Ask Question
Microsoft AZ-720 Practice Test - Questions Answers, Page 5
Add to Whishlist
List of questions
Question 41
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured. The company reports that the endpoint is unable to connect to the service.
You need to resolve the connectivity issue.
What should you do?
To resolve the connectivity issue, you should approve the connection state. According to 1, Azure Private Link service requires manual approval of connection requests from private endpoints by default. You can approve or reject a connection request by using PowerShell cmdlets or Azure portal.
Question 42
A company deploys the Azure Application Gateway Web Application Firewall (WAF) to protect their web applications. Users in a remote office location report the following issues:
Unable to access part of a web application.
Part of the web application is failing to load.
Parts of the web application has activities that are not performing as expected.
You need to troubleshoot the issue.
Which diagnostic log should you review?
To troubleshoot the issue, you should review the Firewall diagnostic log. According to 2, Azure Application Gateway Web Application Firewall (WAF) logs requests that are logged through either detection or prevention mode of an application gateway that is configured with WAF. You can use this log to view and analyze blocked requests and identify false positives or false negatives.
Question 43
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules. The company creates an application rule collection with the following settings:
Priority: 100
Action: Deny
Rule type: FQDN
Source type: IP address
Source: *
Protocol: http:80,https:443
Target FQDN: *.cloud.contoso.com
An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1.
You need to determine why the traffic is allowed.
What should you review?
To determine why the traffic is allowed, you should review network rules. According to 3, Azure Firewall uses network rules to allow or deny traffic based on source and destination IP address, port, and protocol. Network rules are applied before application rules and have higher priority than application rules. Therefore, if there is a network rule that allows traffic to console.cloud.contoso.com on port 80 or 443, it will override the application rule that denies traffic based on FQDN.
Question 44
A company configures an Azure site-to-site VPN between an on-premises network and an Azure virtual network. The company reports that after completing the configuration, the VPN connection cannot be established. You need to troubleshoot the connection issue.
What should you do first?
To troubleshoot the connection issue, you should do first identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionSharedKey. According to 1, this cmdlet returns the shared key that is used for authentication between an Azure virtual network gateway and a local network gateway. You can use this cmdlet to verify that the shared key matches on both sides of the VPN connection. Therefore, you should choose A. Identify the shared key by running this PowerShell cmdlet: Get- AzVirtualNetworkGatewayConnectionSharedKey.
Question 45
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?
To resolve the certificate mismatch error, you should reissue the client certificate with client authentication enabled. According to 2, when you use Azure certificate for authentication type on point-to-site VPN connections, you need to ensure that your client certificates have client authentication as one of their enhanced key usage attributes. Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.
Question 46
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?
To resolve the certificate mismatch error, you should create a profile manually, add the server FQDN and reissue the client certificate. According to 1, when you use OpenVPN for tunnel type on point-tosite VPN connections, you need to ensure that your client certificates have the correct server FQDN as one of their subject alternative names (SANs). Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.
Question 47
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?
To resolve the certificate mismatch error, you should reissue the client certificate with client authentication enabled. According to 1, when you use Azure certificate for authentication type on point-to-site VPN connections, you need to ensure that your client certificates have client authentication as one of their enhanced key usage attributes. Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.
Question 48
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?
According to 1, when using certificate authentication for P2S VPN, you need to generate a root certificate and then install a client certificate on each device that connects to the VPN gateway. The client certificate must have client authentication as one of its purposes.
If you use a self-signed certificate, you can use PowerShell commands to create a root certificate and a client certificate with the correct settings. For more information, see 1.
Question 49
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server.
You need to resolve the problem with the NVA.
What should you do?
According to 2, when using Azure Route Server with network virtual appliances (NVAs), you need to ensure that each NVA has a unique ASN that is different from the route serverβs ASN and any other BGP peerβs ASN. Otherwise, there will be routing issues due to BGP loop prevention mechanisms.
You can configure the ASN on the NVA by using its own configuration tools or commands. For more information, see 2.
Question 50
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2. You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?
According to 1, flow logging using ExpressRoute Traffic Collector requires version 2 of flow logs.
Version 1 of flow logs does not support ExpressRoute Traffic Collector. You can configure the version of flow logs when you enable them on a network security group (NSG).
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question