Microsoft AZ-720 Exam Practice Test Instant Access

Question 1

A company uses an Azure VPN gateway to connect to their on-premises environment.

The company's on-premises VPN gateway is used by several services. One service is experiencing connectivity issues.

You need to minimize downtime for all services and resolve the connectivity issue.

Which three actions should you perform?

AConfigure the hashing algorithm to be different on both gateways.

BRest the VPN gateway.

CConfigure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways.

DRest the VPN connection.

EConfigure the hashing algorithm to be the same on both gateways.

FConfigure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.

Answer : C, D, E

the three actions that should be performed to minimize downtime for all services and resolve the connectivity issue are: C. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways. D. Reset the VPN connection. E. Configure the hashing algorithm to be the same on both gateways.

Question 2

A company uses Azure virtual machines (VMs) in multiple regions. The VMs have the following configuration:

The backend pool of an internal Azure Load Balancer (ILB) named ILB1 contains VM1 and VM2. The ILB uses the Basic SKU and is in a resource group RG2.

Virtual network peering has been configured between VNet1 and VNet2.

Users report that they are unable to connect to resources on VM1 and VM2 by using ILB1 from VM3.

You need to resolve the connectivity issues.

What should you do?

ARedeploy VM1 and VM2 into availability zones.

BMove ILB1 to RG1.

CRedeploy the ILB using the Standard SKU.

DMove VM1 and VM2 into RG3.

Answer : C

To resolve the connectivity issues, you need to redeploy the ILB using the Standard SKU.According to1, Basic Load Balancer does not support Global VNet Peering, which is required for cross-region communication between VMs in different VNets. Standard Load Balancer supports Global VNet Peering and can load balance traffic across regions and availability zones.

Question 3

A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.

Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.

You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.

You discover that FlowLog1 is not reporting outbound flow traffic.

You need to resolve the issue with FlowLog1.

What should you do?

ACreate the storage account for FlowLog1 as a premium block blob.

BCreate the storage account for FlowLog1 as a premium page blob.

CEnable FlowLog1 in a network security group associated with the subnet of VM1.

DConfigure the FlowTimeoutInMinutes property on VNet1 to a non-null value.

Answer : C

when FastPath is enabled on an ExpressRoute gateway, network traffic between your on-premises network and your virtual network bypasses the gateway and goes directly to virtual machines in the virtual network. Therefore, if you want to capture outbound flow traffic from VM1, you need to enable flow logging on an NSG associated with the subnet of VM1.

Question 4

A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.

The company observes that the VPN disconnects from time to time.

You need to troubleshoot the cause for the disconnections.

What should you verify?

AThe partner's VPN device and VNetGW1 are configured using the same shared key.

BThe IP address of the local network gateway matches the partner's VPN device.

CThe partner's VPN device is enabled for Perfect forward secrecy.

DThe partner's VPN device and VNetGW1 are configured with the same virtual network address space.

Answer : B

Question 5

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Configure subnet delegation.

Does the solution meet the goal?

AYes

BNo

Answer : B

The proposed solution, which is to configure subnet delegation, does not meet the goal of making the new subnet unreachable from the on-premises network. Subnet delegation is a mechanism to delegate management of a subnet to another resource such as a Network Virtual Appliance or a Service Endpoint. It does not provide any means to restrict or isolate a subnet from the rest of the network.

To meet the goal, you can use Network Security Groups (NSGs) to restrict traffic to and from the new subnet. NSGs allow you to define inbound and outbound security rules that specify the type of traffic that is allowed or denied based on different criteria such as source or destination IP address, protocol, port number, etc. By creating a custom NSG and defining rules that deny traffic to and from the new subnet, you can effectively make that subnet unreachable from the on-premises network.

Therefore, the correct answer is option B, 'No'.

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Question 6

Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.

You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.

You discover that FlowLog1 is not reporting outbound flow traffic.

You need to resolve the issue with FlowLog1.

What should you do?

AConfigure FlowLog1 for version 2.

BCreate the storage account for FlowLog1 as a premium block blob.

CConfigure the FlowTimeoutInMinutes property on VNet2 to a non-null value.

DEnable FlowLog1 in a network security group associated with the network interface of VM1.

Answer : A

According to1, flow logging using ExpressRoute Traffic Collector requires version 2 of flow logs. Version 1 of flow logs does not support ExpressRoute Traffic Collector. You can configure the version of flow logs when you enable them on a network security group (NSG).

Question 7

A company plans to implement ExpressRoute by using the provider connectivity model.

The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit.

You need to determine the provisioning state of the service provider.

Which PowerShell cmdlet should you run?

AGet-AzExpressRouteCircuitPeeringConfig

BGet-AzExpressRouteCircuitRouteTable

CGet-AzExpressRouteCircuitConnectionConfig

DGet-AzExpressRouteCircuit

EGet-AzExpressRouteCircuitARPTable

Answer : B

To determine the provisioning state of the service provider, you should run the PowerShell cmdlet Get-AzExpressRouteCircuit.According to1, this cmdlet returns information about an ExpressRoute circuit, including its provisioning state and service provider status. You can use these properties to check if your circuit is enabled by both Azure and your connectivity provider.

Microsoft AZ-720 Troubleshooting Microsoft Azure Connectivity Exam Practice Test