Microsoft AZ-720 Exam Practice Questions (P. 3)
- Full Access (92 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #11
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Background -
Fabrikam Inc. runs an online reservation service that allows agents to manage online registrations for various hotels, vacation rentals, and customers.
Current environment -
Environments -
The company has on-premises infrastructure and services that are hosted in Azure. The on-premises infrastructure includes servers that run Active Directory Domain Services (AD DS). Azure services include virtual machines (VMs) that are in one subscription and the following environments: development, testing, and production. Each environment is located in a different virtual network (VNet).
The company has a perimeter network that supports connections to the internet. The perimeter network is also hosted in a separate VNet. All of the VNets are connected by using virtual network peering.
Virtual machines -
The company's subscription contains the following Azure virtual machines (VMs):
The Web Server (IIS) role is installed on VM4. The operating system firewall for each VM allows inbound ping requests.
Network security groups -
The company's subscription includes the following network security groups (NSGs):
Security rules -
NSG1, NSG2, NSGS, and NSG5 use the default inbound security rules. NSG4, NSG5, and NSG10 use the default outbound security rules.
NSG4 has the following inbound security rule:
NSG10 has the following inbound security rules:
Virtual network peering -
The virtual network peering connections are in the following table:
Virtual network gateway -
A virtual network gateway named VNetGW is provisioned in the perimeter network. The virtual network gateway will provide:
• Network routing to customer data centers using site-to-site VPN connections.
• Network routing to Azure for the scheduling agents and sales employees using a point-to-site VPN connection.
Information about the virtual network gateway is shown in the following table:
Site-to-site VPN connections -
The company's site-to-site VPN connections with customers are shown in the following table:
Point-to-site VPN configuration -
The point-to-site VPN is configured as shown in the following table:
Users and groups -
The company's user and group memberships are shown in the following table:
The scheduling agents, warehouse, and sales groups are members of the self-service password reset (SSPR) group named SSPR-group.
Azure AD Connect -
Azure AD Connect is installed on an on-premises server named SRV1. In addition:
• The server uses a pass-through authentication agent.
• The SSPR feature is enabled.
• The SSPR feature is applied only to a group named SSPR-group.
Network policy server -
Network Policy Server (NPS) is installed on an on-premises server named SRV2. The NPS extension for Azure AD multi-factor authentication (MFA) is configured on the server as well.
Requirements -
Business requirements -
• The scheduling agents' internet connectivity should be blocked when connected to the point-to-site VPN.
• Sales employees must use the default VPN client on MacOS computers to connect to Azure.
• Azure AD Connect must synchronize all user accounts from AD DS to Azure AD.
Technical requirements -
• Pass-through authentication is required for all users.
• Azure AD multi-factor authentication (MFA) is required for all users.
• All admin user accounts must be in an organizational unit (OU) named Admins.
Issues -
Resource issues -
• You discover during testing that scheduling agents are experiencing latency when accessing resources at the Alpine Ski House. You suspect that the issue is related to TCP latency.
• You receive reports that VM1 is unable to access resources at Contoso Suites.
• Users report issues connecting from VM3 to resources at Margie's Travel. The administrator for Margie's Travel has verified that their VPN gateway is working correctly. You need to verify whether the Fabrikam virtual network gateway is available.
• The administrator of a partner company named Blue Yonder Airlines reports VPN disconnections and IPSec failure to connect errors.
• You receive the following error on SRV1 only when trying to synchronize an administrator named Admin1: 8344 Insufficient access rights to perform the operation
• MFA requests on SRV2 are failing with a security token error.
• You are unable to ping VM10 from VM1.
User issues -
• A scheduling agent named User1 reports that they can access the internet when connected to the point-to-site VPN.
• A user named User2 reports the following error when registering for SSPR: Your administrator has not enabled you to use this feature.
• Sales team employees report that they are unable to connect by using point-to-site VPN.
• A scheduling agent named Agent1 reports issues authenticating to Azure AD.
• An administrator named Admin2 reports they cannot connect to the web server public IP address on VM4 from VM2.
You need to troubleshoot the issue reported by Blue Yonder Airlines.
Which diagnostic log should you review?
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Background -
Fabrikam Inc. runs an online reservation service that allows agents to manage online registrations for various hotels, vacation rentals, and customers.
Current environment -
Environments -
The company has on-premises infrastructure and services that are hosted in Azure. The on-premises infrastructure includes servers that run Active Directory Domain Services (AD DS). Azure services include virtual machines (VMs) that are in one subscription and the following environments: development, testing, and production. Each environment is located in a different virtual network (VNet).
The company has a perimeter network that supports connections to the internet. The perimeter network is also hosted in a separate VNet. All of the VNets are connected by using virtual network peering.
Virtual machines -
The company's subscription contains the following Azure virtual machines (VMs):
The Web Server (IIS) role is installed on VM4. The operating system firewall for each VM allows inbound ping requests.
Network security groups -
The company's subscription includes the following network security groups (NSGs):
Security rules -
NSG1, NSG2, NSGS, and NSG5 use the default inbound security rules. NSG4, NSG5, and NSG10 use the default outbound security rules.
NSG4 has the following inbound security rule:
NSG10 has the following inbound security rules:
Virtual network peering -
The virtual network peering connections are in the following table:
Virtual network gateway -
A virtual network gateway named VNetGW is provisioned in the perimeter network. The virtual network gateway will provide:
• Network routing to customer data centers using site-to-site VPN connections.
• Network routing to Azure for the scheduling agents and sales employees using a point-to-site VPN connection.
Information about the virtual network gateway is shown in the following table:
Site-to-site VPN connections -
The company's site-to-site VPN connections with customers are shown in the following table:
Point-to-site VPN configuration -
The point-to-site VPN is configured as shown in the following table:
Users and groups -
The company's user and group memberships are shown in the following table:
The scheduling agents, warehouse, and sales groups are members of the self-service password reset (SSPR) group named SSPR-group.
Azure AD Connect -
Azure AD Connect is installed on an on-premises server named SRV1. In addition:
• The server uses a pass-through authentication agent.
• The SSPR feature is enabled.
• The SSPR feature is applied only to a group named SSPR-group.
Network policy server -
Network Policy Server (NPS) is installed on an on-premises server named SRV2. The NPS extension for Azure AD multi-factor authentication (MFA) is configured on the server as well.
Requirements -
Business requirements -
• The scheduling agents' internet connectivity should be blocked when connected to the point-to-site VPN.
• Sales employees must use the default VPN client on MacOS computers to connect to Azure.
• Azure AD Connect must synchronize all user accounts from AD DS to Azure AD.
Technical requirements -
• Pass-through authentication is required for all users.
• Azure AD multi-factor authentication (MFA) is required for all users.
• All admin user accounts must be in an organizational unit (OU) named Admins.
Issues -
Resource issues -
• You discover during testing that scheduling agents are experiencing latency when accessing resources at the Alpine Ski House. You suspect that the issue is related to TCP latency.
• You receive reports that VM1 is unable to access resources at Contoso Suites.
• Users report issues connecting from VM3 to resources at Margie's Travel. The administrator for Margie's Travel has verified that their VPN gateway is working correctly. You need to verify whether the Fabrikam virtual network gateway is available.
• The administrator of a partner company named Blue Yonder Airlines reports VPN disconnections and IPSec failure to connect errors.
• You receive the following error on SRV1 only when trying to synchronize an administrator named Admin1: 8344 Insufficient access rights to perform the operation
• MFA requests on SRV2 are failing with a security token error.
• You are unable to ping VM10 from VM1.
User issues -
• A scheduling agent named User1 reports that they can access the internet when connected to the point-to-site VPN.
• A user named User2 reports the following error when registering for SSPR: Your administrator has not enabled you to use this feature.
• Sales team employees report that they are unable to connect by using point-to-site VPN.
• A scheduling agent named Agent1 reports issues authenticating to Azure AD.
• An administrator named Admin2 reports they cannot connect to the web server public IP address on VM4 from VM2.
You need to troubleshoot the issue reported by Blue Yonder Airlines.
Which diagnostic log should you review?
Question #12
Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Background -
Fabrikam Inc. runs an online reservation service that allows agents to manage online registrations for various hotels, vacation rentals, and customers.
Current environment -
Environments -
The company has on-premises infrastructure and services that are hosted in Azure. The on-premises infrastructure includes servers that run Active Directory Domain Services (AD DS). Azure services include virtual machines (VMs) that are in one subscription and the following environments: development, testing, and production. Each environment is located in a different virtual network (VNet).
The company has a perimeter network that supports connections to the internet. The perimeter network is also hosted in a separate VNet. All of the VNets are connected by using virtual network peering.
Virtual machines -
The company's subscription contains the following Azure virtual machines (VMs):
The Web Server (IIS) role is installed on VM4. The operating system firewall for each VM allows inbound ping requests.
Network security groups -
The company's subscription includes the following network security groups (NSGs):
Security rules -
NSG1, NSG2, NSGS, and NSG5 use the default inbound security rules. NSG4, NSG5, and NSG10 use the default outbound security rules.
NSG4 has the following inbound security rule:
NSG10 has the following inbound security rules:
Virtual network peering -
The virtual network peering connections are in the following table:
Virtual network gateway -
A virtual network gateway named VNetGW is provisioned in the perimeter network. The virtual network gateway will provide:
• Network routing to customer data centers using site-to-site VPN connections.
• Network routing to Azure for the scheduling agents and sales employees using a point-to-site VPN connection.
Information about the virtual network gateway is shown in the following table:
Site-to-site VPN connections -
The company's site-to-site VPN connections with customers are shown in the following table:
Point-to-site VPN configuration -
The point-to-site VPN is configured as shown in the following table:
Users and groups -
The company's user and group memberships are shown in the following table:
The scheduling agents, warehouse, and sales groups are members of the self-service password reset (SSPR) group named SSPR-group.
Azure AD Connect -
Azure AD Connect is installed on an on-premises server named SRV1. In addition:
• The server uses a pass-through authentication agent.
• The SSPR feature is enabled.
• The SSPR feature is applied only to a group named SSPR-group.
Network policy server -
Network Policy Server (NPS) is installed on an on-premises server named SRV2. The NPS extension for Azure AD multi-factor authentication (MFA) is configured on the server as well.
Requirements -
Business requirements -
• The scheduling agents' internet connectivity should be blocked when connected to the point-to-site VPN.
• Sales employees must use the default VPN client on MacOS computers to connect to Azure.
• Azure AD Connect must synchronize all user accounts from AD DS to Azure AD.
Technical requirements -
• Pass-through authentication is required for all users.
• Azure AD multi-factor authentication (MFA) is required for all users.
• All admin user accounts must be in an organizational unit (OU) named Admins.
Issues -
Resource issues -
• You discover during testing that scheduling agents are experiencing latency when accessing resources at the Alpine Ski House. You suspect that the issue is related to TCP latency.
• You receive reports that VM1 is unable to access resources at Contoso Suites.
• Users report issues connecting from VM3 to resources at Margie's Travel. The administrator for Margie's Travel has verified that their VPN gateway is working correctly. You need to verify whether the Fabrikam virtual network gateway is available.
• The administrator of a partner company named Blue Yonder Airlines reports VPN disconnections and IPSec failure to connect errors.
• You receive the following error on SRV1 only when trying to synchronize an administrator named Admin1: 8344 Insufficient access rights to perform the operation
• MFA requests on SRV2 are failing with a security token error.
• You are unable to ping VM10 from VM1.
User issues -
• A scheduling agent named User1 reports that they can access the internet when connected to the point-to-site VPN.
• A user named User2 reports the following error when registering for SSPR: Your administrator has not enabled you to use this feature.
• Sales team employees report that they are unable to connect by using point-to-site VPN.
• A scheduling agent named Agent1 reports issues authenticating to Azure AD.
• An administrator named Admin2 reports they cannot connect to the web server public IP address on VM4 from VM2.
You need to resolve the issue reported by the sales team employees.
What should you do?
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Background -
Fabrikam Inc. runs an online reservation service that allows agents to manage online registrations for various hotels, vacation rentals, and customers.
Current environment -
Environments -
The company has on-premises infrastructure and services that are hosted in Azure. The on-premises infrastructure includes servers that run Active Directory Domain Services (AD DS). Azure services include virtual machines (VMs) that are in one subscription and the following environments: development, testing, and production. Each environment is located in a different virtual network (VNet).
The company has a perimeter network that supports connections to the internet. The perimeter network is also hosted in a separate VNet. All of the VNets are connected by using virtual network peering.
Virtual machines -
The company's subscription contains the following Azure virtual machines (VMs):
The Web Server (IIS) role is installed on VM4. The operating system firewall for each VM allows inbound ping requests.
Network security groups -
The company's subscription includes the following network security groups (NSGs):
Security rules -
NSG1, NSG2, NSGS, and NSG5 use the default inbound security rules. NSG4, NSG5, and NSG10 use the default outbound security rules.
NSG4 has the following inbound security rule:
NSG10 has the following inbound security rules:
Virtual network peering -
The virtual network peering connections are in the following table:
Virtual network gateway -
A virtual network gateway named VNetGW is provisioned in the perimeter network. The virtual network gateway will provide:
• Network routing to customer data centers using site-to-site VPN connections.
• Network routing to Azure for the scheduling agents and sales employees using a point-to-site VPN connection.
Information about the virtual network gateway is shown in the following table:
Site-to-site VPN connections -
The company's site-to-site VPN connections with customers are shown in the following table:
Point-to-site VPN configuration -
The point-to-site VPN is configured as shown in the following table:
Users and groups -
The company's user and group memberships are shown in the following table:
The scheduling agents, warehouse, and sales groups are members of the self-service password reset (SSPR) group named SSPR-group.
Azure AD Connect -
Azure AD Connect is installed on an on-premises server named SRV1. In addition:
• The server uses a pass-through authentication agent.
• The SSPR feature is enabled.
• The SSPR feature is applied only to a group named SSPR-group.
Network policy server -
Network Policy Server (NPS) is installed on an on-premises server named SRV2. The NPS extension for Azure AD multi-factor authentication (MFA) is configured on the server as well.
Requirements -
Business requirements -
• The scheduling agents' internet connectivity should be blocked when connected to the point-to-site VPN.
• Sales employees must use the default VPN client on MacOS computers to connect to Azure.
• Azure AD Connect must synchronize all user accounts from AD DS to Azure AD.
Technical requirements -
• Pass-through authentication is required for all users.
• Azure AD multi-factor authentication (MFA) is required for all users.
• All admin user accounts must be in an organizational unit (OU) named Admins.
Issues -
Resource issues -
• You discover during testing that scheduling agents are experiencing latency when accessing resources at the Alpine Ski House. You suspect that the issue is related to TCP latency.
• You receive reports that VM1 is unable to access resources at Contoso Suites.
• Users report issues connecting from VM3 to resources at Margie's Travel. The administrator for Margie's Travel has verified that their VPN gateway is working correctly. You need to verify whether the Fabrikam virtual network gateway is available.
• The administrator of a partner company named Blue Yonder Airlines reports VPN disconnections and IPSec failure to connect errors.
• You receive the following error on SRV1 only when trying to synchronize an administrator named Admin1: 8344 Insufficient access rights to perform the operation
• MFA requests on SRV2 are failing with a security token error.
• You are unable to ping VM10 from VM1.
User issues -
• A scheduling agent named User1 reports that they can access the internet when connected to the point-to-site VPN.
• A user named User2 reports the following error when registering for SSPR: Your administrator has not enabled you to use this feature.
• Sales team employees report that they are unable to connect by using point-to-site VPN.
• A scheduling agent named Agent1 reports issues authenticating to Azure AD.
• An administrator named Admin2 reports they cannot connect to the web server public IP address on VM4 from VM2.
You need to resolve the issue reported by the sales team employees.
What should you do?
Question #13
HOTSPOT -
A company deploys an Azure Firewall. The company reports the following log entry:
For each of the following questions, select Yes or No.
NOTE: Each correct selection is worth one point.
A company deploys an Azure Firewall. The company reports the following log entry:
For each of the following questions, select Yes or No.
NOTE: Each correct selection is worth one point.
Question #15
HOTSPOT -
A company implements Windows and Linux VMs in an Azure Virtual Network. The company plans to apply routing changes to the virtual network.
You need to determine the impact of these changes on network latency affecting applications that use TCP and UDP traffic. The solution must provide the highest level of accuracy.
Which tools should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
A company implements Windows and Linux VMs in an Azure Virtual Network. The company plans to apply routing changes to the virtual network.
You need to determine the impact of these changes on network latency affecting applications that use TCP and UDP traffic. The solution must provide the highest level of accuracy.
Which tools should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
All Pages