AZ-720 : Troubleshooting Microsoft Azure Connectivity Exam

AZ-720 Dumps
AZ-720 Braindumps
AZ-720 Real Questions
AZ-720 Practice Test
AZ-720 Actual Questions


Microsoft
AZ-720
Troubleshooting Microsoft Azure Connectivity
https://killexams.com/pass4sure/exam-detail/AZ-720

Question: 21
HOTSPOT
A company uses Azure Active Directory (Azure AD) for authentication. The company synchronizes Azure AD with an
on-premises Active Directory domain.
The company reports that an Azure AD object fails to sync.
You need to determine which objects are not syncing.
Which troubleshooting steps should you use to diagnose the failure?

wrong
Answer: B
Explanation:
Text
Description automatically generated
Question: 22
A company manages a solution that uses Azure Functions.
A function returns the following error: Azure Function Runtime is unreachable.
You need to troubleshoot the issue.
What are two possible causes of the issue?
A. The execution quota is full.
B. The company did not configure a timer trigger.
C. The storage account application settings were deleted.
D. The function key was deleted.
E. The storage account for the function was deleted.
Answer: A,C,E
Explanation:
Two possible causes of the issue where a function returns the error āAzure Function Runtime is unreachableā are:
C. The storage account application settings were deleted.
E. The storage account for the function was deleted.
According to Microsoft, this issue occurs when the Functions runtime canāt start. The most common reason for this is
that the function app has lost access to its storage account. If that account is deleted or if the storage account
application settings were deleted, your functions wonāt work
https://learn.microsoft.com/en-us/azure/azure-functions/functions-recover-storage-account
Question: 23
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on
a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security
group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2.
Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?
A. Enable FlowLog1 in a network security group associated with the subnet of VM1.
B. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
C. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
D. Configure FlowLog1 for version 2.
Answer: A
Explanation:
According to 2, when FastPath is enabled on an ExpressRoute gateway, network traffic between your on-premises
network and your virtual network bypasses the gateway and goes directly to virtual machines in the virtual network.
Therefore, if you want to capture outbound flow traffic from VM1, you need to enable flow logging on an NSG
associated with the subnet of VM1.
Question: 24
HOTSPOT
A company attempts to implement just-in-time (JIT) access for a virtual machine (VM) named VM1.
The company reports that they are unable to complete the process.
You need to implement JIT access and test the deployment.
Which PowerShell cmdlets should you run?

wrong
Answer: A
Explanation:
Graphical user interface
Description automatically generated with low confidence
Question: 25
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender
for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?
A. The administrator is using the Microsoft Defender for Cloud free tier.
B. The VMs were provisioned by using a classic deployment.
C. The administrator does not have the SecurityReader role.
D. The administrator does not have permissions to request JIT access to the VMs.
Answer: B
Explanation:
JIT VM access is only supported for VMs that are deployed using the Azure Resource Manager (ARM) deployment
model. VMs that are provisioned using the classic deployment model are not compatible with JIT VM access and will
be displayed under the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
Question: 26
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for
the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Create a new manual backup in Backup center.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
Explanation:
It is unlikely that creating a new manual backup in Backup center would resolve the issue of an Azure VM backup job
failing after enabling backups for the VM through the Azure portal. To troubleshoot the issue, the administrator should
first check the Azure VM backup job logs and identify the specific error message or code provided. This can help
identify the underlying issue and the appropriate solution.
Therefore, the solution mentioned in the question is incorrect and the answer is B. No.
Reference: Troubleshoot Azure VM backup failures (Microsoft documentation)
Question: 27
DRAG DROP
You manage an Azure point-to-site (P2S) VPN deployment. All users connect regularly from their personal Windows
computer through a P2S VPN by using certificate-based authentication.
A new user attempts to establish a P25S VPN connection.
The user receives the following error message:
A certificate could not be found that can be used with this Extensible Authentication protocol. (Error 798)
You need to assists the user with resolving the certificate issue.
What should you do? To answer, drag the appropriate locations to the correct task. Each location maybe used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each
correct selection is worth one point.
wrong
Answer: B
Explanation:
A) Provide the target certificate location for importing a Client Authentication key usage certificate file with the .pfx
extension. Current UserPersonal
This is the location where the client certificate should be installed on the userās personal Windows computer. The
client certificate is generated from the self-signed root certificate and then exported with the .pfx extension. The client
certificate is used to authenticate the user to the Azure point-to-site VPN gateway1.
B) Provide the target certificate location for importing a Certificate Signing certificate key usage file with the .cer
extension
Local ComputerTrusted Root Certification Authorities
This is the location where the root certificate should be installed on the userās personal Windows computer. The root
certificate is a self-signed certificate that is used to sign the client certificates. The root certificate public key data is
also uploaded to Azure point-to-site VPN configuration. The root certificate is exported with the .cer extension1.
Question: 28
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site
by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?
A. The partner's VPN device and VNetGW1 are configured using the same shared key.
B. The partner's VPN device is configured for one VPN tunnel per subnet pair.
C. The public IP address of the partner's VPN device is configured in the local network
gateway address space on VNetGW1.
D. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
Answer: B
Explanation:
To troubleshoot the cause for the VPN disconnections between VNetGW1 and the partner site, you should verify that
the partnerās VPN device is configured for one VPN tunnel per subnet pair.
Question: 29
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named
LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2. Rule1 is
associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the
following rules:
You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address of LB1
are failing.
You need to resolve the issue.
What should you do?
A. Change the health probe associated with Rule1 to use HTT
B. Add an NSG1 rule with the source set to VirtualNetwork.
C. Change the health probe associated with Rule1 to use TC
D. Add an NSG1 rule with the source set to AzureLoadBalancer.
Answer: C
Explanation:
According to Microsoft, Azure Load Balancer health probes originate from the IP address 168.63.129.16 and must not
be blocked for probes to mark your instance as up. The AzureLoadBalancer service tag identifies this source IP address
in your network security groups and permits health probe traffic by default1. https://learn.microsoft.com/en-
us/azure/load-balancer/load-balancer-custom-probe-overview
Question: 30
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback could not be enabled during the Azure AD Connect
configuration.
The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
What should you do?
A. Restart the Azure AD Connect service.
B. Configure Azure AD Connect using a global administrator account that is not federated.
C. Configure Azure AD Connect using a global administrator account with a password that is less than 256 characters.
D. Disable password writeback and then enable password writeback using the Azure AD Connect configuration.
Answer: A
Explanation:
The error message āError getting auth tokenā occurs when you specify an incorrect password for the global
administrator account provided at the beginning of the Azure AD Connect installation process.
To resolve this issue, you should check that you have specified the correct password for your global administrator
account. If you have specified an incorrect password, update it and then restart the Azure AD Connect service
Question: 31
A company has virtual machines (VMs) in the following Azure regions:
ā West Central US
ā Australia East
The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-
premises services.
The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM
traffic attempts to use ExpressRoute private peering.
You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must
preserve existing on-premises connectivity to Azure VNets.
What should you do?
A. Add a user-defined route to the subnets route table.
B. Add a filter to the on-premises routers.
C. Add a second VNet to the virtual machines and configure VNet peering between the VNets.
D. Disable the ExpressRoute peering connections for one of the regions.
Answer: A
Explanation:
To ensure that traffic uses global VNet peering instead of ExpressRoute private peering, you should add a user-defined
route to the subnets route table. According to 2, global VNet peering allows virtual networks across regions to
communicate using private IP addresses as if they were in the same region. However, if there is an existing
ExpressRoute private peering between two regions that also have global VNet peering enabled, traffic will prefer
ExpressRoute over global VNet peering by default. To override this behavior and force traffic to use global VNet
peering instead of ExpressRoute private peering for a specific subnet or virtual network gateway connection, you need
to add a user-defined route with a next hop type of Virtual Network Peering.
Question: 32
HOTSPOT
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to
reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?
wrong
Answer: A
Explanation:
Graphical user interface, text, application
Description automatically generated
Question: 33
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service
and an endpoint have been configured.
The company reports that the endpoint is unable to connect to the service.
You need to resolve the connectivity issue.
What should you do?
A. Disable the endpoint network policies.
B. Validate the VPN device.
C. Approve the connection state.
D. Disable the service network policies.
Answer: C
Explanation:
To resolve the connectivity issue, you should approve the connection state. According to 1, Azure Private Link service
requires manual approval of connection requests from private endpoints by default. You can approve or reject a
connection request by using PowerShell cmdlets or Azure portal.
Question: 34
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for
the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Install the VM guest agent by using administrative permissions.
Does the solution meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Yes, installing the VM guest agent by using administrative permissions could resolve the issue of the Azure VM
backup job failing after enabling backups for the VM through the Azure portal. When backing up a virtual machine in
Azure, it is necessary to install the VM guest agent to enable proper communication between the VM and the backup
service. An administrative user account is required to install the agent. Therefore, the solution mentioned in the
question is correct and the answer is A. Yes.
Reference: Back up a virtual machine in Azure (Microsoft documentation)
Question: 35
A company deploys ExpressRoute.
The company reports that there is an autonomous system (AS) number mismatch.
You need to identify the AS number of the circuit.
Which PowerShell cmdlet should you run?
A. Get-AzExpressRouteCircuitPeeringConfig
B. Get-AzExpressRouteCircuitStats
C. Get-AzExpressRouteCircuitRouteTable
D. Get-AzExpressRouteCircuit
Answer: D
Explanation:
To identify the AS number of the circuit when there is an autonomous system (AS) number mismatch in ExpressRoute,
you should run the Get-AzExpressRouteCircuit PowerShell cmdlet. Therefore, option D is correct. You should run the
Get-AzExpressRouteCircuit PowerShell cmdlet.

User: Sitka***** Before, I used to lack confidence in taking exams. But, with AZ-720 Preparation from killexams.com, I am now fully prepared and confident in passing my exams. I would suggest anyone who feels unsure or lacks confidence in their exam-taking abilities to register with killexams.com and start preparing. Eventually, you will feel confident too.

User: Natalia***** I initially did not receive the practice tests material for my AZ-720 exam simulator and had some file errors. However, these issues were resolved later on. I decided to use the exam simulator and it turned out to be helpful.

User: Siti***** I wanted to express my gratitude to you for providing exam materials that helped me pass my az-720 certification exam. This is the first time I have used your cram, and I was skeptical at first. However, my passing score of 80% proves the effectiveness of your materials. Thank you so much! Regards, Thomas from Calgary, Canada.

User: Roksana***** I cannot thank killexams.com enough for providing me with the practice tests for the az-720 exam. The exam simulator and Questions and Answers were extremely supportive and elaborative, making my preparation for the exam much more comfortable. I highly recommend your website to anyone preparing for certification exams.

User: Tatiyana***** Choosing an excellent exam practice test for the az-720 certification exam is a daunting task. I lacked the confidence to pass the exam and thought I would not get into my preferred university due to lack of preparation. However, Killexams changed my thoughts by providing excellent study materials. I used their materials to get fully prepared for the az-720 exam, and I nailed it with their assistance. Thanks to Killexams!

---