Question No. 1

A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:

OpenVPN for the tunnel type.

Azure certificate for the authentication type.

Users receive a certificate mismatch error when connecting by using a VPN client.

You need to resolve the certificate mismatch error.

What should you do?

AConfigure the tunnel type for IKEv2 and OpenVPN on VNetGW1.

BCreate a profile manually, add the server FQDN and reissue the client certificate.

CInstall a Secure Socket Tunneling Protocol (SSTP) VPN client on the user's computers.

DConfigure preshared key for authentication on the VPN profile.

Show Answer

Correct Answer: B

To resolve the certificate mismatch error, you should create a profile manually, add the server FQDN and reissue the client certificate.According to1, when you use OpenVPN for tunnel type on point-to-site VPN connections, you need to ensure that your client certificates have the correct server FQDN as one of their subject alternative names (SANs). Otherwise, you will receive a certificate mismatch error when connecting by using a VPN client.

Question No. 2

A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.

Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.

You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.

You discover that FlowLog1 is not reporting outbound flow traffic.

You need to resolve the issue with FlowLog1.

What should you do?

AEnable FlowLog1 in a network security group associated with the subnet of VM1.

BConfigure the FlowTimeoutInMinutes property on VNet2 to a non-null value.

CConfigure the FlowTimeoutInMinutes property on VNet1 to a non-null value.

DConfigure FlowLog1 for version 2.

Show Answer

Correct Answer: A

According to2, when FastPath is enabled on an ExpressRoute gateway, network traffic between your on-premises network and your virtual network bypasses the gateway and goes directly to virtual machines in the virtual network. Therefore, if you want to capture outbound flow traffic from VM1, you need to enable flow logging on an NSG associated with the subnet of VM1.

Question No. 3

You need to troubleshoot the CosmosDB1 issues from the on-premises environment. What should you use?

Aroute command

BNetwork Watcher next hop diagnostic tool

CNetwork Watcher Connection troubleshoot diagnostic tool

Dnslookup command

Show Answer

Correct Answer: C

This tool helps you troubleshoot network connectivity issues from a virtual machine to a given endpoint.It tests for reachability from the virtual machine to the endpoint and provides information about why a connection fails1. In this case, you can use this tool to troubleshoot the connectivity issues from the on-premises environment to CosmosDB1.

Question No. 4

A company deploys the Azure Application Gateway Web Application Firewall (WAF) to protect their web applications.

Users in a remote office location report the following issues:

Unable to access part of a web application.

Part of the web application is failing to load.

Parts of the web application has activities that are not performing as expected.

You need to troubleshoot the issue.

Which diagnostic log should you review?

APerformance

BFirewall

CAccess

DAzure Activity

Show Answer

Correct Answer: B

To troubleshoot the issue, you should review the Firewall diagnostic log.According to2, Azure Application Gateway Web Application Firewall (WAF) logs requests that are logged through either detection or prevention mode of an application gateway that is configured with WAF. You can use this log to view and analyze blocked requests and identify false positives or false negatives.

Question No. 5

A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).

A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:

Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.

You need to help the user complete the MFA setup.

What should you do?

AFrom the Microsoft 365 Admin portal, clear the Block this user from signing in option for the user.

BInstruct the user to complete the setup process within 10 minutes.

CInstruct the user to enter the correct verification code.

DInstruct the user to clear their web browser cache.

EFrom the Azure AD portal, reset the user's password.

Show Answer

Correct Answer: B

this error can occur when there are issues with cookies or cached data in the web browser. To resolve this issue, you can instruct the user to clear their web browser cache and try again.

Free Microsoft AZ-720 Exam Actual Questions

The questions for AZ-720 were last updated On Nov 6, 2024