C) Create a route table. Reasoning: 1. Managing Outbound Traffic with Azure Firewall: - Azure Firewall is a stateful network security service that monitors and controls outbound and inbound traffic. To use Firewall1 for managing outbound traffic from VNET1, you need to ensure that VNET1's outbound traffic is routed through Firewall1. This is done by creating a route table with a route that points to Firewall1 as the next hop for outbound traffic. - A route table allows you to control the flow of traffic and ensures that traffic from VNET1 is directed to Azure Firewall for inspection and filtering before reaching the internet or other destinations. 2. Why Other Options Are Rejected: - Option A (Configure the Hybrid Connection Manager): - The Hybrid Connection Manager is part of Azure App Service and is used for connecting on-premises systems to Azure App Service resources. It is not related to managing network traffic through Azure Fire...

Author: Leo · Last updated May 17, 2026

You have an Azure subscription that contains the resources shown in the following table. All the resources connect to a virtual network named VNet1. You plan to deploy an Azure Bastion ...

To determine which resources can be protected by Azure Bastion (Bastion1), it's important to understand the capabilities and usage of Azure Bastion. Key Concepts: - Azure Bastion is a fully managed service that provides secure and seamless RDP (Remote Desktop Protocol) and SSH (Secure Shell) access to virtual machines (VMs) in a virtual network without exposing the VMs to the public internet. - Azure Bastion works by providing a secure jump server inside the same virtual network (VNet1) where the resources (VMs) are located. Therefore, Bastion1 will provide access to virtual machines (VMs) and other resources within the same VNet. Breakdown of the Options: 1. VM1: - VM1 is a virtual machine. Azure Bastion is primarily designed to provide secure RDP and SSH access to virtual machines. So, VM1 can be protected using Bastion1. 2. contoso.com: - contoso.com appears to be a domain or a web application (not a virtual machine), and Azure Bastion is not designed to secure access to domain names or web applications. Instead, it is used to secure access to virtual machines within the VNet. 3. App1: - App1 likely refers to an application or service within the network. Azure Bastion does not provide access or protection to applications or services (like web apps, etc.)—...

Author: Abigail · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, the primary goal is to maintain session persistence. This ensures that once a user connects to a particular server, subsequent requests from that user are always routed to the same server for the duration of their session. Let's evaluate each option: A) Session persistence to None: - Explanation: This setting disables session persistence, meaning each request could be directed to any available server, without considering which server was previously handling the user's requests. - Why it's rejected: This does not satisfy the requirement of ensuring that visitors are serviced by the same web server for each request. - Scenario: It would be useful in cases where load balancing should be completely random, such as in stateless applications. B) A health probe: - Explanation: A health probe is used by the Azure load balancer to check the health of the backend virtual machines. If a machine is healthy, traffic can be routed to it; if unhealthy, traffic is redirected to another healthy VM. - Why it's rejected: Health probes are primarily for ensuring that only healthy VMs receive traffic. While important for availability, this does not enforce session persistence, which is the specific requirement here. - Scenario: Health probes are critical for ensuring high availability and resilience in case of failures but don't maintain consistent session routing. C) Session persistence to Client IP and protocol: - Explanation: This configuration ensures that traffic from the same clien...

Author: Ishaan · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, the focus should be on session persistence, which ensures that requests from the same client are consistently routed to the same backend virtual machine (VM) for the duration of the user's session. Let's evaluate each option: A) A health probe: - Explanation: Health probes are used to check the health of backend VMs and ensure that traffic is only sent to healthy servers. However, they do not ensure session persistence, meaning that they do not guarantee a client will always be directed to the same server for subsequent requests. - Why it's rejected: A health probe ensures availability, but does not handle session persistence. This is not the correct option to ensure users are always routed to the same web server. - Scenario: This would be useful in ensuring that traffic is only directed to healthy servers, but not for keeping users on the same server for each request. B) Floating IP (direct server return) to Enabled: - Explanation: The Floating IP option enables direct server return (DSR) mode, where the client connects directly to the backend VM, bypassing the load balancer for the response. This is useful in specific scenarios where you want to reduce load on the load balancer and improve performance. - Why it's rejected: While this can help with improving load balancing performance, it does not ensure that a client is directed to the same server for each request. It primarily affects the way the traffic flow is handled between the client and backend servers, not session persistence. - Scenario: It is useful when you want to improve the performance of traffic routing by bypassing the load balancer, but it doesn't address session persistence. C) Session persistence to Client IP and protocol: - Explanation: ...

Author: Ethan Smith · Last updated May 17, 2026

You have an Azure subscription that contains 10 virtual machines and the resources shown in the following table. You need to ensure that Bastion1 can support 100 concurrent SSH user...

In this scenario, you need to ensure that Bastion1 can support 100 concurrent SSH users. The key requirement here is to ensure that Bastion1 has sufficient resources to handle the desired number of concurrent SSH sessions. Let's evaluate the options: A) Resize the subnet of Bastion1 - Explanation: Resizing the subnet would involve changing the range of IP addresses available within the subnet. However, resizing the subnet doesn't directly affect the performance or capacity of Azure Bastion itself in terms of handling concurrent users. The capacity of Azure Bastion is related to its SKU and other resource allocations, not the size of the subnet. - Why it’s rejected: Resizing the subnet is not related to the capacity of Azure Bastion to handle a specific number of concurrent SSH sessions. This action doesn't directly address the issue of supporting 100 concurrent SSH users. - Scenario: This would be relevant if there was a need to allocate more IPs, but it's not the right action to improve Bastion's scalability or session capacity. B) Configure host scaling - Explanation: Host scaling refers to adjusting the number of backend VMs or scaling an infrastructure to handle increased load. While this could be relevant in certain contexts for scaling applications or virtual machines, Azure Bastion does not use a scaling approach based on the number of backend VMs. Instead, it relies on the SKU for scaling capacity. - Why it’s rejected: Azure Bastion doesn't require manual scaling of VMs to handle more SSH users. The scaling of Bastion itself is controlled by the SKU, not by scaling the hosts. Therefore, configuring host scaling is not the correct approach for this situation. - Scenario: Host scaling could be relevant for other types of Azure services but not for Azure Bastion's S...

Author: Kai · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, session persistence (also called "stickiness") must be configured. This ensures that a client’s subsequent requests are routed to the same backend server, maintaining consistency in the session. Let's evaluate each option: A) Session persistence to Client IP and protocol: - Explanation: This setting ensures that all requests from the same client (identified by their IP address and protocol) are routed to the same backend server. This is known as "session affinity" or "stickiness," which guarantees that users remain connected to the same server throughout their session. - Why it’s selected: This option directly addresses the need for ensuring that visitors are serviced by the same web server for each request. The configuration uses the client’s IP address and the protocol to maintain consistency in routing, which is ideal for web applications that require sticky sessions. - Scenario: This is the best option when you need to ensure that users are consistently connected to the same server during the session, which is crucial for applications that maintain session data. B) Protocol to UDP: - Explanation: UDP (User Datagram Protocol) is a connectionless protocol that does not guarantee reliability or session persistence. It is generally used for real-time applications, like video streaming or gaming, where low latency is prioritized over maintaining a session. - Why it’s rejected: UDP does not provide mechanisms for session persistence and is not suitable for web applications that require session affinity or sticky connections. For web servers, typically TCP (Transmission Control Protocol) is used, which can support session persistence. - Scenario: UDP is useful for applications that do not require session state or reliability but is not applicable for maintaining persistent connections to web servers. C) Session persiste...

Author: Liam123 · Last updated May 17, 2026

DRAG DROP - You have a Windows 11 device named Device and an Azure subscription that contains the resources shown in the following table. Device1 has Azure PowerShell and Azure Command-Line Interface (CLI) installed. From Device1, you need to establish a Remote Desktop connection to VM1. Which three actions should you...

Author: RadiantPhoenixX · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, the correct configuration is Session persistence. Let’s walk through each option to explain why: A) Floating IP (direct server return) to Enabled - Floating IP is used when you have a scenario where traffic needs to bypass the load balancer after the first request and be sent directly to the backend VM. This is common in scenarios where you want a more efficient network path for high-performance workloads or when there is a need for direct server return (DSR) to optimize network traffic. - Why it’s not suitable: This option does not help with maintaining session persistence for a specific visitor across multiple requests. It is mainly focused on network traffic optimization and server communication, not on ensuring that the same web server handles the session consistently. B) Session persistence to Client IP - Session persistence (also known as "sticky sessions") ensures that traffic from the same client (based on their IP address) is directed to the same backend server for each request. This is typically used in scenarios where the web application maintains state or sessions (such as login information, cart data, etc.) that need to be handled by the same server throughout the session. - Why it’s the right choice: This option will ensure that a visitor is serviced by the same web server for each request. The load balancer will recognize the client's IP address and direct them to the same VM, ensuring consistency for the visitor's session. C) Protocol to UDP - UDP (User Datagram Protocol) is a connectionless protocol, wh...

Author: Michael · Last updated May 17, 2026

You have an Azure subscription that has the public IP addresses shown in the following table. You plan to deploy an Azure Bastion Basi...

When selecting an IP address for the Azure Bastion Basic SKU host, it is important to understand the requirements for the public IP address. Specifically, the Azure Bastion Basic SKU has some constraints regarding the type of IP address it can use. Key Points: - Azure Bastion Basic SKU requires a Static Public IP Address. A dynamic public IP address cannot be used with the Basic SKU. - Azure Bastion needs the IP to be in the Standard SKU type (not Basic). - Private IPs or other types of public IP addresses like dynamic or basic-tier IPs are not supported with the Bastion service. Evaluating the options based on the public IP characteristics: A) IP1 only - Reason for rejection: The public IP address IP1 would only be valid if it is a static IP address of the Standard SKU type. - If IP1 is dynamic or of the Basic SKU, it cannot be used. B) IP1 and IP2 only - Reason for rejection: This option only allows IP1 and IP2, but both need to be static and of Standard SKU...

Author: ThunderBear · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

In this scenario, the requirement is to ensure that visitors are serviced by the same web server for each request. This can be achieved through session persistence or "sticky sessions," where a user's requests are always routed to the same backend server. Let’s analyze each option: A) Floating IP (direct server return) to Disabled - Floating IP is typically used when there’s a need for direct server return (DSR), where the load balancer is bypassed after the initial request, and the backend server directly responds to the client. This is not related to session persistence or routing requests to the same server for the duration of a session. - Why it’s not suitable: While disabling floating IP might be useful for other scenarios, it doesn’t help in ensuring that a visitor is serviced by the same web server across multiple requests. B) Floating IP (direct server return) to Enabled - Floating IP (direct server return) allows the backend server to respond directly to the client after the first request, bypassing the load balancer. This is used for optimizing traffic flow in certain high-performance scenarios, but it does not help with maintaining session persistence for a visitor. - Why it’s not suitable: This setting doesn't ensure that the same server is servicing requests from the same client. Floating IP is more about traffic routing and is not related to session consistency. C) A health probe - A health probe is used by the load balancer to check the health of backend servers (VMs). If a server fails the health check, it will be r...

Author: Liam · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

In this scenario, you need to ensure that visitors are consistently directed to the same web server for each request. This can be achieved through session persistence, also known as "sticky sessions," which ensures that a user's requests are routed to the same backend server for the duration of the session. Let's analyze each option: A) Floating IP (direct server return) to Enabled - Floating IP allows for direct server return (DSR) where after the initial request, traffic is routed directly from the client to the backend server, bypassing the load balancer. This is commonly used for high-performance scenarios but does not guarantee session persistence. It is more about optimizing traffic flow between the client and server. - Why it’s not suitable: This option does not address the need for keeping a visitor’s requests on the same backend server. It focuses on traffic management, not session consistency. B) Idle Time-out (minutes) to 20 - Idle Time-out refers to how long the load balancer will maintain a session for a connection that is inactive (i.e., no data is transmitted during this time). The default time is usually 4-5 minutes, but it can be increased to avoid session termination too soon. - Why it’s not suitable: While adjusting idle timeout can help manage long sessions, it does not address the core requirement of routing requests from the same visitor to the same backend server consistently. This setting only determines when idle connections are closed but does not ensure session persistence to the same server. C) A health probe - A health probe is used to monitor the health of ...

Author: Liam · Last updated May 17, 2026

You have two Azure subscriptions named Sub1 and Sub2. Sub1 contains a virtual machine named VM1 and a storage account named storage1. VM1 is associated to the resources shown in the following t...

To move VM1 to Sub2, you need to consider all the resources associated with the virtual machine that are required for its operation. Let's analyze the resources shown in the table and review the options: Key Considerations: - VM1 relies on several resources to function, such as the virtual machine itself, its disks, and associated networking components. - When moving a virtual machine across Azure subscriptions, all resources that the VM depends on (such as disks, network interfaces, and virtual networks) must be moved to the destination subscription. This is essential for the VM to function correctly after the move. Analyzing Each Option: A) VM1, Disk1, and NetInt1 only - Why it’s not suitable: NetInt1 refers to a Network Interface (network interface card), but NetInt1 is part of the networking configuration. The move does not include VNet1, which is the Virtual Network the VM is connected to. A virtual machine cannot operate without being part of a virtual network, so not moving the VNet1 would break connectivity. - Rejected because: VNet1 is missing in this option, which is required for VM1's connectivity. B) VM1, Disk1, and VNet1 only - Why it’s not suitable: This option includes the VM1, Disk1, and VNet1 but does not include the network interface (NetInt1). The network interface is necessary for the VM to communicate with the virtual network. Without moving the network interface, the VM would not have network connectivity, making it unusable. - Rejected because: The network interface is required for connectivity and must be included in the move. C) VM1, Disk1, and storage1 on...

Author: Chloe · Last updated May 17, 2026

You have five Azure virtual machines that run Windows Server 2016. The virtual machines are configured as web servers. You have an Azure load balancer named LB1 that provides load balancing services for the virtual machines. You need to...

To ensure that visitors are serviced by the same web server for each request, the ideal solution is to use session persistence (also known as sticky sessions). This setting ensures that once a client is directed to a specific web server, they will continue to be routed to that same server for the duration of their session. Now, let's analyze the options: A) Session persistence to Client IP and protocol - Explanation: This option ensures that requests from the same client IP and protocol (HTTP or HTTPS) are consistently directed to the same virtual machine (VM) by the load balancer. This is the best choice in this scenario because it will "stick" a client to the same server throughout their session, making sure the web server consistently services them. - Reasoning: This is the most suitable option because the load balancer will direct all requests from a given client IP to the same backend server, fulfilling the requirement of ensuring visitors are serviced by the same web server during their session. - Selected option: A is optimal for maintaining session consistency. B) Idle Time-out (minutes) to 20 - Explanation: The idle timeout setting controls how long the load balancer waits before considering an idle session to be closed. Setting this to 20 minutes would mean that the session will persist for a maximum of 20 minutes without any activity. This is not the primary mechanism for session persistence. - Reasoning: While it could affect session behavior, it doesn’t guarantee the sticky session to the same server. It's more about keeping idle sessions alive, not ensuring they are routed to the same server. - Rejec...

Author: Lucas · Last updated May 17, 2026