Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.\nThe Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.\nAll the resources used by Contoso are hosted on-premises.\nContoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1\npricing tier.\nExisting Environment\nThe network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.\nContoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains\nall the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added\nfrequently.\nContoso.com contains a user named User1.\nAll the offices connect by using private links.\nContoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.\nAll infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.
\nContoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.\nThe Azure subscription contains the resources in the following table.
\nThe network security team implements several network security groups (NSGs).\nPlanned Changes\nContoso plans to implement the following changes:\nDeploy Azure ExpressRoute to the Montreal office.\nMigrate the virtual machines hosted on Server1 and Server2 to Azure.\nSynchronize on-premises Active Directory to Azure Active Directory (Azure AD).\nMigrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.\nTechnical requirements\nContoso must meet the following technical requirements:\nEnsure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.\nEnsure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.\nEnsure that routing information is exchanged automatically between Azure and the routers in the Montreal office.\nEnsure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
\nEnsure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com
\nConnect the New York office to VNet1 over the Internet by using an encrypted connection.\nCreate a workflow to send an email message when the settings of VM4 are modified.\nCreate a custom Azure role named Role1 that is based on the Reader role.
\nMinimize costs whenever possible.\nQUESTION 1\nYou discover that VM3 does NOT meet the technical requirements.\nYou need to verify whether the issue relates to the NSGs.\nWhat should you use?\nA. Diagram in VNet1\nB. the security recommendations in Azure Advisor\nC. Diagnostic settings in Azure Monitor\nD. Diagnose and solve problems in Traffic Manager profiles\nE. IP flow verify in Azure Network Watcher\nCorrect Answer: E\nSection: (none)\nExplanation\nExplanation/Reference:\nExplanation:\nScenario: Contoso must meet technical requirements including:\nEnsure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.\nIP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and\nremote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen,\nIP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.\nReferences:\nhttps://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview\nConfigure and manage virtual networks