AZ-700 Exam Dumps - Designing and Implementing Microsoft Azure Networking Solutions

Here are the steps and explanations for ensuring that connections to the storage34280945 storage account can be made by using an IP address in the 10.1.1.0/24 range and the name stor-age34280945.pnvatelinlcblob.core.windows.net:

To allow access from a specific IP address range, you need to configure the Azure Storage firewall and virtual network setti ngs for your storage account.  You can do this in the Azure port al by selecting your storage account and then sele cting Networking under Settings 1 .

On the Networking page, sele ct Firewall s and virtual networks, and then select Selected networks under Allow access from 1 . This will block all access to your storage account except from the networks or resources that you specify.

Under Firewall, select Add rule, and then enter 10. 1.1.0/24 as the IP address or range.  You can also enter an option al rule name and description 1 . This will allow access from any IP address in the 10.1.1.0/24 range.

Sele ct Save to apply your changes 1 .

To map a custom domain name to your storage accou nt, you need to create a CNAME record with your domain provider that points to your s torage account endpoint 2 . A CNAME record is a type of DNS record that maps a source domain name to a desti nation domain name.

Sign in to your domain registrar’s website, and then go to the page for managing DNS settings 2 .

Create a CNAME record with the following information 2 :

Source domain name: stor-age34280945.pnvatelinlcblob.core.windows.net

Destination domain name: stor-age34280945.pnvatelinlcblob.core.windows.ne t

Save your changes a nd wait for the DNS propagation to take e ffec t 2 .

To register the custom domain name with Azure, you need to go back to the Azure portal and select you r storage account.  Then select Custom domain under Blob service 2 .

On the Custom domain page, enter stor-age34280945.pnvatelinlcblob.core.windows .net as the custom domain name and select Save 2 .

To provide a single host name that routes traffic based on the origin, you can use  Azure Traffic Manager . This service allows you to route traffic to different endpoints based on various routing methods, i ncluding geographic routing.

Navigate to the Azure Portal .

Search for “Traffic Manager profiles”  and select it.

Click on “Create” .

Enter the following details :

Name : Enter a name for the Traffic Manager profile (e.g.,  ContosoTrafficManager ).

Routing method : Select  Geographic .

Subscription : Select your subscription.

Resource group : Select an existing resource group or create a new one.

Resource group location : Choose a location (this does not affect the routing).

Click on “Create” .

Navigate to the newly created Traffic Manager profile .

Select “Endpoints”  from the left-hand menu.

Click on “Add”  to add a new endpoint.

Enter the following details :

Type : Select  Exter nal endpoint .

Name : Enter a name for the endpoint (e.g.,  NewYorkEndpoint ).

FQDN : Enter  ny.contoso.com .

Geographic region : Select  “World”  (this will be adjusted later).

Click on “Add”  to save the endpoint.

Repeat the process  to add the second endpoint:

Type : Select  External endpoint .

Name : Enter a name for the endpoint (e.g.,  GermanyEndpoint ).

FQDN : Enter  de.contoso.com .

Geographic region : Select  Europe .

Navigate to the Traffic Manager profile .

Select “Configuration”  from the left-hand menu.

Under “Geographic routing” , adjust the regions:

For the  GermanyEndpoint , ensure that the geographic region is set to  Europe .

For the  NewYorkEndpoint , ensure that the geographic region is set to  World  (excluding Europe).

Use a DNS query tool  to test the routing.

From a location in Germany , query the Traffic Manager profile’s DNS name and ensure it resolves to  de.contoso.com .

From a location outside Europe , query the Traffic Manager profile’s DNS name and ensure it resolves to  ny.contoso.com .

Azure Traffic Manager : This service uses DNS to direct client requests to the most appropriate endpoint based on the routing method you choose. Geographic routing ensures that traffic is directed based on t he origin of the request.

Geographic Routing : This method allows you to route traffic based on the geographic location of the DNS query origin, ensuring that users are directed to the nearest or most appropriate endpoint.

Step-by-Step Solution Step 1: Create a Traffic Manager Profile Step 2: Configure Endpoints Step 3: Adjust Geographic Routing Step 4: Test the Configuration Explanation By following these steps, you can provide a single host name that routes traffic to  de.contoso.com  for users in Germany and to  ny.contoso.com  for users from other locations, ensuring efficient and appropriate traffic management.

To create an Azure Firewall instance, you need to go to the Azure portal and select Create a resource. Type firewall in the search box and press Enter.  Sel ect Firewall and then select Create 1 .

To assign an IP address from the address range of 1 0.1.255.0/24 to the firewall, you need to select a public IP address that belongs to that range.  You can either create a new public IP address or use an existing one 1 .

To use a new Premium firewall policy named FW-policy1, you need to select Premium as the Firewall tier and c reate a new policy with the name FW-policy1 2 .  A Pre mium firewall pol icy allows you t o configure ad vanced features such as TLS Inspection, IDPS, URL Filtering, and Web Categories 3 .

To route traffic directly to the internet, you need to enable SNAT (Source Network Address Translation) for the firewall.  SNAT allows the firewall to use its pub lic IP address as the source address for out bound t raffic 4 .

Here are the steps and explanations for ensuring that all hosts deployed to subnet3-2 connect to the internet by using the same static public IP address:

To use the same static public IP address for multiple hosts, you need to create a NAT gateway and associate it with subnet3-2.  A N AT gateway is a resourc e that performs network address translation ( N AT) for outbound traffic from a subnet 1 .  It allows you to use a single public IP address for multiple private IP addre sses 2 .

To create a NAT gateway, you need to go to the Azure portal and select Create a resource.  Search for  NAT gateway , select  NAT gat eway , then select  Create 3 .

On the Create a NAT gateway page, enter or sele ct the following information and accept the defaults for the remaining settings:

Subscription: Select your subscription name

Resource group: Select your resource group

Name: Type a unique name for your NAT gateway

Region: Select the same region as your vir tual network

Public IP address: Select Create new and type a name for your public IP address.  Select  Sta ndard  a s the SKU an d  Static  as the assignment method 4 .

Se lect  Review + create  and then select  Create  to c reate your NAT gatewa y 3 .

To associate the NAT gateway with subnet3-2, you need to go to the Virtual networks service in the Azure portal and select your virtual network.

On the Virtual network page, select Subnet s under Settings, and then select subnet3-2 from the list.

On the Edit subnet page, under NAT gateway, select your NAT gateway from the drop-down list. Then select Save.