Microsoft Troubleshooting Microsoft Azure Connectivity AZ-720 Exam Practice Test

Answer : B

It is unlikely that creating a new manual backup in Backup center would resolve the issue of an Azure VM backup job failing after enabling backups for the VM through the Azure portal. To troubleshoot the issue, the administrator should first check the Azure VM backup job logs and identify the specific error message or code provided. This can help identify the underlying issue and the appropriate solution.

Therefore, the solution mentioned in the question is incorrect and the answer is B. No.

Troubleshoot Azure VM backup failures (Microsoft documentation)

Answer : B

To troubleshoot the issue, you should review the Firewall diagnostic log.According to2, Azure Application Gateway Web Application Firewall (WAF) logs requests that are logged through either detection or prevention mode of an application gateway that is configured with WAF. You can use this log to view and analyze blocked requests and identify false positives or false negatives.

Answer : B

The proposed solution of configuring a route table with route propagation disabled will not meet the goal of making the new subnet unreachable from the on-premises network.

Route tables in Azure are used to control traffic flow within a virtual network and between virtual networks. By default, each subnet in an Azure virtual network is associated with a system-generated route table, which contains a default route that enables traffic to flow to and from all the subnets within the virtual network.

Disabling route propagation in a custom route table would prevent any new routes from being propagated to the associated subnets. However, it would not prevent traffic from the on-premises network from reaching the new subnet since traffic between the virtual network and the on-premises network would still use the default route in the system-generated route table.

To meet the goal of making the new subnet unreachable from the on-premises network, you would need to create a new route table with a route that sends traffic destined for the new subnet to a null interface. This would cause the traffic to be dropped and the subnet to be effectively unreachable from the on-premises network.

Microsoft documentation on how to create a custom route table and associate it with a subnet: https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-custom-route-table.

Microsoft documentation on how to configure a route to a null interface: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal#to-route-to-a-null-interface.

Answer : B

To resolve the certificate mismatch error, you should reissue the client certificate with client authentication enabled.According to1, when you use Azure certificate for authentication type on point-to-site VPN connections, you need to ensure that your client certificates have client authentication as one of their enhanced key usage attributes. Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.

Answer : C

To resolve the connectivity issues, you need to redeploy the ILB using the Standard SKU.According to1, Basic Load Balancer does not support Global VNet Peering, which is required for cross-region communication between VMs in different VNets. Standard Load Balancer supports Global VNet Peering and can load balance traffic across regions and availability zones.

Answer : D

when you use Azure Site Recovery to replicate on-premises VMs that run in SCVMM, you need to check the SCVMM debug log for any errors or warnings related to replication. The SCVMM debug log is located at %SYSTEMDRIVE%\ProgramData\VMMLogs\SCVMM.debugtrace.log on the SCVMM server.

Answer : C

To troubleshoot an issue with the Phase 1 proposal from an Azure Virtual Network gateway when connecting to a site-to-site VPN connection by reviewing logs, you should analyze the IKE Diagnostic log. Therefore, option C is correct. You should analyze the IKE Diagnostic log.