[2023] AZ-720 Actual Exam Dumps, AZ-720 Practice Test [Q55-Q77]

[2023] AZ-720 Actual Exam Dumps, AZ-720 Practice Test

Test4Cram AZ-720 dumps & Microsoft Certified: Azure Support Engineer for Connectivity Specialty sure practice dumps

Microsoft AZ-720 certification exam is designed for professionals who are seeking to demonstrate their expertise in troubleshooting Microsoft Azure connectivity. AZ-720 exam measures the candidate's ability to identify and resolve issues related to network connectivity, application connectivity, and data access in Azure services. AZ-720 exam is ideal for individuals who have experience in Azure administration and possess a strong understanding of Azure networking concepts and principles.

Exam AZ-720: Troubleshooting Microsoft Azure Connectivity

Candidates for this exam should have experience with networking and with hybrid environments, including knowledge of routing, permissions, and account limits. They must be able to use available tools to diagnose issues related to business continuity, hybrid environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control, networking, and virtual machines connectivity.

Passing score: 700. Learn more about exam scores.

Part of the requirements for: Microsoft Certified: Azure Support Engineer for Connectivity Specialty

Download exam skills outline

 

NEW QUESTION # 55
A company develops an Azure Cosmos DB solution.
The solution has the following components:
A virtual network named VNet1 in a resource group named RG1.
A subnet named Subnet1 in VNet1.
A Private Link service.
The company is unable to configure a source IP address for the Private Link service from Subnet1.
You need to resolve the issue for Subnet1.
How should you complete the PowerShell commands?

Answer:

Explanation:

NEW QUESTION # 56
A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.
The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.
You need to determine if ICMP connectivity to VM1 is allow on FW1.
What should you do?

• A. Use the ping command targeting the IP address of VM1 and review the command's response.
• B. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
• C. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.
• D. Use the ping command targeting the fully qualified domain name of VM1 and review the command's response.

Answer: A

NEW QUESTION # 57
A company uses an Azure blob container.
The IT department has a service-level agreement (SLA) that requests on average cannot exceed 20 milliseconds.
You need to implement a log analytics query to generate the SLA report.
How should you complete the query?

Answer:

Explanation:

NEW QUESTION # 58
A company uses Azure Active Directory (Azure AD) for authentication. The company synchronizes Azure AD with an on-premises Active Directory domain.
The company reports that an Azure AD object fails to sync.
You need to determine which objects are not syncing.
Which troubleshooting steps should you use to diagnose the failure?

Answer:

Explanation:

NEW QUESTION # 59
You need to resolve the Azure virtual machine (VM) deployment issues.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 60
A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).
A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:
Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.
You need to help the user complete the MFA setup.
What should you do?

• A. From the Azure AD portal, reset the user's password.
• B. Instruct the user to enter the correct verification code.
• C. Instruct the user to complete the setup process within 10 minutes.
• D. From the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.
• E. Instruct the user to clear their web browser cache.

Answer: C

Explanation:
this error can occur when there are issues with cookies or cached data in the web browser. To resolve this issue, you can instruct the user to clear their web browser cache and try again.

NEW QUESTION # 61
A company uses Azure Backup Agent to back up specific files and folders from an on-premises virtual machine (VM).
An administrator reports that the backup job is transferring files slowly. You determine that the backup job is verifying changes in directories by scanning the entire volume.
You need to determine the state of the backup job.
In which state will the backups occur?

Answer:

Explanation:

NEW QUESTION # 62
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

• A. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
• B. Configure FlowLog1 for version 2.
• C. Create the storage account for FlowLog1 as a premium block blob.
• D. Enable FlowLog1 in a network security group associated with the network interface of VM1.

Answer: B

Explanation:
According to 1, flow logging using ExpressRoute Traffic Collector requires version 2 of flow logs. Version 1 of flow logs does not support ExpressRoute Traffic Collector. You can configure the version of flow logs when you enable them on a network security group (NSG).

NEW QUESTION # 63
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer
named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2.
Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the
following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address
of LB1 are failing.
You need to resolve the issue.
What should you do?

• A. Add an NSG1 rule with the source set to AzureLoadBalancer.
• B. Change the health probe associated with Rule1 to use HTTP.
• C. Change the health probe associated with Rule1 to use TCP.
• D. Add an NSG1 rule with the source set to VirtualNetwork.

Answer: B

NEW QUESTION # 64
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication.
A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine:
A certificate could not be found
You need to resolve the issue.
Which three actions should you perform?

• A. Generate a client certificate.
• B. Configure an Azure Active Directory (Azure AD) tenant.
• C. Install a client certificate on the VPN gateway.
• D. Generate a root certificate.
• E. Install a client certificate on the user's device.
• F. Install a root certificate on the user's device.
• G. Enable Azure AD authentication on the gateway

Answer: A,E,F

Explanation:
To resolve the issue where a user reports an error message stating "A certificate could not be found" when trying to connect to an Azure point-to-site VPN that uses certificate-based authentication, you should perform the following three actions: B. Install a root certificate on the user's device. F. Generate a client certificate. G. Install a client certificate on the user's device.
Azure point-to-site VPNs that use certificate-based authentication require both a root certificate and a client certificate to be installed on the user's device. The root certificate is used to validate the identity of the VPN gateway, while the client certificate is used to authenticate the user. If either of these certificates is missing or invalid, the user will not be able to connect to the VPN and may receive an error message stating that a certificate could not be found.

NEW QUESTION # 65
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

• A. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
• B. Enable FlowLog1 in a network security group associated with the subnet of VM1.
• C. Create the storage account for FlowLog1 as a premium block blob.
• D. Create the storage account for FlowLog1 as a premium page blob.

Answer: D

NEW QUESTION # 66
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

• A. The administrator does not have the SecurityReader role.
• B. A network security group is not associated with the VMs.
• C. The administrator is using the Microsoft Defender for Cloud free tier.
• D. The client firewall does not allow port 22 on the VMs.

Answer: C

Explanation:
Topic 1, Contoso Ltd,
Background
Contoso, Ltd. is a financial services company based in Boston. MA, United States. Contoso hires you to manage their Azure environment and resolve several operational issues.
General
Contoso's Azure environment contains the following resources. All resources are associated with the same subscription and are located in the East US region. Users connect to resources from Windows 10 computers by using the built-in SSTP VPN software.

Recent changes
The company implements the following changes:
Extend the IP address space of VNet1 and create subnets in the new IP address space.
Allow users with computers that run the current version of MacOS to use the built-in VPN client for connecting to the point-to-site VPN.
Enable a service endpoint on contosostoragel to provide direct access to the storage content from all Configure all business critical VM workloads to use encryption keys stored in all five key vaults.
Enable a private endpoint on CosmbsDBT to provide direct access to its content from VNetl.
Develop an automated process to deploy Azure VMs by using A2ure Bicep. The passwords for the local administrator accounts are stored in the key vaults. You grant the team that initiates the deployment the Reader RBAC role to all key vaults.
Deploy a multi-tier SharePoint Server environment into a subnet in VNet2. You implement network security groups (NSGs) to allow only specific ports between tiers in the subnet. You configure NSGs to use application security groups (ASGs) when designating the source and destination of cross-tier traffic.
Deploy a secondary multi-tier SharePoint Server environment into a subnet in VNet3.
Requirements
General Requirements
You must adhere to the principle of least privilege when granting access to resources.
Reverse DNS lookup
You must identify the reason for the differences between reverse DNS lookup results in the hub and the spoke networks and recommend a solution that provides the reverse DNS lookup in the format [vmnameJ.contoso.com for all three virtual networks.
Public DNS lookup
You must verify that the Azure public DNS rone is currently used to resolve DNS name requests for www.contoso.com and recommend.a solution that uses the Azure public DNS zone.
Windows VPN
You must verify if VPN client connectivity issues are related to routing and recommend a solution.
MacOS VPN
You must verify if Remote ID and local ID VPN client settings on the MAcOS devices are properly configured.
Azure Storage connectivity
You must resolve the issues with the SMB-mounts from VNet2 and VNet3 as well as ensure that on- premises connections to contosostorage are successful. Your solution must ensure that, whenever possible, network traffic does not traverse public internet.
Cosmos DB connectivity
You must verify if on-premises connections to ContosoDB1 are using the CosmosDB1 public endpoint. You need to recommend a solution if connections are not using private endpoints.
DNS issues
Reverse DNS lookups from VNetl return two records. One DNS record is in the format [vmname].contoso.com and the other DNS record is in the format [vmname].internal.cloudapp.net. Reverse DNS lookups from VNet2 and VNet3 return DNS names in the format
[vmname].internal.cloudapp.net.
VMs on each virtual network can only resolve reverse DNS lookup names of VMs on the same virtual network.
Public DNS lookup
You are notified that name resolution requests for www,contoso.com are using the DNS zone hosted by the DNS registrar where the zone was originally created.
Connectivity and routing issues
Window VPN
Windows VPN clients cannot connect to Azure VMs on the subnets recently added to VNet1.
Sales department VPN.
The sales department users connect by using the MacOs VPN client.
Azure Storage Connectivity
Server Message Block (SMB)-mount from VMs on VNet2 and VNet3 to file shares In contosostorage1 are failing Azure Storage Explorer connection using access keys from on-premses computer to contosostorage1 are failing Cosmos DB connectivity You observe that connections to ConsomosDB1 from the on-premises environment are using the CosmosDB1 public endpoint. However connections to CosmosDB1 from the on-premises environment should be using the private endpoint. You verify that connections to CosmosDB1 from VNet1 are using the private endpoint.
Azure Key vault
Access attempts to Azure Key vault oy VM workloads intermittently fail with the HTTP response code 429. You must identify the reason for the failures and recommend a solution.
SharePoint
SharePoint In VNet2
SharePoint traffic between tiers is blocked by NSGs which is causing application failures. You need to identify the NSG rules that are blocking traffic. You also need to collect the data that is blocked by the NSG rules. The solution must minimize administrative effort.
SharePoint in VNet3.
ASGs used in the NSG rules associated with the VNet2 subnet are not visible when configuring NSG rules in VNet3. You need to create NSG rules for VNet3 with the same name, source and destination settings that are configured for the NSG associated with VNet2. The solution must minimize administrative effort.
Permission issues
Azure Biccp
You must identify the minimum privileges required to provision Azure VMs using Azure Bicep.
Data engineering team
You must identify the role-based access control (RBAQ roles required by the data engineering team to access the storage account by using Azure portal. The team requires minimum permissions to backup and restore blobs in contosostorage1. The Contoso data engineering tearn.js unable to view the contosostorage1 account in the Azure portal.
Azure VM deployment
Azure VM deployments that uses Azure Bicep are failing with an authorization error. The error indicates three are insufficient access permissions retrieve password of the local administrator account in the key vault.
VM1 and VM2
RT12 must be configured to route internal traffic from VM1 through VM2. You observe that internet traffic from VM1 is routed directly to the internet.
VM2
You configure VM2 to route internet traffic from VM1. After configuring RT12 to route internet traffic from VM1 through VM2, traffic reaches VM2 but then it is dropped. You that routing for VM2 is configured correctly.

NEW QUESTION # 67
A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).
A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:
Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.
You need to help the user complete the MFA setup.
What should you do?

• A. Instruct the user to enter the correct verification code.
• B. From the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.
• C. Instruct the user to clear their web browser cache.
• D. Instruct the user to complete the setup process within 10 minutes.
• E. From the Azure AD portal, reset the user's password.

Answer: E

NEW QUESTION # 68
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:

NEW QUESTION # 69
A company uses Azure virtual machines (VMs) in multiple regions. The VMs have the following configuration:

The backend pool of an internal Azure Load Balancer (ILB) named ILB1 contains VM1 and VM2. The ILB uses the Basic SKU and is in a resource group RG2.
Virtual network peering has been configured between VNet1 and VNet2.
Users report that they are unable to connect to resources on VM1 and VM2 by using ILB1 from VM3.
You need to resolve the connectivity issues.
What should you do?

• A. Redeploy the ILB using the Standard SKU.
• B. Move ILB1 to RG1.
• C. Move VM1 and VM2 into RG3.
• D. Redeploy VM1 and VM2 into availability zones.

Answer: A

Explanation:
To resolve the connectivity issues, you need to redeploy the ILB using the Standard SKU. According to 1, Basic Load Balancer does not support Global VNet Peering, which is required for cross-region communication between VMs in different VNets. Standard Load Balancer supports Global VNet Peering and can load balance traffic across regions and availability zones.

NEW QUESTION # 70
A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between Azure regions.
An administrator receives the following warning from ASR about a VM that uses P10 disks: Data change rate beyond supported limits You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s.
You need to resolve the issue.
What should you do?

• A. Uninstall the Volume Shadow Copy Service (VSS) Provider service.
• B. Create a network service endpoint in a virtual network.
• C. Upgrade the target storage disk.
• D. Use AzCopy to upload data to a cache storage account.

Answer: C

Explanation:
Azure Site Recovery has limits on data change rates depending on the type of disk used for replication. If a VM has a data change rate higher than the supported limit for its disk type, it can cause replication issues or errors. To resolve this issue, you can upgrade the target storage disk to a higher tier that supports higher data change rates.

NEW QUESTION # 71
A company configures an Azure site-to-site VPN between an on-premises network and an Azure virtual
network.
The company reports that after completing the configuration, the VPN connection cannot be established.
You need to troubleshoot the connection issue.
What should you do first?

• A. Identify the shared key by running this PowerShell cmdlet:
  Get-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript.
• B. Verify the AzureClient.pfx file exists.
• C. Verify the AzureRoot.cer file exists.
• D. Identify the shared key by running this PowerShell cmdlet:
  Get-AzVirtualNetworkGatewayConnectionSharedKey.

Answer: A

NEW QUESTION # 72
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

• A. The VMs were provisioned by using a classic deployment.
• B. The administrator is using the Microsoft Defender for Cloud free tier.
• C. The VMs were recently provisioned by using an Azure Resource Manager deployment.
• D. The administrator does not have the SecurityReader role.

Answer: A

Explanation:
The Unsupported tab on the Just-in-Time VM access page in the Microsoft Defender for Cloud portal indicates that the VMs were provisioned by using a classic deployment Classic deployments were used in Azure before the deployment model was updated to Azure Resource Manager, which is now the preferred model for deploying and managing resources in Azure.

NEW QUESTION # 73
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize objects from their Active Directory Domain Services (AD DS) domain.
You observe that AD DS objects are not synchronizing to Azure AD.
You need to verify that the staging mode is enabled.
What should you do?

• A. Run this PowerShell cmdlet: Get-ADSyncConnetorRunStatus
• B. Review the triggers for the Azure AD Connect sync scheduled task.
• C. Review the history for the Azure AD Connect sync scheduled task.
• D. Run this PowerShell cmdlet: Get-ADSyncScheduler

Answer: D

Explanation:
Azure AD Connect has a staging mode feature that allows you to install multiple sync servers for high availability or disaster recovery purposes. When staging mode is enabled on a sync server, it doesn't export any changes to Azure AD or your on-premises AD DS environment.
To verify that staging mode is enabled on a sync server, you can run the Get-ADSyncScheduler PowerShell cmdlet and check the value of StagingModeEnabled property. If it is True, then staging mode is enabled and no synchronization will occur.

NEW QUESTION # 74
You need to resolve the problem reported by User2.
What should you do?

• A. Enable the warehouse group for the self-service password reset feature.
• B. Instruct User2 to wait 24 hours and try again.
• C. Enable all users for the self-service password reset feature.
• D. Identify and resolve the misconfigured directory information for User2.
• E. Assign an Azure AD Premium Pi license to User2

Answer: E

Explanation:
To resolve the problem reported by User2, you need to assign an Azure AD Premium P1 license to User2. User2 is a member of the warehouse group, which is enabled for the self-service password reset (SSPR) feature. However, User2 cannot register for SSPR because they do not have a valid license that supports SSPR. To use SSPR, a user must have one of the following licenses: Azure AD Premium P1, Azure AD Premium P2, Enterprise Mobility + Security (EMS) E3 or EMS E5. By assigning an Azure AD Premium P1 license to User2, you can enable them to use the SSPR feature and reset their password without contacting the helpdesk

NEW QUESTION # 75
A company implements Windows and Linux VMs in an Azure Virtual Network. The company plans to apply routing changes to the virtual network.
You need to determine the impact of these changes on network latency affecting applications that use TCP and UDP traffic. The solution must provide the highest level of accuracy.
Which tools should you use?

Answer:

Explanation:

NEW QUESTION # 76
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a
partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

• A. The public IP address of the partner's VPN device is configured in the local network gateway address
  space on VNetGW1.
• B. The partner's VPN device and VNetGW1 are configured using the same shared key.
• C. The partner's VPN device is configured for one VPN tunnel per subnet pair.
• D. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.

Answer: B

NEW QUESTION # 77
......

AZ-720 Actual Questions and Braindumps: https://www.test4cram.com/AZ-720_real-exam-dumps.html

Pass AZ-720 Exam with Updated AZ-720 Exam Dumps PDF 2023: https://drive.google.com/open?id=1JYDCelUw_tTlmDNC_Cvr8r23-pV47Te_