ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-700 All Questions

View all questions & answers for the AZ-700 exam
Go to Exam

Exam AZ-700 topic 3 question 31 discussion

Actual exam question from Microsoft's AZ-700
Question #: 31
Topic #: 3
[All AZ-700 Questions]

You have an Azure subscription that contains the following resources:

• A virtual network named Vnet1
• Two subnets named subnet1 and AzureFirewallSubnet
• A public Azure Firewall named FW1
• A route table named RT1 that is associated to Subnet1
• A rule routing of 0.0.0.0/0 to FW1 in RT1

After deploying 10 servers that run Windows Server to Subnet1, you discover that none of the virtual machines were activated.

You need to ensure that the virtual machines can be activated.

What should you do?

  • A. On FW1, create an outbound service tag rule for AzureCloud.
  • B. Add an internet route to RT1 for the Azure Key Management Service (KMS).
  • C. On FW1, configure a DNAT rule for port 1688.
  • D. Deploy an Azure Standard Load Balancer that has an outbound NAT rule.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by NoeHdzMll at Jan. 14, 2023, 11:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TJ001
Highly Voted 10 months, 4 weeks ago
There are two options ... 1) Add specific outbound rule for KMS in the FW as there is already default route points FW 2) Add specific address prefix route in route table so it can by pass default route to FW In this case the chosen Answer - B looks correct
upvoted 5 times
...
Murad01
Most Recent 6 days, 19 hours ago
Not again this question, repeated 9 times already
upvoted 2 times
...
flurgen248
9 months ago
Selected Answer: B
Correct Answer is B. A: AzureCloud is the wrong tag. Apparently would need to be AzurePlatformLKM-Windows licensing or key management service. https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags B: Something is blocking access to KMS, so a route should fix that. https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems#cause C: DNAT rules are inbound only. D: A Nat rule wouldn't work, for reasons. https://learn.microsoft.com/en-us/azure/load-balancer/outbound-rules
upvoted 4 times
...
tester2023
10 months, 2 weeks ago
The article below is a simiar scenario and it points out you need a route (in our case FW or Route Table) that will route traffic to the Microsoft KMS service on port 1688. https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/custom-routes-enable-kms-activation
upvoted 3 times
...
NoeHdzMll
11 months ago
Correct answere C. "DNAT rules implicitly add a corresponding network rule to allow the translated traffic." https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat
upvoted 1 times
alfonzo47
11 months ago
i think that DNAT is only for inbound rules. In this case the windows VMs will try to reach the KMS server (outbound traffic) hence i would go with option B even tho there is no service tag for KMS that can be chosen...
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago