Microsoft AZ-720 Practice Test - Questions Answers, Page 11

To resolve the issue, you should complete the CLI command as follows:

az role assignment create – assignee contoso-object-id --role “Owner” --scope

This command assigns the Owner role to the service principal with the object ID of contoso-object-id at the specified scope. The Owner role grants full access to all resources, including the right to assign roles to others1. The assignee parameter specifies the security principal to assign the role to2. The scope parameter specifies the level of access for the role assignment, such as a resource group or a subscription3.

A) Provide the target certificate location for importing a Client Authentication key usage certificate file with the .pfx extension. Current User\Personal

This is the location where the client certificate should be installed on the user’s personal Windows computer. The client certificate is generated from the self-signed root certificate and then exported with the .pfx extension. The client certificate is used to authenticate the user to the Azure point-tosite VPN gateway1.

B) Provide the target certificate location for importing a Certificate Signing certificate key usage file with the .cer extension Local Computer\Trusted Root Certification Authorities

This is the location where the root certificate should be installed on the user’s personal Windows computer. The root certificate is a self-signed certificate that is used to sign the client certificates. The root certificate public key data is also uploaded to Azure point-to-site VPN configuration. The root certificate is exported with the .cer extension1.

Box1 = Invoke-WebRequest.

The correct value for PowerShell cmdlet is B. Invoke-WebRequest. This cmdlet sends an HTTP or

HTTPS request to a web app endpoint and returns the status code of the response1. You can use thiscmdlet to verify whether the endpoint is responding to the Traffic Manager health probe with a validstatus code. The valid status code depends on the expected status code ranges setting of your Traffic Manager profile. This setting allows you to specify multiple success code ranges in the format 200-299, 301- 3012. If these status codes are received as response from an endpoint when a health check is done, Traffic Manager marks those endpoints as healthy. By default, the value 200 is defined as the success status code2. Box 2 = 200

The correct value for response code is B. 200. This is the default success status code for Traffic Manager health probes. If the endpoint returns this code, it means that it is healthy and available to serve traffic. However, you can also specify other status code ranges as valid responses in your Traffic Manager profile settings.

Two possible causes of the issue where a function returns the error “Azure Function Runtime is unreachable” are: C. The storage account application settings were deleted. E. The storage account for the function was deleted. According to Microsoft, this issue occurs when the Functions runtime can’t start. The most common reason for this is that the function app has lost access to its storage account. If that account is deleted or if the storage account application settings were deleted, your functions won’t work

https://learn.microsoft.com/en-us/azure/azure-functions/functions-recover-storage-account

The two actions that should be performed to troubleshoot the issue of a failed RDP connection to a Windows VM through Azure Bastion are A) Monitor traffic with the PowerShell cmdlet 'Test- AzNetworkWatcherConnectivity' and D) Run the Network Watcher Connection troubleshoot service.

A) Monitor traffic with the PowerShell cmdlet 'Test-AzNetworkWatcherConnectivity': This cmdlet can be used to verify connectivity between two endpoints in Azure. By monitoring traffic, you can identify the root cause of issues with the VM's connectivity through Azure Bastion.

D) Run the Network Watcher Connection troubleshoot service: This service can help identify the root cause of connectivity issues with Azure resources. It analyses network traffic to identify common misconfiguration issues and provides guidance on how to resolve them.

Reference: https://docs.microsoft.com/en-us/azure/bastion/bastiontroubleshoot

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcherconnectivity-powershell

Self-service password reset (SSPR) is a feature in Azure Active Directory (Azure AD) that allows users to reset their passwords on their own. To ensure that SSPR works correctly, certain URLs must be accessible from the user’s network. These URLs include *.passwordreset.microsoftonline.com and *.svc.ms, which are used for SSPR authentication and service communications.

the two pieces of information that should be collected before starting to troubleshoot the failing synchronization by using a built-in Azure AD Connect troubleshooting task are: B. AD connector name E. Object distinguished name

Azure AD Connect is a tool used to synchronize users from an on-premises Active Directory Domain Services (AD DS) to Azure AD. When troubleshooting synchronization issues, it is important to have information about the object that is failing to synchronize. The AD connector name refers to the name of the connector used to connect to the on-premises AD DS. The object distinguished name refers to the unique identifier of the object in the on-premises AD DS. Having this information can help identify and resolve synchronization issues.

To resolve the issue where a user reports an error message stating “A certificate could not be found” when trying to connect to an Azure point-to-site VPN that uses certificate-based authentication, you should perform the following three actions: B. Install a root certificate on the user’s device. F. Generate a client certificate. G. Install a client certificate on the user’s device. Azure point-to-site VPNs that use certificate-based authentication require both a root certificate and a client certificate to be installed on the user’s device. The root certificate is used to validate the identity of the VPN gateway, while the client certificate is used to authenticate the user. If either of these certificates is missing or invalid, the user will not be able to connect to the VPN and may receive an error message stating that a certificate could not be found.

To ensure that the backup operation for a database in an availability group using Azure Backup Server runs successfully, you should add the Sysadmin role to the system account on the SQL Server instance. The system account on the SQL Server instance must have the Sysadmin role to perform backup operations. So the correct answer is B. Add the Sysadmin role to the system account on the SQL Server instance. You can find more information about Azure Backup Server and its requirements in the official Microsoft documentation.