AZ-720 Online Practice Questions and Answers

HOTSPOT

A company implements Azure Firewall and deploys an Azure Firewall policy.

The policy incudes multiple application and network rules for the company's infrastructure. After deployment, an application is not accessible from on-premises computers.

You need to enable diagnostic logging for the following settings:

1.

AzureFirewallApplicationRule

2.

AzureFirewallNetworkRule

3.

AzureFirewallDnsProxy

How should you complete the PowerShell cmdlet?

Hot Area:

DRAG DROP

A customer has an Azure subscription. Microsoft Defender for servers is enabled for the subscription. The customer has not configured network security groups.

The customer configures a resource group named RG1 that contains the following resources:

1.

A virtual machine named VM1.

2.

A network interface named NIC1 that is attached to VM1.

The customer grants a user named Admin1 the following permission for RG1:

Microsoft.Security/locations/jitNetworkAccessPolicies/write.

Admin1 reports that the JIT VM access pane in the Azure portal does not show any entries. When you view the same pane, VM1 appears on the Unsupported tab.

You need to ensure that Admin1 can enable just-in-time (JIT) VM access for VM1. The solution must adhere to the principle of least privilege.

Which three actions should you recommend be performed in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

A. The administrator is using the Microsoft Defender for Cloud free tier.

B. The VMs were provisioned by using a classic deployment.

C. The administrator does not have the SecurityReader role.

D. The administrator does not have permissions to request JIT access to the VMs.

A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

A. The administrator is using the Microsoft Defender for Cloud free tier.

B. The VMs were provisioned by using a classic deployment.

C. The VMs were recently provisioned by using an Azure Resource Manager deployment.

D. The administrator does not have the SecurityReader role.

A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group

(NSG) with all of the subnets.

Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.

You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.

You discover that FlowLog1 is not reporting outbound flow traffic.

You need to resolve the issue with FlowLog1.

What should you do?

A. Enable FlowLog1 in a network security group associated with the subnet of VM1.

B. Configure the FlowTimeoutInMinutes property on VNet2 to a non-null value.

C. Configure the FlowTimeoutInMinutes property on VNet1 to a non-null value.

D. Configure FlowLog1 for version 2.

A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.

The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Enable replication and create a recovery plan for the backup vault.

Does the solution meet the goal?

A. Yes

B. No

You manage an Azure subscription that contains the following resources:

An on-premises environment is connected to VNet1 by using ERGW1.

An administrator measures network latency for on-premises traffic that targets VM1 and VM2 by using the front-end IP address of the load balancer. The administrator enables ExpressRoute FastPath on ERGW1 and observes that the

latency has not changed.

You need to resolve the issue that is preventing the network latency improvements offered by ExpressRoute FastPath from taking effect.

What should you do?

A. Redeploy the load balancer as a Standard SKU.

B. Change the SKU for the ExpressRoute gateway.

C. Resize VM1 and VM2.

D. Enable accelerated networking on VM1 and VM2

A company has a pay-as-you-go subscription named Subl1.

The company has a virtual machine (VM) named VM1 in a subnet named Subnet1.

You create the following network security group (NSG) named NSG1 and associate it with Subnet1.

You observe that an application on VM1 is unable to send email to recipient outside the company

You need to resolve the issue.

What should you do?

A. Configure the protocol for the NSG1 rule with priority of 100 to TCP.

B. Configure the source and destination ports for the NSG1 rule with a priority of 100 to 587.

C. Migrate Sub1 to a cloud service provider subscription

D. Remove the NSG1 rule with a priority of 2000.

E. Assign NSG1 to the network interface on VM1.

A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a site-to-site VPN connection.

The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure Virtual Network gateway.

You need to resolve the issue reported by the sales team employees.

What should you do?

A. Download the Azure VPN client configuration.

B. Enable IKEv2 on the virtual network gateway.

C. Configure custom routes for the client VPN.

D. Upgrade the virtual network gateway to the VpnGw2 SKU.

E. Install the certificate exported from another client computer.

You need to resolve the issue with internet traffic from VM1 being routed directly to the internet. What should you do?

A. Modify IP address prefix of RT12

B. Associate RT12 with Subnet1a.

C. Associate RT12 with Subnet2a.

D. Modify the next hop type of RT12.