Free Microsoft AZ-720 Exam Actual Questions

The questions for AZ-720 were last updated On Apr 27, 2025

At ValidExamDumps, we consistently monitor updates to the Microsoft AZ-720 exam questions by Microsoft. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the Microsoft Troubleshooting Microsoft Azure Connectivity exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by Microsoft in their Microsoft AZ-720 exam. These outdated questions lead to customers failing their Microsoft Troubleshooting Microsoft Azure Connectivity exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the Microsoft AZ-720 exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

 

Question No. 1

You need to troubleshoot the issue with SRV2.

Which PowerShell cmdlet should you run?

Show Answer Hide Answer
Correct Answer: D

To troubleshoot the issue with SRV2, you need to run the Get-MsolServicePrincipalCredential PowerShell cmdlet, which returns the credentials that are associated with a service principal in Azure AD. The service principal is an identity that represents an application or a service that interacts with Azure AD. In this case, the service principal is used by the NPS extension for Azure AD MFA to communicate with Azure AD and perform MFA requests. The credentials of the service principal include a certificate and a key that are used to authenticate the service principal to Azure AD. If the credentials are expired or invalid, the MFA requests will fail with a security token error. To resolve this issue, you need to renew the credentials of the service principal by using the New-MsolServicePrincipalCredential cmdlet.


Question No. 2

A company plans to implement ExpressRoute by using the provider connectivity model.

The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit.

You need to determine the provisioning state of the service provider.

Which PowerShell cmdlet should you run?

Show Answer Hide Answer
Question No. 3

A company has a virtual machine (VM) named VM1 in a virtual network. The company also uses Azure Firewall Standard.

An administrator creates application rules to filter outbound traffic from VM1 and configure fully qualified domain names (FQDN) on the application rules.

The administrator discovers that outbound traffic from VM1 to the FQDNs are not being filtered by the firewall.

You need to resolve the issue with filtering.

What should you do first?

Show Answer Hide Answer
Question No. 4

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Configure a route table with route propagation disabled.

Does the solution meet the goal?

Show Answer Hide Answer
Correct Answer: B

The proposed solution of configuring a route table with route propagation disabled will not meet the goal of making the new subnet unreachable from the on-premises network.

Route tables in Azure are used to control traffic flow within a virtual network and between virtual networks. By default, each subnet in an Azure virtual network is associated with a system-generated route table, which contains a default route that enables traffic to flow to and from all the subnets within the virtual network.

Disabling route propagation in a custom route table would prevent any new routes from being propagated to the associated subnets. However, it would not prevent traffic from the on-premises network from reaching the new subnet since traffic between the virtual network and the on-premises network would still use the default route in the system-generated route table.

To meet the goal of making the new subnet unreachable from the on-premises network, you would need to create a new route table with a route that sends traffic destined for the new subnet to a null interface. This would cause the traffic to be dropped and the subnet to be effectively unreachable from the on-premises network.


Microsoft documentation on how to create a custom route table and associate it with a subnet: https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-custom-route-table.

Microsoft documentation on how to configure a route to a null interface: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal#to-route-to-a-null-interface.

Question No. 5

A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.

The company observes that the VPN disconnects from time to time.

You need to troubleshoot the cause for the disconnections.

What should you verify?

Show Answer Hide Answer
Correct Answer: A

To troubleshoot the cause for the VPN disconnections between VNetGW1 and the partner site, you should verify that the partner's VPN device and VNetGW1 are configured using the same shared key.