Microsoft Certified: Azure Network Engineer Associate Intermediate Practice Exam: Medium Difficulty 2025

Your organization has an on-premises data center connected to Azure via ExpressRoute with Microsoft peering enabled. Users report intermittent connectivity issues when accessing Azure Storage and SQL Database services. Network telemetry shows the ExpressRoute circuit utilization is at 85% during peak hours. What should you implement to resolve this issue while maintaining optimal performance?

You are designing a hub-and-spoke network topology in Azure with five spoke virtual networks. The spokes need to communicate with each other through the hub, which contains a network virtual appliance (NVA) for traffic inspection. What configuration is required to enable spoke-to-spoke communication through the NVA?

A web application hosted on Azure VMs behind an Azure Application Gateway experiences performance degradation during high-traffic periods. The application serves both HTTP and HTTPS traffic and requires session affinity. You need to optimize performance while maintaining session persistence. What should you configure?

Your company operates a multi-region Azure deployment with VMs in East US and West Europe. You need to monitor network connectivity between regions and receive alerts when latency exceeds 100ms or packet loss exceeds 5%. Which Azure Network Watcher feature should you implement?

You are configuring a site-to-site VPN connection between your on-premises network and Azure. The on-premises VPN device supports both IKEv1 and IKEv2 protocols. Your Azure virtual network has a VPN gateway with the Basic SKU. The connection fails to establish. What is the most likely cause and solution?

Your organization uses Azure Firewall in a hub virtual network to secure outbound internet traffic from multiple spoke VNets. You need to allow access to specific Azure Storage accounts while blocking all other storage accounts. What is the most secure and manageable approach?

You have deployed Azure Load Balancer (Standard SKU) with three backend VMs hosting a stateful application. During maintenance, you need to gracefully remove a VM from the backend pool without disrupting existing connections. The VM should not receive new connections but should continue serving existing sessions until they complete naturally. What should you configure?

Your application team reports that outbound connections from Azure VMs to external services are failing intermittently with connection timeout errors. The VMs are in a subnet with a NAT Gateway attached. Investigation shows the NAT Gateway has 64,000 SNAT ports allocated. The subnet hosts 20 VMs, each making approximately 5,000 concurrent outbound connections. What should you do to resolve this issue?

You need to diagnose why a VM in Azure cannot access a specific endpoint on the internet. The VM is in a subnet with an NSG attached, and the virtual network has Azure Firewall configured for outbound traffic. Which Network Watcher tools should you use in sequence to effectively troubleshoot this issue?

Your organization has an Azure virtual network with the address space 10.0.0.0/16. You need to implement Azure Bastion to provide secure RDP and SSH access to VMs. The Bastion subnet must accommodate future scale requirements for up to 50 concurrent sessions. What is the minimum subnet size you should configure for Azure Bastion, and what must you name this subnet?