ExamGecko
Search Search Login
Home Home / Microsoft / AZ-720
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT A company named Contoso connects its on-premises resources to Azure by using ExpressRoute. An administrator reports that the circuit is in a failed state. You need to resolve the issue. How should you complete the PowerShell commands?
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication. A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine: A certificate could not be found You need to resolve the issue. Which three actions should you perform?
You need to resolve the issue with VM10. What should you do?
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following: OpenVPN for the tunnel type. Azure certificate for the authentication type. Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error. What should you do?
You need to resolve the issue repotted by Admin2. What should you do?
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway. An administrator reports that communication between applications across the VNets is failing. You need to troubleshoot the issue. Which two features can you use to achieve the goal?
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules. The company creates an application rule collection with the following settings: Priority: 100 Action: Deny Rule type: FQDN Source type: IP address Source: * Protocol: http:80,https:443 Target FQDN: *.cloud.contoso.com An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1. You need to determine why the traffic is allowed. What should you review?
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue. Solution: Configure the retention range for the current VM backup policy. Does the solution meet the goal?
HOTSPOT A company uses Azure Firewall. The firewall uses the following rules: The company requires the following: • Block outbound connections to Contoso.com on ports 80 and 443. You configure the NetRC2 firewall rule to block the connections. Users report that they can still access Contoso.com on port 80 • Allow outbound connections to Adatuin.com on ports 80 and 443. You configure the AppRC2 firewall rule to allow the connections. Users report that they can access the Adaturn com website by using the IP address but not by using the fully qualified domain name (FQDN). You need to troubleshoot the rules that are causing the issues. Which rules should you review? To answer, select the appropriate options in the answer area.
A company implements self-service password reset (SSPR). After a firewall upgrade at the company's datacenter, SSPR stops working. You need to resolve the issue. Which two URLs must be present on the firewalls to allow SSPR to connect?

Question 12 - AZ-720 discussion

Report
Export

HOTSPOT

You need to troubleshoot the issues with the SharePoint workload in VNet2.

What should you do? To answer, select the appropriate option in the answer area.

NOTE: Each correct selection is worth one point.


Question 12
Correct answer: Question 12

Explanation:

Box 1 = Use IP flow verify.

IP flow verify is a feature of Azure Network Watcher that checks if a packet is allowed or denied to or from a virtual machine. It can help diagnose connectivity issues caused by network security groups, user-defined routes, or Azure Virtual Network Manager rules1. IP flow verify can also return the name of the rule that denied the packet, which can be useful for troubleshooting2. Connection troubleshoot is another feature of Azure Network Watcher that helps reduce the time to diagnose and resolve network connectivity issues. However, it can only test TCP or ICMP connections from certain Azure resources, such as virtual machines, Azure Bastion instances, or application gateways3. Connection troubleshoot can also detect issues such as high VM CPU utilization, DNS resolution failures, or inability to open a socket at the specified source port3. In this scenario, you need to collect the required logs for the SharePoint workload in VNet2. Since you are not testing a specific TCP or ICMP connection, but rather checking if packets are allowed or denied by any network configuration, IP flow verify is more suitable than connection troubleshoot. You can use IP flow verify to check the direction, protocol, local IP, remote IP, local port, and remote port of the packets and see which rule is blocking them12. To use IP flow verify, you need to enable a network watcher in the same region as the virtual machines you want to troubleshoot. Then you can use the Azure portal, PowerShell, or Azure CLI to run IP flow verify and get the results24.


Box 2 = Use Traffic analytics

To troubleshoot issues related to the SharePoint workload in VNet2, we can use Traffic Analytics. It is a networking monitoring solution that uses Network Watcher to analyze and report on traffic flows in your Azure virtual network. With Traffic Analytics, you could see information about the traffic flow patterns and security concerns detected across Azure subscriptions using network security group (NSG) flow logs. IP Flow Verify is used to verify if packets are flowing as expected between two endpoints within an Azure virtual network or between a public IP address and an endpoint inside an azure virtual network. But it doesn't provide visibility into overall traffic patterns or identify potential security threats. Connection Troubleshoot can be used when you have connectivity problems while interacting with a specific instance of a resource type being served out from Microsoft datacenters over Internet, but for troubleshooting SharePoint workloads related issue which might not necessarily correspond to internet routing/connectivity problems this may not apply.

Show Answer Show Case Study
asked 02/10/2024
Anthony Zaborski
48 questions
PreviousPreviousNextNext
User
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms