• Home
  • Articles
  • [UPDATED Aug-2024] Best Value Available Preparation Guide for AZ-720 Exam [Q17-Q38]

[UPDATED Aug-2024] Best Value Available Preparation Guide for AZ-720 Exam [Q17-Q38]

Share

[UPDATED Aug-2024] Best Value Available Preparation Guide for AZ-720 Exam

1 Full AZ-720 Practice Test and 121 Unique Questions, Get it Now!


Microsoft AZ-720 exam, also known as Troubleshooting Microsoft Azure Connectivity, is designed to test your skills in identifying and resolving connectivity issues within the Azure environment. AZ-720 exam is ideal for IT professionals who are responsible for managing and troubleshooting Azure resources, such as network engineers, system administrators, and cloud architects. By passing AZ-720 exam, you demonstrate your ability to troubleshoot various connectivity problems and provide effective solutions, which is an essential skill in today's cloud-based IT landscape.


To be eligible for the Microsoft AZ-720 certification exam, candidates should have prior experience working with Azure networking and troubleshooting connectivity issues. AZ-720 exam tests the candidate's ability to identify and resolve issues related to network security groups, routing, DNS, VPNs, and ExpressRoute circuits. Troubleshooting Microsoft Azure Connectivity certification validates the candidate's ability to diagnose and fix connectivity issues quickly and efficiently, ensuring that Azure-based applications and services remain up and running without interruption. By passing this certification, IT professionals can demonstrate their expertise in Azure networking and troubleshooting, which can help them advance their careers and increase their professional value.

 

NEW QUESTION # 17
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:


NEW QUESTION # 18
A company connects an on-premises network to an Azure virtual network by using ExpressRoute.
The ExpressRoute connection is experiencing higher than normal latency.
You need to confirm the traffic flow.
How should you complete the PowerShell command?

Answer:

Explanation:


NEW QUESTION # 19
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?

Answer:

Explanation:


NEW QUESTION # 20
A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between Azure regions.
An administrator receives the following warning from ASR about a VM that uses P10 disks: Data change rate beyond supported limits You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s.
You need to resolve the issue.
What should you do?

  • A. Upgrade the target storage disk.
  • B. Create a network service endpoint in a virtual network.
  • C. Uninstall the Volume Shadow Copy Service (VSS) Provider service.
  • D. Use AzCopy to upload data to a cache storage account.

Answer: A

Explanation:
Azure Site Recovery has limits on data change rates depending on the type of disk used for replication. If a VM has a data change rate higher than the supported limit for its disk type, it can cause replication issues or errors. To resolve this issue, you can upgrade the target storage disk to a higher tier that supports higher data change rates.


NEW QUESTION # 21
A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.
The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.
You need to determine if ICMP connectivity to VM1 is allow on FW1.
What should you do?

  • A. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
  • B. Use the ping command targeting the fully qualified domain name of VM1 and review the command's response.
  • C. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.
  • D. Use the ping command targeting the IP address of VM1 and review the command's response.

Answer: D


NEW QUESTION # 22
You create an Azure Traffic Manager profile with five endpoints Each endpoint is a web app running in an Azure virtual machine (VM).
You observe that one of the endpoints has a degraded status. You plan to verify whether the endpoint is responding to the Traffic Manager health probe with a valid status code.
You need to identify the PowerShell comdlet to use and the status code that the cmdlet should return.
Which value should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 23
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Install the VM guest agent by using administrative permissions.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: B

Explanation:
Yes, installing the VM guest agent by using administrative permissions could resolve the issue of the Azure VM backup job failing after enabling backups for the VM through the Azure portal. When backing up a virtual machine in Azure, it is necessary to install the VM guest agent to enable proper communication between the VM and the backup service. An administrative user account is required to install the agent.
Therefore, the solution mentioned in the question is correct and the answer is A. Yes.
Reference:
Back up a virtual machine in Azure (Microsoft documentation)


NEW QUESTION # 24
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?

  • A. Increase the TCP buffers and window size kernel parameters.
  • B. Install a kernel name that ends with -azure.
  • C. Redeploy the VM with Accelerated Networking enabled.
  • D. Configure the network interfaces to 1000 Mbps/full duplex.

Answer: D


NEW QUESTION # 25
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD
Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Restart the Azure AD Connect service.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B


NEW QUESTION # 26
A company uses Azure Active Directory (Azure AD) with Azure role-based access control (RBAC) for access to resources.
Some users report that they are unable to grant RBAC roles to other users.
You need to troubleshoot the issue.
How should you complete the Azure Monitor query?

Answer:

Explanation:


NEW QUESTION # 27
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback could not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
What should you do?

  • A. Disable password writeback and then enable password writeback using the Azure AD Connect configuration.
  • B. Restart the Azure AD Connect service.
  • C. Configure Azure AD Connect using a global administrator account that is not federated.
  • D. Configure Azure AD Connect using a global administrator account with a password that is less than 256 characters.

Answer: B

Explanation:
The error message "Error getting auth token" occurs when you specify an incorrect password for the global administrator account provided at the beginning of the Azure AD Connect installation process To resolve this issue, you should check that you have specified the correct password for your global administrator account. If you have specified an incorrect password, update it and then restart the Azure AD Connect service


NEW QUESTION # 28
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
* A virtual machine named VM1.
* A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Instruct Admin1 to create an application security group.
2 - Instruct Admin1 to associate an application security group with NIC1..
3 - Instruct Admin1 to create a network security group.


NEW QUESTION # 29
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer
named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2.
Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the
following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address
of LB1 are failing.
You need to resolve the issue.
What should you do?

  • A. Add an NSG1 rule with the source set to AzureLoadBalancer.
  • B. Change the health probe associated with Rule1 to use HTTP.
  • C. Change the health probe associated with Rule1 to use TCP.
  • D. Add an NSG1 rule with the source set to VirtualNetwork.

Answer: B


NEW QUESTION # 30
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. VNetGW1 has exceeded the subnet Security Association pairs.
  • B. The partner's VPN device and VNetGW1 are configured using the same shared key.
  • C. The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.
  • D. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.

Answer: B

Explanation:
To troubleshoot the cause for the VPN disconnections between VNetGW1 and the partner site, you should verify that the partner's VPN device and VNetGW1 are configured using the same shared key.


NEW QUESTION # 31
You need to resolve the problem reported by User2.
What should you do?

  • A. Enable all users for the self-service password reset feature.
  • B. Enable the warehouse group for the self-service password reset feature.
  • C. Identify and resolve the misconfigured directory information for User2.
  • D. Instruct User2 to wait 24 hours and try again.
  • E. Assign an Azure AD Premium Pi license to User2

Answer: E

Explanation:
To resolve the problem reported by User2, you need to assign an Azure AD Premium P1 license to User2. User2 is a member of the warehouse group, which is enabled for the self-service password reset (SSPR) feature. However, User2 cannot register for SSPR because they do not have a valid license that supports SSPR. To use SSPR, a user must have one of the following licenses: Azure AD Premium P1, Azure AD Premium P2, Enterprise Mobility + Security (EMS) E3 or EMS E5. By assigning an Azure AD Premium P1 license to User2, you can enable them to use the SSPR feature and reset their password without contacting the helpdesk


NEW QUESTION # 32
A company named Contoso connects its on-premises resources to Azure by using ExpressRoute.
An administrator reports that the circuit is in a failed state.
You need to resolve the issue.
How should you complete the PowerShell commands?

Answer:

Explanation:


NEW QUESTION # 33
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Create a profile manually, add the server FQDN and reissue the client certificate.
  • B. Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.
  • C. Install an IKEv2 VPN client on the user's computers.
  • D. Reissue the client certificate with client authentication enabled.

Answer: D

Explanation:
To resolve the certificate mismatch error, you should reissue the client certificate with client authentication enabled. According to 1, when you use Azure certificate for authentication type on point-to-site VPN connections, you need to ensure that your client certificates have client authentication as one of their enhanced key usage attributes. Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.


NEW QUESTION # 34
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules.
The company creates an application rule collection with the following settings:
Priority: 100
Action: Deny
Rule type: FQDN
Source type: IP address
Source: *
Protocol: http:80,https:443
Target FQDN: *.cloud.contoso.com
An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1.
You need to determine why the traffic is allowed.
What should you review?

  • A. Infrastructure rules
  • B. Application rules
  • C. Web categories
  • D. Network rules

Answer: A


NEW QUESTION # 35
A company uses an Azure VPN gateway with an IP address of 203.0.113.20.
Users report that the VPN connection frequently drops.
You need to determine when each connection failure occurred.
How should you complete the Azure Monitor query?

Answer:

Explanation:


NEW QUESTION # 36
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site
connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
* OpenVPN for the tunnel type.
* Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Reissue the client certificate with server authentication enabled.
  • B. Configure preshared key for authentication on the VPN profile.
  • C. Install an IKEv2 VPN client on the user's computers.
  • D. Reissue the client certificate with client authentication enabled.

Answer: A


NEW QUESTION # 37
A company has two subnet in a virtual network named VNe1m the subnet are named SubnetA and SubnetB. The company uses a site-to-site (S2) VPN in SubnetB to connect its on-premises environment to Azure.
You deploy an Azure SQL Database named SQL1. You configure a service endpoint in SubnetA for Microsft.SqL

  • A. Configure a network security group (NSG) to allow port 1433 on SubnetA
  • B. Deploy a private endpoint for SQL1.
  • C. Deploy an Azure ExpressRoute circuit for VNet1.
  • D. Configure a DNS record for the private IP address of SQL1.
  • E. Configure a service endpoint on SubnetB.

Answer: B

Explanation:
To allow the on-premises environment to access the Azure SQL Database named SQL1 over a site-to-site (S2S) VPN in SubnetB, you should deploy a private endpoint for SQL1. A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Link allows you to access Azure PaaS services (for example, Azure Storage and SQL Database) and Azure-hosted customer/partner services over a private endpoint in your virtual network. So the correct answer is D. Deploy a private endpoint for SQL1.
You can find more information about private endpoints in the official Microsoft documentation.


NEW QUESTION # 38
......


The Microsoft AZ-720 exam format consists of multiple-choice questions and scenarios that test the candidate's ability to diagnose and resolve connectivity issues in an Azure environment. AZ-720 exam is two hours long and candidates are required to score at least 700 out of 1000 points to pass. It is important to note that the exam is only available in English and costs $165 USD to take.

 

Get Instant Access to AZ-720 Practice Exam Questions: https://www.testpdf.com/AZ-720-exam-braindumps.html

The Best AZ-720 Exam Study Material Premium Files  and Preparation Tool: https://drive.google.com/open?id=1MObxg3aiT1DcokDoGLWttJvWStDPb_oT

Related Articles

more
Microsoft AZ-720 Certification Practice Exam