The latest Troubleshooting Microsoft Azure Connectivity AZ-720 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Troubleshooting Microsoft Azure Connectivity AZ-720 exam and earn Troubleshooting Microsoft Azure Connectivity AZ-720 certification.
Table of Contents
- Question 71
- Exam Question
- Correct Answer
- Question 72
- Exam Question
- Correct Answer
- Explanation
- Question 73
- Exam Question
- Correct Answer
- Question 74
- Exam Question
- Correct Answer
- Explanation
- Reference
- Question 75
- Exam Question
- Correct Answer
- Question 76
- Exam Question
- Correct Answer
- Question 77
- Exam Question
- Correct Answer
- Explanation
- Question 78
- Exam Question
- Correct Answer
- Question 79
- Exam Question
- Correct Answer
- Question 80
- Exam Question
- Correct Answer
Question 71
Exam Question
A company has two virtual networks (VNets) that reside in the same Azure region.
An administrator reports that virtual machines (VMs) in each VNet are unable to connect to VMs in the other VNet.
You need to configure a connection between the two networks that maximizes throughput and minimizes latency.
What should you do?
A. Create a site-to-site VPN connection.
B. Create a point-to-site VPN connection.
C. Configure a VPN gateway.
D. Configure virtual network peering.
Correct Answer
A. Create a site-to-site VPN connection.
Question 72
Exam Question
A company has a pay-as-you-go subscription named Subl1.
The company has a virtual machine (VM) named VM1 in a subnet named Subnet1.
You create the following network security group (NSG) named NSG1 and associate it with Subnet1.
| Priority | Source | Source ports | Destination | Destination ports | Protocol | Access |
|---|---|---|---|---|---|---|
| 1000 | VirtualNetwork | 25 | Internet | 25 | Any | Allow |
| 2000 | VirtualNetwork | * | Internet | * | Any | Deny |
You observe that an application on VM1 is unable to send email to recipient outside the company
You need to resolve the issue.
What should you do?
A. Configure the protocol for the NSG1 rule with priority of 100 to TCP.
B. Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.
C. Migrate Sub1 to a cloud service provider subscription
D. Remove the NSG1 rule with a priority of 2000.
E. Assign NSG1 to the network interface on VM1.
F. Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.
Correct Answer
A. Configure the protocol for the NSG1 rule with priority of 100 to TCP.
Explanation
The NSG1 rule with priority 100 currently allows all outbound traffic (source: any, destination: any, protocol: any). To restrict the outbound traffic to only TCP port 587, modify the rule to use the following configuration:
Name: Allow_Outbound_Email
Priority: 100
Source: Any
Destination: Any
Protocol: TCP
Source Port Range: *
Destination Port Range: 587
Action: Allow
Once you have updated the NSG1 rule, the application on VM1 should be able to send email to recipients outside the company.
To resolve the issue where the application on VM1 is unable to send email to recipients outside the company, you should modify the NSG1 rule with a priority of 100 to allow outbound traffic on TCP port 587. The correct answer is therefore: A. Configure the protocol for the NSG1 rule with priority of 100 to TCP.
Question 73
Exam Question
A company uses a service principal to assign RBAC roles for an application hosted in Azure.
The company attempts to create a rule assignment.
The following error displays:Insufficient privileges to complete the operation.
You need to resolve the issue.
How should you complete the CLI command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer
Question 74
Exam Question
A company has two subnet in a virtual network named VNe1m the subnet are named SubnetA and SubnetB. The company uses a site-to-site (S2) VPN in SubnetB to connect its on-premises environment to Azure.
You deploy an Azure SQL Database named SQL1. You configure a service endpoint in SubnetA for Microsft.SqL
A. Configure a DNS record for the private IP address of SQL1.
B. Configure a network security group (NSG) to allow port 1433 on SubnetA
C. Configure a service endpoint on SubnetB.
D. Deploy a private endpoint for SQL1.
E. Deploy an Azure ExpressRoute circuit for VNet1.
Correct Answer
D. Deploy a private endpoint for SQL1.
Explanation
To allow the on-premises environment to access the Azure SQL Database named SQL1 over a site-to-site (S2S) VPN in SubnetB, you should deploy a private endpoint for SQL1. A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Link allows you to access Azure PaaS services (for example, Azure Storage and SQL Database) and Azure-hosted customer/partner services over a private endpoint in your virtual network. So the correct answer is D. Deploy a private endpoint for SQL1.
Reference
Microsoft Learn > Azure > Networking > Private Link > What is a private endpoint?
Question 75
Exam Question
A company implements self-service password reset (SSPR).
After a firewall upgrade at the company’s datacenter, SSPR stops working.
You need to resolve the issue.
Which two URLs must be present on the firewalls to allow SSPR to connect?
A. *.update.microsoft.com
B. *.servicebus.windows.net
C. *.passwordreset.onmicrosoft.com
D. *.svc.ms
E. *.adl.windows.com
Correct Answer
A. *.update.microsoft.com
E. *.adl.windows.com
Question 76
Exam Question
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?
A. Install an IKEv2 VPN client on the user’s computers.
B. Reissue the client certificate with server authentication enabled.
C. Create a profile manually, add the server FQDN and reissue the client certificate.
D. Reissue the client certificate with client authentication enabled.
Correct Answer
C. Create a profile manually, add the server FQDN and reissue the client certificate.
Question 77
Exam Question
A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.
The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.
You need to determine if ICMP connectivity to VM1 is allow on FW1.
What should you do?
A. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.
B. Use the ping command targeting the IP address of VM1 and review the command’s response.
C. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
D. Use the ping command targeting the fully qualified domain name of VM1 and review the command’s response.
Correct Answer
B. Use the ping command targeting the IP address of VM1 and review the command’s response.
Explanation
According to Microsoft, the ICMP protocol is not permitted through the Azure load balancer. To test connectivity, Microsoft recommends that you do a port ping. While Ping.exe uses ICMP, you can use other tools, such as PSPing, Nmap, and telnet, to test connectivity to a specific TCP port1.
Question 78
Exam Question
A company has on-premises application server that runs in System Center Virtual Machine Manager (SCVMM).
The company configures Azure Site Recovery.
An administrator at the company reports that they receive an error message.
The error message indicates that there are replication issues.
You need to troubleshoot the issue.
Which log should you review?
A. Network Security Group flow log
B. Network Watcher diagnostic log
C. SCVMM debug log
D. Azure Monitor log
Correct Answer
A. Network Security Group flow log
Question 79
Exam Question
HOTSPOT (Drag & Drop is not supported)
A company uses Azure Active Directory (Azure AD) with Azure role-based access control (RBAC) for access to resources.
Some users report that they are unable to grant RBAC roles to other users. You need to troubleshoot the issue.
How should you complete the Azure Monitor query?
Correct Answer
Question 80
Exam Question
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication.
A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine:
A certificate could not be found
You need to resolve the issue.
Which three actions should you perform?
A. Configure an Azure Active Directory (Azure AD) tenant.
B. Install a client certificate on the VPN gateway.
C. Generate a client certificate.
D. Enable Azure AD authentication on the gateway
E. Install a root certificate on the user’s device.
F. Generate a root certificate.
G. Install a client certificate on the user’s device.
Correct Answer
A. Configure an Azure Active Directory (Azure AD) tenant.
D. Enable Azure AD authentication on the gateway
F. Generate a root certificate.