ExamGecko
Search Search Login
Home Home / Microsoft / AZ-720

Microsoft AZ-720 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT A company named Contoso connects its on-premises resources to Azure by using ExpressRoute. An administrator reports that the circuit is in a failed state. You need to resolve the issue. How should you complete the PowerShell commands?
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication. A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine: A certificate could not be found You need to resolve the issue. Which three actions should you perform?
You need to resolve the issue with VM10. What should you do?
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following: OpenVPN for the tunnel type. Azure certificate for the authentication type. Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error. What should you do?
You need to resolve the issue repotted by Admin2. What should you do?
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway. An administrator reports that communication between applications across the VNets is failing. You need to troubleshoot the issue. Which two features can you use to achieve the goal?
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules. The company creates an application rule collection with the following settings: Priority: 100 Action: Deny Rule type: FQDN Source type: IP address Source: * Protocol: http:80,https:443 Target FQDN: *.cloud.contoso.com An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1. You need to determine why the traffic is allowed. What should you review?
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue. Solution: Configure the retention range for the current VM backup policy. Does the solution meet the goal?
A company implements self-service password reset (SSPR). After a firewall upgrade at the company's datacenter, SSPR stops working. You need to resolve the issue. Which two URLs must be present on the firewalls to allow SSPR to connect?
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network. You need to implement a solution. Solution: Configure subnet delegation. Does the solution meet the goal?

Question 61

Report
Export
Collapse

A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal. You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

A.
The administrator is using the Microsoft Defender for Cloud free tier.
A.
The administrator is using the Microsoft Defender for Cloud free tier.
Answers
B.
The VMs were provisioned by using a classic deployment.
B.
The VMs were provisioned by using a classic deployment.
Answers
C.
The administrator does not have the SecurityReader role.
C.
The administrator does not have the SecurityReader role.
Answers
D.
The administrator does not have permissions to request JIT access to the VMs.
D.
The administrator does not have permissions to request JIT access to the VMs.
Answers
Suggested answer: B

Explanation:

JIT VM access is only supported for VMs that are deployed using the Azure Resource Manager (ARM) deployment model. VMs that are provisioned using the classic deployment model are not compatible with JIT VM access and will be displayed under the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

Question 62

Report
Export
Collapse

A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal. You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

A.
The administrator does not have the SecurityReader role.
A.
The administrator does not have the SecurityReader role.
Answers
B.
The administrator is using the Microsoft Defender for Cloud free tier.
B.
The administrator is using the Microsoft Defender for Cloud free tier.
Answers
C.
The client firewall does not allow port 22 on the VMs.
C.
The client firewall does not allow port 22 on the VMs.
Answers
D.
A network security group is not associated with the VMs.
D.
A network security group is not associated with the VMs.
Answers
Suggested answer: B

Question 63

Report
Export
Collapse

A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback could not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:

Error getting auth token

You need to resolve the issue.

What should you do?

A.
Restart the Azure AD Connect service.
A.
Restart the Azure AD Connect service.
Answers
B.
Configure Azure AD Connect using a global administrator account that is not federated.
B.
Configure Azure AD Connect using a global administrator account that is not federated.
Answers
C.
Configure Azure AD Connect using a global administrator account with a password that is less than 256 characters.
C.
Configure Azure AD Connect using a global administrator account with a password that is less than 256 characters.
Answers
D.
Disable password writeback and then enable password writeback using the Azure AD Connect configuration.
D.
Disable password writeback and then enable password writeback using the Azure AD Connect configuration.
Answers
Suggested answer: A

Explanation:

The error message “Error getting auth token” occurs when you specify an incorrect password for the global administrator account provided at the beginning of the Azure AD Connect installation process To resolve this issue, you should check that you have specified the correct password for your global administrator account. If you have specified an incorrect password, update it and then restart the Azure AD Connect service

Question 64

Report
Export
Collapse

A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing. The company observes that the VPN disconnects from time to time.

You need to troubleshoot the cause for the disconnections.

What should you verify?

A.
The partner's VPN device and VNetGW1 are configured using the same shared key.
A.
The partner's VPN device and VNetGW1 are configured using the same shared key.
Answers
B.
The IP address of the local network gateway matches the partner's VPN device.
B.
The IP address of the local network gateway matches the partner's VPN device.
Answers
C.
The partner's VPN device is enabled for Perfect forward secrecy.
C.
The partner's VPN device is enabled for Perfect forward secrecy.
Answers
D.
The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
D.
The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
Answers
Suggested answer: B

Question 65

Report
Export
Collapse

A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing. The company observes that the VPN disconnects from time to time.

You need to troubleshoot the cause for the disconnections.

What should you verify?

A.
The partner's VPN device and VNetGW1 are configured using the same shared key.
A.
The partner's VPN device and VNetGW1 are configured using the same shared key.
Answers
B.
VNetGW1 has exceeded the subnet Security Association pairs.
B.
VNetGW1 has exceeded the subnet Security Association pairs.
Answers
C.
The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
C.
The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
Answers
D.
The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.
D.
The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.
Answers
Suggested answer: A

Explanation:

To troubleshoot the cause for the VPN disconnections between VNetGW1 and the partner site, you should verify that the partner’s VPN device and VNetGW1 are configured using the same shared key.

Question 66

Report
Export
Collapse

A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing. The company observes that the VPN disconnects from time to time.

You need to troubleshoot the cause for the disconnections.

What should you verify?

A.
The partner's VPN device and VNetGW1 are configured using the same shared key.
A.
The partner's VPN device and VNetGW1 are configured using the same shared key.
Answers
B.
The partner's VPN device is configured for one VPN tunnel per subnet pair.
B.
The partner's VPN device is configured for one VPN tunnel per subnet pair.
Answers
C.
The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.
C.
The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.
Answers
D.
The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
D.
The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
Answers
Suggested answer: B

Explanation:

To troubleshoot the cause for the VPN disconnections between VNetGW1 and the partner site, you should verify that the partner’s VPN device is configured for one VPN tunnel per subnet pair.

Question 67

Report
Export
Collapse

A company deploys ExpressRoute.

The company reports that there is an autonomous system (AS) number mismatch.

You need to identify the AS number of the circuit.

Which PowerShell cmdlet should you run?

A.
Get-AzExpressRouteCircuitPeeringConfig
A.
Get-AzExpressRouteCircuitPeeringConfig
Answers
B.
Get-AzExpressRouteCircuitStats
B.
Get-AzExpressRouteCircuitStats
Answers
C.
Get-AzExpressRouteCircuitRouteTable
C.
Get-AzExpressRouteCircuitRouteTable
Answers
D.
Get-AzExpressRouteCircuit
D.
Get-AzExpressRouteCircuit
Answers
Suggested answer: D

Explanation:

To identify the AS number of the circuit when there is an autonomous system (AS) number mismatch in ExpressRoute, you should run the Get-AzExpressRouteCircuit PowerShell cmdlet. Therefore, option D is correct. You should run the Get-AzExpressRouteCircuit PowerShell cmdlet.

Question 68

Report
Export
Collapse

A company has two virtual networks (VNets) that reside in the same Azure region.

An administrator reports that virtual machines (VMs) in each VNet are unable to connect to VMs in the other VNet. You need to configure a connection between the two networks that maximizes throughput and minimizes latency. What should you do?

A.
Configure a VPN gateway.
A.
Configure a VPN gateway.
Answers
B.
Create a site-to-site VPN connection.
B.
Create a site-to-site VPN connection.
Answers
C.
Configure virtual network peering.
C.
Configure virtual network peering.
Answers
D.
Create a point-to-site VPN connection.
D.
Create a point-to-site VPN connection.
Answers
Suggested answer: C

Explanation:

To configure a connection between two virtual networks (VNets) that reside in the same Azure region that maximizes throughput and minimizes latency, you should configure virtual network peering. Therefore, option C is correct. You should configure virtual network peering.

Question 69

Report
Export
Collapse

A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure. The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to sustain 300 Mbps. You need to ensure that the VMs are compatible with Azure.

Which change should you make?

A.
Install a kernel name that ends with -azure.
A.
Install a kernel name that ends with -azure.
Answers
B.
Configure the network interfaces to 1000 Mbps/full duplex.
B.
Configure the network interfaces to 1000 Mbps/full duplex.
Answers
C.
Redeploy the VM with Accelerated Networking enabled.
C.
Redeploy the VM with Accelerated Networking enabled.
Answers
D.
Increase the TCP buffers and window size kernel parameters.
D.
Increase the TCP buffers and window size kernel parameters.
Answers
Suggested answer: C

Explanation:

To ensure that Ubuntu Linux servers are compatible with Azure and to increase network throughput from 20 Mbps to 300 Mbps, you should redeploy the VM with Accelerated Networking enabled. Therefore, option C is correct. You should redeploy the VM with Accelerated Networking enabled.

Question 70

Report
Export
Collapse

A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a site-to-site VPN connection. The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure Virtual Network gateway. You need to troubleshoot the issue by reviewing the logs.

Which log should you analyze?

A.
P2SDiagnosticLog
A.
P2SDiagnosticLog
Answers
B.
GatewayDiagnosticLog
B.
GatewayDiagnosticLog
Answers
C.
IKEDiagnosticLog
C.
IKEDiagnosticLog
Answers
D.
RouteDiagnosticLog
D.
RouteDiagnosticLog
Answers
Suggested answer: C

Explanation:

To troubleshoot an issue with the Phase 1 proposal from an Azure Virtual Network gateway when connecting to a site-to-site VPN connection by reviewing logs, you should analyze the IKE Diagnostic log. Therefore, option C is correct. You should analyze the IKE Diagnostic log.

Total 119 questions
Go to page: of 12
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms