• Home
  • Articles
  • Pass AZ-720 Exam - Real Test Engine PDF with 121 Questions [Q49-Q72]

Pass AZ-720 Exam - Real Test Engine PDF with 121 Questions [Q49-Q72]

Share

Pass AZ-720 Exam - Real Test Engine PDF with 121 Questions

Get New AZ-720 Certification Practice Test Questions Exam Dumps

NEW QUESTION # 49
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. VNetGW1 has exceeded the subnet Security Association pairs.
  • B. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
  • C. The partner's VPN device and VNetGW1 are configured using the same shared key.
  • D. The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.

Answer: C


NEW QUESTION # 50
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to
synchronize users from an Active Directory Domain Services (AD DS).
The synchronization of a user object is failing.
You need to troubleshoot the failing synchronization by using a built-in Azure AD Connect troubleshooting
task.
Which two pieces of information should you collect before you start troubleshooting?

  • A. AD connector name
  • B. Object globally unique identifier
  • C. Object distinguished name
  • D. Azure AD connector name
  • E. Object common name

Answer: B,D


NEW QUESTION # 51
You need to resolve the problem reported by User2.
What should you do?

  • A. Enable all users for the self-service password reset feature.
  • B. Assign an Azure AD Premium Pi license to User2
  • C. Identify and resolve the misconfigured directory information for User2.
  • D. Enable the warehouse group for the self-service password reset feature.
  • E. Instruct User2 to wait 24 hours and try again.

Answer: B

Explanation:
To resolve the problem reported by User2, you need to assign an Azure AD Premium P1 license to User2. User2 is a member of the warehouse group, which is enabled for the self-service password reset (SSPR) feature. However, User2 cannot register for SSPR because they do not have a valid license that supports SSPR. To use SSPR, a user must have one of the following licenses: Azure AD Premium P1, Azure AD Premium P2, Enterprise Mobility + Security (EMS) E3 or EMS E5. By assigning an Azure AD Premium P1 license to User2, you can enable them to use the SSPR feature and reset their password without contacting the helpdesk


NEW QUESTION # 52
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment,
an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
* AzureFirewallApplicationRule
* AzureFirewallNetworkRule
* AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 53
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The administrator does not have the SecurityReader role.
  • B. The administrator is using the Microsoft Defender for Cloud free tier.
  • C. The client firewall does not allow port 3389 on the VMs.
  • D. A network security group is not associated with the VMs.

Answer: D


NEW QUESTION # 54
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize objects from their Active Directory Domain Services (AD DS) domain.
You observe that AD DS objects are not synchronizing to Azure AD.
You need to verify that the staging mode is enabled.
What should you do?

  • A. Review the history for the Azure AD Connect sync scheduled task.
  • B. Review the triggers for the Azure AD Connect sync scheduled task.
  • C. Run this PowerShell cmdlet: Get-ADSyncConnetorRunStatus
  • D. Run this PowerShell cmdlet: Get-ADSyncScheduler

Answer: D

Explanation:
Azure AD Connect has a staging mode feature that allows you to install multiple sync servers for high availability or disaster recovery purposes. When staging mode is enabled on a sync server, it doesn't export any changes to Azure AD or your on-premises AD DS environment.
To verify that staging mode is enabled on a sync server, you can run the Get-ADSyncScheduler PowerShell cmdlet and check the value of StagingModeEnabled property. If it is True, then staging mode is enabled and no synchronization will occur.


NEW QUESTION # 55
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
AzureFirewallApplicationRule
AzureFirewallNetworkRule
AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 56
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
* A virtual machine named VM1.
* A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Instruct Admin1 to create an application security group.
2 - Instruct Admin1 to associate an application security group with NIC1..
3 - Instruct Admin1 to create a network security group.


NEW QUESTION # 57
A company attempts to implement just-in-time (JIT) access for a virtual machine (VM) named VM1.
The company reports that they are unable to complete the process.
You need to implement JIT access and test the deployment.
Which PowerShell cmdlets should you run?

Answer:

Explanation:


NEW QUESTION # 58
You need to troubleshoot the issue with SRV2.
Which PowerShell cmdlet should you run?

  • A. Get-MsolDomamFederationSettings
  • B. Confirm-MsolDomain
  • C. Get-MsolServicePrincipalCredential
  • D. Get-Mousers
  • E. Get-MsolDomamVerificationDns

Answer: C

Explanation:
To troubleshoot the issue with SRV2, you need to run the Get-MsolServicePrincipalCredential PowerShell cmdlet, which returns the credentials that are associated with a service principal in Azure AD. The service principal is an identity that represents an application or a service that interacts with Azure AD. In this case, the service principal is used by the NPS extension for Azure AD MFA to communicate with Azure AD and perform MFA requests. The credentials of the service principal include a certificate and a key that are used to authenticate the service principal to Azure AD. If the credentials are expired or invalid, the MFA requests will fail with a security token error. To resolve this issue, you need to renew the credentials of the service principal by using the New-MsolServicePrincipalCredential cmdlet.


NEW QUESTION # 59
A company uses an Azure blob container.
The IT department has a service-level agreement (SLA) that requests on average cannot exceed 20 milliseconds.
You need to implement a log analytics query to generate the SLA report.
How should you complete the query?

Answer:

Explanation:


NEW QUESTION # 60
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Enable replication and create a recovery plan for the backup vault.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Topic 2, Contoso Ltd,
Background
Contoso, Ltd. is a financial services company based in Boston. MA, United States. Contoso hires you to manage their Azure environment and resolve several operational issues.
General
Contoso's Azure environment contains the following resources. All resources are associated with the same subscription and are located in the East US region. Users connect to resources from Windows 10 computers by using the built-in SSTP VPN software.

Recent changes
The company implements the following changes:
Extend the IP address space of VNet1 and create subnets in the new IP address space.
Allow users with computers that run the current version of MacOS to use the built-in VPN client for connecting to the point-to-site VPN.
Enable a service endpoint on contosostoragel to provide direct access to the storage content from all Configure all business critical VM workloads to use encryption keys stored in all five key vaults.
Enable a private endpoint on CosmbsDBT to provide direct access to its content from VNetl.
Develop an automated process to deploy Azure VMs by using A2ure Bicep. The passwords for the local administrator accounts are stored in the key vaults. You grant the team that initiates the deployment the Reader RBAC role to all key vaults.
Deploy a multi-tier SharePoint Server environment into a subnet in VNet2. You implement network security groups (NSGs) to allow only specific ports between tiers in the subnet. You configure NSGs to use application security groups (ASGs) when designating the source and destination of cross-tier traffic.
Deploy a secondary multi-tier SharePoint Server environment into a subnet in VNet3.
Requirements
General Requirements
You must adhere to the principle of least privilege when granting access to resources.
Reverse DNS lookup
You must identify the reason for the differences between reverse DNS lookup results in the hub and the spoke networks and recommend a solution that provides the reverse DNS lookup in the format [vmnameJ.contoso.com for all three virtual networks.
Public DNS lookup
You must verify that the Azure public DNS rone is currently used to resolve DNS name requests for www.contoso.com and recommend.a solution that uses the Azure public DNS zone.
Windows VPN
You must verify if VPN client connectivity issues are related to routing and recommend a solution.
MacOS VPN
You must verify if Remote ID and local ID VPN client settings on the MAcOS devices are properly configured.
Azure Storage connectivity
You must resolve the issues with the SMB-mounts from VNet2 and VNet3 as well as ensure that on- premises connections to contosostorage are successful. Your solution must ensure that, whenever possible, network traffic does not traverse public internet.
Cosmos DB connectivity
You must verify if on-premises connections to ContosoDB1 are using the CosmosDB1 public endpoint. You need to recommend a solution if connections are not using private endpoints.
DNS issues
Reverse DNS lookups from VNetl return two records. One DNS record is in the format [vmname].contoso.com and the other DNS record is in the format [vmname].internal.cloudapp.net. Reverse DNS lookups from VNet2 and VNet3 return DNS names in the format
[vmname].internal.cloudapp.net.
VMs on each virtual network can only resolve reverse DNS lookup names of VMs on the same virtual network.
Public DNS lookup
You are notified that name resolution requests for www,contoso.com are using the DNS zone hosted by the DNS registrar where the zone was originally created.
Connectivity and routing issues
Window VPN
Windows VPN clients cannot connect to Azure VMs on the subnets recently added to VNet1.
Sales department VPN.
The sales department users connect by using the MacOs VPN client.
Azure Storage Connectivity
Server Message Block (SMB)-mount from VMs on VNet2 and VNet3 to file shares In contosostorage1 are failing Azure Storage Explorer connection using access keys from on-premses computer to contosostorage1 are failing Cosmos DB connectivity You observe that connections to ConsomosDB1 from the on-premises environment are using the CosmosDB1 public endpoint. However connections to CosmosDB1 from the on-premises environment should be using the private endpoint. You verify that connections to CosmosDB1 from VNet1 are using the private endpoint.
Azure Key vault
Access attempts to Azure Key vault oy VM workloads intermittently fail with the HTTP response code 429. You must identify the reason for the failures and recommend a solution.
SharePoint
SharePoint In VNet2
SharePoint traffic between tiers is blocked by NSGs which is causing application failures. You need to identify the NSG rules that are blocking traffic. You also need to collect the data that is blocked by the NSG rules. The solution must minimize administrative effort.
SharePoint in VNet3.
ASGs used in the NSG rules associated with the VNet2 subnet are not visible when configuring NSG rules in VNet3. You need to create NSG rules for VNet3 with the same name, source and destination settings that are configured for the NSG associated with VNet2. The solution must minimize administrative effort.
Permission issues
Azure Biccp
You must identify the minimum privileges required to provision Azure VMs using Azure Bicep.
Data engineering team
You must identify the role-based access control (RBAQ roles required by the data engineering team to access the storage account by using Azure portal. The team requires minimum permissions to backup and restore blobs in contosostorage1. The Contoso data engineering tearn.js unable to view the contosostorage1 account in the Azure portal.
Azure VM deployment
Azure VM deployments that uses Azure Bicep are failing with an authorization error. The error indicates three are insufficient access permissions retrieve password of the local administrator account in the key vault.
VM1 and VM2
RT12 must be configured to route internal traffic from VM1 through VM2. You observe that internet traffic from VM1 is routed directly to the internet.
VM2
You configure VM2 to route internet traffic from VM1. After configuring RT12 to route internet traffic from VM1 through VM2, traffic reaches VM2 but then it is dropped. You that routing for VM2 is configured correctly.


NEW QUESTION # 61
A company uses Azure Backup Agent to back up specific files and folders from an on-premises virtual machine (VM).
An administrator reports that the backup job is transferring files slowly. You determine that the backup job is verifying changes in directories by scanning the entire volume.
You need to determine the state of the backup job.
In which state will the backups occur?

Answer:

Explanation:


NEW QUESTION # 62
A company plans to implement ExpressRoute by using the provider connectivity model.
The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit.
You need to determine the provisioning state of the service provider.
Which PowerShell cmdlet should you run?

  • A. Get-AzExpressRouteCircuitARPTable
  • B. Get-AzExpressRouteCircuitConnectionConfig
  • C. Get-AzExpressRouteCircuitPeeringConfig
  • D. Get-AzExpressRouteCircuitRouteTable
  • E. Get-AzExpressRouteCircuit

Answer: B


NEW QUESTION # 63
A company uses Azure Site Recovery for an on-premises server.
The company reports that replication of the server to Azure has failed.
You need to inspect the logs on the server to troubleshoot the issue.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 64
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
What should you do?

  • A. Create a new manual backup in Backup center.
  • B. Configure the retention range of the current backup policy for the VM.
  • C. Enable replication and create a recovery plan for the backup vault.
  • D. Run chkdsk on the VM.
  • E. Install the VM guest agent with administrative permissions.

Answer: E


NEW QUESTION # 65
You need to resolve the VM2 routing issue.
What should you do?

  • A. Modify the IP configuration setting of the Azure network interface resource of VM1.
  • B. Modify the IP configuration setting of the Azure network interface resource of VM2.
  • C. Add a network interface to VM1.
  • D. Add a network interface to VM2.

Answer: B

Explanation:
To resolve the VM2 routing issue, you should modify the IP configuration setting of the Azure network interface resource of VM2. This will ensure that VM2 can communicate with other resources in the virtual network.
Troubleshooting connectivity problems between Azure VMs involves several steps such as checking whether NIC is misconfigured, whether network traffic is blocked by NSG or UDR, whether network traffic is blocked by VM firewall, whether VM app or service is listening on the port and whether the problem is caused by SNAT1.


NEW QUESTION # 66
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Configure subnet delegation.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 67
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback could not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
What should you do?

  • A. Configure Azure AD Connect using a global administrator account that is not federated.
  • B. Restart the Azure AD Connect service.
  • C. Disable password writeback and then enable password writeback using the Azure AD Connect configuration.
  • D. Configure Azure AD Connect using a global administrator account with a password that is less than 256 characters.

Answer: D


NEW QUESTION # 68
A company has an Azure Active Directory (Azure AD) tenant. You are assigned the Owner role-based access control (RBAC) role of an Azure resource group named RG1.
An administrator grants a user named User1 the Contributor RBAC role for RG1. User1 receives an authorization error when attempting to create a Cosmos DB account in RG1.
The administrator verifies that they can create a Cosmos DB account in RG1.
You need to troubleshoot the issue.
What should you do?

Answer:

Explanation:


NEW QUESTION # 69
A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).
A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:
Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.
You need to help the user complete the MFA setup.
What should you do?

  • A. Instruct the user to enter the correct verification code.
  • B. Instruct the user to complete the setup process within 10 minutes.
  • C. Instruct the user to clear their web browser cache.
  • D. From the Azure AD portal, reset the user's password.
  • E. From the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.

Answer: B

Explanation:
this error can occur when there are issues with cookies or cached data in the web browser. To resolve this issue, you can instruct the user to clear their web browser cache and try again.


NEW QUESTION # 70
You need to troubleshoot the issues reported by Agent1.
What should you review? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 71
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The administrator does not have the SecurityReader role.
  • B. The administrator is using the Microsoft Defender for Cloud free tier.
  • C. The VMs were recently provisioned by using an Azure Resource Manager deployment.
  • D. The VMs were provisioned by using a classic deployment.

Answer: D


NEW QUESTION # 72
......

AZ-720 Exam Dumps - PDF Questions and Testing Engine: https://evedumps.testkingpass.com/AZ-720-testking-dumps.html

Related Articles

more
Microsoft AZ-720 Certification Practice Exam