• Home
  • Articles
  • [2023] Get Top-Rated Microsoft AZ-720 Exam Dumps Now [Q37-Q53]

[2023] Get Top-Rated Microsoft AZ-720 Exam Dumps Now [Q37-Q53]

Share

[2023] Get Top-Rated Microsoft AZ-720 Exam Dumps Now

Passing Key To Getting AZ-720 Certified Exam Engine PDF

NEW QUESTION # 37
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
  • B. The partner's VPN device is configured for one VPN tunnel per subnet pair.
  • C. The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.
  • D. The partner's VPN device and VNetGW1 are configured using the same shared key.

Answer: B

Explanation:
To troubleshoot the cause for the VPN disconnections between VNetGW1 and the partner site, you should verify that the partner's VPN device is configured for one VPN tunnel per subnet pair.


NEW QUESTION # 38
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
AzureFirewallApplicationRule
AzureFirewallNetworkRule
AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 39
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
* A virtual machine named VM1.
* A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Instruct Admin1 to create an application security group.
2 - Instruct Admin1 to associate an application security group with NIC1..
3 - Instruct Admin1 to create a network security group.


NEW QUESTION # 40
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a
partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
  • B. The partner's VPN device is configured for one VPN tunnel per subnet pair.
  • C. The public IP address of the partner's VPN device is configured in the local network gateway address
    space on VNetGW1.
  • D. The partner's VPN device and VNetGW1 are configured using the same shared key.

Answer: D


NEW QUESTION # 41
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication.
A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine:
A certificate could not be found
You need to resolve the issue.
Which three actions should you perform?

  • A. Generate a client certificate.
  • B. Install a client certificate on the user's device.
  • C. Install a root certificate on the user's device.
  • D. Install a client certificate on the VPN gateway.
  • E. Enable Azure AD authentication on the gateway
  • F. Configure an Azure Active Directory (Azure AD) tenant.
  • G. Generate a root certificate.

Answer: A,B,C

Explanation:
To resolve the issue where a user reports an error message stating "A certificate could not be found" when trying to connect to an Azure point-to-site VPN that uses certificate-based authentication, you should perform the following three actions: B. Install a root certificate on the user's device. F. Generate a client certificate. G. Install a client certificate on the user's device.
Azure point-to-site VPNs that use certificate-based authentication require both a root certificate and a client certificate to be installed on the user's device. The root certificate is used to validate the identity of the VPN gateway, while the client certificate is used to authenticate the user. If either of these certificates is missing or invalid, the user will not be able to connect to the VPN and may receive an error message stating that a certificate could not be found.


NEW QUESTION # 42
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The administrator is using the Microsoft Defender for Cloud free tier.
  • B. The administrator does not have the SecurityReader role.
  • C. The client firewall does not allow port 22 on the VMs.
  • D. A network security group is not associated with the VMs.

Answer: A


NEW QUESTION # 43
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site
connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
* OpenVPN for the tunnel type.
* Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Configure preshared key for authentication on the VPN profile.
  • B. Install an IKEv2 VPN client on the user's computers.
  • C. Reissue the client certificate with client authentication enabled.
  • D. Reissue the client certificate with server authentication enabled.

Answer: D


NEW QUESTION # 44
A company deploys an ExpressRoute circuit.
You need to verify accepted peering routes from the ExpressRoute circuit.
Which PowerShell cmdlet should you run?

  • A. Get-AzExpressRouteCircuitStats
  • B. Get-AzExpressRouteCircuit
  • C. Get-AzExpressRouteCircuitPeeringConfig
  • D. Get-AzExpressRouteCircuitRouteTable
  • E. Get-AzExpressRouteCrossConnectionPeering

Answer: D

Explanation:
To verify accepted peering routes from the ExpressRoute circuit, you should run the PowerShell cmdlet Get-AzExpressRouteCircuitRouteTable. According to 1, this cmdlet returns a list of routes advertised by an ExpressRoute circuit peering. You can specify which peering type (AzurePrivatePeering, AzurePublicPeering, or MicrosoftPeering) and which route table (AdvertisedPublicPrefixes or AdvertisedPublicPrefixesState) you want to view.


NEW QUESTION # 45
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link
service and an endpoint have been configured.
The company reports that the endpoint is unable to connect to the service.
You need to resolve the connectivity issue.
What should you do?

  • A. Disable the service network policies.
  • B. Approve the connection state.
  • C. Validate the VPN device.
  • D. Disable the endpoint network policies.

Answer: A


NEW QUESTION # 46
You manage an Azure point-to-site (P2S) VPN deployment. All users connect regularly from their personal Windows computer through a P2S VPN by using certificate-based authentication.
A new user attempts to establish a P25S VPN connection. The user receives the following error message:
A certificate could not be found that can be used with this Extensible Authentication protocol. (Error 798) You need to assists the user with resolving the certificate issue.
What should you do? To answer, drag the appropriate locations to the correct task. Each location maybe used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 47
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual
machines are connected to each network. An on-premises network is connected to one of the VNets by using
Azure VPN Gateway.
An administrator reports that communication between applications across the VNets is failing.
You need to troubleshoot the issue.
Which two features can you use to achieve the goal?

  • A. IP flow verify
  • B. Network Watcher topology
  • C. NSG flow logs
  • D. Next hop
  • E. AzureNetworkWatchExtension

Answer: A,D


NEW QUESTION # 48
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Use a global administrator account with a password that is less than 256 characters to configure Azure AD Connect.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
No, restarting the Azure AD Connect service would not resolve the issue described in the scenario. The error message "Error getting auth token" indicates there is a problem with authentication
, which is preventing password writeback from being enabled during the Azure AD Connect configuration.
To resolve this issue, you should first confirm that the Azure AD Connect server can authenticate to the Azure AD tenant by using a valid set of credentials. If authentication is successful, then you can investigate other possible causes such as network connectivity issues, misconfigured firewall rules, expired certificates, etc.
Therefore, the correct answer is option B, "No".
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-authentication
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-password-writeback#troubleshooting-steps


NEW QUESTION # 49
A company has two virtual networks (VNets) that reside in the same Azure region.
An administrator reports that virtual machines (VMs) in each VNet are unable to connect to VMs in the other VNet.
You need to configure a connection between the two networks that maximizes throughput and minimizes latency.
What should you do?

  • A. Create a site-to-site VPN connection.
  • B. Configure a VPN gateway.
  • C. Create a point-to-site VPN connection.
  • D. Configure virtual network peering.

Answer: A


NEW QUESTION # 50
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a
partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
  • B. The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.
  • C. VNetGW1 has exceeded the subnet Security Association pairs.
  • D. The partner's VPN device and VNetGW1 are configured using the same shared key.

Answer: D


NEW QUESTION # 51
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Install a Secure Socket Tunneling Protocol (SSTP) VPN client on the user's computers.
  • B. Configure preshared key for authentication on the VPN profile.
  • C. Create a profile manually, add the server FQDN and reissue the client certificate.
  • D. Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.

Answer: C

Explanation:
To resolve the certificate mismatch error, you should create a profile manually, add the server FQDN and reissue the client certificate. According to 1, when you use OpenVPN for tunnel type on point-to-site VPN connections, you need to ensure that your client certificates have the correct server FQDN as one of their subject alternative names (SANs). Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.


NEW QUESTION # 52
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables
backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
What should you do?

  • A. Install the VM guest agent with administrative permissions.
  • B. Configure the retention range of the current backup policy for the VM.
  • C. Run chkdsk on the VM.
  • D. Create a new manual backup in Backup center.
  • E. Enable replication and create a recovery plan for the backup vault.

Answer: A


NEW QUESTION # 53
......


Skills measured

  • Troubleshoot hybrid and cloud connectivity issues (20–25%)
  • Troubleshoot networks (25–30%)
  • Troubleshoot VM connectivity issues (5–10%)
  • Troubleshoot authentication and access control issues (15–20%)
  • Troubleshoot Platform as a Service issues (5–10%)

 

AZ-720 exam questions for practice in 2023 Updated 104 Questions: https://www.troytecdumps.com/AZ-720-troytec-exam-dumps.html

AZ-720 Exam Dumps Pass with Updated Tests Dumps: https://drive.google.com/open?id=13Yv3asz4waYJltmtn0A5PBwIV3feB_C-

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

Copyright © 2026 TroytecDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
TroytecDumps doesn't offer Real CompTIA Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
TroytecDumps material do not contain actual actual Oracle Exam Questions or material.
TroytecDumps doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
TroytecDumps Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
TroytecDumps.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. TroytecDumps does not own or claim any ownership on any of the brands.