Valid AZ-720 Dumps shared by PassLeader for Helping Passing AZ-720 Exam! PassLeader now offer the newest AZ-720 VCE dumps and AZ-720 PDF dumps, the PassLeader AZ-720 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-720 dumps with VCE and PDF here: https://www.passleader.com/az-720.html (85 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader AZ-720 dumps from Cloud Storage: https://drive.google.com/drive/folders/1Flhcxzh4f_QtpElCoUoPUVjR6yKAOCMl
NEW QUESTION 1
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network. You need to implement a solution.
Solution: Configure subnet delegation.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 2
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue.
Solution: Install the VM guest agent by using administrative permissions.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 3
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR). An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error: “Error: getting auth token”. You need to resolve the issue.
Solution: Use a global administrator account that is not federated to configure Azure AD Connect.
Does the solution meet the goal?
A. Yes
B. No
Answer: A
NEW QUESTION 4
A company deploys an ExpressRoute circuit. You need to verify accepted peering routes from the ExpressRoute circuit. Which PowerShell cmdlet should you run?
A. Get-AzExpressRouteCrossConnectionPeering
B. Get-AzExpressRouteCircuit
C. Get-AzExpressRouteCircuitPeeringConfig
D. Get-AzExpressRouteCircuitRouteTable
E. Get-AzExpressRouteCircuitStats
Answer: A
NEW QUESTION 5
A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured. The company reports that the endpoint is unable to connect to the service. You need to resolve the connectivity issue. What should you do?
A. Disable the endpoint network policies.
B. Validate the VPN device.
C. Approve the connection state.
D. Disable the service network policies.
Answer: D
NEW QUESTION 6
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
– OpenVPN for the tunnel type.
– Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error. What should you do?
A. Reissue the client certificate with client authentication enabled.
B. Create a profile manually, add the server FQDN and reissue the client certificate.
C. Reissue the client certificate with server authentication enabled.
D. Install an IKEv2 VPN client on the user’s computers.
Answer: B
NEW QUESTION 7
A company hosts a network virtual appliance (VNA) and Azure Route Server in different virtual networks (VNets). Border Gateway Protocol (BGP) peering is enabled between the NVA loses internet connectivity after it advertises the default route to the route server. You need to resolve the problem with the NVA. What should you do?
A. Configure a user-defined route on the NVA subnet.
B. Move the route server to the same VNet as the NVA.
C. Configure a unique autonomous system number (ASN) on the NVA.
D. Configure a public IP address on the route server.
Answer: C
NEW QUESTION 8
A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets. Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2. You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet. You discover that FlowLog1 is not reporting outbound flow traffic. You need to resolve the issue with FlowLog1. What should you do?
A. Configure FlowLog1 for version 2.
B. Create the storage account for FlowLog1 as a premium block blob.
C. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.
D. Enable FlowLog1 in a network security group associated with the network interface of VM1.
Answer: A
NEW QUESTION 9
A company has an Azure Active Directory (Azure AD) tenant. The company provisions an Azure Active Directory Domain Services (Azure AD DS) instance. Users report that they are unable to sign into Azure AD DS after being provisioned from Azure AD. You verify the user accounts exist in Azure AD DS. You need to resolve the issue. What should you do?
A. Delete the Azure application named AzureActiveDirectoryDomainControllerServices and then enable Azure AD DS again.
B. Deploy Azure AD Connect.
C. Delete the Azure application named Azure AD Domain Services Sync and then enable Azure AD DS again.
D. Instruct the users to change their password in Azure AD.
Answer: D
NEW QUESTION 10
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize objects from their Active Directory Domain Services (AD DS) domain. You observe that AD DS objects are not synchronizing to Azure AD. You need to verify that the staging mode is enabled. What should you do?
A. Review the history for the Azure AD Connect sync scheduled task.
B. Run this PowerShell cmdlet: Get-ADSyncScheduler.
C. Review the triggers for the Azure AD Connect sync scheduled task.
D. Run this PowerShell cmdlet: Get-ADSyncConnetorRunStatus.
Answer: B
NEW QUESTION 11
A company has on-premises application server that runs in System Center Virtual Machine Manager (SCVMM). The company configures Azure Site Recovery. An administrator at the company reports that they receive an error message. The error message indicates that there are replication issues. You need to troubleshoot the issue. Which log should you review?
A. Network Security Group flow log.
B. Azure Monitor log.
C. Network Watcher diagnostic log.
D. SCVMM debug log.
Answer: A
NEW QUESTION 12
A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between Azure regions. An administrator receives the following warning from ASR about a VM that uses P10 disks: “Data change rate beyond supported limits”. You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s. You need to resolve the issue. What should you do?
A. Uninstall the Volume Shadow Copy Service (VSS) Provider service.
B. Use AzCopy to upload data to a cache storage account.
C. Create a network service endpoint in a virtual network.
D. Upgrade the target storage disk.
Answer: D
NEW QUESTION 13
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue. What should you do?
A. Create a new manual backup in Backup center.
B. Run chkdsk on the VM.
C. Configure the retention range of the current backup policy for the VM.
D. Install the VM guest agent with administrative permissions.
E. Enable replication and create a recovery plan for the backup vault.
Answer: D
NEW QUESTION 14
A company enables just-in-time (JIT) virtual machine (VM) access in Azure. An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal. You need to determine why some VMs are not supported for JIT VM access. What should you conclude?
A. The administrator is using the Microsoft Defender for Cloud free tier.
B. The VMs were provisioned by using a classic deployment.
C. The VMs were recently provisioned by using an Azure Resource Manager deployment.
D. The administrator does not have the SecurityReader role.
Answer: B
NEW QUESTION 15
A company deploys ExpressRoute. The company reports that there is an autonomous system (AS) number mismatch. You need to identify the AS number of the circuit. Which PowerShell cmdlet should you run?
A. Get-AzExpressRouteCircuitPeeringConfig
B. Get-AzExpressRouteCircuitStats
C. Get-AzExpressRouteCircuitRouteTable
D. Get-AzExpressRouteCircuit
Answer: B
NEW QUESTION 16
A company has two virtual networks (VNets) that reside in the same Azure region. An administrator reports that virtual machines (VMs) in each VNet are unable to connect to VMs in the other VNet. You need to configure a connection between the two networks that maximizes throughput and minimizes latency. What should you do?
A. Configure a VPN gateway.
B. Create a site-to-site VPN connection.
C. Configure virtual network peering.
D. Create a point-to-site VPN connection.
Answer: B
NEW QUESTION 17
A company deploys a new file sharing application on four Standard_D2_v3 virtual machines (VMs) behind an Azure Load Balancer. The company implements Azure Firewall. Users report that the application is slow during peak usage periods. An engineer reports that the peak usage for each VM is approximately 1 Gbps. You need to implement a solution that support a minimum of 10 Gbps. What should you do to increase the throughput?
A. Request an increase in networking quotas.
B. Increase the size of the VM instance.
C. Disable the Azure Firewall and implement network security groups in its place.
D. Move two of the servers behind a separate load balancer and configure round robin routing in Traffic Manager.
Answer: D
NEW QUESTION 18
A company uses an Azure VPN gateway to connect to their on-premises environment. The company’s on-premises VPN gateway is used by several services. One service is experiencing connectivity issues. You need to minimize downtime for all services and resolve the connectivity issue. Which three actions should you perform? (Choose three.)
A. Configure the hashing algorithm to be different on both gateways.
B. Rest the VPN gateway.
C. Configure the pre-shared key to be the same on the Azure VPN gateway and the on-premises VPN gateways.
D. Rest the VPN connection.
E. Configure the hashing algorithm to be the same on both gateways.
F. Configure the pre-shared key to be different on the Azure VPN gateway and the on-premises VPN gateways.
Answer: CEF
NEW QUESTION 19
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway. An administrator reports that communication between applications across the VNets is failing. You need to troubleshoot the issue. Which two features can you use to achieve the goal? (Choose two.)
A. IP flow verify.
B. AzureNetworkWatchExtension.
C. Next hop.
D. Network Watcher topology.
E. NSG flow logs.
Answer: AC
NEW QUESTION 20
A company manages a solution that uses Azure Functions. A function returns the following error: Azure Function Runtime is unreachable. You need to troubleshoot the issue. What are two possible causes of the issue? (Choose two.)
A. The execution quota is full.
B. The company did not configure a timer trigger.
C. The storage account application settings were deleted.
D. The function key was deleted.
E. The storage account for the function was deleted.
Answer: BC
NEW QUESTION 21
A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize users from an Active Directory Domain Services (AD DS). The synchronization of a user object is failing. You need to troubleshoot the failing synchronization by using a built-in Azure AD Connect troubleshooting task. Which two pieces of information should you collect before you start troubleshooting? (Choose two.)
A. Object common name.
B. AD connector name.
C. Object globally unique identifier.
D. Azure AD connector name.
E. Object distinguished name.
Answer: CD
NEW QUESTION 22
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication. A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine: “A certificate could not be found”. You need to resolve the issue. Which three actions should you perform? (Choose three.)
A. Configure an Azure Active Directory (Azure AD) tenant.
B. Install a root certificate on the user’s device.
C. Generate a root certificate.
D. Install a client certificate on the VPN gateway.
E. Enable Azure AD authentication on the gateway.
F. Generate a client certificate.
G. Install a client certificate on the user’s device.
Answer: ACE
NEW QUESTION 23
HotSpot
A company develops an Azure Cosmos DB solution. The solution has the following components:
– A virtual network named VNet1 in a resource group named RG1.
– A subnet named Subnet1 in VNet1.
– A Private Link service.
The company is unable to configure a source IP address for the Private Link service from Subnet1. You need to resolve the issue for Subnet1. How should you complete the PowerShell commands?
Answer:
NEW QUESTION 24
HotSpot
A company has an Azure environment that uses one virtual network. The company restructures the environment to use two different virtual networks. Virtual machines in one network cannot communicate with virtual machines in the other virtual network. You need to re-establish a connection between virtual machines in the two networks. How should you configure the networks?
Answer:
NEW QUESTION 25
Drag and Drop
A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups. The customer configures a resource group named RG1 that contains the following resources:
– A virtual machine named VM1.
– A network interface named NIC1 that is attached to VM1.
The customer grants a user named Admin1 the following permission for RG1: Microsoft.Security/locations/jitNetworkAccessPolicies/write. Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab. You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege. Which three actions should you recommend be performed in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
NEW QUESTION 26
Drag and Drop
A company has an Azure virtual network (VNet). An administrator creates a subet in the VNet named AzureSastionSubnet. The administrator deploys Azure Bastion to AzureBastionSubnet. The administrator creates a default network security group named nsg-Bastion. The following error message display when the administrator attempts to assign nsg-Bastion to AzureBastionSubnet: “Network security group nsg-Bastion does not have necessary rules for Azure Bastion Subnet”. You need to resolve the issues with the inbound security rules. Which port or set of ports should you configure?
Answer:
NEW QUESTION 27
……
Get the newest PassLeader AZ-720 VCE dumps here: https://www.passleader.com/az-720.html (85 Q&As Dumps)
And, DOWNLOAD the newest PassLeader AZ-720 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1Flhcxzh4f_QtpElCoUoPUVjR6yKAOCMl