• Home
  • Articles
  • Latest [Dec 13, 2023] Microsoft AZ-720 Real Exam Dumps PDF [Q62-Q79]

Latest [Dec 13, 2023] Microsoft AZ-720 Real Exam Dumps PDF [Q62-Q79]

Share

Latest [Dec 13, 2023] Microsoft AZ-720 Real Exam Dumps PDF

AZ-720 Practice Test Questions Updated 121 Questions


Microsoft Azure is one of the most popular cloud computing platforms in the world. It offers a range of services and solutions that enable businesses to build, deploy, and manage applications and services on a global scale. However, as with any complex system, issues can arise, and connectivity problems are one of the most common. Therefore, Microsoft has introduced the AZ-720 certification exam to help IT professionals troubleshoot connectivity problems in Azure.


To prepare for the AZ-720 certification exam, Microsoft recommends that you have a strong understanding of Azure networking concepts and services, as well as experience troubleshooting connectivity issues in a real-world environment. You may also benefit from completing Microsoft's official training course for this certification, which covers key topics and provides hands-on experience with Azure connectivity troubleshooting.


Microsoft AZ-720 certification exam is designed for IT professionals who are responsible for troubleshooting connectivity issues in Microsoft Azure environments. Troubleshooting Microsoft Azure Connectivity certification is targeted towards individuals who have experience in networking, security, and Azure infrastructure. AZ-720 exam aims to validate the candidate's ability to identify and resolve issues related to Azure connectivity, including network security groups, virtual networks, and Azure ExpressRoute.

 

NEW QUESTION # 62
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication.
A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine:
A certificate could not be found
You need to resolve the issue.
Which three actions should you perform?

  • A. Configure an Azure Active Directory (Azure AD) tenant.
  • B. Generate a root certificate.
  • C. Enable Azure AD authentication on the gateway
  • D. Install a root certificate on the user's device.
  • E. Install a client certificate on the VPN gateway.
  • F. Install a client certificate on the user's device.
  • G. Generate a client certificate.

Answer: D,F,G

Explanation:
To resolve the issue where a user reports an error message stating "A certificate could not be found" when trying to connect to an Azure point-to-site VPN that uses certificate-based authentication, you should perform the following three actions: B. Install a root certificate on the user's device. F. Generate a client certificate. G. Install a client certificate on the user's device.
Azure point-to-site VPNs that use certificate-based authentication require both a root certificate and a client certificate to be installed on the user's device. The root certificate is used to validate the identity of the VPN gateway, while the client certificate is used to authenticate the user. If either of these certificates is missing or invalid, the user will not be able to connect to the VPN and may receive an error message stating that a certificate could not be found.


NEW QUESTION # 63
You need to resolve the connectivity issue with the on-premises database named CosmosDB1.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 64
A company deploys ExpressRoute.
The company reports that there is an autonomous system (AS) number mismatch.
You need to identify the AS number of the circuit.
Which PowerShell cmdlet should you run?

  • A. Get-AzExpressRouteCircuit
  • B. Get-AzExpressRouteCircuitPeeringConfig
  • C. Get-AzExpressRouteCircuitStats
  • D. Get-AzExpressRouteCircuitRouteTable

Answer: A

Explanation:
To identify the AS number of the circuit when there is an autonomous system (AS) number mismatch in ExpressRoute, you should run the Get-AzExpressRouteCircuit PowerShell cmdlet. Therefore, option D is correct. You should run the Get-AzExpressRouteCircuit PowerShell cmdlet.


NEW QUESTION # 65
A company is deploying Azure Bastion to provide secure clientless access to its Azure VMs. The company
configures a network security group named NSG1.
During deployment, the following error displays: Network security group NSG1 does not have necessary rules
for Azure Bastion Subnet AzureBastionSubnet.
You need to fix the inbound rules for NSG1.
How should you complete the configuration?

Answer:

Explanation:


NEW QUESTION # 66
You need to resolve the issue with Admin1.
What should you do?

  • A. Configure Azure AD Connect filtering to include the Admins organizational unit.
  • B. Enable security inheritance in Active Directory Domain Services (AD DS).
  • C. Reset the Azure AD Connect service account password in AD DS.
  • D. Start a full import in Azure AD Connect.

Answer: B

Explanation:
The error 8344 insufficient access rights to perform the operation indicates that the Azure AD Connect service account does not have the required permissions to synchronize the Admin1 account. This could be because the Admin1 account is in an organizational unit (OU) that has security inheritance disabled, which prevents the service account from inheriting the necessary permissions from the parent OU. To resolve this issue, you should enable security inheritance in AD DS for the OU that contains the Admin1 account. This will allow the service account to synchronize the Admin1 account to Azure AD. Alternatively, you could also grant the service account explicit permissions on the Admin1 account, but this would be more tedious and less scalable than enabling security inheritance.


NEW QUESTION # 67
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD
Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Disable password writeback and then enable password writeback.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B


NEW QUESTION # 68
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft
Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The VMs were provisioned by using a classic deployment.
  • B. The administrator does not have the SecurityReader role.
  • C. The VMs were recently provisioned by using an Azure Resource Manager deployment.
  • D. The administrator is using the Microsoft Defender for Cloud free tier.

Answer: A


NEW QUESTION # 69
A company uses an Azure VPN gateway with an IP address of 203.0.113.20.
Users report that the VPN connection frequently drops.
You need to determine when each connection failure occurred.
How should you complete the Azure Monitor query?

Answer:

Explanation:


NEW QUESTION # 70
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment,
an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
* AzureFirewallApplicationRule
* AzureFirewallNetworkRule
* AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 71
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
* A virtual machine named VM1.
* A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Instruct Admin1 to create an application security group.
2 - Instruct Admin1 to associate an application security group with NIC1..
3 - Instruct Admin1 to create a network security group.


NEW QUESTION # 72
A company uses an Azure VPN gateway to connect to their on-premises environment.
The company's on-premises VPN gateway is used by several services. One service is experiencing
connectivity issues.
You need to minimize downtime for all services and resolve the connectivity issue.
Which three actions should you perform?

  • A. Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.
  • B. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN
    gateways.
  • C. Rest the VPN connection.
  • D. Configure the hashing algorithm to be different on both gateways.
  • E. Configure the hashing algorithm to be the same on both gateways.
  • F. Rest the VPN gateway.

Answer: A,B,E


NEW QUESTION # 73
A company is deploying Azure Bastion to provide secure clientless access to its Azure VMs. The company configures a network security group named NSG1.
During deployment, the following error displays: Network security group NSG1 does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet.
You need to fix the inbound rules for NSG1.
How should you complete the configuration?

Answer:

Explanation:


NEW QUESTION # 74
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Restart the Azure AD Connect service.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: A


NEW QUESTION # 75
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables
backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Enable replication and create a recovery plan for the backup vault.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: A


NEW QUESTION # 76
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server.
You need to resolve the problem with the NVA.
What should you do?

  • A. Move the route server to the same VNet as the NVA.
  • B. Configure a public IP address on the route server.
  • C. Configure a unique autonomous system number (ASN) on the NVA.
  • D. Configure a user-defined route on the NVA subnet.

Answer: C

Explanation:
According to 2, when using Azure Route Server with network virtual appliances (NVAs), you need to ensure that each NVA has a unique ASN that is different from the route server's ASN and any other BGP peer's ASN. Otherwise, there will be routing issues due to BGP loop prevention mechanisms.
You can configure the ASN on the NVA by using its own configuration tools or commands. For more information, see 2.


NEW QUESTION # 77
A company uses an Azure VPN gateway to connect to their on-premises environment.
The company's on-premises VPN gateway is used by several services. One service is experiencing connectivity issues.
You need to minimize downtime for all services and resolve the connectivity issue.
Which three actions should you perform?

  • A. Rest the VPN connection.
  • B. Configure the hashing algorithm to be different on both gateways.
  • C. Configure the hashing algorithm to be the same on both gateways.
  • D. Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.
  • E. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways.
  • F. Rest the VPN gateway.

Answer: A,C,E

Explanation:
the three actions that should be performed to minimize downtime for all services and resolve the connectivity issue are: C. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways. D. Reset the VPN connection. E. Configure the hashing algorithm to be the same on both gateways.


NEW QUESTION # 78
You manage an Azure subscription that contains the following resources:

An on-premises environment is connected to VNet1 by using ERGW1.
An on-premises environment is connected to VNet1 by using ERGW1.
An administrator measures network latency for on-premises traffic that targets VM1 and VM2 by using the front-end IP address of the load balancer. The administrator enables ExpressRoute FastPath on ERGW1 and observes that the latency has not changed.
You need to resolve the issue that is preventing the network latency improvements offered by ExpressRoute FastPath from taking effect.
What should you do?

  • A. Change the SKU for the ExpressRoute gateway.
  • B. Redeploy the load balancer as a Standard SKU.
  • C. Resize VM1 and VM2.
  • D. Enable accelerated networking on VM1 and VM2

Answer: B

Explanation:
To resolve the issue that is preventing the network latency improvements offered by ExpressRoute FastPath from taking effect, you should redeploy the load balancer as a Standard SKU. ExpressRoute FastPath is only supported on Standard Load Balancer SKUs. So the correct answer is A. Redeploy the load balancer as a Standard SKU.


NEW QUESTION # 79
......

Microsoft AZ-720 Dumps - Secret To Pass in First Attempt: https://www.testkingfree.com/Microsoft/AZ-720-practice-exam-dumps.html

AZ-720 Dumps - Grab Out For [NEW-2023] Microsoft Exam: https://drive.google.com/open?id=1ThWlqi3Y3khYD03RDd9kZjuoWQ8rNL-I

Related Articles

more
Microsoft AZ-720 Certification Practice Exam