Microsoft AZ-720 Exam Questions Instant Access

Question 1

A company deploys an ExpressRoute circuit.

You need to verify accepted peering routes from the ExpressRoute circuit.

Which PowerShell cmdlet should you run?

AGet-AzExpressRouteCrossConnectionPeering

BGet-AzExpressRouteCircuit

CGet-AzExpressRouteCircuitPeeringConfig

DGet-AzExpressRouteCircuitRouteTable

EGet-AzExpressRouteCircuitStats

Answer : D

To verify accepted peering routes from the ExpressRoute circuit, you should run the PowerShell cmdlet Get-AzExpressRouteCircuitRouteTable.According to1, this cmdlet returns a list of routes advertised by an ExpressRoute circuit peering. You can specify which peering type (AzurePrivatePeering, AzurePublicPeering, or MicrosoftPeering) and which route table (AdvertisedPublicPrefixes or AdvertisedPublicPrefixesState) you want to view.

Question 2

A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).

An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:

Error getting auth token

You need to resolve the issue.

Solution: Restart the Azure AD Connect service.

Does the solution meet the goal?

AYes

BNo

Answer : A

Question 3

A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:

OpenVPN for the tunnel type.

Azure certificate for the authentication type.

Users receive a certificate mismatch error when connecting by using a VPN client.

You need to resolve the certificate mismatch error.

What should you do?

AConfigure the tunnel type for IKEv2 and OpenVPN on VNetGW1.

BCreate a profile manually, add the server FQDN and reissue the client certificate.

CInstall a Secure Socket Tunneling Protocol (SSTP) VPN client on the user's computers.

DConfigure preshared key for authentication on the VPN profile.

Answer : B

To resolve the certificate mismatch error, you should create a profile manually, add the server FQDN and reissue the client certificate.According to1, when you use OpenVPN for tunnel type on point-to-site VPN connections, you need to ensure that your client certificates have the correct server FQDN as one of their subject alternative names (SANs). Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.

Question 4

A company uses Azure virtual machines (VMs) in multiple regions. The VMs have the following configuration:

The backend pool of an internal Azure Load Balancer (ILB) named ILB1 contains VM1 and VM2. The ILB uses the Basic SKU and is in a resource group RG2.

Virtual network peering has been configured between VNet1 and VNet2.

Users report that they are unable to connect to resources on VM1 and VM2 by using ILB1 from VM3.

You need to resolve the connectivity issues.

What should you do?

ARedeploy VM1 and VM2 into availability zones.

BMove ILB1 to RG1.

CRedeploy the ILB using the Standard SKU.

DMove VM1 and VM2 into RG3.

Answer : C

To resolve the connectivity issues, you need to redeploy the ILB using the Standard SKU.According to1, Basic Load Balancer does not support Global VNet Peering, which is required for cross-region communication between VMs in different VNets. Standard Load Balancer supports Global VNet Peering and can load balance traffic across regions and availability zones.

Question 5

A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.

The company observes that the VPN disconnects from time to time.

You need to troubleshoot the cause for the disconnections.

What should you verify?

AThe partner's VPN device and VNetGW1 are configured using the same shared key.

BVNetGW1 has exceeded the subnet Security Association pairs.

CThe partner's VPN device and VNetGW1 are configured with the same virtual network address space.

DThe public IP address of the partner's VPN device is configured in the local network gateway address space on VNetGW1.

Answer : A

To troubleshoot the cause for the VPN disconnections between VNetGW1 and the partner site, you should verify that the partner's VPN device and VNetGW1 are configured using the same shared key.

Question 6

A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize objects from their Active Directory Domain Services (AD DS) domain.

You observe that AD DS objects are not synchronizing to Azure AD.

You need to verify that the staging mode is enabled.

What should you do?

AReview the history for the Azure AD Connect sync scheduled task.

BRun this PowerShell cmdlet: Get-ADSyncScheduler

CReview the triggers for the Azure AD Connect sync scheduled task.

DRun this PowerShell cmdlet: Get-ADSyncConnetorRunStatus

Answer : B

Azure AD Connect has a staging mode feature that allows you to install multiple sync servers for high availability or disaster recovery purposes. When staging mode is enabled on a sync server, it doesn't export any changes to Azure AD or your on-premises AD DS environment.

To verify that staging mode is enabled on a sync server, you can run the Get-ADSyncScheduler PowerShell cmdlet and check the value of StagingModeEnabled property. If it is True, then staging mode is enabled and no synchronization will occur.

Question 7

You need to resolve the issue with internet traffic from VM1 being routed directly to the internet.

What should you do?

AModify IP address prefix of RT12

BAssociate RT12 with Subnet1a.

CAssociate RT12 with Subnet2a.

DModify the next hop type of RT12.

Answer : B

This will ensure that the route table RT12, which has a route to direct internet traffic to the virtual network gateway VNG1, is applied to the subnet where VM1 is located. This will override the default route that sends internet traffic to the internet gateway.

Microsoft Troubleshooting Microsoft Azure Connectivity AZ-720 Exam Questions