• Home
  • Articles
  • [2023] Pass Microsoft AZ-720 Exam in First Attempt Easily [Q26-Q45]

[2023] Pass Microsoft AZ-720 Exam in First Attempt Easily [Q26-Q45]

Share

[2023] Pass Microsoft AZ-720 Exam in First Attempt Easily

The Most Efficient AZ-720 Pdf Dumps For Assured Success 


Microsoft AZ-720 exam is designed for Azure administrators who are responsible for the implementation and management of Azure networking solutions. Troubleshooting Microsoft Azure Connectivity certification exam tests the candidate's knowledge and skills in troubleshooting Azure connectivity issues, identifying and resolving network-related problems, and implementing solutions for effective network performance.


Exam AZ-720: Troubleshooting Microsoft Azure Connectivity

Candidates for this exam should have experience with networking and with hybrid environments, including knowledge of routing, permissions, and account limits. They must be able to use available tools to diagnose issues related to business continuity, hybrid environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control, networking, and virtual machines connectivity.

Passing score: 700. Learn more about exam scores.

Part of the requirements for: Microsoft Certified: Azure Support Engineer for Connectivity Specialty

Download exam skills outline

 

NEW QUESTION # 26
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Configure subnet delegation.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 27
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway.
An administrator reports that communication between applications across the VNets is failing.
You need to troubleshoot the issue.
Which two features can you use to achieve the goal?

  • A. NSG flow logs
  • B. IP flow verify
  • C. AzureNetworkWatchExtension
  • D. Next hop
  • E. Network Watcher topology

Answer: B,D


NEW QUESTION # 28
A company develops an Azure Cosmos DB solution.
The solution has the following components:
A virtual network named VNet1 in a resource group named RG1.
A subnet named Subnet1 in VNet1.
A Private Link service.
The company is unable to configure a source IP address for the Private Link service from Subnet1.
You need to resolve the issue for Subnet1.
How should you complete the PowerShell commands?

Answer:

Explanation:


NEW QUESTION # 29
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables
backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
What should you do?

  • A. Run chkdsk on the VM.
  • B. Enable replication and create a recovery plan for the backup vault.
  • C. Create a new manual backup in Backup center.
  • D. Configure the retention range of the current backup policy for the VM.
  • E. Install the VM guest agent with administrative permissions.

Answer: E


NEW QUESTION # 30
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Disable peering on the virtual network.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Disabling peering on the virtual network will not prevent the on-premises network from reaching the new subnet. Virtual network peering is a way to connect virtual networks and allows resources in both virtual networks to communicate with each other securely. It does not affect connectivity between on-premises and virtual network resources.
A better solution would be to create a network security group (NSG) and associate it with the new subnet. The NSG can be configured to deny traffic from the on-premises network to the new subnet. This way, the new subnet will be isolated from the on-premises network.
Reference:
Azure Virtual Network peering: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview Azure Network Security Groups: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview


NEW QUESTION # 31
You need to troubleshoot the issues with the SharePoint workload in VNet2.
What should you do? To answer, select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 32
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. A network security group is not associated with the VMs.
  • B. The administrator is using the Microsoft Defender for Cloud free tier.
  • C. The administrator does not have the SecurityReader role.
  • D. The client firewall does not allow port 22 on the VMs.

Answer: B


NEW QUESTION # 33
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Create a new manual backup in Backup center.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
It is unlikely that creating a new manual backup in Backup center would resolve the issue of an Azure VM backup job failing after enabling backups for the VM through the Azure portal. To troubleshoot the issue, the administrator should first check the Azure VM backup job logs and identify the specific error message or code provided. This can help identify the underlying issue and the appropriate solution.
Therefore, the solution mentioned in the question is incorrect and the answer is B. No.
Reference:
Troubleshoot Azure VM backup failures (Microsoft documentation)


NEW QUESTION # 34
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Reissue the client certificate with server authentication enabled.
  • B. Reissue the client certificate with client authentication enabled.
  • C. Install an IKEv2 VPN client on the user's computers.
  • D. Configure preshared key for authentication on the VPN profile.

Answer: B

Explanation:
According to 1, when using certificate authentication for P2S VPN, you need to generate a root certificate and then install a client certificate on each device that connects to the VPN gateway. The client certificate must have client authentication as one of its purposes.
If you use a self-signed certificate, you can use PowerShell commands to create a root certificate and a client certificate with the correct settings. For more information, see 1.


NEW QUESTION # 35
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a
partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. VNetGW1 has exceeded the subnet Security Association pairs.
  • B. The partner's VPN device and VNetGW1 are configured using the same shared key.
  • C. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.
  • D. The public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.

Answer: B


NEW QUESTION # 36
A company configures an Azure site-to-site VPN between an on-premises network and an Azure virtual network.
The company reports that after completing the configuration, the VPN connection cannot be established.
You need to troubleshoot the connection issue.
What should you do first?

  • A. Verify the AzureClient.pfx file exists.
  • B. Identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionSharedKey.
  • C. Identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript.
  • D. Verify the AzureRoot.cer file exists.

Answer: C


NEW QUESTION # 37
You need to troubleshoot and resolve the public DNS lookup issues.
What should you do? To answer, select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 38
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The administrator is using the Microsoft Defender for Cloud free tier.
  • B. The administrator does not have permissions to request JIT access to the VMs.
  • C. The administrator does not have the SecurityReader role.
  • D. The VMs were provisioned by using a classic deployment.

Answer: D


NEW QUESTION # 39
A company has an Azure environment that uses one virtual network.
The company restructures the environment to use two different virtual networks. Virtual machines in one network cannot communicate with virtual machines in the other virtual network.
You need to re-establish a connection between virtual machines in the two networks.
How should you configure the networks?

Answer:

Explanation:


NEW QUESTION # 40
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
AzureFirewallApplicationRule
AzureFirewallNetworkRule
AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 41
A company has an Azure virtual network (VNet). An administrator creates a subet in the VNet named AzureSastionSubnet. The administrator deploys Azure Bastion to AzureBastionSubnet.
The administrator creates a default network security group named nsg-Bastion. The following error message display when the administrator attempts to assign nsg-Bastion to AzureBastionSubnet:
Network security group nsg-Bastion does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet You need to resolve the issues with the inbound security rules.
Which port or set of ports should you configure?

Answer:

Explanation:


NEW QUESTION # 42
A company is deploying Azure Bastion to provide secure clientless access to its Azure VMs. The company configures a network security group named NSG1.
During deployment, the following error displays: Network security group NSG1 does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet.
You need to fix the inbound rules for NSG1.
How should you complete the configuration?

Answer:

Explanation:


NEW QUESTION # 43
A company plans to implement ExpressRoute by using the provider connectivity model.
The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit.
You need to determine the provisioning state of the service provider.
Which PowerShell cmdlet should you run?

  • A. Get-AzExpressRouteCircuitPeeringConfig
  • B. Get-AzExpressRouteCircuitARPTable
  • C. Get-AzExpressRouteCircuitRouteTable
  • D. Get-AzExpressRouteCircuit
  • E. Get-AzExpressRouteCircuitConnectionConfig

Answer: C

Explanation:
To determine the provisioning state of the service provider, you should run the PowerShell cmdlet Get-AzExpressRouteCircuit. According to 1, this cmdlet returns information about an ExpressRoute circuit, including its provisioning state and service provider status. You can use these properties to check if your circuit is enabled by both Azure and your connectivity provider.


NEW QUESTION # 44
A company creates an Azure resource group named RG1. RG1 has an Azure SQL Database logical server
named sqlsvr1 that hosts the following resources:

An administrator grants a user named User1 the Reader RBAC role in RG1. The administrator grants User2
the Contributor role in sqlsvr1.
User1 reports that they can connect to SQLDB1 from the IP address 155.127.95.212. User1 cannot connect to
SQLDB2. User2 can connect to both SQLDB1 and SQLDB2 from the IP address 121.19.27.18. Both users can
successfully connect to SQLDB1 and SQLDB2 from VM1.
You are helping the administrator troubleshoot the issue. You run the following PowerShell command:
Get-AzSqlServerFirewallRule -ResourceGroupName 'RG1' -ServerName 'sqlsvr1'
The following output displays:

You need to identify the cause for the reported issue and resolve User1's issues. The solution must satisfy the
principle of least privilege.
What should you do?

Answer:

Explanation:


NEW QUESTION # 45
......

We offers you the latest free online AZ-720 dumps to practice: https://www.practicedump.com/AZ-720_actualtests.html

Microsoft AZ-720 Real Exam Questions Guaranteed Updated Dump: https://drive.google.com/open?id=1XINVnSsRetZ_zThKnXCO-doFPKjlh_d6

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

Copyright © 2026 PracticeDump. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
PracticeDump material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
PracticeDump website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
PracticeDump offers only Probable Questions and Answers. PracticeDump offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. PracticeDump does not own or claim any ownership on any of the brands. The site www.practicedump.com is in no way affiliated with SAP SE.