The latest Troubleshooting Microsoft Azure Connectivity AZ-720 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Troubleshooting Microsoft Azure Connectivity AZ-720 exam and earn Troubleshooting Microsoft Azure Connectivity AZ-720 certification.
Table of Contents
- Question 81
- Exam Question
- Correct Answer
- Question 82
- Exam Question
- Correct Answer
- Question 83
- Exam Question
- Correct Answer
- Question 84
- Exam Question
- Correct Answer
- Question 85
- Exam Question
- Correct Answer
- Question 86
- Exam Question
- Correct Answer
- Question 87
- Exam Question
- Correct Answer
- Question 88
- Exam Question
- Correct Answer
- Explanation
- Question 89
- Exam Question
- Correct Answer
- Question 90
- Exam Question
- Correct Answer
Question 81
Exam Question
HOTSPOT (Drag & Drop is not supported)
A company is deploying Azure Bastion to provide secure clientless access to its Azure VMs. The company configures a network security group named NSG1.
During deployment, the following error displays: Network security group NSG1 does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet.
You need to fix the inbound rules for NSG1. How should you complete the configuration?
Correct Answer
Question 82
Exam Question
A company uses an Azure blob container.
The IT department has a service-level agreement (SLA) that requests on average cannot exceed 20 milliseconds.
You need to implement a log analytics query to generate the SLA report.
How should you complete the query?
Correct Answer
Question 83
Exam Question
HOTSPOT (Drag & Drop is not supported)
A company deploys a new application and places the application behind an Azure Application Gateway Web Application Firewall (WAF).
A user with client IP 203.0.113.26 reports that they cannot access the application. You need to troubleshoot the issue.
How should you complete the query?
Correct Answer
Question 84
Exam Question
A company configures an Azure site-to-site VPN between an on-premises network and an Azure virtual
network.
The company reports that after completing the configuration, the VPN connection cannot be established.
You need to troubleshoot the connection issue.
What should you do first?
A. Verify the AzureClient.pfx file exists.
B. Identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionSharedKey.
C. Identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript.
D. Verify the AzureRoot.cer file exists.
Correct Answer
C. Identify the shared key by running this PowerShell cmdlet:
Get-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript.
Question 85
Exam Question
HOTSPOT (Drag & Drop is not supported)
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company’s infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
- Azure Firewall Application Rule
- Azure Firewall Network Rule Azure FirewallDns Proxy
How should you complete the PowerShell cmdlet?
Correct Answer
Question 86
Exam Question
A company deploys a new file sharing application on four Standard_D2_v3 virtual machines (VMs) behind an Azure Load Balancer. The company implements Azure Firewall.
Users report that the application is slow during peak usage periods. An engineer reports that the peak usage for each VM is approximately 1 Gbps.
You need to implement a solution that support a minimum of 10 Gbps.
What should you do to increase the throughput?
A. Disable the Azure Firewall and implement network security groups in its place.
B. Request an increase in networking quotas.
C. Move two of the servers behind a separate load balancer and configure round robin routing in Traffic Manager.
D. Increase the size of the VM instance.
Correct Answer
C. Move two of the servers behind a separate load balancer and configure round robin routing in Traffic Manager.
Question 87
Exam Question
A company deploys the Azure Application Gateway Web Application Firewall (WAF) to protect their web applications.
Users in a remote office location report the following issues:
- Unable to access part of a web application.
- Part of the web application is failing to load.
- Parts of the web application has activities that are not performing as expected.
You need to troubleshoot the issue.
Which diagnostic log should you review?
A. Performance
B. Firewall
C. Access
D. Azure Activity
Correct Answer
D. Azure Activity
Question 88
Exam Question
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?
A. Create the storage account for FlowLog1 as a premium block blob.
B. Create the storage account for FlowLog1 as a premium page blob.
C. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.
D. Enable FlowLog1 in a network security group associated with the subnet of VM1.
Correct Answer
B. Create the storage account for FlowLog1 as a premium page blob.
Explanation
According to 1, flow logging using ExpressRoute Traffic Collector requires version 2 of flow logs. Version 1 of flow logs does not support ExpressRoute Traffic Collector. You can configure the version of flow logs when you enable them on a network security group (NSG).
According to 2, when FastPath is enabled on an ExpressRoute gateway, network traffic between your on-premises network and your virtual network bypasses the gateway and goes directly to virtual machines in the virtual network. Therefore, if you want to capture outbound flow traffic from VM1, you need to enable flow logging on an NSG associated with the subnet of VM1.
Question 89
Exam Question
A company has an Azure Active Directory (Azure AD) tenant. The company provisions an Azure Active Directory Domain Services (Azure AD DS) instance.
Users report that they are unable to sign into Azure AD DS after being provisioned from Azure AD. You verify the user accounts exist in Azure AD DS.
You need to resolve the issue.
What should you do?
A. Delete the Azure application named AzureActiveDirectoryDomainControllerServices and then enable Azure AD DS again.
B. Deploy Azure AD Connect.
C. Delete the Azure application named Azure AD Domain Services Sync and then enable Azure AD DS again.
D. Instruct the users to change their password in Azure A
Correct Answer
D. Instruct the users to change their password in Azure A
Question 90
Exam Question
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Configure subnet delegation.
Does the solution meet the goal?
A. No
B. Yes
Correct Answer
A. No