• Home
  • Articles
  • Easy To Download Microsoft AZ-720 Exam Dumps Updated 121 Questions [Q42-Q63]

Easy To Download Microsoft AZ-720 Exam Dumps Updated 121 Questions [Q42-Q63]

Share

Easy To Download Microsoft AZ-720 Exam Dumps Updated 121 Questions

New Updated AZ-720 Exam Questions 2023

NEW QUESTION # 42
You need to resolve the issue.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 43
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD
Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Restart the Azure AD Connect service.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 44
A company deploys a new application and places the application behind an Azure Application Gateway Web Application Firewall (WAF).
A user with client IP 203.0.113.26 reports that they cannot access the application.
You need to troubleshoot the issue.
How should you complete the query?

Answer:

Explanation:


NEW QUESTION # 45
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2. Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address of LB1 are failing.
You need to resolve the issue.
What should you do?

  • A. Add an NSG1 rule with the source set to VirtualNetwork.
  • B. Add an NSG1 rule with the source set to AzureLoadBalancer.
  • C. Change the health probe associated with Rule1 to use HTTP.
  • D. Change the health probe associated with Rule1 to use TCP.

Answer: B

Explanation:
According to Microsoft, Azure Load Balancer health probes originate from the IP address 168.63.129.16 and must not be blocked for probes to mark your instance as up. The AzureLoadBalancer service tag identifies this source IP address in your network security groups and permits health probe traffic by default1. https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview


NEW QUESTION # 46
You need to troubleshoot issues that scheduling agents report accessing Alpine Ski House resources.
Which tool and port should you test? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 47
A company deploys an Azure Firewall. The company reports the following log entry:

For each of the following questions, select Yes or No.

Answer:

Explanation:


NEW QUESTION # 48
A company has an Azure Active Directory (Azure AD) tenant. You are assigned the Owner role-based access control (RBAC) role of an Azure resource group named RG1.
An administrator grants a user named User1 the Contributor RBAC role for RG1. User1 receives an authorization error when attempting to create a Cosmos DB account in RG1.
The administrator verifies that they can create a Cosmos DB account in RG1.
You need to troubleshoot the issue.
What should you do?

Answer:

Explanation:


NEW QUESTION # 49
A company deploys a new file sharing application on four Standard_D2_v3 virtual machines (VMs) behind an Azure Load Balancer. The company implements Azure Firewall.
Users report that the application is slow during peak usage periods. An engineer reports that the peak usage for each VM is approximately 1 Gbps.
You need to implement a solution that support a minimum of 10 Gbps.
What should you do to increase the throughput?

  • A. Increase the size of the VM instance.
  • B. Disable the Azure Firewall and implement network security groups in its place.
  • C. Request an increase in networking quotas.
  • D. Move two of the servers behind a separate load balancer and configure round robin routing in Traffic Manager.

Answer: A

Explanation:
According to the given scenario, the application deployed on four Standard_D2_v3 virtual machines behind an Azure Load Balancer is experiencing slow performance during peak usage periods It is reported that the peak usage for each VM is approximately 1 Gbps, and the goal is to increase the throughput to a minimum of 10 Gbps.
To achieve this goal, the best option is to increase the size of the VM instance. The Standard_D2_v3 virtual machine size has a maximum network bandwidth of 1 Gbps, so increasing the size of the VM instance to a higher tier, such as Standard_D8_v3 or higher, will provide more network bandwidth and improve the application's performance.
Option A, requesting an increase in networking quotas, may not be sufficient to achieve the required network bandwidth.
Option C, disabling the Azure Firewall and implementing network security groups, may not have a significant impact on the network bandwidth.
Option D, moving two of the servers behind a separate load balancer and configuring round-robin routing in Traffic Manager, may improve availability and performance but will not increase the network bandwidth.
Source: [1] https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general [2] https://docs.microsoft.com/en-us/azure/virtual-network/designing-hub-spoke-topologies#optimize-data-transfer-between-hub-and-spoke-vnets


NEW QUESTION # 50
You need to troubleshoot the issues reported by User1.
Which commands should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 51
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Reissue the client certificate with client authentication enabled.
  • B. Reissue the client certificate with server authentication enabled.
  • C. Create a profile manually, add the server FQDN and reissue the client certificate.
  • D. Install an IKEv2 VPN client on the user's computers.

Answer: C


NEW QUESTION # 52
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:


NEW QUESTION # 53
You need to troubleshoot the Azure Key Vault issues.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 54
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site
connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
* OpenVPN for the tunnel type.
* Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Install a Secure Socket Tunneling Protocol (SSTP) VPN client on the user's computers.
  • B. Create a profile manually, add the server FQDN and reissue the client certificate.
  • C. Configure preshared key for authentication on the VPN profile.
  • D. Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.

Answer: B


NEW QUESTION # 55
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a
partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
  • B. The partner's VPN device is configured for one VPN tunnel per subnet pair.
  • C. The public IP address of the partner's VPN device is configured in the local network gateway address
    space on VNetGW1.
  • D. The partner's VPN device and VNetGW1 are configured using the same shared key.

Answer: D


NEW QUESTION # 56
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2. Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address of LB1 are failing.
You need to resolve the issue.
What should you do?

  • A. Change the health probe associated with Rule1 to use HTTP.
  • B. Add an NSG1 rule with the source set to VirtualNetwork.
  • C. Add an NSG1 rule with the source set to AzureLoadBalancer.
  • D. Change the health probe associated with Rule1 to use TCP.

Answer: A


NEW QUESTION # 57
A company creates an Azure resource group named RG1. RG1 has an Azure SQL Database logical server named sqlsvr1 that hosts the following resources:

An administrator grants a user named User1 the Reader RBAC role in RG1. The administrator grants User2 the Contributor role in sqlsvr1.
User1 reports that they can connect to SQLDB1 from the IP address 155.127.95.212. User1 cannot connect to SQLDB2. User2 can connect to both SQLDB1 and SQLDB2 from the IP address 121.19.27.18. Both users can successfully connect to SQLDB1 and SQLDB2 from VM1.
You are helping the administrator troubleshoot the issue. You run the following PowerShell command:
Get-AzSqlServerFirewallRule -ResourceGroupName 'RG1' -ServerName 'sqlsvr1' The following output displays:

You need to identify the cause for the reported issue and resolve User1's issues. The solution must satisfy the principle of least privilege.
What should you do?

Answer:

Explanation:


NEW QUESTION # 58
A company has virtual machines (VMs) in the following Azure regions:
* West Central US
* Australia East
The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and
on-premises services.
The company implements global VNet peering between a VNet in each region. After configuring VNet
peering, VM traffic attempts to use ExpressRoute private peering.
You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution
must preserve existing on-premises connectivity to Azure VNets.
What should you do?

  • A. Disable the ExpressRoute peering connections for one of the regions.
  • B. Add a filter to the on-premises routers.
  • C. Add a user-defined route to the subnets route table.
  • D. Add a second VNet to the virtual machines and configure VNet peering between the VNets.

Answer: B


NEW QUESTION # 59
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured.
The company reports that the endpoint is unable to connect to the service.
You need to resolve the connectivity issue.
What should you do?

  • A. Validate the VPN device.
  • B. Approve the connection state.
  • C. Disable the endpoint network policies.
  • D. Disable the service network policies.

Answer: D


NEW QUESTION # 60
You need to resolve the VM2 routing issue.
What should you do?

  • A. Add a network interface to VM2.
  • B. Add a network interface to VM1.
  • C. Modify the IP configuration setting of the Azure network interface resource of VM1.
  • D. Modify the IP configuration setting of the Azure network interface resource of VM2.

Answer: D

Explanation:
To resolve the VM2 routing issue, you should modify the IP configuration setting of the Azure network interface resource of VM2. This will ensure that VM2 can communicate with other resources in the virtual network.
Troubleshooting connectivity problems between Azure VMs involves several steps such as checking whether NIC is misconfigured, whether network traffic is blocked by NSG or UDR, whether network traffic is blocked by VM firewall, whether VM app or service is listening on the port and whether the problem is caused by SNAT1.


NEW QUESTION # 61
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication.
A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine:
A certificate could not be found
You need to resolve the issue.
Which three actions should you perform?

  • A. Enable Azure AD authentication on the gateway
  • B. Generate a client certificate.
  • C. Install a client certificate on the user's device.
  • D. Install a client certificate on the VPN gateway.
  • E. Configure an Azure Active Directory (Azure AD) tenant.
  • F. Install a root certificate on the user's device.
  • G. Generate a root certificate.

Answer: B,C,F

Explanation:
To resolve the issue where a user reports an error message stating "A certificate could not be found" when trying to connect to an Azure point-to-site VPN that uses certificate-based authentication, you should perform the following three actions: B. Install a root certificate on the user's device. F. Generate a client certificate. G. Install a client certificate on the user's device.
Azure point-to-site VPNs that use certificate-based authentication require both a root certificate and a client certificate to be installed on the user's device. The root certificate is used to validate the identity of the VPN gateway, while the client certificate is used to authenticate the user. If either of these certificates is missing or invalid, the user will not be able to connect to the VPN and may receive an error message stating that a certificate could not be found.


NEW QUESTION # 62
A company named Contoso connects its on-premises resources to Azure by using ExpressRoute.
An administrator reports that the circuit is in a failed state.
You need to resolve the issue.
How should you complete the PowerShell commands?

Answer:

Explanation:


NEW QUESTION # 63
......


Microsoft AZ-720 certification exam is designed for IT professionals who are responsible for troubleshooting connectivity issues in Microsoft Azure. AZ-720 exam is intended to validate a candidate's skills in identifying, diagnosing, and resolving connectivity issues related to Azure services. These skills are essential for ensuring the smooth operation of Azure services, which are widely used by businesses of all sizes across the globe.

 

Updated Free Microsoft AZ-720 Test Engine Questions with 121 Q&As: https://www.vce4plus.com/Microsoft/AZ-720-valid-vce-dumps.html

The Best Microsoft Certified: Azure Support Engineer for Connectivity Specialty AZ-720 Professional Exam Questions: https://drive.google.com/open?id=1qoqq4Lhrg0Lw_Os1px_aWQ1nvw2iPP7z

Related Articles

more
Microsoft AZ-720 Certification Practice Exam