• Home
  • Articles
  • Free AZ-720 Sample Questions and 100% Cover Real Exam Questions (Updated 121 Questions) [Q52-Q76]

Free AZ-720 Sample Questions and 100% Cover Real Exam Questions (Updated 121 Questions) [Q52-Q76]

Share

Free AZ-720 Sample Questions and 100% Cover Real Exam Questions (Updated 121 Questions)

Download Real Microsoft AZ-720 Exam Dumps Test Engine Exam Questions

NEW QUESTION # 52
A company uses an Azure Backup agent to back up specific files and folder from an Azure virtual machine (VM) and an on-premises VM.
An administrator reports that the backup job fails on both VMs. Errors are returned in Microsoft Azure Recovery Services (MARS).
You need to troubleshoot the backup issues.
Which troubleshooting solution should you use?

Answer:

Explanation:


NEW QUESTION # 53
A company deploys a new file sharing application on four Standard_D2_v3 virtual machines (VMs) behind an Azure Load Balancer. The company implements Azure Firewall.
Users report that the application is slow during peak usage periods. An engineer reports that the peak usage for each VM is approximately 1 Gbps.
You need to implement a solution that support a minimum of 10 Gbps.
What should you do to increase the throughput?

  • A. Move two of the servers behind a separate load balancer and configure round robin routing in Traffic Manager.
  • B. Increase the size of the VM instance.
  • C. Request an increase in networking quotas.
  • D. Disable the Azure Firewall and implement network security groups in its place.

Answer: B

Explanation:
To achieve this goal, the best option is to increase the size of the VM instance. The Standard_D2_v3 virtual machine size has a maximum network bandwidth of 1 Gbps, so increasing the size of the VM instance to a higher tier, such as Standard_D8_v3 or higher, will provide more network bandwidth and improve the application's performance.
Option A, requesting an increase in networking quotas, may not be sufficient to achieve the required network bandwidth.
Option C, disabling the Azure Firewall and implementing network security groups, may not have a significant impact on the network bandwidth.
Option D, moving two of the servers behind a separate load balancer and configuring round-robin routing in Traffic Manager, may improve availability and performance but will not increase the network bandwidth.
Source: [1] https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general [2] https://docs.microsoft.com/en-us/azure/virtual-network/designing-hub-spoke-topologies#optimize-data-transfer-between-hub-and-spoke-vnets


NEW QUESTION # 54
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
AzureFirewallApplicationRule
AzureFirewallNetworkRule
AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 55
You need to troubleshoot and resolve the reverse DNS lookup issues.
What should you do? To answer, select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 56
A company configures an Azure site-to-site VPN between an on-premises network and an Azure virtual network.
The company reports that after completing the configuration, the VPN connection cannot be established.
You need to troubleshoot the connection issue.
What should you do first?

  • A. Identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript.
  • B. Verify the AzureClient.pfx file exists.
  • C. Identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionSharedKey.
  • D. Verify the AzureRoot.cer file exists.

Answer: C

Explanation:
To troubleshoot the connection issue, you should do first identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionSharedKey. According to 1, this cmdlet returns the shared key that is used for authentication between an Azure virtual network gateway and a local network gateway. You can use this cmdlet to verify that the shared key matches on both sides of the VPN connection.
Therefore, you should choose A. Identify the shared key by running this PowerShell cmdlet: Get-AzVirtualNetworkGatewayConnectionSharedKey.


NEW QUESTION # 57
A company implements Windows and Linux VMs in an Azure Virtual Network. The company plans to apply
routing changes to the virtual network.
You need to determine the impact of these changes on network latency affecting applications that use TCP and
UDP traffic. The solution must provide the highest level of accuracy.
Which tools should you use?

Answer:

Explanation:


NEW QUESTION # 58
A customer creates an Azure resource group named RG1 in the East US region. RG1 contains the following resources:

The customer performs the following tasks:
Create a private endpoint for sqlsrv1 in subnet2 with the private IP address of 192.168.2.100.
Create a private DNS zone named privatelink.database.windows.net by using a single A record named sqlsvr1 and the IP address 192.168.2.100.
Disable public access by using the public endpoint for sqlsvr1.
The customer reports that connections from VM1 to DB1 are failing. The solution must allow connections from VM1 to DB1 without making platform-level changes.
You need to troubleshoot and resolve the issue.
What should you do?

Answer:

Explanation:


NEW QUESTION # 59
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment,
an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
* AzureFirewallApplicationRule
* AzureFirewallNetworkRule
* AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 60
A company uses public Azure DNS zones.
The company reports DNS record creation and name resolution issues.
You need to troubleshoot the issues.
What are the causes of the issues?

Answer:

Explanation:


NEW QUESTION # 61
A company uses Azure Active Directory (Azure AD) for authentication. The company synchronizes Azure
AD with an on-premises Active Directory domain.
The company reports that an Azure AD object fails to sync.
You need to determine which objects are not syncing.
Which troubleshooting steps should you use to diagnose the failure?

Answer:

Explanation:


NEW QUESTION # 62
A company deploys a new application and places the application behind an Azure Application Gateway Web Application Firewall (WAF).
A user with client IP 203.0.113.26 reports that they cannot access the application.
You need to troubleshoot the issue.
How should you complete the query?

Answer:

Explanation:


NEW QUESTION # 63
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback could not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
What should you do?

  • A. Configure Azure AD Connect using a global administrator account with a password that is less than 256 characters.
  • B. Restart the Azure AD Connect service.
  • C. Disable password writeback and then enable password writeback using the Azure AD Connect configuration.
  • D. Configure Azure AD Connect using a global administrator account that is not federated.

Answer: B

Explanation:
The error message "Error getting auth token" occurs when you specify an incorrect password for the global administrator account provided at the beginning of the Azure AD Connect installation process To resolve this issue, you should check that you have specified the correct password for your global administrator account. If you have specified an incorrect password, update it and then restart the Azure AD Connect service


NEW QUESTION # 64
You need to resolve the issue with VM10.
What should you do?

  • A. Add an outbound security rule to NSG1 that allows outbound traffic from ASG1 to ASG10. Configure the rule to use a priority of 100.
  • B. In NSG10, remove the inbound security rule that has a priority of 100.
  • C. In the NSG10 inbound security rule that has a priority of 100, change the protocol to Any
  • D. In the NSG10 inbound security rule that has a priority of 100, change the destination to ASG10

Answer: B

Explanation:
To resolve the issue with VM10, you need to remove the inbound security rule that has a priority of 100 in NSG10, which is blocking ICMP traffic from ASG1 to ASG10. The rule has a source of Any, a destination of VirtualNetwork, a protocol of ICMP, and an action of Deny. This means that any ICMP traffic from outside the VNet4 address space will be denied by NSG10, which is attached to subnet4. This prevents VM1 from pinging VM10 by using ICMP, as VM1 is in VNet1 and not in VNet4. By removing this rule, you can allow ICMP traffic from ASG1 to ASG10, as there is no other rule in NSG10 that explicitly denies it. Alternatively, you could also modify the rule to change the source to VirtualNetwork or the action to Allow, but removing the rule is simpler and more effective.


NEW QUESTION # 65
A company named Contoso connects its on-premises resources to Azure by using ExpressRoute.
An administrator reports that the circuit is in a failed state.
You need to resolve the issue.
How should you complete the PowerShell commands?

Answer:

Explanation:


NEW QUESTION # 66
A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between Azure regions.
An administrator receives the following warning from ASR about a VM that uses P10 disks: Data change rate beyond supported limits You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s.
You need to resolve the issue.
What should you do?

  • A. Create a network service endpoint in a virtual network.
  • B. Upgrade the target storage disk.
  • C. Uninstall the Volume Shadow Copy Service (VSS) Provider service.
  • D. Use AzCopy to upload data to a cache storage account.

Answer: B

Explanation:
Azure Site Recovery has limits on data change rates depending on the type of disk used for replication. If a VM has a data change rate higher than the supported limit for its disk type, it can cause replication issues or errors. To resolve this issue, you can upgrade the target storage disk to a higher tier that supports higher data change rates.


NEW QUESTION # 67
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute
gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a
network security group (NSG) with all of the subnets.
Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named
VNet2. Virtual network peering is enabled between VNet1 and VNet2.
You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.
You discover that FlowLog1 is not reporting outbound flow traffic.
You need to resolve the issue with FlowLog1.
What should you do?

  • A. Create the storage account for FlowLog1 as a premium block blob.
  • B. Create the storage account for FlowLog1 as a premium page blob.
  • C. Enable FlowLog1 in a network security group associated with the subnet of VM1.
  • D. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.

Answer: B


NEW QUESTION # 68
You need to troubleshoot the issue reported by Blue Yonder Airlines.
Which diagnostic log should you review?

  • A. RouteDiagnosticLog
  • B. IKEDiagnosticLog
  • C. TunnelDiagnosticLog
  • D. GatewayDiagnosticLog

Answer: B

Explanation:
To troubleshoot the issue reported by Blue Yonder Airlines, you need to review the IKEDiagnosticLog, which contains information about the Internet Key Exchange (IKE) protocol that is used to establish IPsec VPN connections. The IKEDiagnosticLog can help you identify the cause of the VPN disconnections and IPsec failure to connect errors, such as mismatched authentication parameters, incorrect pre-shared keys, or network connectivity issues. You can enable and download the IKEDiagnosticLog from the Azure portal or by using PowerShell commands


NEW QUESTION # 69
A company has an Azure virtual network (VNet). An administrator creates a subet in the VNet named AzureSastionSubnet. The administrator deploys Azure Bastion to AzureBastionSubnet.
The administrator creates a default network security group named nsg-Bastion. The following error message display when the administrator attempts to assign nsg-Bastion to AzureBastionSubnet:
Network security group nsg-Bastion does not have necessary rules for Azure Bastion Subnet AzureBastionSubnet You need to resolve the issues with the inbound security rules.
Which port or set of ports should you configure?

Answer:

Explanation:


NEW QUESTION # 70
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link
service and an endpoint have been configured.
The company reports that the endpoint is unable to connect to the service.
You need to resolve the connectivity issue.
What should you do?

  • A. Approve the connection state.
  • B. Disable the service network policies.
  • C. Disable the endpoint network policies.
  • D. Validate the VPN device.

Answer: B


NEW QUESTION # 71
A company uses Azure virtual machines (VMs) running Windows for hosting DNS. The company configures the Azure Log Analytics agent on the VMs.
The company is suspicious that some clients may have malware or that the DNS servers may be compromised. You need to retrieve the following information for troubleshooting:
* Clients that try to resolve malicious domain names.
* Clients that exceed the threshold for the number of DNS lookup requests.
* Changes made to the DNS servers.
You add the DNS Analytics solution to the Azure Log Analytics workspace.
You need to retrieve the required DNS information.
Which query should you use? To answer, select the appropriate options in the answer area.

Answer:

Explanation:


NEW QUESTION # 72
A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a
partner site by using a site-to-site VPN connection with dynamic routing.
The company observes that the VPN disconnects from time to time.
You need to troubleshoot the cause for the disconnections.
What should you verify?

  • A. The public IP address of the partner's VPN device is configured in the local network gateway address
    space on VNetGW1.
  • B. The partner's VPN device and VNetGW1 are configured using the same shared key.
  • C. The partner's VPN device is configured for one VPN tunnel per subnet pair.
  • D. The partner's VPN device and VNetGW1 are configured with the same virtual network address space.

Answer: B


NEW QUESTION # 73
A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1.
The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server.
You need to determine if ICMP connectivity to VM1 is allow on FW1.
What should you do?

  • A. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1.
  • B. Use the ping command targeting the IP address of VM1 and review the command's response.
  • C. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1.
  • D. Use the ping command targeting the fully qualified domain name of VM1 and review the command's response.

Answer: C

Explanation:
According to Microsoft, the ICMP protocol is not permitted through the Azure load balancer. To test connectivity, Microsoft recommends that you do a port ping. While Ping.exe uses ICMP, you can use other tools, such as PSPing, Nmap, and telnet, to test connectivity to a specific TCP port1.


NEW QUESTION # 74
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication.
A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine:
A certificate could not be found
You need to resolve the issue.
Which three actions should you perform?

  • A. Configure an Azure Active Directory (Azure AD) tenant.
  • B. Enable Azure AD authentication on the gateway
  • C. Install a root certificate on the user's device.
  • D. Install a client certificate on the user's device.
  • E. Generate a root certificate.
  • F. Generate a client certificate.
  • G. Install a client certificate on the VPN gateway.

Answer: A,B,E


NEW QUESTION # 75
A company implements Azure Firewall and deploys an Azure Firewall policy.
The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.
You need to enable diagnostic logging for the following settings:
AzureFirewallApplicationRule
AzureFirewallNetworkRule
AzureFirewallDnsProxy
How should you complete the PowerShell cmdlet?

Answer:

Explanation:


NEW QUESTION # 76
......

New AZ-720 exam dumps Use Updated Microsoft Exam: https://examcollection.prep4sureguide.com/AZ-720-prep4sure-exam-guide.html

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

Our reliable site provides you with good services and helps you learn. Our Study Materials make it easy for you to take notes on it so that your free time can be well utilized. Our Training Materials are absolutely safe and virus-free to use.

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Copyright © 2026 Prep4sureGuide NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy