• Home
  • Articles
  • AZ-720 Dumps To Pass Microsoft Exam in 24 Hours - TroytecDumps [Q56-Q80]

AZ-720 Dumps To Pass Microsoft Exam in 24 Hours - TroytecDumps [Q56-Q80]

Share

AZ-720 Dumps To Pass Microsoft Exam in 24 Hours - TroytecDumps

Buy Latest AZ-720 Exam Q&A PDF - One Year Free Update


Microsoft AZ-720 exam covers several topics related to Azure connectivity troubleshooting, including Azure Virtual Network, Azure ExpressRoute, Azure VPN Gateway, Azure Network Security Groups, and Azure Firewall. AZ-720 exam measures the candidate's ability to diagnose connectivity issues and implement solutions to resolve them effectively. AZ-720 exam also evaluates the candidate's knowledge of Azure networking and security concepts.

 

NEW QUESTION # 56
A company is deploying Azure Bastion to provide secure clientless access to its Azure VMs. The company configures a network security group named NSG1.
During deployment, the following error displays: Network security group NSG1 does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet.
You need to fix the inbound rules for NSG1.
How should you complete the configuration?

Answer:

Explanation:


NEW QUESTION # 57
You create an Azure Traffic Manager profile with five endpoints Each endpoint is a web app running in an Azure virtual machine (VM).
You observe that one of the endpoints has a degraded status. You plan to verify whether the endpoint is responding to the Traffic Manager health probe with a valid status code.
You need to identify the PowerShell comdlet to use and the status code that the cmdlet should return.
Which value should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 58
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD
Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Disable password writeback and then enable password writeback.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B


NEW QUESTION # 59
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Restart the Azure AD Connect service.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B


NEW QUESTION # 60
You need to troubleshoot the CosmosDB1 issues from the on-premises environment. What should you use?

  • A. Network Watcher next hop diagnostic tool
  • B. route command
  • C. nslookup command
  • D. Network Watcher Connection troubleshoot diagnostic tool

Answer: D

Explanation:
This tool helps you troubleshoot network connectivity issues from a virtual machine to a given endpoint. It tests for reachability from the virtual machine to the endpoint and provides information about why a connection fails1. In this case, you can use this tool to troubleshoot the connectivity issues from the on-premises environment to CosmosDB1.


NEW QUESTION # 61
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to
sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?

  • A. Install a kernel name that ends with -azure.
  • B. Redeploy the VM with Accelerated Networking enabled.
  • C. Configure the network interfaces to 1000 Mbps/full duplex.
  • D. Increase the TCP buffers and window size kernel parameters.

Answer: C


NEW QUESTION # 62
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft
Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The VMs were provisioned by using a classic deployment.
  • B. The VMs were recently provisioned by using an Azure Resource Manager deployment.
  • C. The administrator does not have the SecurityReader role.
  • D. The administrator is using the Microsoft Defender for Cloud free tier.

Answer: A


NEW QUESTION # 63
A company deploys the Azure Application Gateway Web Application Firewall (WAF) to protect their web applications.
Users in a remote office location report the following issues:
Unable to access part of a web application.
Part of the web application is failing to load.
Parts of the web application has activities that are not performing as expected.
You need to troubleshoot the issue.
Which diagnostic log should you review?

  • A. Azure Activity
  • B. Performance
  • C. Firewall
  • D. Access

Answer: C

Explanation:
To troubleshoot the issue, you should review the Firewall diagnostic log. According to 2, Azure Application Gateway Web Application Firewall (WAF) logs requests that are logged through either detection or prevention mode of an application gateway that is configured with WAF. You can use this log to view and analyze blocked requests and identify false positives or false negatives.


NEW QUESTION # 64
A company uses Azure Active Directory (Azure AD) for authentication. The company synchronizes Azure AD with an on-premises Active Directory domain.
The company reports that an Azure AD object fails to sync.
You need to determine which objects are not syncing.
Which troubleshooting steps should you use to diagnose the failure?

Answer:

Explanation:


NEW QUESTION # 65
A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a site-to-site VPN connection.
The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure Virtual Network gateway.
You need to troubleshoot the issue by reviewing the logs.
Which log should you analyze?

  • A. GatewayDiagnosticLog
  • B. IKEDiagnosticLog
  • C. P2SDiagnosticLog
  • D. RouteDiagnosticLog

Answer: B

Explanation:
To troubleshoot an issue with the Phase 1 proposal from an Azure Virtual Network gateway when connecting to a site-to-site VPN connection by reviewing logs, you should analyze the IKE Diagnostic log. Therefore, option C is correct. You should analyze the IKE Diagnostic log.


NEW QUESTION # 66
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?

Answer:

Explanation:


NEW QUESTION # 67
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Enable replication and create a recovery plan for the backup vault.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
The solution does not meet the goal. Enabling replication and creating a recovery plan for the backup vault is not relevant to troubleshooting an Azure VM backup job failure. The administrator should troubleshoot the issue by checking the VM's disk configuration, checking the status of the VM guest agent, and ensuring that the backup policy is configured correctly.


NEW QUESTION # 68
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Use a global administrator account with a password that is less than 256 characters to configure Azure AD Connect.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
No, restarting the Azure AD Connect service would not resolve the issue described in the scenario. The error message "Error getting auth token" indicates there is a problem with authentication
, which is preventing password writeback from being enabled during the Azure AD Connect configuration.
To resolve this issue, you should first confirm that the Azure AD Connect server can authenticate to the Azure AD tenant by using a valid set of credentials. If authentication is successful, then you can investigate other possible causes such as network connectivity issues, misconfigured firewall rules, expired certificates, etc.
Therefore, the correct answer is option B, "No".
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-authentication
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-password-writeback#troubleshooting-steps


NEW QUESTION # 69
A company named Contoso connects its on-premises resources to Azure by using ExpressRoute.
An administrator reports that the circuit is in a failed state.
You need to resolve the issue.
How should you complete the PowerShell commands?

Answer:

Explanation:


NEW QUESTION # 70
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?

  • A. Redeploy the VM with Accelerated Networking enabled.
  • B. Install a kernel name that ends with -azure.
  • C. Configure the network interfaces to 1000 Mbps/full duplex.
  • D. Increase the TCP buffers and window size kernel parameters.

Answer: A

Explanation:
To ensure that Ubuntu Linux servers are compatible with Azure and to increase network throughput from 20 Mbps to 300 Mbps, you should redeploy the VM with Accelerated Networking enabled. Therefore, option C is correct. You should redeploy the VM with Accelerated Networking enabled.


NEW QUESTION # 71
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Install the VM guest agent by using administrative permissions.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: B

Explanation:
Yes, installing the VM guest agent by using administrative permissions could resolve the issue of the Azure VM backup job failing after enabling backups for the VM through the Azure portal. When backing up a virtual machine in Azure, it is necessary to install the VM guest agent to enable proper communication between the VM and the backup service. An administrative user account is required to install the agent.
Therefore, the solution mentioned in the question is correct and the answer is A. Yes.
Reference:
Back up a virtual machine in Azure (Microsoft documentation)


NEW QUESTION # 72
A company has a virtual machine (VM) named VM1 in a virtual network. The company also uses Azure Firewall Standard.
An administrator creates application rules to filter outbound traffic from VM1 and configure fully qualified domain names (FQDN) on the application rules.
The administrator discovers that outbound traffic from VM1 to the FQDNs are not being filtered by the firewall.
You need to resolve the issue with filtering.
What should you do first?

  • A. Create a DNAT rule to route traffic to VM1.
  • B. Configure the firewall for a negative cache.
  • C. Configure VM1 to use Azure Firewall as its DNS server.
  • D. Upgrade to the Azure Firewall Premium SKU.

Answer: C

Explanation:
1: Azure Firewall policy DNS settings 2: Azure Firewall FQDN filtering in network rules


NEW QUESTION # 73
You need to troubleshoot the issues with the SharePoint workload in VNet2.
What should you do? To answer, select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 74
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
* A virtual machine named VM1.
* A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Assign Admin1 the Contributor role for RG1.
2 - Instruct Admin1 to create a network security security goup.
3 - Instruct Admin1 to assiciate a network security group with NIC1.


NEW QUESTION # 75
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site
connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
* OpenVPN for the tunnel type.
* Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Install an IKEv2 VPN client on the user's computers.
  • B. Reissue the client certificate with server authentication enabled.
  • C. Create a profile manually, add the server FQDN and reissue the client certificate.
  • D. Reissue the client certificate with client authentication enabled.

Answer: C


NEW QUESTION # 76
A company deploys a new file sharing application on four Standard_D2_v3 virtual machines (VMs) behind an
Azure Load Balancer. The company implements Azure Firewall.
Users report that the application is slow during peak usage periods. An engineer reports that the peak usage for
each VM is approximately 1 Gbps.
You need to implement a solution that support a minimum of 10 Gbps.
What should you do to increase the throughput?

  • A. Move two of the servers behind a separate load balancer and configure round robin routing in Traffic Manager.
  • B. Disable the Azure Firewall and implement network security groups in its place.
  • C. Increase the size of the VM instance.
  • D. Request an increase in networking quotas.

Answer: A


NEW QUESTION # 77
A company has an Azure virtual network (VNet). An administrator creates a subet in the VNet named AzureSastionSubnet. The administrator deploys Azure Bastion to AzureBastionSubnet.
The administrator creates a default network security group named nsg-Bastion. The following error message display when the administrator attempts to assign nsg-Bastion to AzureBastionSubnet:
Network security group nsg-Bastion does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet You need to resolve the issues with the inbound security rules.
Which port or set of ports should you configure?

Answer:

Explanation:


NEW QUESTION # 78
A company uses Azure Backup Server to back up re deployed in an availability group.
The company reports that a backup operation for a database fails. The following error message displays:
Unable to configure protection.
You need to ensure that the backup operation runs successfully.
What should you do?

  • A. Add a partitioned drive to the storage pool on the backup server.
  • B. Run the following command on the backup server: net stop OBEngine
  • C. Add the Sysadmin role to the system account on the SQL Server instance.
  • D. Configure the availability group replicas to allow read and write operations on the SQL Server instance.

Answer: C

Explanation:
To ensure that the backup operation for a database in an availability group using Azure Backup Server runs successfully, you should add the Sysadmin role to the system account on the SQL Server instance. The system account on the SQL Server instance must have the Sysadmin role to perform backup operations. So the correct answer is B. Add the Sysadmin role to the system account on the SQL Server instance.
You can find more information about Azure Backup Server and its requirements in the official Microsoft documentation.


NEW QUESTION # 79
You need to resolve the Azure virtual machine (VM) deployment issues.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 80
......

Download the Latest AZ-720 Dump - 2024 AZ-720 Exam Question Bank: https://actualtests.troytecdumps.com/AZ-720-troytec-exam-dumps.html

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

Copyright © 2026 TroytecDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy