• Home
  • Articles
  • Download Microsoft AZ-720 Mock Test Study Material [Q28-Q43]

Download Microsoft AZ-720 Mock Test Study Material [Q28-Q43]

Share

Download Microsoft AZ-720 Mock Test Study Material

AZ-720 Questions Prepare with Learning Information

NEW QUESTION # 28
You need to resolve the VM2 routing issue.
What should you do?

  • A. Modify the IP configuration setting of the Azure network interface resource of VM2.
  • B. Modify the IP configuration setting of the Azure network interface resource of VM1.
  • C. Add a network interface to VM2.
  • D. Add a network interface to VM1.

Answer: A

Explanation:
To resolve the VM2 routing issue, you should modify the IP configuration setting of the Azure network interface resource of VM2. This will ensure that VM2 can communicate with other resources in the virtual network.
Troubleshooting connectivity problems between Azure VMs involves several steps such as checking whether NIC is misconfigured, whether network traffic is blocked by NSG or UDR, whether network traffic is blocked by VM firewall, whether VM app or service is listening on the port and whether the problem is caused by SNAT1.
Fabrikam Inc. runs an online reservation service that allows agents to manage online registrations for various hotels, vacation rentals, and customers.
The company has on-premises infrastructure and services that are hosted in Azure. The on-premises infrastructure includes servers that run Active Directory Domain Services (AD DS). Azure services include virtual machines (VMs) that are in one subscription and the following environments: development, testing, and production. Each environment is located in a different virtual network (VNet).
The company has a perimeter network that supports connections to the internet. The perimeter network is also hosted in a separate VNet All of the VNets are connected by using virtual network peering.

The company's subscription contains the following Azure virtual machines (VMs):

The Web Server (IIS) role is installed on VM4 The operating system firewall for each VM allows inbound ping requests.
The company's subscription includes the following network security groups (NSGs):

NSG1, NSG2. NSG3, and NSG5 use the default inbound security rules. NSG4. NSG5. and NSG10 use the default outbound security rules. NSG4 has the following inbound security rule:

NSG10 has the following inbound security rules:

Network Policy Server (NPS) is installed on an on-premises server named SRV2. The NPS extension for Azure AD multi-factor authentication (MFA) is configured on the server as well.
The virtual network peering connections are in the following table.

You provision a virtual network gateway named VNetGW in the perimeter network. The virtual network gateway uses SKU VpnGw1 and the public IP address 16.4.4.4 The virtual network gateway will provide:
* Network routing to customer data centers using site-to-site VPN connections.
* Network routing to Azure for the scheduling agents and sales employees using a point-to-site VPN connection.
The company's site-to-site VPN connections with customers are shown in the following table.

The point-to-site VPN is configured as shown in the following table;

The company's user and group memberships are shown in the following table:

The scheduling agents, warehouse, and sales groups are members of the self-service password reset (SSPR) group named SSPR-group.
Azure AD Connect is installed on an on-premises server named SRV1. In addition;
* The server uses a pass-through authentication agent.
* The SSPR feature is enabled
* The SSPR feature is applied only to a group named SSPR-group
* The scheduling agents' internet connectivity must be blocked when connected to the point-to-site VPN.
* Sales employees must use the default VPN client on MacOS computers to connect to Azure.
* Azure AD Connect must synchronize all user accounts from AD DS to Azure AD.
* Pass-through authentication is required for all users.
* Azure AD multi-factor authentication (MFA) is requited for all users.
* All admin user accounts must be in an organizational unit (OU) named Admins.


NEW QUESTION # 29
A company has a pay-as-you-go subscription named Subl1.
The company has a virtual machine (VM) named VM1 in a subnet named Subnet1.
You create the following network security group (NSG) named NSG1 and associate it with Subnet1.

You observe that an application on VM1 is unable to send email to recipient outside the company You need to resolve the issue.
What should you do?

  • A. Migrate Sub1 to a cloud service provider subscription
  • B. Assign NSG1 to the network interface on VM1.
  • C. Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.
  • D. Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.
  • E. Configure the protocol for the NSG1 rule with priority of 100 to TCP.
  • F. Remove the NSG1 rule with a priority of 2000.

Answer: C

Explanation:
The NSG1 rule with priority 100 currently allows all outbound traffic (source: any, destination: any, protocol: any). To restrict the outbound traffic to only TCP port 587, modify the rule to use the following configuration:
Name: Allow_Outbound_Email
Priority: 100
Source: Any
Destination: Any
Protocol: TCP
Source Port Range: *
Destination Port Range: 587
Action: Allow
Once you have updated the NSG1 rule, the application on VM1 should be able to send email to recipients outside the company.
Explanation:
To resolve the issue where the application on VM1 is unable to send email to recipients outside the company, you should modify the NSG1 rule with a priority of 100 to allow outbound traffic on TCP port 587. The correct answer is therefore:


NEW QUESTION # 30
A company uses an Azure blob container.
The IT department has a service-level agreement (SLA) that requests on average cannot exceed 20 milliseconds.
You need to implement a log analytics query to generate the SLA report.
How should you complete the query?

Answer:

Explanation:


NEW QUESTION # 31
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:


NEW QUESTION # 32
A customer creates an Azure resource group named RG1 in the East US region. RG1 contains the following resources:

The customer performs the following tasks:
Create a private endpoint for sqlsrv1 in subnet2 with the private IP address of 192.168.2.100.
Create a private DNS zone named privatelink.database.windows.net by using a single A record named sqlsvr1 and the IP address 192.168.2.100.
Disable public access by using the public endpoint for sqlsvr1.
The customer reports that connections from VM1 to DB1 are failing. The solution must allow connections from VM1 to DB1 without making platform-level changes.
You need to troubleshoot and resolve the issue.
What should you do?

Answer:

Explanation:


NEW QUESTION # 33
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Scale the gateway to Generation2.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: A


NEW QUESTION # 34
A company deploys a new file sharing application on four Standard_D2_v3 virtual machines (VMs) behind an Azure Load Balancer. The company implements Azure Firewall.
Users report that the application is slow during peak usage periods. An engineer reports that the peak usage for each VM is approximately 1 Gbps.
You need to implement a solution that support a minimum of 10 Gbps.
What should you do to increase the throughput?

  • A. Increase the size of the VM instance.
  • B. Move two of the servers behind a separate load balancer and configure round robin routing in Traffic Manager.
  • C. Disable the Azure Firewall and implement network security groups in its place.
  • D. Request an increase in networking quotas.

Answer: A

Explanation:
According to the given scenario, the application deployed on four Standard_D2_v3 virtual machines behind an Azure Load Balancer is experiencing slow performance during peak usage periods It is reported that the peak usage for each VM is approximately 1 Gbps, and the goal is to increase the throughput to a minimum of 10 Gbps.
To achieve this goal, the best option is to increase the size of the VM instance. The Standard_D2_v3 virtual machine size has a maximum network bandwidth of 1 Gbps, so increasing the size of the VM instance to a higher tier, such as Standard_D8_v3 or higher, will provide more network bandwidth and improve the application's performance.
Option A, requesting an increase in networking quotas, may not be sufficient to achieve the required network bandwidth.
Option C, disabling the Azure Firewall and implementing network security groups, may not have a significant impact on the network bandwidth.
Option D, moving two of the servers behind a separate load balancer and configuring round-robin routing in Traffic Manager, may improve availability and performance but will not increase the network bandwidth.
Source: [1] https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general [2] https://docs.microsoft.com/en-us/azure/virtual-network/designing-hub-spoke-topologies#optimize-data-transfer-between-hub-and-spoke-vnets


NEW QUESTION # 35
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway.
An administrator reports that communication between applications across the VNets is failing.
You need to troubleshoot the issue.
Which two features can you use to achieve the goal?

  • A. Next hop
  • B. IP flow verify
  • C. AzureNetworkWatchExtension
  • D. Network Watcher topology
  • E. NSG flow logs

Answer: A,B


NEW QUESTION # 36
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks
(VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity
after it advertises the default route to the route server.
You need to resolve the problem with the NVA.
What should you do?

  • A. Configure a unique autonomous system number (ASN) on the NVA.
  • B. Configure a public IP address on the route server.
  • C. Configure a user-defined route on the NVA subnet.
  • D. Move the route server to the same VNet as the NVA.

Answer: A


NEW QUESTION # 37
A company deploys Azure Bastion to connect to their virtual machine (VM) infrastructure.
An engineer attempts to connect to a Windows VM by using Remote Desktop Protocol (RDP). The connection fails.
You need to troubleshoot the issue.
Which two actions should you perform?

  • A. Run the Network Watcher Connection troubleshoot service.
  • B. Monitor traffic with the following PowerShell cmdlet Test-AzNetworkWatcherConnectivity.
  • C. Monitor traffic with the following PowerShell cmdlet New-AzNetworkWatcherFlowLog.
  • D. Configure Azure Bastion with static assignment.
  • E. Apply a network security group on the same subnet as Azure Bastion.

Answer: C,D


NEW QUESTION # 38
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment
includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Configure a route table with route propagation disabled.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 39
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The client firewall does not allow port 3389 on the VMs.
  • B. A network security group is not associated with the VMs.
  • C. The administrator does not have the SecurityReader role.
  • D. The administrator is using the Microsoft Defender for Cloud free tier.

Answer: B


NEW QUESTION # 40
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to
sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?

  • A. Install a kernel name that ends with -azure.
  • B. Redeploy the VM with Accelerated Networking enabled.
  • C. Increase the TCP buffers and window size kernel parameters.
  • D. Configure the network interfaces to 1000 Mbps/full duplex.

Answer: D


NEW QUESTION # 41
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard
SKU. You configure FW1 using classic firewall rules.
The company creates an application rule collection with the following settings:
Priority: 100
Action: Deny
Rule type: FQDN
Source type: IP address
Source: *
Protocol: http:80,https:443
Target FQDN: *.cloud.contoso.com
An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1.
You need to determine why the traffic is allowed.
What should you review?

  • A. Network rules
  • B. Web categories
  • C. Infrastructure rules
  • D. Application rules

Answer: C


NEW QUESTION # 42
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Configure the retention range for the current VM backup policy.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
It is unlikely that configuring the retention range for the current VM backup policy would resolve the issue of the Azure VM backup job failing after enabling backups for the VM through the Azure portal. To troubleshoot the issue, the administrator should first check the Azure VM backup job logs and identify the specific error message or code provided. This can help identify the underlying issue and the appropriate solution.
Therefore, the solution mentioned in the question is incorrect and the answer is B. No.
Reference:
Troubleshoot Azure VM backup failures (Microsoft documentation)


NEW QUESTION # 43
......

Most Reliable Microsoft AZ-720 Training Materials: https://prepaway.testinsides.top/AZ-720-dumps-review.html

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

Our TestInsides has employed a lot of leading experts in the field in order to compile the exam materials. Many candidates are attracted by our high quality dumps. It turned out that choose our study materials will help you pass the exam in short time.

Latest Test Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TestInsides NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy