Use VCE Exam Simulator to open VCE files
100% Latest & Updated Microsoft AZ-700 Practice Test Questions, Exam Dumps & Verified Answers!
30 Days Free Updates, Instant Download!
AZ-700 Premium Bundle
Download Free AZ-700 Exam Questions
File Name | Size | Download | Votes | |
---|---|---|---|---|
File Name microsoft.certkey.az-700.v2024-10-22.by.freya.46q.vce |
Size 2.76 MB |
Download 118 |
Votes 1 |
|
File Name microsoft.braindumps.az-700.v2022-01-18.by.henry.48q.vce |
Size 2.88 MB |
Download 1101 |
Votes 1 |
|
File Name microsoft.actualtests.az-700.v2022-01-01.by.ollie.29q.vce |
Size 1.5 MB |
Download 1080 |
Votes 1 |
|
File Name microsoft.testking.az-700.v2021-10-01.by.tommy.34q.vce |
Size 1.62 MB |
Download 1190 |
Votes 1 |
Microsoft AZ-700 Practice Test Questions, Microsoft AZ-700 Exam Dumps
With Examsnap's complete exam preparation package covering the Microsoft AZ-700 Practice Test Questions and answers, study guide, and video training course are included in the premium bundle. Microsoft AZ-700 Exam Dumps and Practice Test Questions come in the VCE format to provide you with an exam testing environment and boosts your confidence Read More.
In this section of the course, we're going to talk about private IP addressing for virtual networks. So we moved on to this big section on the core concepts of networking in the cloud, which was 20% to 25% of the exam score. Now, we've already created an avirtual network earlier in this. We've been using that in the last section for some of the demos. And so we will continue to use the virtual network that we've created. But we need to talk about subnets. Subnets have a couple of different purposes within Azure. They are subdivisions of the overall virtual network. They can be used to place the different components of your own solution, be it the frontend, the mid tier, or the database end, into different network segments for security reasons. And they're also required. We've seen this when we created the VPN gateway that they have to be on their own subnet. We're going to see this in terms of firewallshaving to be on their own subnet, or the Bastion service having to be on its own subnet. And so, Microsoft Azure does require private subnets for some of its own services. And we'll end up this section talking about subnet delegation. So we're in the virtual network that we created earlier, AZ 700. Of course, in my case,it's located in the West US. As we saw, So we're going to go over to the subnet tab here. Now, you'll see here, when I created this virtual network, I created one subnet called Default. Every virtual network must have one subnet. As I said, the purpose of the subnet is to subdivide the overall address space. So, looking at the address space for the VirtualNetwork, I have reserved a 24 address space for it, giving me 256 IP addresses to work with, minus the reserved IP address, which we will discuss in a moment. So this is the limit that we have currently. Now, we can always extend the address space. So, right now I can say 2100. Now I've added an additional 256 addresses. I can just click save on that. And I've basically given myself double the space to create subnets and resources. So let's switch over to the subnets real quick. So we created this default subnet when we first created the Virtual Network, and at that time it was a smaller subsection of the overall address space. So when we created it, we had 256 addresses and we reserved 64 addresses for the default space. Now the 64 addresses get cut down to five because Microsoft Azure reserves five addresses of every subnet for itself. So we really only have 59 available, even though there are 64 that are taken. Now, like I said, the purpose of a subnet is to subdivide a network for your own purpose, and that is to separate various parts of your solution according to their security context. So you might have a front-end web server that you want to be open and public to the Internet,maybe over port 80 or port four, four, three. And so that's going to exist in one sense that you can allow traffic in over those ports. But then you might have a middle tier, an application tier, which only ever gets communicated to by other parts of your solution and never by the open public. And you want that to be in a different security context, and that could be on its own subnet. Finally, you might have a database tier or a backend tier or some other extremely secure network that only gets communicated over port 1433, for instance. And so you don't want web traffic travelling to your back end servers, and therefore that can be in its own subnet. So you can. You don't have to,but you can divide up your solution into subnets according to the security context. And then you set the rules, the NSG rules,so that traffic can travel between the subnets according to the traffic that you're expecting. Now, I did name this first subnet "default." It does not have to be named "default," but that's what I called it. And you'll see, the second purpose for subnetsis for Microsoft Azure's own purposes, which could be the Gateway, could be the Firewall,could be the bastion server.So as we're going through this,we're going to create subnets that Microsoft is going to need for its own purposes. And we'll do that. So that's just a general breakdown of what a subnet is and what its purpose is. We're going to start to go and create some more subnets for ourselves in the next video.
Alright, so I'm going to start by cleaning up the way that this is set up a little bit. So I'm going to delete the default subnet. I don't have any devices connected to it, so it shouldn't be a problem to delete it. Like I said, there does need to be a minimum of one subnet on the virtual network, so I click the delete button button.That was fairly quick. Now I'm going to create three subnets. I'm going to create a frontend subnet, an in-tier subnet, and a backend subnet. So I'm going to call this the front end. This makes it easy when creating resources to know which subnet I want to deploy them to. Now we do have the option of choosing our address range. Remember, this entire address space is now controlled by from 100 zero all the way to 100 1255 since I expanded it. So I feel good. I can reserve 64 addresses for the front end. There's no network security group attached to this yet, so I haven't started to protect traffic coming into this network, and we'll do that in a second, and I'm not delegating anything yet. We'll do that later in this section. So we'll create the front and subnet. Now I can delete this gateway device. There are no devices attached to it. If you're just creating this from scratch, you don't need to do the deletions, obviously. Now I can create the mid tier and since 100 0 is taken,I can take 100 0 64, I can take the next 64. So after this, if I say save, we've used up half of that first allocation of IP addresses, and then finally I can do the data tier. And again, it's automatically selecting the next available range, which is 26, and I'm going to reserve another 64 addresses for that. So now I have a virtual network thathas three subnets, but there's no security right now, so I haven't actually started to allow traffic or restrict traffic into these. Now there's a whole section of this exam if we go back to the requirements here that talks about network security groups. So all the way down in the security section,we have a whole section on network security groups. So I won't go too far into it here. So we can start to add resources, web servers to the front end, application servers in the middle tier, and our SQL Server in a VM or whatever our database solution is in the back end here, but we have to deal with the security when that time comes. And that would be an example of the type of setup that you would have.
Now let's look at an example of that. So resources, when they're created, are actually attached to a subnet. They are not attached to the virtual network layer. They have to be attached to a subnet. So, if I were to create a virtual machine VM, it would be in the western United States. I'm going to leave it without redundancy. Let's do the small size. I get the last one is fine. Now, one of our first decisions after we've created the type of VM is some security question in terms of do we want to allow stuff to come in? Let's say this virtual machine is serving as a webserver, then we could, at the time of creation, allow port 80 and port four four three to come in. That's fair. I'm going to skip over the disc and go to the network. Now it's offering to create a brand new network here. So this bracket means a new network,but I could actually choose my existing network. And I want to put this on the front end. So now you can see that by naming the subnet, it actually helps us determine where this machine is going. If we're configuring this to be a web server, then we want this to be on the front end so we can allow port 80 and 443 traffic to come in. So it needs an IP address for the machine itself. And so I will create one. It's repeated the question to me about asking for inbound ports. So this basically allows traffic into the virtual machine as well as traffic onto the network. And if I skip over the rest of it in terms of monitoring advanced extensions and just sayreview, then we will have our first device, our first virtual machine, installed on our front end network. And we can actually create this as a web server. We can log into the machine, set up IIS, have it serve traffic, and demonstrate that we're able to see that it's working in the front end subnet. So the deployment of the VM is complete. I'm going to click to go to Resources. Now, I will say two things. One is that this virtual machine is now running,and we're going to be charged for the per minute charge for this VM. So it's probably in your best interest to not have the virtual machine running when you don't need it. So you can either just go through the demo and then stop it or delete it, or you can set up some type of auto shut down. So at the end of the day, everything shuts down and the charges stop. The second thing is that we're concerned about the networking here on the device. We can see some information about the networking on the home page, the overview screen, that's been granted a public IP address because we requested it. And it also has a private IP address. So, this is part of our IP range. For the subnet, We can see what subnet it's part of. So if we notice, I deploy this to its own group, so when I go into the group for theVM, we can see that the virtual machine is a resource but the network interface card is a separate resource. It's also created a network security group. Like I said, we'll talk about that later in the course. But it has created a set of security rules to allow traffic from the outside to travel in over port 8443 and the RDP port as well, so that we can manage it. Now, the way that it's done technically is by attaching the network security group to the network interface card. We do have this option and we'll talk about it later about whether the network security group is attached to the subnet or whether it's attached to the interface card. In this particular case, it's attached to the network interface. We can see this by going on to networkinterface and if we switch down to the networksecurity group setting, we can see that it's pointing to our network security group that's been created. Now, here's a question. Will I be able to communicate with another virtual machine on the same subnet if I create another? I'm going to pause and you can think about this. If I create two virtual machines on the same subnet and do nothing else, can they talk to each other over the private IP address? Obviously, we will see the answer to that in the next one.
Alright, so here I am creating a second virtual machine. I'm placing the virtual machine on the same virtual network on the same subnet. In this particular case, I don't care about public IP addresses and I'm not creating a network security group for the network interface card. So this is just going to be created with the default options, pretty much pass validation, and I'll click create. All right, that was quick. All right, so this was created with only a private IP address and I am not going to be able to connect to this machine from my local machine because I'm not on this network. I would need to create a VPN, a point-to-site VPN, in order to connect to this. So I'm not going to do that. I'm going to go up to the resource group and I'm going to go to the other virtual machine which has a public IP address. I'm going to say connect RDP. I'm going to download the RDP file for its public IP address and open that file up on my local. I do have to log in using the account that I used to sign up for when creating this virtual machine, and it's going to connect for the first time. As a result, the first time you connect to Windows, it must create a profile for you, and there are some additional startup steps. All right, so there are certain things that start up when you go into the machine for the first time. So the question is, we are currently running a command prompt here, and I'm going to make this big for us. So give me a second. So if I look at my set IP config, I am on four. So the real question is, can I connect to 105 from here with no additional security setup? And the answer should be yes. Okay, so two machines on the same subnet should be able to communicate, unless there is something specifically blocking that communication. So the only port that we have open is the RDP port. We didn't open ad 443, we didn't set up listeners on ad 443, and four four three.So even if those were open, there's nothing to listen to. So the only way we can really check this is to do a remote desktop connection. This is like Inception where you get a remote desktop connection into the dot four. And now we're going to use that to remote into dot five. If it connects, then we know that we can communicate. And there we go. So I can enter in my credentials and we should be able to remotely connect to this private computer because it's on the same subnet. Now the next question that we're going to have in the next video is if I created a resource on the mid tier, can the front end communicate with the mid tier with no settings,like without an NSG, without specifically allowing the traffic? What happens? So we can see this is the five-machine connected to the four machines. I can disconnect from here. Sorry. And I exit out of this and disconnect from here, and I'm back to my own computer. So in the next video, we're going to create a machine on the other subnet and let's see if we can still make that connection.
Alright, to answer the question that we left in the last video, we're going to create the virtual machine on the other subnet, in this case, the mid-tier subnet. Same setup, no public IP, no network security group. We'll just go next. I never enable the diagnostics. That's just me. Hit the review and create buttons. And we're going to create this virtual machine on a different subnet. Let's go. Alright, so let's go to the resource and this one has been assigned. Remember, it's on the other subnet. So it's got its own 68 IP address. In order to test this, we're going to do the same thing that we did prior, which is we're going to go into the original VM and if we RDP,not into the 51, but into the 68. There we go. So we've already connected, set the certificate, and are now communicating with the other subnet. We've seen that even if it's on its own subnet, if there are no NSG rules, then we're not really protected from this virtual machine being able to communicate with each other. Now I'm going to leave it there in terms of security. We have a whole section of this course on NSGs and security and things like that. I just wanted to demonstrate to you that subnets allow communication for devices that are on the same subnet or on other subnets. And it's really you have to rely on the security set up to block the communication. And when we set up the NSG, we'll see that it's denied by default and you actually have to whitelist rules. Now I'll leave this with the caveat that, again, I mentioned earlier that these machines are running and they're configuring cost. And so what I'm going to do is I could stop the machine just to stop the cost. I can do that for the other VMs as well, or even delete them if I don't think I'm going to need them anymore. So don't forget, it's very easy to leave machines running and it probably doesn't need to. We'll talk about the other subnetworks in the next video.
ExamSnap's Microsoft AZ-700 Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, Microsoft AZ-700 Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.
Comments (0)
Please post your comments about Microsoft Exams. Don't share your email address asking for AZ-700 braindumps or AZ-700 exam pdf files.
Purchase Individually
AZ-700 Training Course
Latest IT Certification News
LIMITED OFFER: GET 30% Discount
This is ONE TIME OFFER
A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.