The latest Troubleshooting Microsoft Azure Connectivity AZ-720 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Troubleshooting Microsoft Azure Connectivity AZ-720 exam and earn Troubleshooting Microsoft Azure Connectivity AZ-720 certification.
Table of Contents
- Question 51
- Exam Question
- Correct Answer
- Question 52
- Exam Question
- Correct Answer
- Question 53
- Exam Question
- Correct Answer
- Explanation
- Question 54
- Exam Question
- Correct Answer
- Explanation
- Reference
- Question 55
- Exam Question
- Correct Answer
- Question 56
- Exam Question
- Correct Answer
- Question 57
- Exam Question
- Correct Answer
- Explanation
- Question 58
- Exam Question
- Correct Answer
- Explanation
- Question 59
- Exam Question
- Correct Answer
- Explanation
- Question 60
- Exam Question
- Correct Answer
Question 51
Exam Question
A company uses Azure Active Directory (Azure AD) for authentication. The company synchronizes Azure AD with an on-premises Active Directory domain.
The company reports that an Azure AD object fails to sync.
You need to determine which objects are not syncing.
Which troubleshooting steps should you use to diagnose the failure?
Tool to use to determine issue.
- Synchronization Service Manager
- Azure AD Connect
- Synchronization Rules Editor
- Synchronization Service Key Management
Review items where the status is __________ to identify errors.
- completed-*-errors
- completed-*-warnings
- success
Correct Answer
Tool to use to determine issue: Synchronization Service Manager
Review items where the status is completed-*-errors to identify errors.
Question 52
Exam Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Configure subnet delegation.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer
B. No
Question 53
Exam Question
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?
A. Enable FlowLog1 in a network security group associated with the subnet of VM1.
B. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
C. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
D. Configure FlowLog1 for version 2.
Correct Answer
A. Enable FlowLog1 in a network security group associated with the subnet of VM1.
Explanation
According to 1, flow logging using ExpressRoute Traffic Collector requires version 2 of flow logs. Version 1 of flow logs does not support ExpressRoute Traffic Collector. You can configure the version of flow logs when you enable them on a network security group (NSG).
According to 2, when FastPath is enabled on an ExpressRoute gateway, network traffic between your on-premises network and your virtual network bypasses the gateway and goes directly to virtual machines in the virtual network. Therefore, if you want to capture outbound flow traffic from VM1, you need to enable flow logging on an NSG associated with the subnet of VM1.
Question 54
Exam Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Configure a route table with route propagation disabled.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer
B. No
Explanation
The proposed solution of configuring a route table with route propagation disabled will not meet the goal of making the new subnet unreachable from the on-premises network.
Route tables in Azure are used to control traffic flow within a virtual network and between virtual networks. By default, each subnet in an Azure virtual network is associated with a system-generated route table, which contains a default route that enables traffic to flow to and from all the subnets within the virtual network.
Disabling route propagation in a custom route table would prevent any new routes from being propagated to the associated subnets. However, it would not prevent traffic from the on-premises network from reaching the new subnet since traffic between the virtual network and the on-premises network would still use the default route in the system-generated route table.
To meet the goal of making the new subnet unreachable from the on-premises network, you would need to create a new route table with a route that sends traffic destined for the new subnet to a null interface. This would cause the traffic to be dropped and the subnet to be effectively unreachable from the on-premises network.
Reference
- Microsoft Learn > Azure > Networking > Virtual Network > Create, change, or delete a route table
- Microsoft Learn > Azure > Networking > Virtual Network > Tutorial: Route network traffic with a route table using the Azure portal
Question 55
Exam Question
A company attempts to implement just-in-time (JIT) access for a virtual machine (VM) named VM1.
The company reports that they are unable to complete the process.
You need to implement JIT access and test the deployment.
Which PowerShell cmdlets should you run?
Requirement: Enable JIT VM Access on VM1.
PowerShell cmdlet:
- Set-AzJitNetworkAccessPolicy
- Start-AzJitNetworkAccessPolicy
- Set-AzSecuritySetting
- Get-AzSecuritySetting
Requirement: Request JIT VM Access to VM1.
- Get-AzJitNetworkAccessPolicy
- Start-AzJitNetworkAccessPolicy
- Get-AzSecurityWorkspaceSetting
- Get-AzSecurityWorkspaceSetting
Correct Answer
Enable JIT VM Access on VM1: Set-AzJitNetworkAccessPolicy
Request JIT VM Access to VM1: Start-AzJitNetworkAccessPolicy
Question 56
Exam Question
A company plans to implement ExpressRoute by using the provider connectivity model.
The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit.
You need to determine the provisioning state of the service provider.
Which PowerShell cmdlet should you run?
A. Get-AzExpressRouteCircuitPeeringConfig
B. Get-AzExpressRouteCircuitConnectionConfig
C. Get-AzExpressRouteCircuitRouteTable
D. Get-AzExpressRouteCircuit
E. Get-AzExpressRouteCircuitARPTable
Correct Answer
D. Get-AzExpressRouteCircuit
Question 57
Exam Question
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?
A. The administrator is using the Microsoft Defender for Cloud free tier.
B. The VMs were provisioned by using a classic deployment.
C. The administrator does not have the SecurityReader role.
D. The administrator does not have permissions to request JIT access to the VMs.
Correct Answer
B. The VMs were provisioned by using a classic deployment.
Explanation
JIT VM access is only supported for VMs that are deployed using the Azure Resource Manager (ARM) deployment model. VMs that are provisioned using the classic deployment model are not compatible with JIT VM access and will be displayed under the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
Question 58
Exam Question
A company uses Azure Backup Server to back up SQL Server databases that are deployed in an availability group.
The company reports that a backup operation for a database fails. The following error message displays:
Unable to configure protection.
You need to ensure that the backup operation runs successfully.
What should you do?
A. Add a partitioned drive to the storage pool on the backup server.
B. Add the Sysadmin role to the system account on the SQL Server instance.
C. Run the following command on the backup server: net stop OBEngine
D. Configure the availability group replicas to allow read and write operations on the SQL Server instance.
Correct Answer
B. Add the Sysadmin role to the system account on the SQL Server instance.
Explanation
To ensure that the backup operation for a database in an availability group using Azure Backup Server runs successfully, you should add the Sysadmin role to the system account on the SQL Server instance. The system account on the SQL Server instance must have the Sysadmin role to perform backup operations. So the correct answer is B. Add the Sysadmin role to the system account on the SQL Server instance. You can find more information about Azure Backup Server and its requirements in the official Microsoft documentation.
Question 59
Exam Question
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Create a new manual backup in Backup center.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer
B. No
Explanation
It is unlikely that creating a new manual backup in Backup center would resolve the issue of an Azure VM backup job failing after enabling backups for the VM through the Azure portal. To troubleshoot the issue, the administrator should first check the Azure VM backup job logs and identify the specific error message or code provided. This can help identify the underlying issue and the appropriate solution.
Therefore, the solution mentioned in the question is incorrect and the answer is B. No.
Question 60
Exam Question
HOTSPOT
–
A company uses Azure Site Recovery for an on-premises server.
The company reports that replication of the server to Azure has failed.
You need to inspect the logs on the server to troubleshoot the issue.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer
wevtutil el | findstr /i microsoftazurerecovryservices-replication | % { wevtutil qe $_ /f:text}