AZ-720 Online Practice Questions and Answers

HOTSPOT

A company uses an Azure Backup agent to back up specific files and folder from an Azure virtual machine (VM) and an on-premises VM.

An administrator reports that the backup job fails on both VMs. Errors are returned in Microsoft Azure Recovery Services (MARS).

You need to troubleshoot the backup issues.

Which troubleshooting solution should you use?

Hot Area:

HOTSPOT

A company uses Azure Active Directory (Azure AD) with Azure role-based access control (RBAC) for access to resources.

Some users report that they are unable to grant RBAC roles to other users.

You need to troubleshoot the issue.

How should you complete the Azure Monitor query?

Hot Area:

HOTSPOT

A company develops an Azure Cosmos DB solution. The solution has the following components:

1.

A virtual network named VNet1 in a resource group named RG1.

2.

A subnet named Subnet1 in VNet1.

3.

A Private Link service.

4.

The company is unable to configure a source IP address for the Private Link service from Subnet1.

You need to resolve the issue for Subnet1.

How should you complete the PowerShell commands?

Hot Area:

A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:

1.

OpenVPN for the tunnel type.

2.

Azure certificate for the authentication type.

Users receive a certificate mismatch error when connecting by using a VPN client.

You need to resolve the certificate mismatch error.

What should you do?

A. Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.

B. Create a profile manually, add the server FQDN and reissue the client certificate.

C. Install a Secure Socket Tunneling Protocol (SSTP) VPN client on the user's computers.

D. Configure preshared key for authentication on the VPN profile.

A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).

A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:

Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.

You need to help the user complete the MFA setup.

What should you do?

A. From the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.

B. Instruct the user to complete the setup process within 10 minutes.

C. Instruct the user to enter the correct verification code.

D. Instruct the user to clear their web browser cache.

E. From the Azure AD portal, reset the user's password.

A company connects their on-premises network by using Azure VPN Gateway. The on- premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Configure subnet delegation.

Does the solution meet the goal?

A. Yes

B. No

A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group

(NSG) with all of the subnets.

Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.

You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.

You discover that FlowLog1 is not reporting outbound flow traffic.

You need to resolve the issue with FlowLog1.

What should you do?

A. Configure FlowLog1 for version 2.

B. Create the storage account for FlowLog1 as a premium block blob.

C. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.

D. Enable FlowLog1 in a network security group associated with the network interface of VM1.

A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured.

The company reports that the endpoint is unable to connect to the service.

You need to resolve the connectivity issue.

What should you do?

A. Disable the endpoint network policies.

B. Validate the VPN device.

C. Approve the connection state.

D. Disable the service network policies.

A company connects their on-premises network by using Azure VPN Gateway. The on- premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Scale the gateway to Generation2.

Does the solution meet the goal?

A. Yes

B. No

A company has two subnet in a virtual network named VNe1m the subnet are named SubnetA and SubnetB. The company uses a site-to-site (S2) VPN in SubnetB to connect its on-premises environment to Azure. You deploy an Azure SQL Database named SQL1. You configure a service endpoint in SubnetA for Microsft.SqL

A. Configure a DNS record for the private IP address of SQL1.

B. Configure a network security group (NSG) to allow port 1433 on SubnetA

C. Configure a service endpoint on SubnetB.

D. Deploy a private endpoint for SQL1.

E. Deploy an Azure ExpressRoute circuit for VNet1.