• Home
  • Articles
  • [May-2024] Get 100% Real Free Microsoft Certified: Azure Support Engineer for Connectivity Specialty AZ-720 Sample Questions [Q71-Q90]

[May-2024] Get 100% Real Free Microsoft Certified: Azure Support Engineer for Connectivity Specialty AZ-720 Sample Questions [Q71-Q90]

Share

[May-2024] Get 100% Real Free Microsoft Certified: Azure Support Engineer for Connectivity Specialty AZ-720 Sample Questions

Accurate AZ-720 Questions with Free and Fast Updates


The Microsoft AZ-720 exam focuses on troubleshooting connectivity issues with Azure Load Balancers. Candidates will need to have a good understanding of load balancing concepts and be able to identify and resolve issues with load balancing rules, health probes, and backend pools.

 

NEW QUESTION # 71
You need to troubleshoot the Azure Key Vault issues.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 72
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured.
The company reports that the endpoint is unable to connect to the service.
You need to resolve the connectivity issue.
What should you do?

  • A. Validate the VPN device.
  • B. Disable the endpoint network policies.
  • C. Approve the connection state.
  • D. Disable the service network policies.

Answer: C

Explanation:
To resolve the connectivity issue, you should approve the connection state. According to 1, Azure Private Link service requires manual approval of connection requests from private endpoints by default. You can approve or reject a connection request by using PowerShell cmdlets or Azure portal.


NEW QUESTION # 73
A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a
site-to-site VPN connection.
The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure
Virtual Network gateway.
You need to troubleshoot the issue by reviewing the logs.
Which log should you analyze?

  • A. P2SDiagnosticLog
  • B. GatewayDiagnosticLog
  • C. IKEDiagnosticLog
  • D. RouteDiagnosticLog

Answer: C


NEW QUESTION # 74
A company has two virtual networks (VNets) that reside in the same Azure region.
An administrator reports that virtual machines (VMs) in each VNet are unable to connect to VMs in the other VNet.
You need to configure a connection between the two networks that maximizes throughput and minimizes latency.
What should you do?

  • A. Configure virtual network peering.
  • B. Create a site-to-site VPN connection.
  • C. Create a point-to-site VPN connection.
  • D. Configure a VPN gateway.

Answer: A

Explanation:
To configure a connection between two virtual networks (VNets) that reside in the same Azure region that maximizes throughput and minimizes latency, you should configure virtual network peering. Therefore, option C is correct. You should configure virtual network peering.


NEW QUESTION # 75
A company has virtual machines (VMs) in the following Azure regions:
West Central US
Australia East
The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-premises services.
The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM traffic attempts to use ExpressRoute private peering.
You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must preserve existing on-premises connectivity to Azure VNets.
What should you do?

  • A. Add a second VNet to the virtual machines and configure VNet peering between the VNets.
  • B. Disable the ExpressRoute peering connections for one of the regions.
  • C. Add a user-defined route to the subnets route table.
  • D. Add a filter to the on-premises routers.

Answer: C

Explanation:
To ensure that traffic uses global VNet peering instead of ExpressRoute private peering, you should add a user-defined route to the subnets route table. According to 2, global VNet peering allows virtual networks across regions to communicate using private IP addresses as if they were in the same region. However, if there is an existing ExpressRoute private peering between two regions that also have global VNet peering enabled, traffic will prefer ExpressRoute over global VNet peering by default. To override this behavior and force traffic to use global VNet peering instead of ExpressRoute private peering for a specific subnet or virtual network gateway connection, you need to add a user-defined route with a next hop type of Virtual Network Peering.


NEW QUESTION # 76
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site
connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
* OpenVPN for the tunnel type.
* Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Install an IKEv2 VPN client on the user's computers.
  • B. Reissue the client certificate with client authentication enabled.
  • C. Create a profile manually, add the server FQDN and reissue the client certificate.
  • D. Reissue the client certificate with server authentication enabled.

Answer: C


NEW QUESTION # 77
A company implements Windows and Linux VMs in an Azure Virtual Network. The company plans to apply routing changes to the virtual network.
You need to determine the impact of these changes on network latency affecting applications that use TCP and UDP traffic. The solution must provide the highest level of accuracy.
Which tools should you use?

Answer:

Explanation:


NEW QUESTION # 78
You need to resolve the issue repotted by Admin2.
What should you do?

  • A. Disassociate NSG5 from NIC4.
  • B. Disassociate NSG2 from Subnet12.
  • C. Configure a second network interface on VM4.
  • D. Add a rule to N5G2 that allows outbound traffic to the internet over port 80.

Answer: A

Explanation:
To resolve the issue reported by Admin2, you need to disassociate NSG5 from NIC4, which is the network interface of VM4. NSG5 is a network security group that has an inbound security rule that denies traffic from ASG2 to ASG5 over port 80. This rule prevents Admin2 from connecting to the web server public IP address on VM4 from VM2, as VM2 is in ASG2 and VM4 is in ASG5. By disassociating NSG5 from NIC4, you can remove the rule that blocks the traffic and allow Admin2 to access the web server on VM4. Alternatively, you could also modify or remove the rule in NSG5, but disassociating NSG5 from NIC4 is simpler and more effective.


NEW QUESTION # 79
A company has a pay-as-you-go subscription named Subl1.
The company has a virtual machine (VM) named VM1 in a subnet named Subnet1.
You create the following network security group (NSG) named NSG1 and associate it with Subnet1.

You observe that an application on VM1 is unable to send email to recipient outside the company You need to resolve the issue.
What should you do?

  • A. Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.
  • B. Configure the protocol for the NSG1 rule with priority of 100 to TCP.
  • C. Assign NSG1 to the network interface on VM1.
  • D. Remove the NSG1 rule with a priority of 2000.
  • E. Migrate Sub1 to a cloud service provider subscription

Answer: A

Explanation:
B) Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.
The NSG1 rule with priority 100 currently allows all outbound traffic (source: any, destination: any, protocol: any). To restrict the outbound traffic to only TCP port 587, modify the rule to use the following configuration:
Name: Allow_Outbound_Email
Priority: 100
Source: Any
Destination: Any
Protocol: TCP
Source Port Range: *
Destination Port Range: 587
Action: Allow
Once you have updated the NSG1 rule, the application on VM1 should be able to send email to recipients outside the company.
Explanation:
To resolve the issue where the application on VM1 is unable to send email to recipients outside the company, you should modify the NSG1 rule with a priority of 100 to allow outbound traffic on TCP port 587. The correct answer is therefore:


NEW QUESTION # 80
A company uses Azure Site Recovery for their on-premises Hyper-V servers. The company manages servers by using System Center Virtual Machine Manager (SCVMM).
An administrator reports that replication to the secondary site has failed.
You need to inspect the SCVMM logs and configuration files.

Answer:

Explanation:


NEW QUESTION # 81
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
What should you do?

  • A. Create a new manual backup in Backup center.
  • B. Configure the retention range of the current backup policy for the VM.
  • C. Install the VM guest agent with administrative permissions.
  • D. Run chkdsk on the VM.
  • E. Enable replication and create a recovery plan for the backup vault.

Answer: C

Explanation:
According to Microsoft Azure's troubleshooting documentation, one of the steps to troubleshoot backup failures on Azure virtual machines is to check the Azure VM Guest Agent service health. You should ensure that the Azure VM Guest Agent service is started and up-to-date 1. On a Windows VM, you can navigate to services.msc and ensure that the Windows Azure VM Guest Agent service is up and running. Also, ensure that the latest version is installed 2


NEW QUESTION # 82
A company deploys a new application and places the application behind an Azure Application Gateway Web Application Firewall (WAF).
A user with client IP 203.0.113.26 reports that they cannot access the application.
You need to troubleshoot the issue.
How should you complete the query?

Answer:

Explanation:


NEW QUESTION # 83
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Reissue the client certificate with client authentication enabled.
  • B. Install an IKEv2 VPN client on the user's computers.
  • C. Configure preshared key for authentication on the VPN profile.
  • D. Reissue the client certificate with server authentication enabled.

Answer: A

Explanation:
According to 1, when using certificate authentication for P2S VPN, you need to generate a root certificate and then install a client certificate on each device that connects to the VPN gateway. The client certificate must have client authentication as one of its purposes.
If you use a self-signed certificate, you can use PowerShell commands to create a root certificate and a client certificate with the correct settings. For more information, see 1.


NEW QUESTION # 84
A company deploys the Azure Application Gateway Web Application Firewall (WAF) to protect their web
applications.
Users in a remote office location report the following issues:
* Unable to access part of a web application.
* Part of the web application is failing to load.
* Parts of the web application has activities that are not performing as expected.
You need to troubleshoot the issue.
Which diagnostic log should you review?

  • A. Access
  • B. Firewall
  • C. Azure Activity
  • D. Performance

Answer: C


NEW QUESTION # 85
A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).
A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:
Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.
You need to help the user complete the MFA setup.
What should you do?

  • A. Instruct the user to complete the setup process within 10 minutes.
  • B. From the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.
  • C. From the Azure AD portal, reset the user's password.
  • D. Instruct the user to clear their web browser cache.
  • E. Instruct the user to enter the correct verification code.

Answer: A

Explanation:
this error can occur when there are issues with cookies or cached data in the web browser. To resolve this issue, you can instruct the user to clear their web browser cache and try again.


NEW QUESTION # 86
You need to resolve the Azure virtual machine (VM) deployment issues.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 87
A company creates an Azure resource group named RG1. RG1 has an Azure SQL Database logical server named sqlsvr1 that hosts the following resources:

An administrator grants a user named User1 the Reader RBAC role in RG1. The administrator grants User2 the Contributor role in sqlsvr1.
User1 reports that they can connect to SQLDB1 from the IP address 155.127.95.212. User1 cannot connect to SQLDB2. User2 can connect to both SQLDB1 and SQLDB2 from the IP address 121.19.27.18. Both users can successfully connect to SQLDB1 and SQLDB2 from VM1.
You are helping the administrator troubleshoot the issue. You run the following PowerShell command:
Get-AzSqlServerFirewallRule -ResourceGroupName 'RG1' -ServerName 'sqlsvr1' The following output displays:

You need to identify the cause for the reported issue and resolve User1's issues. The solution must satisfy the principle of least privilege.
What should you do?

Answer:

Explanation:


NEW QUESTION # 88
A company uses Azure virtual machines (VMs) in multiple regions. The VMs have the following configuration:

The backend pool of an internal Azure Load Balancer (ILB) named ILB1 contains VM1 and VM2. The ILB uses the Basic SKU and is in a resource group RG2.
Virtual network peering has been configured between VNet1 and VNet2.
Users report that they are unable to connect to resources on VM1 and VM2 by using ILB1 from VM3.
You need to resolve the connectivity issues.
What should you do?

  • A. Redeploy the ILB using the Standard SKU.
  • B. Move ILB1 to RG1.
  • C. Redeploy VM1 and VM2 into availability zones.
  • D. Move VM1 and VM2 into RG3.

Answer: C


NEW QUESTION # 89
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication.
A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine:
A certificate could not be found
You need to resolve the issue.
Which three actions should you perform?

  • A. Install a client certificate on the VPN gateway.
  • B. Generate a client certificate.
  • C. Install a root certificate on the user's device.
  • D. Configure an Azure Active Directory (Azure AD) tenant.
  • E. Enable Azure AD authentication on the gateway
  • F. Generate a root certificate.
  • G. Install a client certificate on the user's device.

Answer: B,C,G

Explanation:
To resolve the issue where a user reports an error message stating "A certificate could not be found" when trying to connect to an Azure point-to-site VPN that uses certificate-based authentication, you should perform the following three actions: B. Install a root certificate on the user's device. F. Generate a client certificate. G. Install a client certificate on the user's device.
Azure point-to-site VPNs that use certificate-based authentication require both a root certificate and a client certificate to be installed on the user's device. The root certificate is used to validate the identity of the VPN gateway, while the client certificate is used to authenticate the user. If either of these certificates is missing or invalid, the user will not be able to connect to the VPN and may receive an error message stating that a certificate could not be found.


NEW QUESTION # 90
......

AZ-720 Study Guide Realistic Verified Dumps: https://lead2pass.examdumpsvce.com/AZ-720-valid-exam-dumps.html

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

ExamDumpsVCE not only provides professional valid VCE files but also golden customer service. 99.54% passing rate will help most users pass exams easily if users pay highly attention on our stable dumps VCE and reliable exam dumps.

Latest Exams

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamDumpsVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy