• Home
  • Articles
  • 121 Q&As in UPDATED AZ-720 Exam Questions Certification Test Engine to PDF [Q65-Q86]

121 Q&As in UPDATED AZ-720 Exam Questions Certification Test Engine to PDF [Q65-Q86]

Share

121 Q&As in UPDATED AZ-720 Exam Questions Certification Test Engine to PDF

Get The Important Preparation Guide With AZ-720 Dumps


The Microsoft AZ-720 exam covers a range of topics, including network security groups, virtual networks, VPN gateways, and Azure ExpressRoute. Candidates are expected to have a strong understanding of Azure networking concepts and tools, as well as experience with troubleshooting connectivity issues in a real-world environment. AZ-720 exam is ideal for network administrators, system administrators, and other IT professionals who want to demonstrate their expertise in Azure networking.

 

NEW QUESTION # 65
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables
backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
Solution: Configure the retention range for the current VM backup policy.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: A


NEW QUESTION # 66
A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer
named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.
The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2.
Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.
The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the
following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address
of LB1 are failing.
You need to resolve the issue.
What should you do?

  • A. Add an NSG1 rule with the source set to VirtualNetwork.
  • B. Change the health probe associated with Rule1 to use HTTP.
  • C. Change the health probe associated with Rule1 to use TCP.
  • D. Add an NSG1 rule with the source set to AzureLoadBalancer.

Answer: B


NEW QUESTION # 67
A company uses Azure Backup Server to back up re deployed in an availability group.
The company reports that a backup operation for a database fails. The following error message displays:
Unable to configure protection.
You need to ensure that the backup operation runs successfully.
What should you do?

  • A. Run the following command on the backup server: net stop OBEngine
  • B. Add a partitioned drive to the storage pool on the backup server.
  • C. Configure the availability group replicas to allow read and write operations on the SQL Server instance.
  • D. Add the Sysadmin role to the system account on the SQL Server instance.

Answer: D

Explanation:
To ensure that the backup operation for a database in an availability group using Azure Backup Server runs successfully, you should add the Sysadmin role to the system account on the SQL Server instance. The system account on the SQL Server instance must have the Sysadmin role to perform backup operations. So the correct answer is B. Add the Sysadmin role to the system account on the SQL Server instance.
You can find more information about Azure Backup Server and its requirements in the official Microsoft documentation.


NEW QUESTION # 68
A company has two virtual networks (VNets) that reside in the same Azure region.
An administrator reports that virtual machines (VMs) in each VNet are unable to connect to VMs in the other VNet.
You need to configure a connection between the two networks that maximizes throughput and minimizes latency.
What should you do?

  • A. Create a site-to-site VPN connection.
  • B. Create a point-to-site VPN connection.
  • C. Configure virtual network peering.
  • D. Configure a VPN gateway.

Answer: A


NEW QUESTION # 69
A company uses an Azure blob container.
The IT department has a service-level agreement (SLA) that requests on average cannot exceed 20 milliseconds.
You need to implement a log analytics query to generate the SLA report.
How should you complete the query?

Answer:

Explanation:


NEW QUESTION # 70
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?

  • A. Install a kernel name that ends with -azure.
  • B. Increase the TCP buffers and window size kernel parameters.
  • C. Redeploy the VM with Accelerated Networking enabled.
  • D. Configure the network interfaces to 1000 Mbps/full duplex.

Answer: C

Explanation:
To ensure that Ubuntu Linux servers are compatible with Azure and to increase network throughput from 20 Mbps to 300 Mbps, you should redeploy the VM with Accelerated Networking enabled. Therefore, option C is correct. You should redeploy the VM with Accelerated Networking enabled.


NEW QUESTION # 71
A company uses an Azure Backup agent to back up specific files and folder from an Azure virtual machine (VM) and an on-premises VM.
An administrator reports that the backup job fails on both VMs. Errors are returned in Microsoft Azure Recovery Services (MARS).
You need to troubleshoot the backup issues.
Which troubleshooting solution should you use?

Answer:

Explanation:


NEW QUESTION # 72
A company implements self-service password reset (SSPR).
After a firewall upgrade at the company's datacenter, SSPR stops working.
You need to resolve the issue.
Which two URLs must be present on the firewalls to allow SSPR to connect?

  • A. *.svc.ms
  • B. *.passwordreset. microsoftonline.com
  • C. *.adl.windows.com
  • D. *.update.microsoft.com
  • E. *.servicebus.windows.net

Answer: B,E

Explanation:
Self-service password reset (SSPR) is a feature in Azure Active Directory (Azure AD) that allows users to reset their passwords on their own. To ensure that SSPR works correctly, certain URLs must be accessible from the user's network. These URLs include *.passwordreset.microsoftonline.com and *.svc.ms, which are used for SSPR authentication and service communications.


NEW QUESTION # 73
A company connects an on-premises network to an Azure virtual network by using ExpressRoute.
The ExpressRoute connection is experiencing higher than normal latency.
You need to confirm the traffic flow.
How should you complete the PowerShell command?

Answer:

Explanation:


NEW QUESTION # 74
You need to resolve the VM2 routing issue.
What should you do?

  • A. Add a network interface to VM1.
  • B. Add a network interface to VM2.
  • C. Modify the IP configuration setting of the Azure network interface resource of VM1.
  • D. Modify the IP configuration setting of the Azure network interface resource of VM2.

Answer: D

Explanation:
To resolve the VM2 routing issue, you should modify the IP configuration setting of the Azure network interface resource of VM2. This will ensure that VM2 can communicate with other resources in the virtual network.
Troubleshooting connectivity problems between Azure VMs involves several steps such as checking whether NIC is misconfigured, whether network traffic is blocked by NSG or UDR, whether network traffic is blocked by VM firewall, whether VM app or service is listening on the port and whether the problem is caused by SNAT1.
Fabrikam Inc. runs an online reservation service that allows agents to manage online registrations for various hotels, vacation rentals, and customers.
The company has on-premises infrastructure and services that are hosted in Azure. The on-premises infrastructure includes servers that run Active Directory Domain Services (AD DS). Azure services include virtual machines (VMs) that are in one subscription and the following environments: development, testing, and production. Each environment is located in a different virtual network (VNet).
The company has a perimeter network that supports connections to the internet. The perimeter network is also hosted in a separate VNet All of the VNets are connected by using virtual network peering.

The company's subscription contains the following Azure virtual machines (VMs):

The Web Server (IIS) role is installed on VM4 The operating system firewall for each VM allows inbound ping requests.
The company's subscription includes the following network security groups (NSGs):

NSG1, NSG2. NSG3, and NSG5 use the default inbound security rules. NSG4. NSG5. and NSG10 use the default outbound security rules. NSG4 has the following inbound security rule:

NSG10 has the following inbound security rules:

Network Policy Server (NPS) is installed on an on-premises server named SRV2. The NPS extension for Azure AD multi-factor authentication (MFA) is configured on the server as well.
The virtual network peering connections are in the following table.

You provision a virtual network gateway named VNetGW in the perimeter network. The virtual network gateway uses SKU VpnGw1 and the public IP address 16.4.4.4 The virtual network gateway will provide:
* Network routing to customer data centers using site-to-site VPN connections.
* Network routing to Azure for the scheduling agents and sales employees using a point-to-site VPN connection.
The company's site-to-site VPN connections with customers are shown in the following table.

The point-to-site VPN is configured as shown in the following table;

The company's user and group memberships are shown in the following table:

The scheduling agents, warehouse, and sales groups are members of the self-service password reset (SSPR) group named SSPR-group.
Azure AD Connect is installed on an on-premises server named SRV1. In addition;
* The server uses a pass-through authentication agent.
* The SSPR feature is enabled
* The SSPR feature is applied only to a group named SSPR-group
* The scheduling agents' internet connectivity must be blocked when connected to the point-to-site VPN.
* Sales employees must use the default VPN client on MacOS computers to connect to Azure.
* Azure AD Connect must synchronize all user accounts from AD DS to Azure AD.
* Pass-through authentication is required for all users.
* Azure AD multi-factor authentication (MFA) is requited for all users.
* All admin user accounts must be in an organizational unit (OU) named Admins.


NEW QUESTION # 75
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.
The company reports that the Azure VM backup job is failing.
You need to troubleshoot the issue.
What should you do?

  • A. Create a new manual backup in Backup center.
  • B. Enable replication and create a recovery plan for the backup vault.
  • C. Run chkdsk on the VM.
  • D. Install the VM guest agent with administrative permissions.
  • E. Configure the retention range of the current backup policy for the VM.

Answer: D


NEW QUESTION # 76
A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.
An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.
You need to resolve the issue.
How should you complete the command?

Answer:

Explanation:


NEW QUESTION # 77
A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a
site-to-site VPN connection.
The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure
Virtual Network gateway.
You need to troubleshoot the issue by reviewing the logs.
Which log should you analyze?

  • A. IKEDiagnosticLog
  • B. GatewayDiagnosticLog
  • C. RouteDiagnosticLog
  • D. P2SDiagnosticLog

Answer: A


NEW QUESTION # 78
A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.
The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to
sustain 300 Mbps.
You need to ensure that the VMs are compatible with Azure.
Which change should you make?

  • A. Redeploy the VM with Accelerated Networking enabled.
  • B. Install a kernel name that ends with -azure.
  • C. Increase the TCP buffers and window size kernel parameters.
  • D. Configure the network interfaces to 1000 Mbps/full duplex.

Answer: D


NEW QUESTION # 79
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:
OpenVPN for the tunnel type.
Azure certificate for the authentication type.
Users receive a certificate mismatch error when connecting by using a VPN client.
You need to resolve the certificate mismatch error.
What should you do?

  • A. Reissue the client certificate with server authentication enabled.
  • B. Create a profile manually, add the server FQDN and reissue the client certificate.
  • C. Reissue the client certificate with client authentication enabled.
  • D. Install an IKEv2 VPN client on the user's computers.

Answer: B


NEW QUESTION # 80
A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).
An administrator receives an error that password writeback cloud not be enabled during the Azure AD Connect configuration. The administrator observes the following event log error:
Error getting auth token
You need to resolve the issue.
Solution: Restart the Azure AD Connect service.
Does the solution meet the goal?

  • A. Yes
  • B. No

Answer: A


NEW QUESTION # 81
A company uses Azure Site Recovery (ASR) for a VMware environment that includes the following virtual machines (VMs):

The company reports that they are unable to configure all of the servers for replication.
You need to evaluate the servers and server roles to determine which servers can be protected.
Which server can you protect by using ASR?

  • A. VM3
  • B. VM2
  • C. VM1
  • D. VM4

Answer: A


NEW QUESTION # 82
A company deploys an Azure Firewall. The company reports the following log entry:

For each of the following questions, select Yes or No.

Answer:

Explanation:


NEW QUESTION # 83
A company enables just-in-time (JIT) virtual machine (VM) access in Azure.
An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.
You need to determine why some VMs are not supported for JIT VM access.
What should you conclude?

  • A. The client firewall does not allow port 3389 on the VMs.
  • B. The administrator is using the Microsoft Defender for Cloud free tier.
  • C. The administrator does not have the SecurityReader role.
  • D. A network security group is not associated with the VMs.

Answer: D


NEW QUESTION # 84
A company uses an Azure VPN gateway with an IP address of 203.0.113.20.
Users report that the VPN connection frequently drops.
You need to determine when each connection failure occurred.
How should you complete the Azure Monitor query?

Answer:

Explanation:


NEW QUESTION # 85
A company uses Azure Site Recovery for their on-premises Hyper-V servers. The company manages servers by using System Center Virtual Machine Manager (SCVMM).
An administrator reports that replication to the secondary site has failed.
You need to inspect the SCVMM logs and configuration files.

Answer:

Explanation:


NEW QUESTION # 86
......

Prepare With Top Rated High-quality AZ-720 Dumps For Success in Exam: https://www.vcedumps.com/AZ-720-examcollection.html

Get Totally Free Updates on AZ-720 Dumps PDF Questions: https://drive.google.com/open?id=1CS_2MsKetoZ2fTDSzEKcqzJwMP1dp1OS

Related Articles

more
Microsoft AZ-720 Certification Practice Exam

VCEDumps is a joint venture for provding vce files free and valid dumps pdf. We guarantee VCEDumps dumps pdf help you pass exam 100% for sure. Not Valid, Full Refund!

Latest VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 VCEDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
VCEDumps material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
VCEDumps website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
VCEDumps offers only Probable Questions and Answers. VCEDumps offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. VCEDumps does not own or claim any ownership on any of the brands. The site www.vcedumps.com is in no way affiliated with SAP SE.