AZ-720 Exam Dumps, AZ-720 Practice Test Questions
PDF (New 2024) Actual Microsoft AZ-720 Exam Questions
Microsoft AZ-720 Exam, also known as Troubleshooting Microsoft Azure Connectivity, is a certification exam that is designed to test the skills and knowledge of IT professionals in troubleshooting connectivity issues in Microsoft Azure environments. AZ-720 exam focuses on various connectivity scenarios, such as network connectivity, virtual network connectivity, and hybrid connectivity, among others. Troubleshooting Microsoft Azure Connectivity certification is aimed at IT professionals who work with Microsoft Azure technology, including Azure administrators, network engineers, and security engineers.
Microsoft AZ-720 is an exam designed to test the skills of professionals in troubleshooting Microsoft Azure Connectivity. AZ-720 exam is intended for IT professionals who have experience in managing and monitoring Microsoft Azure solutions. AZ-720 exam is designed to validate the candidate's ability to identify and resolve connectivity issues that may arise in Azure environments.
NEW QUESTION # 48
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?
- A. Increase the TCP buffers and window size kernel parameters.
- B. Install a kernel name that ends with -azure.
- C. Redeploy the VM with Accelerated Networking enabled.
- D. Configure the network interfaces to 1000 Mbps/full duplex.
Answer: D
NEW QUESTION # 49
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Install the VM guest agent by using administrative permissions.
Does the solution meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION # 50
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?
- A. Configure preshared key for authentication on the VPN profile.
- B. Reissue the client certificate with server authentication enabled.
- C. Reissue the client certificate with client authentication enabled.
- D. Install an IKEv2 VPN client on the user's computers.
Answer: C
Explanation:
According to 1, when using certificate authentication for P2S VPN, you need to generate a root certificate and then install a client certificate on each device that connects to the VPN gateway. The client certificate must have client authentication as one of its purposes.
If you use a self-signed certificate, you can use PowerShell commands to create a root certificate and a client certificate with the correct settings. For more information, see 1.
NEW QUESTION # 51
A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between
Azure regions.
An administrator receives the following warning from ASR about a VM that uses P10 disks: Data change rate
beyond supported limits
You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You
discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s.
You need to resolve the issue.
What should you do?
- A. Upgrade the target storage disk.
- B. Use AzCopy to upload data to a cache storage account.
- C. Uninstall the Volume Shadow Copy Service (VSS) Provider service.
- D. Create a network service endpoint in a virtual network.
Answer: A
NEW QUESTION # 52
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a
partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?
- A. The partner's VPN device and VNetGW1 are configured using the same shared key.
- B. The partner's VPN device is enabled for Perfect forward secrecy.
- C. The IP address of the local network gateway matches the partner's VPN device.
- D. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
Answer: D
NEW QUESTION # 53
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize users from an Active Directory Domain Services (AD DS).
The synchronization of a user object is failing.
You need to troubleshoot the failing synchronization by using a built-in Azure AD Connect troubleshooting task.
Which two pieces of information should you collect before you start troubleshooting?
- A. Object common name
- B. Azure AD connector name
- C. Object globally unique identifier
- D. Object distinguished name
- E. AD connector name
Answer: B,C
NEW QUESTION # 54
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?
- A. The administrator is using the Microsoft Defender for Cloud free tier.
- B. The VMs were provisioned by using a classic deployment.
- C. The administrator does not have the SecurityReader role.
- D. The VMs were recently provisioned by using an Azure Resource Manager deployment.
Answer: B
NEW QUESTION # 55
A company uses Azure Standard Load Balancer which is configured to export metrics to Azure Monitor.
You receive an email alert for a potential outbound port exhaustion issue from an Azure virtual machine. You add additional front-end IPs to the load balancer.
You need to monitor the load balancer.
How should you complete the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 56
A company has two subnet in a virtual network named VNe1m the subnet are named SubnetA and SubnetB. The company uses a site-to-site (S2) VPN in SubnetB to connect its on-premises environment to Azure.
You deploy an Azure SQL Database named SQL1. You configure a service endpoint in SubnetA for Microsft.SqL
- A. Configure a DNS record for the private IP address of SQL1.
- B. Configure a network security group (NSG) to allow port 1433 on SubnetA
- C. Deploy an Azure ExpressRoute circuit for VNet1.
- D. Configure a service endpoint on SubnetB.
- E. Deploy a private endpoint for SQL1.
Answer: E
Explanation:
To allow the on-premises environment to access the Azure SQL Database named SQL1 over a site-to-site (S2S) VPN in SubnetB, you should deploy a private endpoint for SQL1. A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Link allows you to access Azure PaaS services (for example, Azure Storage and SQL Database) and Azure-hosted customer/partner services over a private endpoint in your virtual network. So the correct answer is D. Deploy a private endpoint for SQL1.
You can find more information about private endpoints in the official Microsoft documentation.
NEW QUESTION # 57
A company uses an Azure VPN gateway to connect to their on-premises environment.
The company's on-premises VPN gateway is used by several services. One service is experiencing
connectivity issues.
You need to minimize downtime for all services and resolve the connectivity issue.
Which three actions should you perform?
- A. Configure the hashing algorithm to be the same on both gateways.
- B. Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.
- C. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN
gateways. - D. Rest the VPN gateway.
- E. Configure the hashing algorithm to be different on both gateways.
- F. Rest the VPN connection.
Answer: A,B,C
NEW QUESTION # 58
A company uses Azure Active Directory (Azure AD) with Azure role-based access control (RBAC) for access to resources.
Some users report that they are unable to grant RBAC roles to other users.
You need to troubleshoot the issue.
How should you complete the Azure Monitor query?
Answer:
Explanation:
NEW QUESTION # 59
A company has a virtual machine (VM) named VM1 in a virtual network. The company also uses Azure Firewall Standard.
An administrator creates application rules to filter outbound traffic from VM1 and configure fully qualified domain names (FQDN) on the application rules.
The administrator discovers that outbound traffic from VM1 to the FQDNs are not being filtered by the firewall.
You need to resolve the issue with filtering.
What should you do first?
- A. Upgrade to the Azure Firewall Premium SKU.
- B. Configure the firewall for a negative cache.
- C. Create a DNAT rule to route traffic to VM1.
- D. Configure VM1 to use Azure Firewall as its DNS server.
Answer: D
Explanation:
1: Azure Firewall policy DNS settings 2: Azure Firewall FQDN filtering in network rules
NEW QUESTION # 60
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?
Answer:
Explanation:
NEW QUESTION # 61
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Disable password writeback and then enable password writeback.
Does the solution meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION # 62
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute
gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a
network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named
VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?
- A. Create the storage account for FlowLog1 as a premium block blob.
- B. Enable FlowLog1 in a network security group associated with the subnet of VM1.
- C. Create the storage account for FlowLog1 as a premium page blob.
- D. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
Answer: C
NEW QUESTION # 63
A company deploys Azure Bastion to connect to their virtual machine (VM) infrastructure.
An engineer attempts to connect to a Windows VM by using Remote Desktop Protocol (RDP). The connection fails.
You need to troubleshoot the issue.
Which two actions should you perform?
- A. Apply a network security group on the same subnet as Azure Bastion.
- B. Monitor traffic with the following PowerShell cmdlet Test-AzNetworkWatcherConnectivity.
- C. Monitor traffic with the following PowerShell cmdlet New-AzNetworkWatcherFlowLog.
- D. Configure Azure Bastion with static assignment.
- E. Run the Network Watcher Connection troubleshoot service.
Answer: B,E
Explanation:
The two actions that should be performed to troubleshoot the issue of a failed RDP connection to a Windows VM through Azure Bastion are A) Monitor traffic with the PowerShell cmdlet 'Test-AzNetworkWatcherConnectivity' and D) Run the Network Watcher Connection troubleshoot service.
A) Monitor traffic with the PowerShell cmdlet 'Test-AzNetworkWatcherConnectivity': This cmdlet can be used to verify connectivity between two endpoints in Azure. By monitoring traffic, you can identify the root cause of issues with the VM's connectivity through Azure Bastion.
D) Run the Network Watcher Connection troubleshoot service: This service can help identify the root cause of connectivity issues with Azure resources. It analyses network traffic to identify common misconfiguration issues and provides guidance on how to resolve them.
NEW QUESTION # 64
A company manages a solution that uses Azure Functions.
A function returns the following error: Azure Function Runtime is unreachable.
You need to troubleshoot the issue.
What are two possible causes of the issue?
- A. The storage account application settings were deleted.
- B. The company did not configure a timer trigger.
- C. The execution quota is full.
- D. The function key was deleted.
- E. The storage account for the function was deleted.
Answer: A,E
Explanation:
Two possible causes of the issue where a function returns the error "Azure Function Runtime is unreachable" are: C. The storage account application settings were deleted. E. The storage account for the function was deleted.
According to Microsoft, this issue occurs when the Functions runtime can't start. The most common reason for this is that the function app has lost access to its storage account. If that account is deleted or if the storage account application settings were deleted, your functions won't work
https://learn.microsoft.com/en-us/azure/azure-functions/functions-recover-storage-account
NEW QUESTION # 65
......
Updated Aug-2024 Pass AZ-720 Exam - Real Practice Test Questions: https://www.passtorrent.com/AZ-720-latest-torrent.html
Dumps Moneyack Guarantee - AZ-720 Dumps UpTo 90% Off: https://drive.google.com/open?id=1Ghqouut1n9DfzemnpJxmCt45TqWKx5aZ