Login / Register   My Cart (0)

DumpsFree provides high-quality dumps PDF & dumps VCE for candidates who are willing to pass exams and get certifications soon. We provide dumps free download before purchasing dumps VCE. 100% pass exam!

All Products Contact now
  • Home
  • Articles
  • Download Exam AZ-720 Practice Test Questions with 100% Verified Answers [Q40-Q64]

Download Exam AZ-720 Practice Test Questions with 100% Verified Answers [Q40-Q64]

Share

Download Exam AZ-720 Practice Test Questions with 100% Verified Answers

Share Latest AZ-720Test Practice Test Questions, Exam Dumps


Microsoft AZ-720 exam is designed to test an individual's ability to troubleshoot connectivity issues in Microsoft Azure. AZ-720 exam is intended for IT professionals who have experience in managing and monitoring Azure resources and have a good understanding of networking and security concepts. AZ-720 exam measures the candidate's ability to identify and resolve issues related to Azure Virtual Networks, VPN Gateway, ExpressRoute, and other connectivity solutions.


Microsoft AZ-720 exam is a certification exam that focuses on troubleshooting Microsoft Azure connectivity. AZ-720 exam is designed to test the skills and knowledge required to troubleshoot connectivity issues in Microsoft Azure, which is a cloud computing platform used by many organizations around the world.

 

NEW QUESTION # 40
A company uses Azure Site Recovery for their on-premises Hyper-V servers. The company manages servers by using System Center Virtual Machine Manager (SCVMM).
An administrator reports that replication to the secondary site has failed.
You need to inspect the SCVMM logs and configuration files.

Answer:

Explanation:


NEW QUESTION # 41
A company deploys Azure Bastion to connect to their virtual machine (VM) infrastructure.
An engineer attempts to connect to a Windows VM by using Remote Desktop Protocol (RDP). The connection fails.
You need to troubleshoot the issue.
Which two actions should you perform?

  • A. Monitor traffic with the following PowerShell cmdlet Test-AzNetworkWatcherConnectivity.
  • B. Apply a network security group on the same subnet as Azure Bastion.
  • C. Configure Azure Bastion with static assignment.
  • D. Run the Network Watcher Connection troubleshoot service.
  • E. Monitor traffic with the following PowerShell cmdlet New-AzNetworkWatcherFlowLog.

Answer: A,D

Explanation:
The two actions that should be performed to troubleshoot the issue of a failed RDP connection to a Windows VM through Azure Bastion are A) Monitor traffic with the PowerShell cmdlet 'Test-AzNetworkWatcherConnectivity' and D) Run the Network Watcher Connection troubleshoot service.
A) Monitor traffic with the PowerShell cmdlet 'Test-AzNetworkWatcherConnectivity': This cmdlet can be used to verify connectivity between two endpoints in Azure. By monitoring traffic, you can identify the root cause of issues with the VM's connectivity through Azure Bastion.
D) Run the Network Watcher Connection troubleshoot service: This service can help identify the root cause of connectivity issues with Azure resources. It analyses network traffic to identify common misconfiguration issues and provides guidance on how to resolve them.


NEW QUESTION # 42
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2. Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address of LB1 are failing.
You need to resolve the issue.
What should you do?

  • A. Add an NSG1 rule with the source set to VirtualNetwork.
  • B. Add an NSG1 rule with the source set to AzureLoadBalancer.
  • C. Change the health probe associated with Rule1 to use HTTP.
  • D. Change the health probe associated with Rule1 to use TCP.

Answer: B

Explanation:
According to Microsoft, Azure Load Balancer health probes originate from the IP address 168.63.129.16 and must not be blocked for probes to mark your instance as up. The AzureLoadBalancer service tag identifies this source IP address in your network security groups and permits health probe traffic by default1. https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview


NEW QUESTION # 43
A company uses a service principal to assign RBAC roles for an application hosted in Azure.
The company attempts to create a rule assignment. The following error displays:Insufficient privileges to complete the operation.
You need to resolve the issue.
How should you complete the CLI command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 44
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. The partner's VPN device and VNetGW1 are configured using the same shared key.
  • B. The partner's VPN device is enabled for Perfect forward secrecy.
  • C. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
  • D. The IP address of the local network gateway matches the partner's VPN device.

Answer: A


NEW QUESTION # 45
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Scale the gateway to Generation2.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Scaling the gateway to Generation2 will not prevent the on-premises network from reaching the new subnet. Scaling the gateway changes the hardware configuration of the VPN gateway, but it does not affect the routing or connectivity between the on-premises network and the virtual network.
A better solution would be to create a network security group (NSG) and associate it with the new subnet. The NSG can be configured to deny traffic from the on-premises network to the new subnet. This way, the new subnet will be isolated from the on-premises network.
Reference:
VPN Gateway Generation 2: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwgen2


NEW QUESTION # 46
A company uses an Azure VPN gateway to connect to their on-premises environment.
The company's on-premises VPN gateway is used by several services. One service is experiencing
connectivity issues.
You need to minimize downtime for all services and resolve the connectivity issue.
Which three actions should you perform?

  • A. Rest the VPN connection.
  • B. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN
    gateways.
  • C. Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.
  • D. Configure the hashing algorithm to be different on both gateways.
  • E. Configure the hashing algorithm to be the same on both gateways.
  • F. Rest the VPN gateway.

Answer: B,C,E


NEW QUESTION # 47
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Disable password writeback and then enable password writeback.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B


NEW QUESTION # 48
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a
virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address
from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:


NEW QUESTION # 49
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Scale the gateway to Generation2.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: A


NEW QUESTION # 50
A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a site-to-site VPN connection.
The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure Virtual Network gateway.
You need to troubleshoot the issue by reviewing the logs.
Which log should you analyze?

  • A. P2SDiagnosticLog
  • B. GatewayDiagnosticLog
  • C. IKEDiagnosticLog
  • D. RouteDiagnosticLog

Answer: C


NEW QUESTION # 51
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Install an IKEv2 VPN client on the user's computers.
  • B. Create a profile manually, add the server FQDN and reissue the client certificate.
  • C. Reissue the client certificate with client authentication enabled.
  • D. Reissue the client certificate with server authentication enabled.

Answer: B


NEW QUESTION # 52
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:


NEW QUESTION # 53
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server.
You need to resolve the problem with the NVA.
What should you do?

  • A. Configure a public IP address on the route server.
  • B. Move the route server to the same VNet as the NVA.
  • C. Configure a unique autonomous system number (ASN) on the NVA.
  • D. Configure a user-defined route on the NVA subnet.

Answer: C


NEW QUESTION # 54
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft
Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The administrator is using the Microsoft Defender for Cloud free tier.
  • B. The VMs were recently provisioned by using an Azure Resource Manager deployment.
  • C. The VMs were provisioned by using a classic deployment.
  • D. The administrator does not have the SecurityReader role.

Answer: C


NEW QUESTION # 55
A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.
The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.
You need to determine if ICMP connectivity to VM1 is allow on FW1.
What should you do?

  • A. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.
  • B. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
  • C. Use the ping command targeting the IP address of VM1 and review the command's response.
  • D. Use the ping command targeting the fully qualified domain name of VM1 and review the command's response.

Answer: C


NEW QUESTION # 56
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer
named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2.
Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the
following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address
of LB1 are failing.
You need to resolve the issue.
What should you do?

  • A. Add an NSG1 rule with the source set to AzureLoadBalancer.
  • B. Add an NSG1 rule with the source set to VirtualNetwork.
  • C. Change the health probe associated with Rule1 to use HTTP.
  • D. Change the health probe associated with Rule1 to use TCP.

Answer: C


NEW QUESTION # 57
A company deploys a new application and places the application behind an Azure Application Gateway Web Application Firewall (WAF).
A user with client IP 203.0.113.26 reports that they cannot access the application.
You need to troubleshoot the issue.
How should you complete the query?

Answer:

Explanation:


NEW QUESTION # 58
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute
gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a
network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named
VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

  • A. Enable FlowLog1 in a network security group associated with the subnet of VM1.
  • B. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
  • C. Configure FlowLog1 for version 2.
  • D. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.

Answer: B


NEW QUESTION # 59
You need to resolve the Azure virtual machine (VM) deployment issues.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 60
A company has virtual machines (VMs) in the following Azure regions:
West Central US
Australia East
The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-premises services.
The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM traffic attempts to use ExpressRoute private peering.
You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must preserve existing on-premises connectivity to Azure VNets.
What should you do?

  • A. Add a filter to the on-premises routers.
  • B. Disable the ExpressRoute peering connections for one of the regions.
  • C. Add a second VNet to the virtual machines and configure VNet peering between the VNets.
  • D. Add a user-defined route to the subnets route table.

Answer: D

Explanation:
To ensure that traffic uses global VNet peering instead of ExpressRoute private peering, you should add a user-defined route to the subnets route table. According to 2, global VNet peering allows virtual networks across regions to communicate using private IP addresses as if they were in the same region. However, if there is an existing ExpressRoute private peering between two regions that also have global VNet peering enabled, traffic will prefer ExpressRoute over global VNet peering by default. To override this behavior and force traffic to use global VNet peering instead of ExpressRoute private peering for a specific subnet or virtual network gateway connection, you need to add a user-defined route with a next hop type of Virtual Network Peering.


NEW QUESTION # 61
A company uses an Azure VPN gateway to connect to their on-premises environment.
The company's on-premises VPN gateway is used by several services. One service is experiencing connectivity issues.
You need to minimize downtime for all services and resolve the connectivity issue.
Which three actions should you perform?

  • A. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways.
  • B. Rest the VPN connection.
  • C. Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.
  • D. Configure the hashing algorithm to be different on both gateways.
  • E. Configure the hashing algorithm to be the same on both gateways.
  • F. Rest the VPN gateway.

Answer: A,C,E


NEW QUESTION # 62
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server.
You need to resolve the problem with the NVA.
What should you do?

  • A. Configure a public IP address on the route server.
  • B. Move the route server to the same VNet as the NVA.
  • C. Configure a unique autonomous system number (ASN) on the NVA.
  • D. Configure a user-defined route on the NVA subnet.

Answer: C

Explanation:
According to 2, when using Azure Route Server with network virtual appliances (NVAs), you need to ensure that each NVA has a unique ASN that is different from the route server's ASN and any other BGP peer's ASN. Otherwise, there will be routing issues due to BGP loop prevention mechanisms.
You can configure the ASN on the NVA by using its own configuration tools or commands. For more information, see 2.


NEW QUESTION # 63
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?

  • A. Redeploy the VM with Accelerated Networking enabled.
  • B. Configure the network interfaces to 1000 Mbps/full duplex.
  • C. Increase the TCP buffers and window size kernel parameters.
  • D. Install a kernel name that ends with -azure.

Answer: A

Explanation:
To ensure that Ubuntu Linux servers are compatible with Azure and to increase network throughput from 20 Mbps to 300 Mbps, you should redeploy the VM with Accelerated Networking enabled. Therefore, option C is correct. You should redeploy the VM with Accelerated Networking enabled.


NEW QUESTION # 64
......

Positive Aspects of Valid Dumps AZ-720 Exam Dumps!: https://www.dumpsfree.com/AZ-720-valid-exam.html

First Attempt Guaranteed Success in AZ-720 Exam: https://drive.google.com/open?id=1FUKuSeRnxwbQDTmg2MyqX1mXn7Z9VgxR

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

DumpsFree provides high-quality dumps PDF & dumps VCE for candidates who are willing to pass exams and get certifications soon. We provide dumps free download before purchasing dumps VCE. 100% pass exam!

Latest Dumps Free

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpsFree NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy