Microsoft AZ-720 Exam Practice Test Instant Access

Question 1

A company has a virtual machine (VM) named VM1 in a virtual network. The company also uses Azure Firewall Standard.

An administrator creates application rules to filter outbound traffic from VM1 and configure fully qualified domain names (FQDN) on the application rules.

The administrator discovers that outbound traffic from VM1 to the FQDNs are not being filtered by the firewall.

You need to resolve the issue with filtering.

What should you do first?

AConfigure VM1 to use Azure Firewall as its DNS server.

BUpgrade to the Azure Firewall Premium SKU.

CCreate a DNAT rule to route traffic to VM1.

DConfigure the firewall for a negative cache.

Answer : A

1:Azure Firewall policy DNS settings2:Azure Firewall FQDN filtering in network rules

Question 2

A company has two subnet in a virtual network named VNe1m the subnet are named SubnetA and SubnetB. The company uses a site-to-site (S2) VPN in SubnetB to connect its on-premises environment to Azure.

You deploy an Azure SQL Database named SQL1. You configure a service endpoint in SubnetA for Microsft.SqL

AConfigure a DNS record for the private IP address of SQL1.

BConfigure a network security group (NSG) to allow port 1433 on SubnetA

CConfigure a service endpoint on SubnetB.

DDeploy a private endpoint for SQL1.

EDeploy an Azure ExpressRoute circuit for VNet1.

Answer : D

To allow the on-premises environment to access the Azure SQL Database named SQL1 over a site-to-site (S2S) VPN in SubnetB, you shoulddeploy a private endpoint for SQL1. A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Link allows you to access Azure PaaS services (for example, Azure Storage and SQL Database) and Azure-hosted customer/partner services over a private endpoint in your virtual network. So the correct answer isD. Deploy a private endpoint for SQL1.

You can find more information about private endpoints in theofficial Microsoft documentation.

Question 3

A company migrates existing Ubuntu Linux servers from their on-premises vSphere infrastructure to Azure.

The virtual machines (VMs) are experiencing a low network throughput of 20 Mbps. The VMs are expected to sustain 300 Mbps.

You need to ensure that the VMs are compatible with Azure.

Which change should you make?

AInstall a kernel name that ends with -azure.

BConfigure the network interfaces to 1000 Mbps/full duplex.

CRedeploy the VM with Accelerated Networking enabled.

DIncrease the TCP buffers and window size kernel parameters.

Answer : C

To ensure that Ubuntu Linux servers are compatible with Azure and to increase network throughput from 20 Mbps to 300 Mbps, you should redeploy the VM with Accelerated Networking enabled. Therefore, option C is correct. You should redeploy the VM with Accelerated Networking enabled.

Question 4

A company has two virtual networks (VNets) that reside in the same Azure region.

An administrator reports that virtual machines (VMs) in each VNet are unable to connect to VMs in the other VNet.

You need to configure a connection between the two networks that maximizes throughput and minimizes latency.

What should you do?

AConfigure a VPN gateway.

BCreate a site-to-site VPN connection.

CConfigure virtual network peering.

DCreate a point-to-site VPN connection.

Answer : C

To configure a connection between two virtual networks (VNets) that reside in the same Azure region that maximizes throughput and minimizes latency, you should configure virtual network peering. Therefore, option C is correct. You should configure virtual network peering.

Question 5

A company deploys ExpressRoute.

The company reports that there is an autonomous system (AS) number mismatch.

You need to identify the AS number of the circuit.

Which PowerShell cmdlet should you run?

AGet-AzExpressRouteCircuitPeeringConfig

BGet-AzExpressRouteCircuitStats

CGet-AzExpressRouteCircuitRouteTable

DGet-AzExpressRouteCircuit

Answer : D

To identify the AS number of the circuit when there is an autonomous system (AS) number mismatch in ExpressRoute, you should run the Get-AzExpressRouteCircuit PowerShell cmdlet. Therefore, option D is correct. You should run the Get-AzExpressRouteCircuit PowerShell cmdlet.

Question 6

A company uses Azure Site Recovery (ASR) to replicate and recover Azure virtual machines (VM) between Azure regions.

An administrator receives the following warning from ASR about a VM that uses P10 disks: Data change rate beyond supported limits

You add OS Disk Write Bytes/Sec and Data Disk Write Bytes/Sec to the list of metrics for monitoring. You discover that the VM consistently has a data churn of greater than 8 MB/s but less than 10 MB/s.

You need to resolve the issue.

What should you do?

AUninstall the Volume Shadow Copy Service (VSS) Provider service.

BUse AzCopy to upload data to a cache storage account.

CCreate a network service endpoint in a virtual network.

DUpgrade the target storage disk.

Answer : D

Azure Site Recovery has limits on data change rates depending on the type of disk used for replication. If a VM has a data change rate higher than the supported limit for its disk type, it can cause replication issues or errors. To resolve this issue, you can upgrade the target storage disk to a higher tier that supports higher data change rates.

Question 7

A company has an Azure Active Directory (Azure AD) tenant. The company deploys Azure AD Connect to synchronize objects from their Active Directory Domain Services (AD DS) domain.

You observe that AD DS objects are not synchronizing to Azure AD.

You need to verify that the staging mode is enabled.

What should you do?

AReview the history for the Azure AD Connect sync scheduled task.

BRun this PowerShell cmdlet: Get-ADSyncScheduler

CReview the triggers for the Azure AD Connect sync scheduled task.

DRun this PowerShell cmdlet: Get-ADSyncConnetorRunStatus

Answer : B

Azure AD Connect has a staging mode feature that allows you to install multiple sync servers for high availability or disaster recovery purposes. When staging mode is enabled on a sync server, it doesn't export any changes to Azure AD or your on-premises AD DS environment.

To verify that staging mode is enabled on a sync server, you can run the Get-ADSyncScheduler PowerShell cmdlet and check the value of StagingModeEnabled property. If it is True, then staging mode is enabled and no synchronization will occur.

Microsoft AZ-720 Troubleshooting Microsoft Azure Connectivity Exam Practice Test