Your company is migrating to Azure and replicating their on-premises network in the cloud. They’re developing a plan to use Azure Virtual Network to organize company resources into virtual networks and subnets. You’re working on the design for the company IP address schema, mapping out which ranges can be assigned, and which ranges can be denied traffic.
- The Sales department has a subnet with an address range of 10.3.0.0/16.
- The infrastructure team has firewall rules to deny traffic based on IP address ranges.
- You’re examining how to use Azure Virtual Network to enable communication between resources within the company network and in the cloud.
Question 1
For the Sale department subnet range, which IP address can be dynamically assigned?
A. 10.3.0.2
B. 10.3.255.255
C. 10.3.255.254
Answer
C. 10.3.255.254
Explanation
Any address in the range 10.3.0.4 through 10.3.255.254 is available for assignment. This is because Azure assigns addresses from 10.3.0.4 to 10.3.255.254. The first four addresses (10.3.0.0-10.3.0.3) are reserved by Azure and the last address (10.3.255.255) is the subnet broadcast address.
A is incorrect. Azure reserves the first four addresses in each subnet address range. These four addresses can’t be assigned to resources: 10.3.0.0-10.3.0.3.
B is incorrect. The subnet broadcast address can’t be assigned.
Question 2
What feature can support the denial of traffic based on the IP address range?
A. Statically assigned IP addresses
B. Dynamically assigned IP addresses
C. IP addresses in the reserved range
Answer
A. Statically assigned IP addresses
Explanation
In this situation, use statically assigned IP addresses to avoid having to change the firewall rules. Statically assigned IP addresses. This is because static IP addresses do not change and can be used to configure firewall rules. Dynamic IP addresses can change and require updating the firewall rules. Reserved IP addresses are not available for use.
B is incorrect. Dynamically assigned IP addresses require firewall rules to be changed.
C is incorrect. IP addresses in the reserved range can’t be used.
Question 3
Which of the following statements about Azure Virtual Network is correct?
A. Outbound communication with the internet must be configured for each resource on the virtual network.
B. Azure Virtual Network enables communication between Azure resources.
C. Azure virtual networks can’t be configured to communicate with on-premises resources.
Answer
B. Azure Virtual Network enables communication between Azure resources.
Explanation
Azure Virtual Network connects Azure resources including virtual machines, the Azure App Service Environment, Azure Kubernetes Service (AKS), and Azure Virtual Machine Scale Sets. You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts.
Azure Virtual Network enables communication between Azure resources. This is because Azure Virtual Network is a service that allows you to create and manage isolated networks in Azure. You can connect Azure resources within a virtual network or to other Azure resources using service endpoints. You can also connect your on-premises network to a virtual network using VPN or ExpressRoute.
A is incorrect. All resources in a virtual network can communicate outbound to the internet, by default.
C is incorrect. You can connect your on-premises computers and networks to a virtual network by using a Point-to-site virtual private network (VPN), Site-to-site VPN, or Azure ExpressRoute.
Microsoft Azure Administrator AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Administrator AZ-104 exam and earn Microsoft Azure Administrator AZ-104 certification.