March/2023 Latest Braindump2go AZ-720 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go AZ-720 Real Exam Questions!
Question: 1
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Configure a route table with route propagation disabled. Does the solution meet the goal?
A.Yes
B.No
Answer: B
Question: 2
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Disable peering on the virtual network. Does the solution meet the goal?
A.Yes
B.No
Answer: B
Question: 3
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Scale the gateway to Generation2. Does the solution meet the goal?
A.Yes
B.No
Answer: A
Question: 4
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Configure subnet delegation. Does the solution meet the goal?
A.Yes
B.No
Answer: B
Question: 5
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Restart the Azure AD Connect service. Does the solution meet the goal?
A.Yes
B.No
Answer: B
Question: 6
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Use a global administrator account with a password that is less than 256 characters to configure Azure AD Connect.
Does the solution meet the goal?
A.Yes
B.No
Answer: A
Question: 7
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Use a global administrator account that is not federated to configure Azure AD Connect. Does the solution meet the goal?
A.Yes
B.No
Answer: A
Question: 8
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Disable password writeback and then enable password writeback. Does the solution meet the goal?
A.Yes
B.No
Answer: B
Question: 9
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue.
Solution: Install the VM guest agent by using administrative permissions. Does the solution meet the goal?
A.Yes
B.No
Answer: B
Question: 10
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue.
Solution: Create a new manual backup in Backup center. Does the solution meet the goal?
A.Yes
B.No
Answer: A
Question: 11
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue.
Solution: Enable replication and create a recovery plan for the backup vault. Does the solution meet the goal?
A.Yes
B.No
Answer: A
Question: 12
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue.
Solution: Configure the retention range for the current VM backup policy. Does the solution meet the goal?
A.Yes
B.No
Answer: A
Question: 13
HOTSPOT
A company deploys an Azure Firewall. The company reports the following log entry:
For each of the following questions, select Yes or No.
Answer:
Question: 14
DRAG DROP
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
•A virtual machine named VM1.
•A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1:
Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Question: 15
DRAG DROP
A company has an Azure virtual network (VNet). An administrator creates a subet in the VNet named AzureSastionSubnet. The administrator deploys Azure Bastion to AzureBastionSubnet.
The administrator creates a default network security group named nsg-Bastion. The following error message display when the administrator attempts to assign nsg-Bastion to AzureBastionSubnet:
Network security group nsg-Bastion does not have necessary rules for Azure Bastion Subnet
AzureBastionSubnet
You need to resolve the issues with the inbound security rules. Which port or set of ports should you configure?
Answer:
Question: 16
A company uses Azure virtual machines (VMs) in multiple regions. The VMs have the following configuration:
The backend pool of an internal Azure Load Balancer (ILB) named ILB1 contains VM1 and VM2. The ILB uses the Basic SKU and is in a resource group RG2.
Virtual network peering has been configured between VNet1 and VNet2.
Users report that they are unable to connect to resources on VM1 and VM2 by using ILB1 from VM3. You need to resolve the connectivity issues.
What should you do?
A.Redeploy VM1 and VM2 into availability zones.
B.Move ILB1 to RG1.
C.Redeploy the ILB using the Standard SKU.
D.Move VM1 and VM2 into RG3.
Answer: A
Question: 17
A company deploys an ExpressRoute circuit.
You need to verify accepted peering routes from the ExpressRoute circuit. Which PowerShell cmdlet should you run?
A.Get-AzExpressRouteCrossConnectionPeering
B.Get-AzExpressRouteCircuit
C.Get-AzExpressRouteCircuitPeeringConfig
D.Get-AzExpressRouteCircuitRouteTable
E.Get-AzExpressRouteCircuitStats
Answer: A
Question: 18
A company plans to implement ExpressRoute by using the provider connectivity model.
The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit.
You need to determine the provisioning state of the service provider. Which PowerShell cmdlet should you run?
A.Get-AzExpressRouteCircuitPeeringConfig
B.Get-AzExpressRouteCircuitRouteTable
C.Get-AzExpressRouteCircuitConnectionConfig
D.Get-AzExpressRouteCircuit
E.Get-AzExpressRouteCircuitARPTable
Answer: C
Question: 19
A company has virtual machines (VMs) in the following Azure regions: West Central US
Australia East
The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-premises services.
The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM traffic attempts to use ExpressRoute private peering.
You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must preserve existing on-premises connectivity to Azure VNets.
What should you do?
A.Add a user-defined route to the subnets route table.
B.Add a filter to the on-premises routers.
C.Add a second VNet to the virtual machines and configure VNet peering between the VNets.
D.Disable the ExpressRoute peering connections for one of the regions.
Answer: B
Question: 20
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured.
The company reports that the endpoint is unable to connect to the service. You need to resolve the connectivity issue.
What should you do?
A.Disable the endpoint network policies.
B.Validate the VPN device.
C.Approve the connection state.
D.Disable the service network policies.
Answer: D
Question: 21
A company deploys the Azure Application Gateway Web Application Firewall (WAF) to protect their web applications.
Users in a remote office location report the following issues: Unable to access part of a web application.
Part of the web application is failing to load.
Parts of the web application has activities that are not performing as expected. You need to troubleshoot the issue.
Which diagnostic log should you review?
A.Performance
B.Firewall
C.Access
D.Azure Activity
Answer: D
Question: 22
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules.
The company creates an application rule collection with the following settings: Priority: 100
Action: Deny Rule type: FQDN
Source type: IP address Source: *
Protocol: http:80,https:443
Target FQDN: *.cloud.contoso.com
An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1. You need to determine why the traffic is allowed.
What should you review?
A.Network rules
B.Web categories
C.Infrastructure rules
D.Application rules
Answer: C
Question: 23
A company configures an Azure site-to-site VPN between an on-premises network and an Azure virtual network.
The company reports that after completing the configuration, the VPN connection cannot be established.
You need to troubleshoot the connection issue. What should you do first?
A.Identify the shared keymby running this PowerShell cmdlet: Get- AzVirtualNetworkGatewayConnectionSharedKey.
B.Identify the shared key by running this PowerShell cmdlet:Get- AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript.
C.Verify the AzureRoot.cer file exists.
D.Verify the AzureClient.pfx file exists.
Answer: B
Question: 24
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to- site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error.
What should you do?
A.Reissue the client certificate with client authentication enabled.
B.Create a profile manually, add the server FQDN and reissue the client certificate.
C.Reissue the client certificate with server authentication enabled.
D.Install an IKEv2 VPN client on the user’s computers.
Answer: B
Question: 25
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to- site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error.
What should you do?
A.Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.
B.Create a profile manually, add the server FQDN and reissue the client certificate.
C.Install a Secure Socket Tunneling Protocol (SSTP) VPN client on the user’s computers.
D.Configure preshared key for authentication on the VPN profile.
Answer: B
Question: 26
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to- site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error.
What should you do?
A.Install an IKEv2 VPN client on the user’s computers.
B.Reissue the client certificate with client authentication enabled.
C.Create a profile manually, add the server FQDN and reissue the client certificate.
D.Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.
Answer: D
Question: 27
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to- site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error.
What should you do?
A.Reissue the client certificate with client authentication enabled.
B.Configure preshared key for authentication on the VPN profile.
C.Install an IKEv2 VPN client on the user’s computers.
D.Reissue the client certificate with server authentication enabled.
Answer: D
Question: 28
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server.
You need to resolve the problem with the NVA. What should you do?
A.Configure a user-defined route on the NVA subnet.
B.Move the route server to the same VNet as the NVA.
C.Configure a unique autonomous system number (ASN) on the NVA.
D.Configure a public IP address on the route server.
Answer: C
Question: 29
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet. You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1. What should you do?
A.Configure FlowLog1 for version 2.
B.Create the storage account for FlowLog1 as a premium block blob.
C.Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
D.Enable FlowLog1 in a network security group associated with the network interface of VM1.
Answer: A
Question: 30
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet. You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1. What should you do?
A.Enable FlowLog1 in a network security group associated with the subnet of VM1.
B.Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
C.Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
D.Configure FlowLog1 for version 2.
Answer: B
Question: 31
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet. You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1. What should you do?
A.Create the storage account for FlowLog1 as a premium block blob.
B.Create the storage account for FlowLog1 as a premium page blob.
C.Enable FlowLog1 in a network security group associated with the subnet of VM1.
D.Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
Answer: B
Question: 32
A company has an Azure Active Directory (Azure AD) tenant. The company provisions an Azure Active Directory Domain Services (Azure AD DS) instance.
Users report that they are unable to sign into Azure AD DS after being provisioned from Azure AD. You verify the user accounts exist in Azure AD DS.
You need to resolve the issue. What should you do?
A.Delete the Azure application named AzureActiveDirectoryDomainControllerServices and then enable Azure AD DS again.
B.Deploy Azure AD Connect.
C.Delete the Azure application named Azure AD Domain Services Sync and then enable Azure AD DS again.
D.Instruct the users to change their password in Azure AD.
Answer: D
Question: 33
A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).
A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:
Sorry! We can’t process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.
You need to help the user complete the MFA setup. What should you do?
A.From the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.
B.Instruct the user to complete the setup process within 10 minutes.
C.Instruct the user to enter the correct verification code.
D.Instruct the user to clear their web browser cache.
E.From the Azure AD portal, reset the user’s password.
Answer: E
Question: 34
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize objects from their Active Directory Domain Services (AD DS) domain.
You observe that AD DS objects are not synchronizing to Azure AD. You need to verify that the staging mode is enabled.
What should you do?
A.Review the history for the Azure AD Connect sync scheduled task.
B.Run this PowerShell cmdlet: Get-ADSyncScheduler
C.Review the triggers for the Azure AD Connect sync scheduled task.
D.Run this PowerShell cmdlet: Get-ADSyncConnetorRunStatus
Answer: B
Question: 35
A company has on-premises application server that runs in System Center Virtual Machine Manager (SCVMM). The company configures Azure Site Recovery.
An administrator at the company reports that they receive an error message. The error message indicates that there are replication issues.
You need to troubleshoot the issue. Which log should you review?
A.Network Security Group flow log
B.Azure Monitor log
C.Network Watcher diagnostic log
D.SCVMM debug log
Answer: A
Resources From:
1.2023 Latest Braindump2go AZ-720 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-720.html
2.2023 Latest Braindump2go AZ-720 PDF and AZ-720 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1wUq6oPvswij6xmBVKx6xNdundYls7CuD?usp=sharing
3.2023 Free Braindump2go AZ-720 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AZ-720-PDF-Dumps(1-35).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!