• Home
  • Articles
  • [Jul 19, 2023] New Updated AZ-720 Exam Questions 2023 [Q39-Q55]

[Jul 19, 2023] New Updated AZ-720 Exam Questions 2023 [Q39-Q55]

Share

[Jul 19, 2023] New Updated AZ-720 Exam Questions 2023

Updated Free Microsoft AZ-720 Test Engine Questions with 104 Q&As

NEW QUESTION # 39
A company has on-premises application server that runs in System Center Virtual Machine Manager
(SCVMM). The company configures Azure Site Recovery.
An administrator at the company reports that they receive an error message. The error message indicates that
there are replication issues.
You need to troubleshoot the issue.
Which log should you review?

  • A. Azure Monitor log
  • B. Network Watcher diagnostic log
  • C. Network Security Group flow log
  • D. SCVMM debug log

Answer: C


NEW QUESTION # 40
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?

Answer:

Explanation:


NEW QUESTION # 41
A company uses an Azure VPN gateway with an IP address of 203.0.113.20.
Users report that the VPN connection frequently drops.
You need to determine when each connection failure occurred.
How should you complete the Azure Monitor query?

Answer:

Explanation:


NEW QUESTION # 42
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The administrator does not have the SecurityReader role.
  • B. The administrator is using the Microsoft Defender for Cloud free tier.
  • C. The VMs were recently provisioned by using an Azure Resource Manager deployment.
  • D. The VMs were provisioned by using a classic deployment.

Answer: D

Explanation:
The Unsupported tab on the Just-in-Time VM access page in the Microsoft Defender for Cloud portal indicates that the VMs were provisioned by using a classic deployment Classic deployments were used in Azure before the deployment model was updated to Azure Resource Manager, which is now the preferred model for deploying and managing resources in Azure.


NEW QUESTION # 43
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Reissue the client certificate with client authentication enabled.
  • B. Install an IKEv2 VPN client on the user's computers.
  • C. Reissue the client certificate with server authentication enabled.
  • D. Configure preshared key for authentication on the VPN profile.

Answer: A

Explanation:
According to 1, when using certificate authentication for P2S VPN, you need to generate a root certificate and then install a client certificate on each device that connects to the VPN gateway. The client certificate must have client authentication as one of its purposes.
If you use a self-signed certificate, you can use PowerShell commands to create a root certificate and a client certificate with the correct settings. For more information, see 1.


NEW QUESTION # 44
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
AzureFirewallApplicationRule
AzureFirewallNetworkRule
AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 45
A company uses Azure Site Recovery (ASR) for a VMware environment that includes the following virtual
machines (VMs):

The company reports that they are unable to configure all of the servers for replication.
You need to evaluate the servers and server roles to determine which servers can be protected.
Which server can you protect by using ASR?

  • A. VM1
  • B. VM4
  • C. VM3
  • D. VM2

Answer: C


NEW QUESTION # 46
A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a site-to-site VPN connection.
The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure Virtual Network gateway.
You need to troubleshoot the issue by reviewing the logs.
Which log should you analyze?

  • A. P2SDiagnosticLog
  • B. GatewayDiagnosticLog
  • C. IKEDiagnosticLog
  • D. RouteDiagnosticLog

Answer: C


NEW QUESTION # 47
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.
  • B. Install a Secure Socket Tunneling Protocol (SSTP) VPN client on the user's computers.
  • C. Configure preshared key for authentication on the VPN profile.
  • D. Create a profile manually, add the server FQDN and reissue the client certificate.

Answer: D


NEW QUESTION # 48
A company manages a solution that uses Azure Functions.
A function returns the following error: Azure Function Runtime is unreachable.
You need to troubleshoot the issue.
What are two possible causes of the issue?

  • A. The company did not configure a timer trigger.
  • B. The execution quota is full.
  • C. The storage account application settings were deleted.
  • D. The storage account for the function was deleted.
  • E. The function key was deleted.

Answer: A,C


NEW QUESTION # 49
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Reissue the client certificate with client authentication enabled.
  • B. Install an IKEv2 VPN client on the user's computers.
  • C. Configure preshared key for authentication on the VPN profile.
  • D. Reissue the client certificate with server authentication enabled.

Answer: D


NEW QUESTION # 50
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute
gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a
network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named
VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

  • A. Configure FlowLog1 for version 2.
  • B. Enable FlowLog1 in a network security group associated with the network interface of VM1.
  • C. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
  • D. Create the storage account for FlowLog1 as a premium block blob.

Answer: A


NEW QUESTION # 51
You create an Azure Traffic Manager profile with five endpoints Each endpoint is a web app running in an Azure virtual machine (VM).
You observe that one of the endpoints has a degraded status. You plan to verify whether the endpoint is responding to the Traffic Manager health probe with a valid status code.
You need to identify the PowerShell comdlet to use and the status code that the cmdlet should return.
Which value should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 52
A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.
The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.
You need to determine if ICMP connectivity to VM1 is allow on FW1.
What should you do?

  • A. Use the ping command targeting the IP address of VM1 and review the command's response.
  • B. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
  • C. Use the ping command targeting the fully qualified domain name of VM1 and review the command's response.
  • D. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.

Answer: A


NEW QUESTION # 53
A company implements self-service password reset (SSPR).
After a firewall upgrade at the company's datacenter, SSPR stops working.
You need to resolve the issue.
Which two URLs must be present on the firewalls to allow SSPR to connect?

  • A. *.servicebus.windows.net
  • B. *.passwordreset. microsoftonline.com
  • C. *.adl.windows.com
  • D. *.svc.ms
  • E. *.update.microsoft.com

Answer: B,D

Explanation:
Self-service password reset (SSPR) is a feature in Azure Active Directory (Azure AD) that allows users to reset their passwords on their own. To ensure that SSPR works correctly, certain URLs must be accessible from the user's network. These URLs include *.passwordreset.microsoftonline.com and *.svc.ms, which are used for SSPR authentication and service communications.


NEW QUESTION # 54
A company uses Azure Backup Agent to back up specific files and folders from an on-premises virtual machine (VM).
An administrator reports that the backup job is transferring files slowly. You determine that the backup job is verifying changes in directories by scanning the entire volume.
You need to determine the state of the backup job.
In which state will the backups occur?

Answer:

Explanation:


NEW QUESTION # 55
......

Try 100% Updated AZ-720 Exam Questions [2023]: https://2cram.actualtestsit.com/Microsoft/AZ-720-exam-prep-dumps.html

Related Articles

more
Microsoft AZ-720 Certification Practice Exam