2024 New AZ-720 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/AZ-720/
Exam Code: AZ-720 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Troubleshooting Microsoft Azure Connectivity
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass AZ-720 Exam.
Online Microsoft AZ-720 free dumps demo Below:
NEW QUESTION 1
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules.
The company creates an application rule collection with the following settings: Priority: 100
Action: Deny Rule type: FQDN
Source type: IP address Source: *
Protocol: http:80,https:443
Target FQDN: *.cloud.contoso.com
An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1. You need to determine why the traffic is allowed.
What should you review?
- A. Network rules
- B. Web categories
- C. Infrastructure rules
- D. Application rules
Answer: C
NEW QUESTION 2
A company uses an Azure blob container.
The IT department has a service-level agreement (SLA) that requests on average cannot exceed 20 milliseconds.
You need to implement a log analytics query to generate the SLA report.
How should you complete the query?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 3
A company uses Azure Active Directory (Azure AD) for authentication. The company synchronizes Azure AD with an on-premises Active Directory domain.
The company reports that an Azure AD object fails to sync. You need to determine which objects are not syncing.
Which troubleshooting steps should you use to diagnose the failure?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 4
A company attempts to implement just-in-time (JIT) access for a virtual machine (VM) named VM1. The company reports that they are unable to complete the process.
You need to implement JIT access and test the deployment. Which PowerShell cmdlets should you run?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 5
A company deploys Azure Bastion to connect to their virtual machine (VM) infrastructure.
An engineer attempts to connect to a Windows VM by using Remote Desktop Protocol (RDP). The connection fails.
You need to troubleshoot the issue. Which two actions should you perform?
- A. Monitor traffic with the following PowerShell cmdlet Test-AzNetworkWatcherConnectivity.
- B. Configure Azure Bastion with static assignment.
- C. Apply a network security group on the same subnet as Azure Bastion.
- D. Run the Network Watcher Connection troubleshoot service.
- E. Monitor traffic with the following PowerShell cmdlet New-AzNetworkWatcherFlowLog.
Answer: BE
NEW QUESTION 6
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Configure subnet delegation. Does the solution meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION 7
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet. You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1. What should you do?
- A. Create the storage account for FlowLog1 as a premium block blob.
- B. Create the storage account for FlowLog1 as a premium page blob.
- C. Enable FlowLog1 in a network security group associated with the subnet of VM1.
- D. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
Answer: B
NEW QUESTION 8
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback could not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue. What should you do?
- A. Restart the Azure AD Connect service.
- B. Configure Azure AD Connect using a global administrator account that is not federated.
- C. Configure Azure AD Connect using a global administrator account with a password that is less than 256 characters.
- D. Disable password writeback and then enable password writeback using the Azure AD Connect configuration.
Answer: C
NEW QUESTION 9
A company has virtual machines (VMs) in the following Azure regions:
West Central US
Australia East
The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-premises services.
The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM traffic attempts to use ExpressRoute private peering.
You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must preserve existing on-premises connectivity to Azure VNets.
What should you do?
- A. Add a user-defined route to the subnets route table.
- B. Add a filter to the on-premises routers.
- C. Add a second VNet to the virtual machines and configure VNet peering between the VNets.
- D. Disable the ExpressRoute peering connections for one of the regions.
Answer: B
NEW QUESTION 10
A company has an Azure virtual network (VNet). An administrator creates a subet in the VNet named AzureSastionSubnet. The administrator deploys Azure Bastion to AzureBastionSubnet.
The administrator creates a default network security group named nsg-Bastion. The following error message display when the administrator attempts to assign nsg-Bastion to AzureBastionSubnet:
Network security group nsg-Bastion does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet
You need to resolve the issues with the inbound security rules. Which port or set of ports should you configure?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 11
A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between Azure regions.
An administrator receives the following warning from ASR about a VM that uses P10 disks: Data change rate beyond supported limits
You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s.
You need to resolve the issue. What should you do?
- A. Uninstall the Volume Shadow Copy Service (VSS) Provider service.
- B. Use AzCopy to upload data to a cache storage account.
- C. Create a network service endpoint in a virtual network.
- D. Upgrade the target storage disk.
Answer: D
NEW QUESTION 12
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Disable password writeback and then enable password writeback. Does the solution meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION 13
A company deploys an Azure Firewall. The company reports the following log entry:
For each of the following questions, select Yes or No.
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 14
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access. What should you conclude?
- A. The administrator is using the Microsoft Defender for Cloud free tier.
- B. The VMs were provisioned by using a classic deployment.
- C. The administrator does not have the SecurityReader role.
- D. The administrator does not have permissions to request JIT access to the VMs.
Answer: B
NEW QUESTION 15
A company plans to implement ExpressRoute by using the provider connectivity model.
The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit. You need to determine the provisioning state of the service provider.
Which PowerShell cmdlet should you run?
- A. Get-AzExpressRouteCircuitPeeringConfig
- B. Get-AzExpressRouteCircuitRouteTable
- C. Get-AzExpressRouteCircuitConnectionConfig
- D. Get-AzExpressRouteCircuit
- E. Get-AzExpressRouteCircuitARPTable
Answer: C
NEW QUESTION 16
A company deploys an ExpressRoute circuit.
You need to verify accepted peering routes from the ExpressRoute circuit. Which PowerShell cmdlet should you run?
- A. Get-AzExpressRouteCrossConnectionPeering
- B. Get-AzExpressRouteCircuit
- C. Get-AzExpressRouteCircuitPeeringConfig
- D. Get-AzExpressRouteCircuitRouteTable
- E. Get-AzExpressRouteCircuitStats
Answer: A
NEW QUESTION 17
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server.
You need to resolve the problem with the NVA. What should you do?
- A. Configure a user-defined route on the NVA subnet.
- B. Move the route server to the same VNet as the NVA.
- C. Configure a unique autonomous system number (ASN) on the NVA.
- D. Configure a public IP address on the route server.
Answer: C
NEW QUESTION 18
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 19
......
100% Valid and Newest Version AZ-720 Questions & Answers shared by Dumps-hub.com, Get Full Dumps HERE: https://www.dumps-hub.com/AZ-720-dumps.html (New 81 Q&As)