Your success in Microsoft AZ-720 is our sole target and we develop all our AZ-720 braindumps in a way that facilitates the attainment of this target. Not only is our AZ-720 study material the best you can find, it is also the most detailed and the most updated. AZ-720 Practice Exams for Microsoft AZ-720 are written to the highest standards of technical accuracy.
Free AZ-720 Demo Online For Microsoft Certifitcation:
NEW QUESTION 1
A company attempts to implement just-in-time (JIT) access for a virtual machine (VM) named VM1. The company reports that they are unable to complete the process.
You need to implement JIT access and test the deployment. Which PowerShell cmdlets should you run?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 2
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication. A user reports that the following error message when they try to connect to the VPN by using a VPN client on
a Windows 11 machine:
A certificate could not be found
You need to resolve the issue.
Which three actions should you perform?
- A. Configure an Azure Active Directory (Azure AD) tenant.
- B. Install a root certificate on the user's device.
- C. Generate a root certificate.
- D. Install a client certificate on the VPN gateway.
- E. Enable Azure AD authentication on the gateway
- F. Generate a client certificate.
- G. Install a client certificate on the user's device.
Answer: ACE
NEW QUESTION 3
A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.
The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.
You need to determine if ICMP connectivity to VM1 is allow on FW1. What should you do?
- A. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.
- B. Use the ping command targeting the IP address of VM1 and review the command's response.
- C. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
- D. Use the ping command targeting the fully qualified domain name of VM1 and review the command's response.
Answer: B
NEW QUESTION 4
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time. You need to troubleshoot the cause for the disconnections.
What should you verify?
- A. The partner's VPN device and VNetGW1 are configured using the same shared key.
- B. The partner's VPN device is configured for one VPN tunnel per subnet pair.
- C. The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.
- D. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
Answer: A
NEW QUESTION 5
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Scale the gateway to Generation2. Does the solution meet the goal?
- A. Yes
- B. No
Answer: A
NEW QUESTION 6
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error.
What should you do?
- A. Install an IKEv2 VPN client on the user's computers.
- B. Reissue the client certificate with client authentication enabled.
- C. Create a profile manually, add the server FQDN and reissue the client certificate.
- D. Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.
Answer: D
NEW QUESTION 7
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured.
The company reports that the endpoint is unable to connect to the service. You need to resolve the connectivity issue.
What should you do?
- A. Disable the endpoint network policies.
- B. Validate the VPN device.
- C. Approve the connection state.
- D. Disable the service network policies.
Answer: D
NEW QUESTION 8
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize users from an Active Directory Domain Services (AD DS). The synchronization of a user object is failing.
You need to troubleshoot the failing synchronization by using a built-in Azure AD Connect troubleshooting task.
Which two pieces of information should you collect before you start troubleshooting?
- A. Object common name
- B. AD connector name
- C. Object globally unique identifier
- D. Azure AD connector name
- E. Object distinguished name
Answer: CD
NEW QUESTION 9
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 10
A company is deploying Azure Bastion to provide secure clientless access to its Azure VMs. The company configures a network security group named NSG1.
During deployment, the following error displays: Network security group NSG1 does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet.
You need to fix the inbound rules for NSG1. How should you complete the configuration?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 11
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error.
What should you do?
- A. Reissue the client certificate with client authentication enabled.
- B. Create a profile manually, add the server FQDN and reissue the client certificate.
- C. Reissue the client certificate with server authentication enabled.
- D. Install an IKEv2 VPN client on the user's computers.
Answer: B
NEW QUESTION 12
A company deploys the Azure Application Gateway Web Application Firewall (WAF) to protect their web applications.
Users in a remote office location report the following issues:
Unable to access part of a web application.
Part of the web application is failing to load.
Parts of the web application has activities that are not performing as expected.
You need to troubleshoot the issue. Which diagnostic log should you review?
- A. Performance
- B. Firewall
- C. Access
- D. Azure Activity
Answer: D
NEW QUESTION 13
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2. Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the following rules:
You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address of LB1 are failing.
You need to resolve the issue. What should you do?
- A. Change the health probe associated with Rule1 to use HTTP.
- B. Add an NSG1 rule with the source set to VirtualNetwork.
- C. Change the health probe associated with Rule1 to use TCP.
- D. Add an NSG1 rule with the source set to AzureLoadBalancer.
Answer: A
NEW QUESTION 14
A company uses an Azure VPN gateway to connect to their on-premises environment.
The company's on-premises VPN gateway is used by several services. One service is experiencing connectivity issues.
You need to minimize downtime for all services and resolve the connectivity issue. Which three actions should you perform?
- A. Configure the hashing algorithm to be different on both gateways.
- B. Rest the VPN gateway.
- C. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways.
- D. Rest the VPN connection.
- E. Configure the hashing algorithm to be the same on both gateways.
- F. Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.
Answer: CEF
NEW QUESTION 15
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue.
Solution: Configure the retention range for the current VM backup policy. Does the solution meet the goal?
- A. Yes
- B. No
Answer: A
NEW QUESTION 16
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Use a global administrator account that is not federated to configure Azure AD Connect. Does the solution meet the goal?
- A. Yes
- B. No
Answer: A
NEW QUESTION 17
A company uses an Azure Backup agent to back up specific files and folder from an Azure virtual machine (VM) and an on-premises VM.
An administrator reports that the backup job fails on both VMs. Errors are returned in Microsoft Azure Recovery Services (MARS).
You need to troubleshoot the backup issues. Which troubleshooting solution should you use?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 18
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Disable peering on the virtual network. Does the solution meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION 19
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server.
You need to resolve the problem with the NVA. What should you do?
- A. Configure a user-defined route on the NVA subnet.
- B. Move the route server to the same VNet as the NVA.
- C. Configure a unique autonomous system number (ASN) on the NVA.
- D. Configure a public IP address on the route server.
Answer: C
NEW QUESTION 20
A company implements Windows and Linux VMs in an Azure Virtual Network. The company plans to apply routing changes to the virtual network.
You need to determine the impact of these changes on network latency affecting applications that use TCP and UDP traffic. The solution must provide the highest level of accuracy.
Which tools should you use?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 21
......
P.S. Easily pass AZ-720 Exam with 81 Q&As Certshared Dumps & pdf Version, Welcome to Download the Newest Certshared AZ-720 Dumps: https://www.certshared.com/exam/AZ-720/ (81 New Questions)