ExamGecko
Search Search Login
Home Home / Microsoft / AZ-720

Microsoft AZ-720 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT A company named Contoso connects its on-premises resources to Azure by using ExpressRoute. An administrator reports that the circuit is in a failed state. You need to resolve the issue. How should you complete the PowerShell commands?
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication. A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine: A certificate could not be found You need to resolve the issue. Which three actions should you perform?
You need to resolve the issue with VM10. What should you do?
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following: OpenVPN for the tunnel type. Azure certificate for the authentication type. Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error. What should you do?
You need to resolve the issue repotted by Admin2. What should you do?
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway. An administrator reports that communication between applications across the VNets is failing. You need to troubleshoot the issue. Which two features can you use to achieve the goal?
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules. The company creates an application rule collection with the following settings: Priority: 100 Action: Deny Rule type: FQDN Source type: IP address Source: * Protocol: http:80,https:443 Target FQDN: *.cloud.contoso.com An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1. You need to determine why the traffic is allowed. What should you review?
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue. Solution: Configure the retention range for the current VM backup policy. Does the solution meet the goal?
A company implements self-service password reset (SSPR). After a firewall upgrade at the company's datacenter, SSPR stops working. You need to resolve the issue. Which two URLs must be present on the firewalls to allow SSPR to connect?
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network. You need to implement a solution. Solution: Configure subnet delegation. Does the solution meet the goal?

Question 21

Report
Export
Collapse

You need to resolve the issue repotted by Admin2.

What should you do?

A.
Add a rule to N5G2 that allows outbound traffic to the internet over port 80.
A.
Add a rule to N5G2 that allows outbound traffic to the internet over port 80.
Answers
B.
Disassociate NSG2 from Subnet12.
B.
Disassociate NSG2 from Subnet12.
Answers
C.
Configure a second network interface on VM4.
C.
Configure a second network interface on VM4.
Answers
D.
Disassociate NSG5 from NIC4.
D.
Disassociate NSG5 from NIC4.
Answers
Suggested answer: D

Explanation:

To resolve the issue reported by Admin2, you need to disassociate NSG5 from NIC4, which is the network interface of VM4. NSG5 is a network security group that has an inbound security rule that denies traffic from ASG2 to ASG5 over port 80. This rule prevents Admin2 from connecting to the web server public IP address on VM4 from VM2, as VM2 is in ASG2 and VM4 is in ASG5. By disassociating NSG5 from NIC4, you can remove the rule that blocks the traffic and allow Admin2 to access the web server on VM4. Alternatively, you could also modify or remove the rule in NSG5, but disassociating NSG5 from NIC4 is simpler and more effective.

Question 22

Report
Export
Collapse

HOTSPOT

You need to troubleshoot the issues reported by User1.

Which commands should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.



Question 22
Correct answer: Question 22

Explanation:

Location in Azure: B. Get-AzVirtualNetworkGateway

Location on Client Computer: D. ipconfig /all

Explanation:

To troubleshoot the issues reported by User1, you need to use the Get-AzVirtualNetworkGateway PowerShell cmdlet in Azure and the ipconfig /all command on the client computer. The GetAzVirtualNetworkGateway

cmdlet returns information about the virtual network gateways in a subscription or a resource group. You can use this cmdlet to verify the status and configuration of the VNetGW virtual network gateway, which provides point-to-site VPN connectivity for User1. The ipconfig /all command displays the IP configuration information for all network adapters on the client computer. You can use this command to check the IP address, subnet mask, default gateway, and

DNS servers assigned to User1 when connected to the point-to-site VPN. This can help you identify any misconfiguration or connectivity issues that affect User1’s access to Azure resources.

Question 23

Report
Export
Collapse

HOTSPOT

You need to troubleshoot the issues reported by Agent1.

What should you review? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 23
Correct answer: Question 23

Explanation:

Audit Logs

Azure AD connect logs

Question 24

Report
Export
Collapse

You need to resolve the problem reported by User2.

What should you do?

A.
Enable all users for the self-service password reset feature.
A.
Enable all users for the self-service password reset feature.
Answers
B.
Enable the warehouse group for the self-service password reset feature.
B.
Enable the warehouse group for the self-service password reset feature.
Answers
C.
Assign an Azure AD Premium Pi license to User2
C.
Assign an Azure AD Premium Pi license to User2
Answers
D.
Identify and resolve the misconfigured directory information for User2.
D.
Identify and resolve the misconfigured directory information for User2.
Answers
E.
Instruct User2 to wait 24 hours and try again.
E.
Instruct User2 to wait 24 hours and try again.
Answers
Suggested answer: C

Explanation:

To resolve the problem reported by User2, you need to assign an Azure AD Premium P1 license to User2. User2 is a member of the warehouse group, which is enabled for the self-service password reset (SSPR) feature. However, User2 cannot register for SSPR because they do not have a valid license that supports SSPR. To use SSPR, a user must have one of the following licenses: Azure AD Premium P1, Azure AD Premium P2, Enterprise Mobility + Security (EMS) E3 or EMS E5. By assigning an Azure AD Premium P1 license to User2, you can enable them to use the SSPR feature and reset their password without contacting the helpdesk

Question 25

Report
Export
Collapse

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Configure a route table with route propagation disabled.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

The proposed solution of configuring a route table with route propagation disabled will not meet the goal of making the new subnet unreachable from the on-premises network. Route tables in Azure are used to control traffic flow within a virtual network and between virtual networks. By default, each subnet in an Azure virtual network is associated with a system-generated route table, which contains a default route that enables traffic to flow to and from all the subnets within the virtual network.

Disabling route propagation in a custom route table would prevent any new routes from being propagated to the associated subnets. However, it would not prevent traffic from the on-premises network from reaching the new subnet since traffic between the virtual network and the onpremises network would still use the default route in the system-generated route table. To meet the goal of making the new subnet unreachable from the on-premises network, you would need to create a new route table with a route that sends traffic destined for the new subnet to a null interface. This would cause the traffic to be dropped and the subnet to be effectively unreachable from the on-premises network.

Reference:

Microsoft documentation on how to create a custom route table and associate it with a subnet:

https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-customroute-table. Microsoft documentation on how to configure a route to a null interface:

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal#toroute-to-a-null-interface.

Question 26

Report
Export
Collapse

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Disable peering on the virtual network.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Disabling peering on the virtual network will not prevent the on-premises network from reaching the new subnet. Virtual network peering is a way to connect virtual networks and allows resources in both virtual networks to communicate with each other securely. It does not affect connectivity between on-premises and virtual network resources. A better solution would be to create a network security group (NSG) and associate it with the new subnet. The NSG can be configured to deny traffic from the on-premises network to the new subnet. This way, the new subnet will be isolated from the on-premises network.

Reference:

Azure Virtual Network peering: https://docs.microsoft.com/en-us/azure/virtual-network/virtualnetwork-peering-overviewAzure Network Security Groups: https://docs.microsoft.com/en-us/azure/virtual-network/networksecurity-groups-overview

Question 27

Report
Export
Collapse

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Scale the gateway to Generation2.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Scaling the gateway to Generation2 will not prevent the on-premises network from reaching the new subnet. Scaling the gateway changes the hardware configuration of the VPN gateway, but it does not affect the routing or connectivity between the on-premises network and the virtual network.

A better solution would be to create a network security group (NSG) and associate it with the new subnet. The NSG can be configured to deny traffic from the on-premises network to the new subnet. This way, the new subnet will be isolated from the on-premises network.

Reference:

VPN Gateway Generation 2: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gatewayabout-vpngateways#gwgen2

Question 28

Report
Export
Collapse

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Configure subnet delegation.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

The proposed solution, which is to configure subnet delegation, does not meet the goal of making the new subnet unreachable from the on-premises network. Subnet delegation is a mechanism to delegate management of a subnet to another resource such as a Network Virtual Appliance or a Service Endpoint. It does not provide any means to restrict or isolate a subnet from the rest of the network. To meet the goal, you can use Network Security Groups (NSGs) to restrict traffic to and from the new subnet. NSGs allow you to define inbound and outbound security rules that specify the type of traffic that is allowed or denied based on different criteria such as source or destination IP address, protocol, port number, etc. By creating a custom NSG and defining rules that deny traffic to and from the new subnet, you can effectively make that subnet unreachable from the on-premises network.

Therefore, the correct answer is option B, "No".

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Question 29

Report
Export
Collapse

A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:

Error getting auth token

You need to resolve the issue.

Solution: Restart the Azure AD Connect service.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Question 30

Report
Export
Collapse

A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:

Error getting auth token

You need to resolve the issue.

Solution: Use a global administrator account with a password that is less than 256 characters to configure Azure AD Connect. Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

No, restarting the Azure AD Connect service would not resolve the issue described in the scenario.

The error message "Error getting auth token" indicates there is a problem with authentication , which is preventing password writeback from being enabled during the Azure AD Connect configuration. To resolve this issue, you should first confirm that the Azure AD Connect server can authenticate to the Azure AD tenant by using a valid set of credentials. If authentication is successful, then you can investigate other possible causes such as network connectivity issues, misconfigured firewall rules, expired certificates, etc.

Therefore, the correct answer is option B, "No".

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-authentication

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-passwordwriteback#troubleshooting-steps

Total 119 questions
Go to page: of 12
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms