AZ-720 Online Practice Questions and Answers

HOTSPOT

A company uses an Azure VPN gateway with an IP address of 203.0.113.20.

Users report that the VPN connection frequently drops.

You need to determine when each connection failure occurred.

How should you complete the Azure Monitor query?

Hot Area:

HOTSPOT

A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.

Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.

You need to troubleshoot the probe failure.

How should you complete the PowerShell script?

Hot Area:

HOTSPOT

A customer creates an Azure resource group named RG1 in the East US region. RG1 contains the following resources:

The customer performs the following tasks:

Create a private endpoint for sqlsrv1 in subnet2 with the private IP address of 192.168.2.100.

Create a private DNS zone named privatelink.database.windows.net by using a single A record named sqlsvr1 and the IP address 192.168.2.100.

Disable public access by using the public endpoint for sqlsvr1.

The customer reports that connections from VM1 to DB1 are failing.

The solution must allow connections from VM1 to DB1 without making platform-level changes.

You need to troubleshoot and resolve the issue.

What should you do?

Hot Area:

HOTSPOT

A company deploys a new application and places the application behind an Azure Application Gateway Web Application Firewall (WAF).

A user with client IP 203.0.113.26 reports that they cannot access the application.

You need to troubleshoot the issue.

How should you complete the query?

Hot Area:

HOTSPOT

A company creates an Azure resource group named RG1. RG1 has an Azure SQL Database logical server named sqlsvr1 that hosts the following resources:

An administrator grants a user named User1 the Reader RBAC role in RG1. The administrator grants User2 the Contributor role in sqlsvr1.

User1 reports that they can connect to SQLDB1 from the IP address 155.127.95.212. User1 cannot connect to SQLDB2. User2 can connect to both SQLDB1 and SQLDB2 from the IP address 121.19.27.18. Both users can successfully

connect to SQLDB1 and SQLDB2 from VM1.

You are helping the administrator troubleshoot the issue. You run the following PowerShell command:

Get-AzSqlServerFirewallRule -ResourceGroupName 'RG1' -ServerName 'sqlsvr1'

The following output displays:

You need to identify the cause for the reported issue and resolve User1's issues. The solution must satisfy the principle of least privilege. What should you do?

Hot Area:

DRAG DROP

A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.

The customer configures a resource group named RG1 that contains the following resources:

1.

A virtual machine named VM1.

2.

A network interface named NIC1 that is attached to VM1.

The customer grants a user named Admin1 the following permission for RG1:

Microsoft.Security/locations/jitNetworkAccessPolicies/write.

Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.

You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.

Which three actions should you recommend be performed in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

A company has on-premises application server that runs in System Center Virtual Machine Manager (SCVMM). The company configures Azure Site Recovery.

An administrator at the company reports that they receive an error message. The error message indicates that there are replication issues.

You need to troubleshoot the issue.

Which log should you review?

A. Network Security Group flow log

B. Azure Monitor log

C. Network Watcher diagnostic log

D. SCVMM debug log

A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize objects from their Active Directory Domain Services (AD DS) domain.

You observe that AD DS objects are not synchronizing to Azure AD.

You need to verify that the staging mode is enabled.

What should you do?

A. Review the history for the Azure AD Connect sync scheduled task.

B. Run this PowerShell cmdlet: Get-ADSyncScheduler

C. Review the triggers for the Azure AD Connect sync scheduled task.

D. Run this PowerShell cmdlet: Get-ADSyncConnetorRunStatus

A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.

The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Enable replication and create a recovery plan for the backup vault.

Does the solution meet the goal?

A. Yes

B. No

You need to troubleshoot the CosmosDB1 issues from the on-premises environment. What should you use?

A. route command

B. Network Watcher next hop diagnostic tool

C. Network Watcher Connection troubleshoot diagnostic tool

D. nslookup command