Microsoft AZ-720 Exam Practice Test Instant Access

Question 1

A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.

The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Install the VM guest agent by using administrative permissions.

Does the solution meet the goal?

AYes

BNo

Answer : A

Yes, installing the VM guest agent by using administrative permissions could resolve the issue of the Azure VM backup job failing after enabling backups for the VM through the Azure portal. When backing up a virtual machine in Azure, it is necessary to install the VM guest agent to enable proper communication between the VM and the backup service. An administrative user account is required to install the agent.

Therefore, the solution mentioned in the question is correct and the answer is A. Yes.

Back up a virtual machine in Azure (Microsoft documentation)

Question 2

A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

AThe administrator is using the Microsoft Defender for Cloud free tier.

BThe VMs were provisioned by using a classic deployment.

CThe VMs were recently provisioned by using an Azure Resource Manager deployment.

DThe administrator does not have the SecurityReader role.

Answer : B

The Unsupported tab on the Just-in-Time VM access page in the Microsoft Defender for Cloud portal indicates that the VMs were provisioned by using a classic deployment Classic deployments were used in Azure before the deployment model was updated to Azure Resource Manager, which is now the preferred model for deploying and managing resources in Azure.

Question 3

You need to troubleshoot the issue reported by Blue Yonder Airlines.

Which diagnostic log should you review?

ARouteDiagnosticLog

BGatewayDiagnosticLog

CTunnelDiagnosticLog

DIKEDiagnosticLog

Answer : D

To troubleshoot the issue reported by Blue Yonder Airlines, you need to review the IKEDiagnosticLog, which contains information about the Internet Key Exchange (IKE) protocol that is used to establish IPsec VPN connections. The IKEDiagnosticLog can help you identify the cause of the VPN disconnections and IPsec failure to connect errors, such as mismatched authentication parameters, incorrect pre-shared keys, or network connectivity issues. You can enable and download the IKEDiagnosticLog from the Azure portal or by using PowerShell commands

Question 4

A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

AThe administrator is using the Microsoft Defender for Cloud free tier.

BThe VMs were provisioned by using a classic deployment.

CThe administrator does not have the SecurityReader role.

DThe administrator does not have permissions to request JIT access to the VMs.

Answer : B

JIT VM access is only supported for VMs that are deployed using the Azure Resource Manager (ARM) deployment model. VMs that are provisioned using the classic deployment model are not compatible with JIT VM access and will be displayed under the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

Question 5

A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).

A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:

Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.

You need to help the user complete the MFA setup.

What should you do?

AFrom the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.

BInstruct the user to complete the setup process within 10 minutes.

CInstruct the user to enter the correct verification code.

DInstruct the user to clear their web browser cache.

EFrom the Azure AD portal, reset the user's password.

Answer : B

this error can occur when there are issues with cookies or cached data in the web browser. To resolve this issue, you can instruct the user to clear their web browser cache and try again.

Question 6

You need to resolve the issue with Admin1.

What should you do?

AConfigure Azure AD Connect filtering to include the Admins organizational unit.

BReset the Azure AD Connect service account password in AD DS.

CEnable security inheritance in Active Directory Domain Services (AD DS).

DStart a full import in Azure AD Connect.

Answer : C

The error 8344 insufficient access rights to perform the operation indicates that the Azure AD Connect service account does not have the required permissions to synchronize the Admin1 account. This could be because the Admin1 account is in an organizational unit (OU) that has security inheritance disabled, which prevents the service account from inheriting the necessary permissions from the parent OU. To resolve this issue, you should enable security inheritance in AD DS for the OU that contains the Admin1 account. This will allow the service account to synchronize the Admin1 account to Azure AD. Alternatively, you could also grant the service account explicit permissions on the Admin1 account, but this would be more tedious and less scalable than enabling security inheritance.

Question 7

You need to resolve the issue with internet traffic from VM1 being routed directly to the internet.

What should you do?

AModify IP address prefix of RT12

BAssociate RT12 with Subnet1a.

CAssociate RT12 with Subnet2a.

DModify the next hop type of RT12.

Answer : B

This will ensure that the route table RT12, which has a route to direct internet traffic to the virtual network gateway VNG1, is applied to the subnet where VM1 is located. This will override the default route that sends internet traffic to the internet gateway.

Microsoft Troubleshooting Microsoft Azure Connectivity AZ-720 Exam Practice Test