Free AZ-720 Sample Questions — Troubleshooting Microsoft Azure Connectivity

A company deploys ExpressRoute. The company reports that there is an autonomous system (AS) number mismatch. You need to identify the AS number of the circuit. Which PowerShell cmdlet should you run?

• A. Get-AzExpressRouteCircuitStats
• B. Get-AzExpressRouteCircuitPeeringConfig
• C. Get-AzExpressRouteCircuitRouteTable
• D. Get-AzExpressRouteCircuit

A company has two subnets in a virtual network named VNet1. The subnets are named SubnetA and SubnetB. The company uses a site-to-site (S2S) VPN in SubnetB to connect its on-premises environment to Azure. You deploy an Azure SQL Database named SQL1. You configure a service endpoint in SubnetA for Microsoft SQL. On-premises users report that they are unable to access SQL1 by using a private IP address. You need to resolve the issue for the on-premises users. What should you do?

• A. Configure a DNS record for the private IP address of SQL1
• B. Configure a network security group (NSG) to allow port 1433 on SubnetA
• C. Configure a service endpoint on SubnetB
• D. Deploy a private endpoint for SQL1
• E. Deploy an Azure ExpressRoute circuit for VNet1

A company has an Azure Active Directory (Azure AD) tenant. The company provisions an Azure Active Directory Domain Services (Azure AD DS) instance. Users report that they are unable to sign into Azure AD DS after being provisioned from Azure AD. You verify the user accounts exist in Azure AD DS. You need to resolve the issue. What should you do?

• A. Delete the Azure application named AzureActiveDirectoryDomainControllerServices and then enable Azure AD DS again
• B. Instruct the users to change their password in Azure AD
• C. Delete the Azure application named Azure AD Domain Services Sync and then enable Azure AD DS again
• D. Deploy Azure AD Connect

A company implements self-service password reset (SSPR). After a firewall upgrade at the company's datacenter, SSPR stops working. You need to resolve the issue. Which two URLs must be present on the firewalls to allow SSPR to connect? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. *.update.microsoft.com
• B. *.servicebus.windows.net
• C. *.passwordreset.microsoftonline.com
• D. *.svc.ms
• E. *.adl.windows.com

A company plans to implement ExpressRoute by using the provider connectivity model. The company creates an ExpressRoute circuit. You are unable to connect to resources through the circuit. You need to determine the provisioning state of the service provider. Which PowerShell cmdlet should you run?

• A. Get-AzExpressRouteCircuitPeeringConfig
• B. Get-AzExpressRouteCircuitConnectionConfig
• C. Get-AzExpressRouteCircuitRouteTable
• D. Get-AzExpressRouteCircuit
• E. Get-AzExpressRouteCircuitARPTable

A company manages a solution that uses Azure Functions. A function returns the following error. Azure Functions Runtime is unreachable. You need to troubleshoot the issue. What are two possible causes of the issue? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. The function key was deleted
• B. The storage account application settings were deleted
• C. The execution quota is full
• D. The company did not configure a timer trigger
• E. The storage account for the function was deleted

A company deploys an Azure Virtual Network gateway. The company connects to the gateway by using a site-to-site VPN connection. The company's on-premises VPN gateway is reporting an issue with the Phase 1 proposal from the Azure Virtual Network gateway. You need to troubleshoot the issue by reviewing the logs. Which log should you analyze?

• A. GatewayDiagnosticLog
• B. P2SDiagnosticLog
• C. RouteDiagnosticLog
• D. IKEDiagnosticLog

A company has an on-premises application server that runs in System Center Virtual Machine Manager (SCVMM). The company configures Azure Site Recovery. An administrator at the company reports that they receive an error message. The error message indicates that there are replication issues. You need to troubleshoot the issue. Which log should you review?

• A. SCVMM debug log
• B. Network Security Group flow log
• C. Network Watcher diagnostic log
• D. Azure Monitor log

A company has a virtual machine (VM) named VM1 in a virtual network. The company also uses Azure Firewall Standard. An administrator creates application rules to filter outbound traffic from VM1 and configure fully qualified domain names (FQDN) on the application rules. The administrator discovers that outbound traffic from VM1 to the FQDNs are not being filtered by the firewall. You need to resolve the issue with filtering. What should you do first?

• A. Create a CNAME type DNS record that references the firewall
• B. Upgrade to the Azure Firewall Premium SKU
• C. Configure the firewall for a negative cache
• D. Configure VM1 to use Azure Firewall as its DNS server

A company has an Azure tenant. The company deploys an Azure firewall named FW1 to control access from an on-premises datacenter to an Azure virtual machine named VM1. The company troubleshoots ICMP connectivity from the on-premises datacenter to VM1. You are unable to ping VM1 from an on-premises server. You need to determine if ICMP connectivity to VM1 is allowed on FW1. What should you do?

• A. Use the ping command targeting the IP address of VM1 and review the Network rules log of FW1
• B. Use the ping command targeting the IP address of VM1 and review the command’s response
• C. Use the ping command targeting the IP address of VM1 and review the Infrastructure rules log of FW1
• D. Use the ping command targeting the fully qualified domain name of VM1 and review the command’s response