Free Microsoft AZ-720 Exam Actual Questions

The questions for AZ-720 were last updated On Nov 20, 2024

Question No. 1

A company has users in Azure Active Directory (Azure AD). The company enables the users to use Azure AD multi-factor authentication (MFA).

A user named User1 reports they receive the following error while setting up additional security verification settings for MFA:

Sorry! We can't process your request. Your session is invalid or expired. There was an error processing your request because your session is invalid or expired. Please try again.

You need to help the user complete the MFA setup.

What should you do?

Show Answer Hide Answer
Correct Answer: B

this error can occur when there are issues with cookies or cached data in the web browser. To resolve this issue, you can instruct the user to clear their web browser cache and try again.


Question No. 2

A company plans to implement ExpressRoute by using the provider connectivity model.

The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit.

You need to determine the provisioning state of the service provider.

Which PowerShell cmdlet should you run?

Show Answer Hide Answer
Question No. 3

A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Configure subnet delegation.

Does the solution meet the goal?

Show Answer Hide Answer
Correct Answer: B

The proposed solution, which is to configure subnet delegation, does not meet the goal of making the new subnet unreachable from the on-premises network. Subnet delegation is a mechanism to delegate management of a subnet to another resource such as a Network Virtual Appliance or a Service Endpoint. It does not provide any means to restrict or isolate a subnet from the rest of the network.

To meet the goal, you can use Network Security Groups (NSGs) to restrict traffic to and from the new subnet. NSGs allow you to define inbound and outbound security rules that specify the type of traffic that is allowed or denied based on different criteria such as source or destination IP address, protocol, port number, etc. By creating a custom NSG and defining rules that deny traffic to and from the new subnet, you can effectively make that subnet unreachable from the on-premises network.

Therefore, the correct answer is option B, 'No'.


https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Question No. 4

A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

Show Answer Hide Answer
Correct Answer: B

The Unsupported tab on the Just-in-Time VM access page in the Microsoft Defender for Cloud portal indicates that the VMs were provisioned by using a classic deployment Classic deployments were used in Azure before the deployment model was updated to Azure Resource Manager, which is now the preferred model for deploying and managing resources in Azure.


Question No. 5

A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-to-site connectivity on VNetGW1. An administrator configures VNetGW1 for the following:

OpenVPN for the tunnel type.

Azure certificate for the authentication type.

Users receive a certificate mismatch error when connecting by using a VPN client.

You need to resolve the certificate mismatch error.

What should you do?

Show Answer Hide Answer