AZ-700 Exam Results

To configure a policy in Azure API Management that can be used by an Azure Application Gateway to protect against known web attack vectors and only allow requests from IP addresses in Canada, follow these steps:

Step-by-Step Solution

Step 1: Create or Access Your API Management Instance

Navigate to the Azure Portal.

Search for “API Management services” and select your API Management instance.

Step 2: Configure the Policy

In the API Management instance, go to the “APIs” section.

Select the API you want to apply the policy to.

Go to the “Design” tab.

Select “All operations” if you want to apply the policy to all operations, or select a specific operation.

Step 3: Add the Inbound Policy

In the Inbound processing section, click on “+ Add policy”.

Select “IP filter” from the list of policies.

Add the IP address ranges for Canada. You can find the IP ranges for Canada from a reliable source or use a service that provides this information.

Here is an example of the XML configuration for the policy:

Save the policy to apply the changes.

Explanation

IP Filter Policy: This policy allows you to filter incoming requests based on their IP addresses. By specifying the IP ranges for Canada, you ensure that only requests originating from these IPs are allowed.

Inbound Processing: Applying the policy in the inbound section ensures that the requests are filtered before they reach your API.

By following these steps, you can configure a policy in Azure API Management that restricts access to your API to only those requests originating from IP addresses in Canada, thereby enhancing security and compliance

planation:

To achieve the task of ensuring that virtual machines on VNET1 and VNET2 are included automatically in a DNS zone named contoso.azure, and that they can resolve the names of the virtual machines on either virtual network, you can follow these steps:

Step-by-Step Solution

Step 1: Create a Private DNS Zone

Navigate to the Azure Portal.

Search for “Private DNS zones” in the search bar and select it.

Click on “Create”.

Enter the DNS zone name as contoso.azure.

Select the appropriate subscription and resource group.

Click on “Review + create” and then “Create”.

Step 2: Link VNET1 and VNET2 to the DNS Zone

Go to the newly created DNS zone (contoso.azure).

Select “Virtual network links” from the left-hand menu.

Click on “Add”.

Enter a name for the link (e.g., VNET1-link).

Select the subscription and virtual network (VNET1).

Enable auto-registration to ensure that VMs are automatically registered in the DNS zone.

Click on “OK”.

Repeat the process for VNET2.

Step 3: Configure DNS Settings for VNET1 and VNET2

Navigate to VNET1 in the Azure Portal.

Select “DNS servers” under the “Settings” section.

Ensure that the DNS server is set to “Default (Azure-provided)”.

Repeat the process for VNET2.

Step 4: Verify Name Resolution

Deploy a virtual machine in VNET1 and another in VNET2.

Connect to the virtual machines using Remote Desktop Protocol (RDP) or Secure Shell (SSH).

Test name resolution by pinging the VM in VNET2 from the VM in VNET1 using its hostname (e.g., ping .contoso.azure).

Explanation

Private DNS Zone: This allows you to manage and resolve domain names in a private network without exposing them to the public internet.

Virtual Network Links: Linking VNET1 and VNET2 to the DNS zone ensures that VMs in these networks can register their DNS records automatically.

Auto-registration: This feature automatically registers the DNS records of VMs in the linked virtual networks, simplifying management.

DNS Settings: Using Azure-provided DNS ensures that the VMs can resolve each other’s names without additional configuration.

By following these steps, you ensure that virtual machines on VNET1 and VNET2 are included automatically in the DNS zone contoso.azure and can resolve each other’s names seamlessly.