AZ-720 | All About Virtual AZ-720 Dumps Questions

NEW QUESTION 1
A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between Azure regions.
An administrator receives the following warning from ASR about a VM that uses P10 disks: Data change rate beyond supported limits
You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s.
You need to resolve the issue. What should you do?

• A. Uninstall the Volume Shadow Copy Service (VSS) Provider service.
• B. Use AzCopy to upload data to a cache storage account.
• C. Create a network service endpoint in a virtual network.
• D. Upgrade the target storage disk.

Answer: D

NEW QUESTION 2
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access. What should you conclude?

• A. The administrator is using the Microsoft Defender for Cloud free tier.
• B. The VMs were provisioned by using a classic deployment.
• C. The administrator does not have the SecurityReader role.
• D. The administrator does not have permissions to request JIT access to the VMs.

Answer: B

NEW QUESTION 3
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server.
You need to resolve the problem with the NVA. What should you do?

• A. Configure a user-defined route on the NVA subnet.
• B. Move the route server to the same VNet as the NVA.
• C. Configure a unique autonomous system number (ASN) on the NVA.
• D. Configure a public IP address on the route server.

Answer: C

NEW QUESTION 4
A company has two virtual networks (VNets) that reside in the same Azure region.
An administrator reports that virtual machines (VMs) in each VNet are unable to connect to VMs in the other VNet.
You need to configure a connection between the two networks that maximizes throughput and minimizes latency.
What should you do?

• A. Configure a VPN gateway.
• B. Create a site-to-site VPN connection.
• C. Configure virtual network peering.
• D. Create a point-to-site VPN connection.

Answer: B

NEW QUESTION 5
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Configure a route table with route propagation disabled. Does the solution meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 6
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
AzureFirewallApplicationRule
AzureFirewallNetworkRule
AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7
A company configures an Azure site-to-site VPN between an on-premises network and an Azure virtual network.
The company reports that after completing the configuration, the VPN connection cannot be established. You need to troubleshoot the connection issue.
What should you do first?

• A. Identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionSharedKey.
• B. Identify the shared key by running this PowerShell cmdlet:Get-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript.
• C. Verify the AzureRoot.cer file exists.
• D. Verify the AzureClient.pfx file exists.

Answer: B

NEW QUESTION 8
A company has an Azure Active Directory (Azure AD) tenant. You are assigned the Owner role-based access control (RBAC) role of an Azure resource group named RG1.
An administrator grants a user named User1 the Contributor RBAC role for RG1. User1 receives an authorization error when attempting to create a Cosmos DB account in RG1.
The administrator verifies that they can create a Cosmos DB account in RG1. You need to troubleshoot the issue.
What should you do?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9
A company is deploying Azure Bastion to provide secure clientless access to its Azure VMs. The company configures a network security group named NSG1.
During deployment, the following error displays: Network security group NSG1 does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet.
You need to fix the inbound rules for NSG1. How should you complete the configuration?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue.
Solution: Create a new manual backup in Backup center. Does the solution meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 11
A company uses an Azure VPN gateway to connect to their on-premises environment.
The company's on-premises VPN gateway is used by several services. One service is experiencing connectivity issues.
You need to minimize downtime for all services and resolve the connectivity issue. Which three actions should you perform?

• A. Configure the hashing algorithm to be different on both gateways.
• B. Rest the VPN gateway.
• C. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways.
• D. Rest the VPN connection.
• E. Configure the hashing algorithm to be the same on both gateways.
• F. Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.

Answer: CEF

NEW QUESTION 12
A company has an Azure Active Directory (Azure AD) tenant. The company provisions an Azure Active Directory Domain Services (Azure AD DS) instance.
Users report that they are unable to sign into Azure AD DS after being provisioned from Azure AD. You verify the user accounts exist in Azure AD DS.
You need to resolve the issue. What should you do?

• A. Delete the Azure application named AzureActiveDirectoryDomainControllerServices and then enable Azure AD DS again.
• B. Deploy Azure AD Connect.
• C. Delete the Azure application named Azure AD Domain Services Sync and then enable Azure AD DS again.
• D. Instruct the users to change their password in Azure AD.

Answer: D

NEW QUESTION 13
A company deploys Azure Bastion to connect to their virtual machine (VM) infrastructure.
An engineer attempts to connect to a Windows VM by using Remote Desktop Protocol (RDP). The connection fails.
You need to troubleshoot the issue. Which two actions should you perform?

• A. Monitor traffic with the following PowerShell cmdlet Test-AzNetworkWatcherConnectivity.
• B. Configure Azure Bastion with static assignment.
• C. Apply a network security group on the same subnet as Azure Bastion.
• D. Run the Network Watcher Connection troubleshoot service.
• E. Monitor traffic with the following PowerShell cmdlet New-AzNetworkWatcherFlowLog.

Answer: BE

NEW QUESTION 14
A company uses an Azure VPN gateway with an IP address of 203.0.113.20. Users report that the VPN connection frequently drops.
You need to determine when each connection failure occurred. How should you complete the Azure Monitor query?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet. You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1. What should you do?

• A. Configure FlowLog1 for version 2.
• B. Create the storage account for FlowLog1 as a premium block blob.
• C. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
• D. Enable FlowLog1 in a network security group associated with the network interface of VM1.

Answer: A

NEW QUESTION 16
A company has virtual machines (VMs) in the following Azure regions:
West Central US
Australia East
The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-premises services.
The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM traffic attempts to use ExpressRoute private peering.
You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must preserve existing on-premises connectivity to Azure VNets.
What should you do?

• A. Add a user-defined route to the subnets route table.
• B. Add a filter to the on-premises routers.
• C. Add a second VNet to the virtual machines and configure VNet peering between the VNets.
• D. Disable the ExpressRoute peering connections for one of the regions.

Answer: B

NEW QUESTION 17
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize objects from their Active Directory Domain Services (AD DS) domain.
You observe that AD DS objects are not synchronizing to Azure AD. You need to verify that the staging mode is enabled.
What should you do?

• A. Review the history for the Azure AD Connect sync scheduled task.
• B. Run this PowerShell cmdlet: Get-ADSyncScheduler
• C. Review the triggers for the Azure AD Connect sync scheduled task.
• D. Run this PowerShell cmdlet: Get-ADSyncConnetorRunStatus

Answer: B

NEW QUESTION 18
A company has on-premises application server that runs in System Center Virtual Machine Manager (SCVMM). The company configures Azure Site Recovery.
An administrator at the company reports that they receive an error message. The error message indicates that there are replication issues.
You need to troubleshoot the issue. Which log should you review?

• A. Network Security Group flow log
• B. Azure Monitor log
• C. Network Watcher diagnostic log
• D. SCVMM debug log

Answer: A

NEW QUESTION 19
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
• A virtual machine named VM1.
• A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 20
......