• Home
  • Articles
  • [Oct-2023] Download Real Microsoft AZ-720 Exam Dumps Test Engine Exam Questions [Q57-Q74]

[Oct-2023] Download Real Microsoft AZ-720 Exam Dumps Test Engine Exam Questions [Q57-Q74]

Share

[Oct-2023] Download Real Microsoft AZ-720 Exam Dumps Test Engine Exam Questions

New AZ-720 exam dumps Use Updated Microsoft Exam


The AZ-720 certification is a valuable credential for IT professionals looking to advance their careers in the field of cloud computing. By passing AZ-720 exam, candidates demonstrate their ability to troubleshoot complex connectivity issues in Azure environments. Troubleshooting Microsoft Azure Connectivity certification can also help individuals stand out in a competitive job market and increase their earning potential.


Microsoft AZ-720 Exam, also known as Troubleshooting Microsoft Azure Connectivity, is a certification exam that is designed to test the skills and knowledge of IT professionals in troubleshooting connectivity issues in Microsoft Azure environments. AZ-720 exam focuses on various connectivity scenarios, such as network connectivity, virtual network connectivity, and hybrid connectivity, among others. Troubleshooting Microsoft Azure Connectivity certification is aimed at IT professionals who work with Microsoft Azure technology, including Azure administrators, network engineers, and security engineers.

 

NEW QUESTION # 57
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables
backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Enable replication and create a recovery plan for the backup vault.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: B


NEW QUESTION # 58
A company named Contoso connects its on-premises resources to Azure by using ExpressRoute.
An administrator reports that the circuit is in a failed state.
You need to resolve the issue.
How should you complete the PowerShell commands?

Answer:

Explanation:


NEW QUESTION # 59
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured.
The company reports that the endpoint is unable to connect to the service.
You need to resolve the connectivity issue.
What should you do?

  • A. Validate the VPN device.
  • B. Disable the endpoint network policies.
  • C. Disable the service network policies.
  • D. Approve the connection state.

Answer: D

Explanation:
To resolve the connectivity issue, you should approve the connection state. According to 1, Azure Private Link service requires manual approval of connection requests from private endpoints by default. You can approve or reject a connection request by using PowerShell cmdlets or Azure portal.


NEW QUESTION # 60
A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a site-to-site VPN connection.
The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure Virtual Network gateway.
You need to troubleshoot the issue by reviewing the logs.
Which log should you analyze?

  • A. GatewayDiagnosticLog
  • B. P2SDiagnosticLog
  • C. RouteDiagnosticLog
  • D. IKEDiagnosticLog

Answer: D


NEW QUESTION # 61
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment
includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Disable peering on the virtual network.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B


NEW QUESTION # 62
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Configure preshared key for authentication on the VPN profile.
  • B. Install an IKEv2 VPN client on the user's computers.
  • C. Reissue the client certificate with client authentication enabled.
  • D. Reissue the client certificate with server authentication enabled.

Answer: C

Explanation:
According to 1, when using certificate authentication for P2S VPN, you need to generate a root certificate and then install a client certificate on each device that connects to the VPN gateway. The client certificate must have client authentication as one of its purposes.
If you use a self-signed certificate, you can use PowerShell commands to create a root certificate and a client certificate with the correct settings. For more information, see 1.


NEW QUESTION # 63
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Configure a route table with route propagation disabled.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
The proposed solution of configuring a route table with route propagation disabled will not meet the goal of making the new subnet unreachable from the on-premises network.
Route tables in Azure are used to control traffic flow within a virtual network and between virtual networks. By default, each subnet in an Azure virtual network is associated with a system-generated route table, which contains a default route that enables traffic to flow to and from all the subnets within the virtual network.
Disabling route propagation in a custom route table would prevent any new routes from being propagated to the associated subnets. However, it would not prevent traffic from the on-premises network from reaching the new subnet since traffic between the virtual network and the on-premises network would still use the default route in the system-generated route table.
To meet the goal of making the new subnet unreachable from the on-premises network, you would need to create a new route table with a route that sends traffic destined for the new subnet to a null interface. This would cause the traffic to be dropped and the subnet to be effectively unreachable from the on-premises network.
Reference:
Microsoft documentation on how to create a custom route table and associate it with a subnet: https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-custom-route-table.
Microsoft documentation on how to configure a route to a null interface: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal#to-route-to-a-null-interface.


NEW QUESTION # 64
You need to resolve the VM2 routing issue.
What should you do?

  • A. Modify the IP configuration setting of the Azure network interface resource of VM1.
  • B. Add a network interface to VM1.
  • C. Modify the IP configuration setting of the Azure network interface resource of VM2.
  • D. Add a network interface to VM2.

Answer: C

Explanation:
To resolve the VM2 routing issue, you should modify the IP configuration setting of the Azure network interface resource of VM2. This will ensure that VM2 can communicate with other resources in the virtual network.
Troubleshooting connectivity problems between Azure VMs involves several steps such as checking whether NIC is misconfigured, whether network traffic is blocked by NSG or UDR, whether network traffic is blocked by VM firewall, whether VM app or service is listening on the port and whether the problem is caused by SNAT1.
Fabrikam Inc. runs an online reservation service that allows agents to manage online registrations for various hotels, vacation rentals, and customers.
The company has on-premises infrastructure and services that are hosted in Azure. The on-premises infrastructure includes servers that run Active Directory Domain Services (AD DS). Azure services include virtual machines (VMs) that are in one subscription and the following environments: development, testing, and production. Each environment is located in a different virtual network (VNet).
The company has a perimeter network that supports connections to the internet. The perimeter network is also hosted in a separate VNet All of the VNets are connected by using virtual network peering.

The company's subscription contains the following Azure virtual machines (VMs):

The Web Server (IIS) role is installed on VM4 The operating system firewall for each VM allows inbound ping requests.
The company's subscription includes the following network security groups (NSGs):

NSG1, NSG2. NSG3, and NSG5 use the default inbound security rules. NSG4. NSG5. and NSG10 use the default outbound security rules. NSG4 has the following inbound security rule:

NSG10 has the following inbound security rules:

Network Policy Server (NPS) is installed on an on-premises server named SRV2. The NPS extension for Azure AD multi-factor authentication (MFA) is configured on the server as well.
The virtual network peering connections are in the following table.

You provision a virtual network gateway named VNetGW in the perimeter network. The virtual network gateway uses SKU VpnGw1 and the public IP address 16.4.4.4 The virtual network gateway will provide:
* Network routing to customer data centers using site-to-site VPN connections.
* Network routing to Azure for the scheduling agents and sales employees using a point-to-site VPN connection.
The company's site-to-site VPN connections with customers are shown in the following table.

The point-to-site VPN is configured as shown in the following table;

The company's user and group memberships are shown in the following table:

The scheduling agents, warehouse, and sales groups are members of the self-service password reset (SSPR) group named SSPR-group.
Azure AD Connect is installed on an on-premises server named SRV1. In addition;
* The server uses a pass-through authentication agent.
* The SSPR feature is enabled
* The SSPR feature is applied only to a group named SSPR-group
* The scheduling agents' internet connectivity must be blocked when connected to the point-to-site VPN.
* Sales employees must use the default VPN client on MacOS computers to connect to Azure.
* Azure AD Connect must synchronize all user accounts from AD DS to Azure AD.
* Pass-through authentication is required for all users.
* Azure AD multi-factor authentication (MFA) is requited for all users.
* All admin user accounts must be in an organizational unit (OU) named Admins.


NEW QUESTION # 65
A company deploys a new application and places the application behind an Azure Application Gateway Web Application Firewall (WAF).
A user with client IP 203.0.113.26 reports that they cannot access the application.
You need to troubleshoot the issue.
How should you complete the query?

Answer:

Explanation:


NEW QUESTION # 66
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute
gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a
network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named
VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

  • A. Enable FlowLog1 in a network security group associated with the network interface of VM1.
  • B. Create the storage account for FlowLog1 as a premium block blob.
  • C. Configure FlowLog1 for version 2.
  • D. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.

Answer: C


NEW QUESTION # 67
You need to resolve the connectivity issue with the on-premises database named CosmosDB1.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 68
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
* A virtual machine named VM1.
* A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Assign Admin1 the Contributor role for RG1.
2 - Instruct Admin1 to create a network security security goup.
3 - Instruct Admin1 to assiciate a network security group with NIC1.


NEW QUESTION # 69
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks
(VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity
after it advertises the default route to the route server.
You need to resolve the problem with the NVA.
What should you do?

  • A. Configure a public IP address on the route server.
  • B. Configure a user-defined route on the NVA subnet.
  • C. Move the route server to the same VNet as the NVA.
  • D. Configure a unique autonomous system number (ASN) on the NVA.

Answer: D


NEW QUESTION # 70
A company uses an Azure VPN gateway with an IP address of 203.0.113.20.
Users report that the VPN connection frequently drops.
You need to determine when each connection failure occurred.
How should you complete the Azure Monitor query?

Answer:

Explanation:


NEW QUESTION # 71
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

  • A. Enable FlowLog1 in a network security group associated with the network interface of VM1.
  • B. Create the storage account for FlowLog1 as a premium block blob.
  • C. Configure FlowLog1 for version 2.
  • D. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.

Answer: C


NEW QUESTION # 72
A company uses Azure Site Recovery for an on-premises server.
The company reports that replication of the server to Azure has failed.
You need to inspect the logs on the server to troubleshoot the issue.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 73
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD
Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Use a global administrator account that is not federated to configure Azure AD Connect.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: B


NEW QUESTION # 74
......


Microsoft AZ-720 Exam is a valuable certification for IT professionals who work with Microsoft Azure technology. It validates their skills and knowledge in troubleshooting connectivity issues in Azure environments, which is a critical aspect of ensuring that Azure services are available and accessible to users. Troubleshooting Microsoft Azure Connectivity certification can also help IT professionals advance their careers and increase their earning potential by demonstrating their expertise in Azure networking and troubleshooting.

 

Pass Your AZ-720 Dumps as PDF Updated on 2023 With 121 Questions: https://examsboost.validbraindumps.com/AZ-720-exam-prep.html

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

Copyright © 2026 ValidBraindumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy