Free Microsoft AZ-720 Exam Actual Questions

The questions for AZ-720 were last updated On Apr 4, 2025

At ValidExamDumps, we consistently monitor updates to the Microsoft AZ-720 exam questions by Microsoft. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the Microsoft Troubleshooting Microsoft Azure Connectivity exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by Microsoft in their Microsoft AZ-720 exam. These outdated questions lead to customers failing their Microsoft Troubleshooting Microsoft Azure Connectivity exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the Microsoft AZ-720 exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

 

Question No. 1

A company has two subnet in a virtual network named VNe1m the subnet are named SubnetA and SubnetB. The company uses a site-to-site (S2) VPN in SubnetB to connect its on-premises environment to Azure.

You deploy an Azure SQL Database named SQL1. You configure a service endpoint in SubnetA for Microsft.SqL

Show Answer Hide Answer
Correct Answer: D

To allow the on-premises environment to access the Azure SQL Database named SQL1 over a site-to-site (S2S) VPN in SubnetB, you shoulddeploy a private endpoint for SQL1. A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Link allows you to access Azure PaaS services (for example, Azure Storage and SQL Database) and Azure-hosted customer/partner services over a private endpoint in your virtual network. So the correct answer isD. Deploy a private endpoint for SQL1.

You can find more information about private endpoints in theofficial Microsoft documentation.


Question No. 2

A company has a pay-as-you-go subscription named Subl1.

The company has a virtual machine (VM) named VM1 in a subnet named Subnet1.

You create the following network security group (NSG) named NSG1 and associate it with Subnet1.

You observe that an application on VM1 is unable to send email to recipient outside the company

You need to resolve the issue.

What should you do?

Show Answer Hide Answer
Correct Answer: B

To resolve the issue where the application on VM1 is unable to send email to recipients outside the company, you should modify the NSG1 rule with a priority of 100 to allow outbound traffic on TCP port 587. The correct answer is therefore:


Question No. 3

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Configure a route table with route propagation disabled.

Does the solution meet the goal?

Show Answer Hide Answer
Correct Answer: B

The proposed solution of configuring a route table with route propagation disabled will not meet the goal of making the new subnet unreachable from the on-premises network.

Route tables in Azure are used to control traffic flow within a virtual network and between virtual networks. By default, each subnet in an Azure virtual network is associated with a system-generated route table, which contains a default route that enables traffic to flow to and from all the subnets within the virtual network.

Disabling route propagation in a custom route table would prevent any new routes from being propagated to the associated subnets. However, it would not prevent traffic from the on-premises network from reaching the new subnet since traffic between the virtual network and the on-premises network would still use the default route in the system-generated route table.

To meet the goal of making the new subnet unreachable from the on-premises network, you would need to create a new route table with a route that sends traffic destined for the new subnet to a null interface. This would cause the traffic to be dropped and the subnet to be effectively unreachable from the on-premises network.


Microsoft documentation on how to create a custom route table and associate it with a subnet: https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table#create-a-custom-route-table.

Microsoft documentation on how to configure a route to a null interface: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal#to-route-to-a-null-interface.

Question No. 4

A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:

OpenVPN for the tunnel type.

Azure certificate for the authentication type.

Users receive a certificate mismatch error when connecting by using a VPN client.

You need to resolve the certificate mismatch error.

What should you do?

Show Answer Hide Answer
Question No. 5

A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:

OpenVPN for the tunnel type.

Azure certificate for the authentication type.

Users receive a certificate mismatch error when connecting by using a VPN client.

You need to resolve the certificate mismatch error.

What should you do?

Show Answer Hide Answer