The latest Troubleshooting Microsoft Azure Connectivity AZ-720 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Troubleshooting Microsoft Azure Connectivity AZ-720 exam and earn Troubleshooting Microsoft Azure Connectivity AZ-720 certification.
Table of Contents
- Question 61
- Exam Question
- Correct Answer
- Explanation
- Question 62
- Exam Question
- Correct Answer
- Explanation
- Reference
- Question 63
- Exam Question
- Correct Answer
- Explanation
- Question 64
- Exam Question
- Correct Answer
- Explanation
- Question 65
- Exam Question
- Correct Answer
- Explanation
- Question 66
- Exam Question
- Correct Answer
- Question 67
- Exam Question
- Correct Answer
- Explanation
- Question 68
- Exam Question
- Correct Answer
- Explanation
- Reference
- Question 69
- Exam Question
- Correct Answer
- Explanation
- Question 70
- Exam Question
- Correct Answer
- Explanation
Question 61
Exam Question
You manage an Azure point-to-site (P2S) VPN deployment. All users connect regularly from their personal Windows computer through a P2S VPN by using certificate-based authentication.
A new user attempts to establish a P25S VPN connection.
The user receives the following error message:
A certificate could not be found that can be used with this Extensible Authentication protocol. (Error 798)
You need to assists the user with resolving the certificate issue.
What should you do? To answer, drag the appropriate locations to the correct task. Each location maybe used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Task:
- Provide the target certificate location for importing a Client Authentication key usage certificate file with the .pfx extension.
- Provide the target certificate location for importing a Certificate Signing certificate key usage file with the .cer extension.
Location:
- Current User\Personal
- Local Computer\Trusted Devices
- Local Computer\Trusted Root Certification Authorities
Correct Answer
Provide the target certificate location for importing a Client Authentication key usage certificate file with the .pfx extension: Current User\Personal
Provide the target certificate location for importing a Certificate Signing certificate key usage file with the .cer extension: Local Computer\Trusted Root Certification Authorities
Explanation
A) Provide the target certificate location for importing a Client Authentication key usage certificate file with the .pfx extension. Current User\Personal
This is the location where the client certificate should be installed on the user’s personal Windows computer. The client certificate is generated from the self-signed root certificate and then exported with the .pfx extension. The client certificate is used to authenticate the user to the Azure point-to-site VPN gateway1.
B) Provide the target certificate location for importing a Certificate Signing certificate key usage file with the .cer extension
Local Computer\Trusted Root Certification Authorities
This is the location where the root certificate should be installed on the user’s personal Windows computer. The root certificate is a self-signed certificate that is used to sign the client certificates. The root certificate public key data is also uploaded to Azure point-to-site VPN configuration. The root certificate is exported with the .cer extension1.
Question 62
Exam Question
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2. Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the following rules:
| Priority | Port | Protocol | Source | Destination | Action |
|---|---|---|---|---|---|
| 300 | 443 | TCP | Any | VirtualNetwork | Allow |
| 500 | Any | Any | Any | Any | Deny |
| 65000 | Any | Any | VirtualNetwork | VirtualNetwork | Allow |
| 65001 | Any | Any | AzureLoadBalancer | Any | Allow |
| 65500 | Any | Any | Any | Any | Deny |
You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address of LB1 are failing.
You need to resolve the issue.
What should you do?
A. Change the health probe associated with Rule1 to use HTT
B. Add an NSG1 rule with the source set to VirtualNetwork.
C. Change the health probe associated with Rule1 to use TCP.
D. Add an NSG1 rule with the source set to AzureLoadBalancer.
Correct Answer
C. Change the health probe associated with Rule1 to use TCP.
Explanation
According to Microsoft, Azure Load Balancer health probes originate from the IP address 168.63.129.16 and must not be blocked for probes to mark your instance as up. The AzureLoadBalancer service tag identifies this source IP address in your network security groups and permits health probe traffic by default1.
Reference
Microsoft Learn > Azure > Networking > Load Balancer > Azure Load Balancer health probes
Question 63
Exam Question
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback could not be enabled during the Azure AD Connect configuration.
The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
What should you do?
A. Restart the Azure AD Connect service.
B. Configure Azure AD Connect using a global administrator account that is not federated.
C. Configure Azure AD Connect using a global administrator account with a password that is less than 256 characters.
D. Disable password writeback and then enable password writeback using the Azure AD Connect configuration.
Correct Answer
A. Restart the Azure AD Connect service.
Explanation
The error message “Error getting auth token” occurs when you specify an incorrect password for the global administrator account provided at the beginning of the Azure AD Connect installation process.
To resolve this issue, you should check that you have specified the correct password for your global administrator account. If you have specified an incorrect password, update it and then restart the Azure AD Connect service.
The solution of disabling and re-enabling password writeback may not meet the goal of resolving the issue. According to 1, there are other steps that you should try before disabling and re-enabling password writeback, such as:
- Confirm network connectivity
- Restart the Azure AD Connect Sync service
- Install the latest Azure AD Connect release
- Troubleshoot password writeback
If none of these steps work, then you can try to disable and re-enable password writeback as a last resort.
Question 64
Exam Question
A company deploys ExpressRoute.
The company reports that there is an autonomous system (AS) number mismatch.
You need to identify the AS number of the circuit.
Which PowerShell cmdlet should you run?
A. Get-AzExpressRouteCircuitPeeringConfig
B. Get-AzExpressRouteCircuitStats
C. Get-AzExpressRouteCircuitRouteTable
D. Get-AzExpressRouteCircuit
Correct Answer
D. Get-AzExpressRouteCircuit
Explanation
To identify the AS number of the circuit when there is an autonomous system (AS) number mismatch in ExpressRoute, you should run the Get-AzExpressRouteCircuit PowerShell cmdlet. Therefore, option D is correct. You should run the Get-AzExpressRouteCircuit PowerShell cmdlet.
Question 65
Exam Question
A company has virtual machines (VMs) in the following Azure regions:
- West Central US
- Australia East
The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-premises services.
The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM traffic attempts to use ExpressRoute private peering.
You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must preserve existing on-premises connectivity to Azure VNets.
What should you do?
A. Add a user-defined route to the subnets route table.
B. Add a filter to the on-premises routers.
C. Add a second VNet to the virtual machines and configure VNet peering between the VNets.
D. Disable the ExpressRoute peering connections for one of the regions.
Correct Answer
A. Add a user-defined route to the subnets route table.
Explanation
To ensure that traffic uses global VNet peering instead of ExpressRoute private peering, you should add a user-defined route to the subnets route table. According to 2, global VNet peering allows virtual networks across regions to communicate using private IP addresses as if they were in the same region. However, if there is an existing ExpressRoute private peering between two regions that also have global VNet peering enabled, traffic will prefer ExpressRoute over global VNet peering by default. To override this behavior and force traffic to use global VNet peering instead of ExpressRoute private peering for a specific subnet or virtual network gateway connection, you need to add a user-defined route with a next hop type of Virtual Network Peering.
Question 66
Exam Question
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?
Correct Answer
Question 67
Exam Question
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Install the VM guest agent by using administrative permissions.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer
A. Yes
Explanation
Yes, installing the VM guest agent by using administrative permissions could resolve the issue of the Azure VM backup job failing after enabling backups for the VM through the Azure portal. When backing up a virtual machine in Azure, it is necessary to install the VM guest agent to enable proper communication between the VM and the backup service. An administrative user account is required to install the agent. Therefore, the solution mentioned in the question is correct and the answer is A. Yes.
Question 68
Exam Question
A company manages a solution that uses Azure Functions.
A function returns the following error: Azure Function Runtime is unreachable.
You need to troubleshoot the issue.
What are two possible causes of the issue?
A. The storage account application settings were deleted.
B. The function key was deleted.
C. The execution quota is full.
D. The storage account for the function was deleted.
E. The company did not configure a timer trigger.
Correct Answer
A. The storage account application settings were deleted.
E. The company did not configure a timer trigger.
Explanation
Two possible causes of the issue where a function returns the error “Azure Function Runtime is unreachable” are: C. The storage account application settings were deleted. E. The storage account for the function was deleted.
According to Microsoft, this issue occurs when the Functions runtime can’t start. The most common reason for this is that the function app has lost access to its storage account. If that account is deleted or if the storage account application settings were deleted, your functions won’t work
Reference
Microsoft Learn > Azure > Functions > Troubleshoot error: “Azure Functions Runtime is unreachable”
Question 69
Exam Question
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps.
The VMs are expected to sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?
A. Install a kernel name that ends with -azure.
B. Configure the network interfaces to 1000 Mbps/full duplex.
C. Redeploy the VM with Accelerated Networking enabled.
D. Increase the TCP buffers and window size kernel parameters.
Correct Answer
B. Configure the network interfaces to 1000 Mbps/full duplex.
Explanation
To ensure that Ubuntu Linux servers are compatible with Azure and to increase network throughput from 20 Mbps to 300 Mbps, you should redeploy the VM with Accelerated Networking enabled. Therefore, option C is correct. You should redeploy the VM with Accelerated Networking enabled.
Question 70
Exam Question
A company deploys Azure Bastion to connect to their virtual machine (VM) infrastructure.
An engineer attempts to connect to a Windows VM by using Remote Desktop Protocol (RDP).
The connection fails.
You need to troubleshoot the issue.
Which two actions should you perform?
A. Monitor traffic with the following PowerShell cmdlet Test-AzNetworkWatcherConnectivity
B. Configure Azure Bastion with static assignment.
C. Apply a network security group on the same subnet as Azure Bastion.
D. Run the Network Watcher Connection troubleshoot service.
E. Monitor traffic with the following PowerShell cmdlet New-AzNetworkWatcherFlowLog.
Correct Answer
B. Configure Azure Bastion with static assignment.
E. Monitor traffic with the following PowerShell cmdlet New-AzNetworkWatcherFlowLog.
Explanation
The two actions that should be performed to troubleshoot the issue of a failed RDP connection to a Windows VM through Azure Bastion are A) Monitor traffic with the PowerShell cmdlet ‘Test-AzNetworkWatcherConnectivity’ and D) Run the Network Watcher Connection troubleshoot service.
A) Monitor traffic with the PowerShell cmdlet ‘Test-AzNetworkWatcherConnectivity’: This cmdlet can be used to verify connectivity between two endpoints in Azure. By monitoring traffic, you can identify the root cause of issues with the VM’s connectivity through Azure Bastion.
D) Run the Network Watcher Connection troubleshoot service: This service can help identify the root cause of connectivity issues with Azure resources. It analyses network traffic to identify common misconfiguration issues and provides guidance on how to resolve them.