ExamGecko
Search Search Login
Home Home / Microsoft / AZ-720

Microsoft AZ-720 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT A company named Contoso connects its on-premises resources to Azure by using ExpressRoute. An administrator reports that the circuit is in a failed state. You need to resolve the issue. How should you complete the PowerShell commands?
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication. A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine: A certificate could not be found You need to resolve the issue. Which three actions should you perform?
You need to resolve the issue with VM10. What should you do?
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following: OpenVPN for the tunnel type. Azure certificate for the authentication type. Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error. What should you do?
You need to resolve the issue repotted by Admin2. What should you do?
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway. An administrator reports that communication between applications across the VNets is failing. You need to troubleshoot the issue. Which two features can you use to achieve the goal?
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules. The company creates an application rule collection with the following settings: Priority: 100 Action: Deny Rule type: FQDN Source type: IP address Source: * Protocol: http:80,https:443 Target FQDN: *.cloud.contoso.com An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1. You need to determine why the traffic is allowed. What should you review?
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue. Solution: Configure the retention range for the current VM backup policy. Does the solution meet the goal?
A company implements self-service password reset (SSPR). After a firewall upgrade at the company's datacenter, SSPR stops working. You need to resolve the issue. Which two URLs must be present on the firewalls to allow SSPR to connect?
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network. You need to implement a solution. Solution: Configure subnet delegation. Does the solution meet the goal?

Question 31

Report
Export
Collapse

A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:

Error getting auth token

You need to resolve the issue.

Solution: Use a global administrator account that is not federated to configure Azure AD Connect.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

The proposed solution to use a global administrator account that is not federated to configure Azure AD Connect does not directly address the error message "Error getting auth token" described in the scenario , so it is unlikely to solve the issue.

To resolve this issue, you should verify that the Azure AD Connect server can authenticate to the Azure AD tenant using valid credentials. If authentication is successful, then you can investigate other possible causes such as network connectivity problems, misconfigured firewall rules, expired certificates, etc.

Therefore, the correct answer remains option B, "No".

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-authentication

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-passwordwriteback

Question 32

Report
Export
Collapse

A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:

Error getting auth token

You need to resolve the issue.

Solution: Disable password writeback and then enable password writeback.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

The solution of disabling and re-enabling password writeback may not meet the goal of resolving the issue. According to 1, there are other steps that you should try before disabling and re-enabling password writeback, such as:

Confirm network connectivity

Restart the Azure AD Connect Sync service

Install the latest Azure AD Connect release

Troubleshoot password writeback

If none of these steps work, then you can try to disable and re-enable password writeback as a last resort.

Question 33

Report
Export
Collapse

A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Install the VM guest agent by using administrative permissions.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

Yes, installing the VM guest agent by using administrative permissions could resolve the issue of the Azure VM backup job failing after enabling backups for the VM through the Azure portal. When backing up a virtual machine in Azure, it is necessary to install the VM guest agent to enable proper communication between the VM and the backup service. An administrative user account is required to install the agent. Therefore, the solution mentioned in the question is correct and the answer is A. Yes.

Reference:

Back up a virtual machine in Azure (Microsoft documentation)

Question 34

Report
Export
Collapse

A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Create a new manual backup in Backup center.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

It is unlikely that creating a new manual backup in Backup center would resolve the issue of an Azure VM backup job failing after enabling backups for the VM through the Azure portal. To troubleshoot the issue, the administrator should first check the Azure VM backup job logs and identify the specific error message or code provided. This can help identify the underlying issue and the appropriate solution. Therefore, the solution mentioned in the question is incorrect and the answer is B. No.

Reference:

Troubleshoot Azure VM backup failures (Microsoft documentation)

Question 35

Report
Export
Collapse

A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Enable replication and create a recovery plan for the backup vault.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

The solution does not meet the goal. Enabling replication and creating a recovery plan for the backup vault is not relevant to troubleshooting an Azure VM backup job failure. The administrator should troubleshoot the issue by checking the VM's disk configuration, checking the status of the VM guest agent, and ensuring that the backup policy is configured correctly.

Question 36

Report
Export
Collapse

A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Configure the retention range for the current VM backup policy.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

It is unlikely that configuring the retention range for the current VM backup policy would resolve the issue of the Azure VM backup job failing after enabling backups for the VM through the Azure portal. To troubleshoot the issue, the administrator should first check the Azure VM backup job logs and identify the specific error message or code provided. This can help identify the underlying issue and the appropriate solution. Therefore, the solution mentioned in the question is incorrect and the answer is B. No.

Reference:

Troubleshoot Azure VM backup failures (Microsoft documentation)

Question 37

Report
Export
Collapse

A company uses Azure virtual machines (VMs) in multiple regions. The VMs have the following configuration:

The backend pool of an internal Azure Load Balancer (ILB) named ILB1 contains VM1 and VM2. The ILB uses the Basic SKU and is in a resource group RG2. Virtual network peering has been configured between VNet1 and VNet2.

Users report that they are unable to connect to resources on VM1 and VM2 by using ILB1 from VM3.

You need to resolve the connectivity issues.

What should you do?

A.
Redeploy VM1 and VM2 into availability zones.
A.
Redeploy VM1 and VM2 into availability zones.
Answers
B.
Move ILB1 to RG1.
B.
Move ILB1 to RG1.
Answers
C.
Redeploy the ILB using the Standard SKU.
C.
Redeploy the ILB using the Standard SKU.
Answers
D.
Move VM1 and VM2 into RG3.
D.
Move VM1 and VM2 into RG3.
Answers
Suggested answer: C

Explanation:

To resolve the connectivity issues, you need to redeploy the ILB using the Standard SKU. According to 1, Basic Load Balancer does not support Global VNet Peering, which is required for cross-region communication between VMs in different VNets. Standard Load Balancer supports Global VNet Peering and can load balance traffic across regions and availability zones.

Question 38

Report
Export
Collapse

A company deploys an ExpressRoute circuit.

You need to verify accepted peering routes from the ExpressRoute circuit.

Which PowerShell cmdlet should you run?

A.
Get-AzExpressRouteCrossConnectionPeering
A.
Get-AzExpressRouteCrossConnectionPeering
Answers
B.
Get-AzExpressRouteCircuit
B.
Get-AzExpressRouteCircuit
Answers
C.
Get-AzExpressRouteCircuitPeeringConfig
C.
Get-AzExpressRouteCircuitPeeringConfig
Answers
D.
Get-AzExpressRouteCircuitRouteTable
D.
Get-AzExpressRouteCircuitRouteTable
Answers
E.
Get-AzExpressRouteCircuitStats
E.
Get-AzExpressRouteCircuitStats
Answers
Suggested answer: D

Explanation:

To verify accepted peering routes from the ExpressRoute circuit, you should run the PowerShell cmdlet Get-AzExpressRouteCircuitRouteTable. According to 1, this cmdlet returns a list of routes advertised by an ExpressRoute circuit peering. You can specify which peering type

(AzurePrivatePeering, AzurePublicPeering, or MicrosoftPeering) and which route table

(AdvertisedPublicPrefixes or AdvertisedPublicPrefixesState) you want to view.

Question 39

Report
Export
Collapse

A company plans to implement ExpressRoute by using the provider connectivity model.

The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit. You need to determine the provisioning state of the service provider.

Which PowerShell cmdlet should you run?

A.
Get-AzExpressRouteCircuitPeeringConfig
A.
Get-AzExpressRouteCircuitPeeringConfig
Answers
B.
Get-AzExpressRouteCircuitRouteTable
B.
Get-AzExpressRouteCircuitRouteTable
Answers
C.
Get-AzExpressRouteCircuitConnectionConfig
C.
Get-AzExpressRouteCircuitConnectionConfig
Answers
D.
Get-AzExpressRouteCircuit
D.
Get-AzExpressRouteCircuit
Answers
E.
Get-AzExpressRouteCircuitARPTable
E.
Get-AzExpressRouteCircuitARPTable
Answers
Suggested answer: B

Explanation:

To determine the provisioning state of the service provider, you should run the PowerShell cmdlet Get-AzExpressRouteCircuit. According to 1, this cmdlet returns information about an ExpressRoute circuit, including its provisioning state and service provider status. You can use these properties to check if your circuit is enabled by both Azure and your connectivity provider.

Question 40

Report
Export
Collapse

A company has virtual machines (VMs) in the following Azure regions:

West Central US

Australia East

The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-premises services. The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM traffic attempts to use ExpressRoute private peering. You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must preserve existing on-premises connectivity to Azure VNets. What should you do?

A.
Add a user-defined route to the subnets route table.
A.
Add a user-defined route to the subnets route table.
Answers
B.
Add a filter to the on-premises routers.
B.
Add a filter to the on-premises routers.
Answers
C.
Add a second VNet to the virtual machines and configure VNet peering between the VNets.
C.
Add a second VNet to the virtual machines and configure VNet peering between the VNets.
Answers
D.
Disable the ExpressRoute peering connections for one of the regions.
D.
Disable the ExpressRoute peering connections for one of the regions.
Answers
Suggested answer: A

Explanation:

To ensure that traffic uses global VNet peering instead of ExpressRoute private peering, you should add a user-defined route to the subnets route table. According to 2, global VNet peering allows virtual networks across regions to communicate using private IP addresses as if they were in the same region. However, if there is an existing ExpressRoute private peering between two regions that also have global VNet peering enabled, traffic will prefer ExpressRoute over global VNet peering by default. To override this behavior and force traffic to use global VNet peering instead of ExpressRoute private peering for a specific subnet or virtual network gateway connection, you need to add a user- defined route with a next hop type of Virtual Network Peering.

Total 119 questions
Go to page: of 12
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms