Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.
Free Download
  • Home
  • Articles
  • AZ-720 Actual Questions Answers PDF 100% Cover Real Exam Questions [Q62-Q84]

AZ-720 Actual Questions Answers PDF 100% Cover Real Exam Questions [Q62-Q84]

Share

AZ-720 Actual Questions Answers PDF 100% Cover Real Exam Questions

AZ-720 Exam questions and answers


Schedule exam

Languages: English

Retirement date: none

This exam measures your ability to accomplish the following technical tasks: troubleshoot business continuity issues; troubleshoot hybrid and cloud connectivity issues; troubleshoot Platform as a Service issues; troubleshoot authentication and access control issues; troubleshoot networks; and troubleshoot VM connectivity issues.

 

NEW QUESTION # 62
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Install an IKEv2 VPN client on the user's computers.
  • B. Configure preshared key for authentication on the VPN profile.
  • C. Reissue the client certificate with server authentication enabled.
  • D. Reissue the client certificate with client authentication enabled.

Answer: D

Explanation:
According to 1, when using certificate authentication for P2S VPN, you need to generate a root certificate and then install a client certificate on each device that connects to the VPN gateway. The client certificate must have client authentication as one of its purposes.
If you use a self-signed certificate, you can use PowerShell commands to create a root certificate and a client certificate with the correct settings. For more information, see 1.


NEW QUESTION # 63
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:


NEW QUESTION # 64
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
* A virtual machine named VM1.
* A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Assign Admin1 the Contribute for RG1.
2 - Instruct Admin1 to create a network security group.
3 - Instruct Admin1 to associate a network security group with NIC1.


NEW QUESTION # 65
A company uses an Azure Backup agent to back up specific files and folder from an Azure virtual machine (VM) and an on-premises VM.
An administrator reports that the backup job fails on both VMs. Errors are returned in Microsoft Azure Recovery Services (MARS).
You need to troubleshoot the backup issues.
Which troubleshooting solution should you use?

Answer:

Explanation:


NEW QUESTION # 66
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Install an IKEv2 VPN client on the user's computers.
  • B. Configure the tunnel type for IKEv2 and OpenVPN on VNetGW1.
  • C. Reissue the client certificate with client authentication enabled.
  • D. Create a profile manually, add the server FQDN and reissue the client certificate.

Answer: C

Explanation:
To resolve the certificate mismatch error, you should reissue the client certificate with client authentication enabled. According to 1, when you use Azure certificate for authentication type on point-to-site VPN connections, you need to ensure that your client certificates have client authentication as one of their enhanced key usage attributes. Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.


NEW QUESTION # 67
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
  • B. The partner's VPN device and VNetGW1 are configured using the same shared key.
  • C. VNetGW1 has exceeded the subnet Security Association pairs.
  • D. The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.

Answer: B


NEW QUESTION # 68
You manage an Azure subscription that contains the following resources:

An on-premises environment is connected to VNet1 by using ERGW1.
An on-premises environment is connected to VNet1 by using ERGW1.
An administrator measures network latency for on-premises traffic that targets VM1 and VM2 by using the front-end IP address of the load balancer. The administrator enables ExpressRoute FastPath on ERGW1 and observes that the latency has not changed.
You need to resolve the issue that is preventing the network latency improvements offered by ExpressRoute FastPath from taking effect.
What should you do?

  • A. Enable accelerated networking on VM1 and VM2
  • B. Resize VM1 and VM2.
  • C. Change the SKU for the ExpressRoute gateway.
  • D. Redeploy the load balancer as a Standard SKU.

Answer: D

Explanation:
To resolve the issue that is preventing the network latency improvements offered by ExpressRoute FastPath from taking effect, you should redeploy the load balancer as a Standard SKU. ExpressRoute FastPath is only supported on Standard Load Balancer SKUs. So the correct answer is A. Redeploy the load balancer as a Standard SKU.


NEW QUESTION # 69
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.
The customer configures a resource group named RG1 that contains the following resources:
* A virtual machine named VM1.
* A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write.
Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.
You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.
Which three actions should you recommend be performed in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Assign Admin1 the Contributor role for RG1.
2 - Instruct Admin1 to create a network security security goup.
3 - Instruct Admin1 to assiciate a network security group with NIC1.


NEW QUESTION # 70
A company attempts to implement just-in-time (JIT) access for a virtual machine (VM) named VM1.
The company reports that they are unable to complete the process.
You need to implement JIT access and test the deployment.
Which PowerShell cmdlets should you run?

Answer:

Explanation:


NEW QUESTION # 71
A company has a pay-as-you-go subscription named Subl1.
The company has a virtual machine (VM) named VM1 in a subnet named Subnet1.
You create the following network security group (NSG) named NSG1 and associate it with Subnet1.

You observe that an application on VM1 is unable to send email to recipient outside the company You need to resolve the issue.
What should you do?

  • A. Migrate Sub1 to a cloud service provider subscription
  • B. Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.
  • C. Configure the protocol for the NSG1 rule with priority of 100 to TCP.
  • D. Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.
  • E. Assign NSG1 to the network interface on VM1.
  • F. Remove the NSG1 rule with a priority of 2000.

Answer: D

Explanation:
The NSG1 rule with priority 100 currently allows all outbound traffic (source: any, destination: any, protocol: any). To restrict the outbound traffic to only TCP port 587, modify the rule to use the following configuration:
Name: Allow_Outbound_Email
Priority: 100
Source: Any
Destination: Any
Protocol: TCP
Source Port Range: *
Destination Port Range: 587
Action: Allow
Once you have updated the NSG1 rule, the application on VM1 should be able to send email to recipients outside the company.
Explanation:
To resolve the issue where the application on VM1 is unable to send email to recipients outside the company, you should modify the NSG1 rule with a priority of 100 to allow outbound traffic on TCP port 587. The correct answer is therefore:


NEW QUESTION # 72
A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).
A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:
Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.
You need to help the user complete the MFA setup.
What should you do?

  • A. From the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.
  • B. Instruct the user to enter the correct verification code.
  • C. Instruct the user to complete the setup process within 10 minutes.
  • D. Instruct the user to clear their web browser cache.
  • E. From the Azure AD portal, reset the user's password.

Answer: D

Explanation:
this error can occur when there are issues with cookies or cached data in the web browser. To resolve this issue, you can instruct the user to clear their web browser cache and try again.


NEW QUESTION # 73
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Use a global administrator account with a password that is less than 256 characters to configure Azure AD Connect.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: A


NEW QUESTION # 74
You need to troubleshoot and resolve issues reported for contosostorage1.
What should you do? To answer, select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 75
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment
includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Scale the gateway to Generation2.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: A


NEW QUESTION # 76
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to
sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?

  • A. Redeploy the VM with Accelerated Networking enabled.
  • B. Increase the TCP buffers and window size kernel parameters.
  • C. Install a kernel name that ends with -azure.
  • D. Configure the network interfaces to 1000 Mbps/full duplex.

Answer: D


NEW QUESTION # 77
A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.
Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.
You need to troubleshoot the probe failure.
How should you complete the PowerShell script?

Answer:

Explanation:


NEW QUESTION # 78
A company attempts to implement just-in-time (JIT) access for a virtual machine (VM) named VM1.
The company reports that they are unable to complete the process.
You need to implement JIT access and test the deployment.
Which PowerShell cmdlets should you run?

Answer:

Explanation:


NEW QUESTION # 79
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:


NEW QUESTION # 80
A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between Azure regions.
An administrator receives the following warning from ASR about a VM that uses P10 disks: Data change rate beyond supported limits You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s.
You need to resolve the issue.
What should you do?

  • A. Upgrade the target storage disk.
  • B. Uninstall the Volume Shadow Copy Service (VSS) Provider service.
  • C. Create a network service endpoint in a virtual network.
  • D. Use AzCopy to upload data to a cache storage account.

Answer: A

Explanation:
Azure Site Recovery has limits on data change rates depending on the type of disk used for replication. If a VM has a data change rate higher than the supported limit for its disk type, it can cause replication issues or errors. To resolve this issue, you can upgrade the target storage disk to a higher tier that supports higher data change rates.


NEW QUESTION # 81
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
AzureFirewallApplicationRule
AzureFirewallNetworkRule
AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 82
A company uses Azure Backup Agent to back up specific files and folders from an on-premises virtual machine (VM).
An administrator reports that the backup job is transferring files slowly. You determine that the backup job is verifying changes in directories by scanning the entire volume.
You need to determine the state of the backup job.
In which state will the backups occur?

Answer:

Explanation:


NEW QUESTION # 83
You need to resolve the issue.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 84
......

BraindumpsIT AZ-720 Exam Practice Test Questions: https://www.braindumpsit.com/AZ-720_real-exam.html

Pass AZ-720 Exam Info and Free Practice Test: https://drive.google.com/open?id=1nPM05v_PWCnpmvCxRwXTXquIoqbHEDoo

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

The passing rate of BraindumpsIT braindumps pdf is about 98%~100% for all IT certification examinations. BraindumpsIT braindumps pdf helps you pass exam for sure.

Latest Pass Braindumps Exam

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 BraindumpsIT NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
BraindumpsIT doesn't offer Real SAP Exam Questions. The site is in no way affiliated with SAP SE.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
BraindumpsIT material do not contain actual actual Oracle Exam Questions or material.
BraindumpsIT doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
BraindumpsIT Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
BraindumpsIT.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. BraindumpsIT does not own or claim any ownership on any of the brands.