Home / Microsoft / AZ-720

Microsoft AZ-720 Practice Test - Questions Answers, Page 8

Question list

List of questions

Question 71

(0)

A company deploys a new file sharing application on four Standard_D2_v3 virtual machines (VMs) behind an Azure Load Balancer. The company implements Azure Firewall. Users report that the application

Question 72

(0)

A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1. The company troubleshoots ICMP

Question 73

(0)

A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2. The cu

Question 74

(0)

A company uses an Azure VPN gateway to connect to their on-premises environment. The company's on-premises VPN gateway is used by several services. One service is experiencing connectivity issues.

Question 75

(0)

A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets b

Question 76

(0)

HOTSPOT A company deploys an Azure Firewall. The company reports the following log entry: For each of the following questions, select Yes or No.

Question 77

(0)

DRAG DROP A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups. The customer configures a r

Question 78

(0)

DRAG DROP A company has an Azure virtual network (VNet). An administrator creates a subet in the VNet named AzureSastionSubnet. The administrator deploys Azure Bastion to AzureBastionSubnet. The ad

Question 79

(0)

HOTSPOT A company connects an on-premises network to an Azure virtual network by using ExpressRoute. The ExpressRoute connection is experiencing higher than normal latency. You need to confirm th

Question 80

(0)

HOTSPOT A company named Contoso connects its on-premises resources to Azure by using ExpressRoute. An administrator reports that the circuit is in a failed state. You need to resolve the issue.

Related questions

HOTSPOT A company named Contoso connects its on-premises resources to Azure by using ExpressRoute. An administrator reports that the circuit is in a failed state. You need to resolve the issue. How should you complete the PowerShell commands?

A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication. A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine: A certificate could not be found You need to resolve the issue. Which three actions should you perform?

You need to resolve the issue with VM10. What should you do?

A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following: OpenVPN for the tunnel type. Azure certificate for the authentication type. Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error. What should you do?

You need to resolve the issue repotted by Admin2. What should you do?

A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway. An administrator reports that communication between applications across the VNets is failing. You need to troubleshoot the issue. Which two features can you use to achieve the goal?

A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules. The company creates an application rule collection with the following settings: Priority: 100 Action: Deny Rule type: FQDN Source type: IP address Source: * Protocol: http:80,https:443 Target FQDN: *.cloud.contoso.com An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1. You need to determine why the traffic is allowed. What should you review?

A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue. Solution: Configure the retention range for the current VM backup policy. Does the solution meet the goal?

HOTSPOT A company uses Azure Firewall. The firewall uses the following rules: The company requires the following: • Block outbound connections to Contoso.com on ports 80 and 443. You configure the NetRC2 firewall rule to block the connections. Users report that they can still access Contoso.com on port 80 • Allow outbound connections to Adatuin.com on ports 80 and 443. You configure the AppRC2 firewall rule to allow the connections. Users report that they can access the Adaturn com website by using the IP address but not by using the fully qualified domain name (FQDN). You need to troubleshoot the rules that are causing the issues. Which rules should you review? To answer, select the appropriate options in the answer area.

A company implements self-service password reset (SSPR). After a firewall upgrade at the company's datacenter, SSPR stops working. You need to resolve the issue. Which two URLs must be present on the firewalls to allow SSPR to connect?

Question 71

A company deploys a new file sharing application on four Standard_D2_v3 virtual machines (VMs) behind an Azure Load Balancer. The company implements Azure Firewall. Users report that the application is slow during peak usage periods. An engineer reports that the peak usage for each VM is approximately 1 Gbps. You need to implement a solution that support a minimum of 10 Gbps.

What should you do to increase the throughput?

Request an increase in networking quotas.

Increase the size of the VM instance.

Disable the Azure Firewall and implement network security groups in its place.

Move two of the servers behind a separate load balancer and configure round robin routing in Traffic Manager.

Show Answer Comment (0)

Question 72

A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1. The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server. You need to determine if ICMP connectivity to VM1 is allow on FW1.

What should you do?

Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.

Use the ping command targeting the IP address of VM1 and review the command's response.

Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.

Use the ping command targeting the fully qualified domain name of VM1 and review the command's response.

Show Answer Comment (0)

Question 73

A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2. The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 andVM2. Rule1 is associated with an HTTPS health probe. The path for the probe is set to /. The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address of LB1 are failing. You need to resolve the issue.

What should you do?

Change the health probe associated with Rule1 to use HTTP.

Add an NSG1 rule with the source set to VirtualNetwork.

Change the health probe associated with Rule1 to use TCP.

Add an NSG1 rule with the source set to AzureLoadBalancer.

Show Answer Comment (0)

Question 74

A company uses an Azure VPN gateway to connect to their on-premises environment.

The company's on-premises VPN gateway is used by several services. One service is experiencing connectivity issues. You need to minimize downtime for all services and resolve the connectivity issue.

Which three actions should you perform?

Configure the hashing algorithm to be different on both gateways.

Rest the VPN gateway.

Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways.

Rest the VPN connection.

Configure the hashing algorithm to be the same on both gateways.

Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.

Show Answer Comment (0)

Question 75

You need to troubleshoot the issue.

Which two features can you use to achieve the goal?

IP flow verify

AzureNetworkWatchExtension

Next hop

Network Watcher topology

NSG flow logs

Show Answer Comment (0)

Question 76

HOTSPOT

A company deploys an Azure Firewall. The company reports the following log entry:

For each of the following questions, select Yes or No.

Show Answer Comment (0)

Question 77

DRAG DROP

A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.

The customer configures a resource group named RG1 that contains the following resources:

• A virtual machine named VM1.

• A network interface named NIC1 that is attached to VM1.

The customer grants a user named Admin1 the following permission for RG1:

Microsoft.Security/locations/jitNetworkAccessPolicies/write.

Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab. You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege. Which three actions should you recommend be performed in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Show Answer Comment (0)

Question 78

DRAG DROP

A company has an Azure virtual network (VNet). An administrator creates a subet in the VNet named AzureSastionSubnet. The administrator deploys Azure Bastion to AzureBastionSubnet. The administrator creates a default network security group named nsg-Bastion. The following error message display when the administrator attempts to assign nsg-Bastion to AzureBastionSubnet:

Network security group nsg-Bastion does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet You need to resolve the issues with the inbound security rules. Which port or set of ports should you configure?