New Microsoft AZ-720 Exam Dumps [2023] Latest Study Materials For Troubleshooting Microsoft Azure Connectivity Exam

1. Topic 1, Contoso Ltd, Case Study

Background

Contoso, Ltd. is a financial services company based in Boston. MA, United States. Contoso hires you to manage their Azure environment and resolve several operational issues.

General

Contoso's Azure environment contains the following resources. All resources are associated with the same subscription and are located in the East US region. Users connect to resources from Windows 10 computers by using the built-in SSTP VPN software.

Recent changes

The company implements the following changes:

Extend the IP address space of VNet1 and create subnets in the new IP address space. Allow users with computers that run the current version of MacOS to use the built-in VPN client for connecting to the point-to-site VPN.

Enable a service endpoint on contosostoragel to provide direct access to the storage content from all Configure all business critical VM workloads to use encryption keys stored in all five key vaults.

Enable a private endpoint on CosmbsDBT to provide direct access to its content from VNetl.

Develop an automated process to deploy Azure VMs by using A2ure Bicep. The passwords for the local administrator accounts are stored in the key vaults. You grant the team that initiates the deployment the Reader RBAC role to all key vaults.

Deploy a multi-tier SharePoint Server environment into a subnet in VNet2. You implement network security groups (NSGs) to allow only specific ports between tiers in the subnet. You configure NSGs to use application security groups (ASGs) when designating the source and destination of cross-tier traffic.

Deploy a secondary multi-tier SharePoint Server environment into a subnet in VNet3.

Requirements

General requirements

You must adhere to the principle of least privilege when granting access to resources.

Reverse DNS lookup

You must identify the reason for the differences between reverse DNS lookup results in the

hub and the spoke networks and recommend a solution that provides the reverse DNS lookup in the format [vmnameJ.contoso.com for all three virtual networks.

Public DNS lookup

You must verify that the Azure public DNS rone is currently used to resolve DNS name requests for www.contoso.com and recommend.a solution that uses the Azure public DNS zone.

Windows VPN

You must verify if VPN client connectivity issues are related to routing and recommend a solution.

MacOS VPN

You must verify if Remote ID and local ID VPN client settings on the MAcOS devices are properly configured.

Azure Storage connectivity

You must resolve the issues with the SMB-mounts from VNet2 and VNet3 as well as ensure that on- premises connections to contosostorage are successful. Your solution must ensure that, whenever possible, network traffic does not traverse public internet.

Cosmos DB connectivity

You must verify if on-premises connections to ContosoDB1 are using the CosmosDB1 public endpoint. You need to recommend a solution if connections are not using private endpoints.

DNS issues

Reverse DNS lookups from VNetl return two records. One DNS record is in the format

[vmname].contoso.com and the other DNS record is in the format

[vmname].internal.cloudapp.net. Reverse DNS lookups from VNet2 and VNet3 return DNS

names in the format

[vmname].internal.cloudapp.net.

VMs on each virtual network can only resolve reverse DNS lookup names of VMs on the same virtual network.

Public DNS lookup

You are notified that name resolution requests for www,contoso.com are using the DNS zone hosted by the DNS registrar where the zone was originally created.

Connectivity and routing issues

Window VPN

Windows VPN clients cannot connect to Azure VMs on the subnets recently added to VNet1.

Sales department VPN.

The sales department users connect by using the MacOs VPN client.

Azure Storage Connectivity

Server Message Block (SMB)-mount from VMs on VNet2 and VNet3 to file shares In contosostorage1 are failing

Azure Storage Explorer connection using access keys from on-premses computer to

contosostorage1 are failing

Cosmos DB connectivity

You observe that connections to ConsomosDB1 from the on-premises environment are using the CosmosDB1 public endpoint. However connections to CosmosDB1 from the on-premises environment should be using the private endpoint. You verify that connections to

CosmosDB1 from VNet1 are using the private endpoint.

Azure Key vault

Access attempts to Azure Key vault oy VM workloads intermittently fail with the HTTP response code 429. You must identify the reason for the failures and recommend a solution.

SharePoint

SharePoint In VNet2

SharePoint traffic between tiers is blocked by NSGs which is causing application failures. You need to identify the NSG rules that are blocking traffic. You also need to collect the data that is blocked by the NSG rules. The solution must minimize administrative effort.

SharePoint in VNet3.

ASGs used in the NSG rules associated with the VNet2 subnet are not visible when configuring NSG rules in VNet3. You need to create NSG rules for VNet3 with the same name, source and destination settings that are configured for the NSG associated with VNet2. The solution must minimize administrative effort.

Permission issues

Azure Biccp

You must identify the minimum privileges required to provision Azure VMs using Azure Bicep.

Data engineering team

You must identify the role-based access control (RBAQ roles required by the data engineering team to access the storage account by using Azure portal. The team requires minimum permissions to backup and restore blobs in contosostorage1. The Contoso data engineering tearn.js unable to view the contosostorage1 account in the Azure portal.

Azure VM deployment

Azure VM deployments that uses Azure Bicep are failing with an authorization error. The error indicates three are insufficient access permissions retrieve password of the local administrator account in the key vault.

VM1 and VM2

RT12 must be configured to route internal traffic from VM1 through VM2. You observe that internet traffic from VM1 is routed directly to the internet.

VM2

You configure VM2 to route internet traffic from VM1. After configuring RT12 to route internet traffic from VM1 through VM2, traffic reaches VM2 but then it is dropped. You that routing for VM2 is configured correctly.

HOTSPOT

You need to troubleshoot and resolve the reverse DNS lookup issues.

What should you do? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.

2. You need to resolve the VM2 routing issue.

What should you do?

3. HOTSPOT

You need to resolve the connectivity issue with the on-premises database named CosmosDB1.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. HOTSPOT

You need to resolve the Azure virtual machine (VM) deployment issues.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

5. HOTSPOT

You need to troubleshoot the sales department issues.

How should you configure the system? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

6. HOTSPOT

You need to troubleshoot and resolve the public DNS lookup issues.

What should you do? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.

7. HOTSPOT

You need to troubleshoot the Azure Key Vault issues.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

8. You need to resolve the issue with internet traffic from VM1 being routed directly to the internet.

What should you do?

9. You need to troubleshoot the CosmosDB1 issues from the on-premises environment.

What should you use?

10. HOTSPOT

You need to troubleshoot the issues with the SharePoint workload in VNet2.

What should you do? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.

11. HOTSPOT

You need to resolve the issue.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

12. HOTSPOT

You need to troubleshoot and resolve issues reported for contosostorage1.

What should you do? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.

13. HOTSPOT

You need to troubleshoot and resolve the reverse VPN connectivity issues.

What should you do? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.

14. Topic 2, Misc. Questions Set

HOTSPOT

A company creates an Azure resource group named RG1.

RG1 has an Azure SQL Database logical server named sqlsvr1 that hosts the following resources:

An administrator grants a user named User1 the Reader RBAC role in RG1. The administrator grants User2 the Contributor role in sqlsvr1.

User1 reports that they can connect to SQLDB1 from the IP address 155.127.95.212. User1 cannot connect to SQLDB2. User2 can connect to both SQLDB1 and SQLDB2 from the IP address 121.19.27.18. Both users can successfully connect to SQLDB1 and SQLDB2 from VM1.

You are helping the administrator troubleshoot the issue. You run the following PowerShell command:

Get-AzSqlServerFirewallRule -ResourceGroupName 'RG1' -ServerName 'sqlsvr1'

The following output displays:

You need to identify the cause for the reported issue and resolve User1's issues. The solution must satisfy the principle of least privilege.

What should you do?

15. A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).

A new subnet should be unreachable from the on-premises network.

You need to implement a solution.

Solution: Scale the gateway to Generation2.

Does the solution meet the goal?

16. A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

17. HOTSPOT

A company uses public Azure DNS zones.

The company reports DNS record creation and name resolution issues.

You need to troubleshoot the issues.

What are the causes of the issues?

18. HOTSPOT

A company named Contoso connects to Azure PaaS services using Azure Private Link. The company has a virtual network named contoso-vn in a resource group named contoso-rg.

An engineer modifies the Private Link service by using Azure CLI. They are unable to use a source IP address from a subnet named default.

You need to resolve the issue.

How should you complete the command?

19. A company uses Azure Backup Server to back up re deployed in an availability group.

The company reports that a backup operation for a database fails. The following error message displays:

Unable to configure protection.

You need to ensure that the backup operation runs successfully.

What should you do?

20. HOTSPOT

A company develops an Azure Cosmos DB solution.

The solution has the following components:

✑ A virtual network named VNet1 in a resource group named RG1.

✑ A subnet named Subnet1 in VNet1.

✑ A Private Link service.

The company is unable to configure a source IP address for the Private Link service from Subnet1.

You need to resolve the issue for Subnet1.

How should you complete the PowerShell commands?

21. HOTSPOT

A company uses Azure Active Directory (Azure AD) for authentication. The company synchronizes Azure AD with an on-premises Active Directory domain.

The company reports that an Azure AD object fails to sync.

You need to determine which objects are not syncing.

Which troubleshooting steps should you use to diagnose the failure?

22. A company manages a solution that uses Azure Functions.

A function returns the following error: Azure Function Runtime is unreachable.

You need to troubleshoot the issue.

What are two possible causes of the issue?

23. A company has an ExpressRoute gateway between their on-premises site and Azure. The ExpressRoute gateway is on a virtual network named VNet1. The company enables FastPath on the gateway. You associate a network security group (NSG) with all of the subnets.

Users report issues connecting to VM1 from the on-premises environment. VM1 is on a virtual network named VNet2. Virtual network peering is enabled between VNet1 and VNet2.

You create a flow log named FlowLog1 and enable it on the NSG associated with the gateway subnet.

You discover that FlowLog1 is not reporting outbound flow traffic.

You need to resolve the issue with FlowLog1.

What should you do?

24. HOTSPOT

A company attempts to implement just-in-time (JIT) access for a virtual machine (VM) named VM1.

The company reports that they are unable to complete the process.

You need to implement JIT access and test the deployment.

Which PowerShell cmdlets should you run?

25. A company enables just-in-time (JIT) virtual machine (VM) access in Azure.

An administrator observes a list of VMs on the Unsupported tab of the JIT VM access page in the Microsoft Defender for Cloud portal.

You need to determine why some VMs are not supported for JIT VM access.

What should you conclude?

26. A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.

The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Create a new manual backup in Backup center.

Does the solution meet the goal?

27. DRAG DROP

You manage an Azure point-to-site (P2S) VPN deployment. All users connect regularly from their personal Windows computer through a P2S VPN by using certificate-based authentication.

A new user attempts to establish a P25S VPN connection.

The user receives the following error message:

A certificate could not be found that can be used with this Extensible Authentication protocol. (Error 798)

You need to assists the user with resolving the certificate issue.

What should you do? To answer, drag the appropriate locations to the correct task. Each location maybe used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

28. A company uses an Azure Virtual Network (VNet) gateway named VNetGW1. VNetGW1 connects to a partner site by using a site-to-site VPN connection with dynamic routing.

The company observes that the VPN disconnects from time to time.

You need to troubleshoot the cause for the disconnections.

What should you verify?

29. A customer has an Azure Virtual Network named VNet1 that contains an internal standard SKU load balancer named LB1. The backend pool for LB1 includes the following virtual machines: VM1, VM2.

The customer configures a rule named Rul1 to load balance incoming HTTPS requests for VM1 and VM2. Rule1 is associated with an HTTPS health probe. The path for the probe is set to /.

The network adapters of VM1 and VM2 are associated with a network security named NSG1 that contains the following rules:

You connect to https://VM1 and https://VM2 from VNet1. Attempts to connect using the front-end IP address of LB1 are failing.

You need to resolve the issue.

What should you do?

30. A company uses Azure AD Connect. The company plans to implement self-service password reset (SSPR).

An administrator receives an error that password writeback could not be enabled during the Azure AD Connect configuration.

The administrator observes the following event log error:

Error getting auth token

You need to resolve the issue.

What should you do?

31. A company has virtual machines (VMs) in the following Azure regions:

✑ West Central US

✑ Australia East

The company uses ExpressRoute private peering to provide connectivity to VMs hosted on each region and on-premises services.

The company implements global VNet peering between a VNet in each region. After configuring VNet peering, VM traffic attempts to use ExpressRoute private peering.

You need to ensure that traffic uses global VNet peering instead of ExpressRoute private peering. The solution must preserve existing on-premises connectivity to Azure VNets.

What should you do?

32. HOTSPOT

A company deploys Azure Traffic Manager load balancing for an Azure App Service solution.

Load balancing performance is showing a degraded status after deployment, and new HTTPS probes are failing to reach the Traffic Manager endpoints.

You need to troubleshoot the probe failure.

How should you complete the PowerShell script?

33. A company plans to use an Azure PaaS service by using Azure Private Link service. The azure Private Link service and an endpoint have been configured.

The company reports that the endpoint is unable to connect to the service.

You need to resolve the connectivity issue.

What should you do?

34. A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal.

The company reports that the Azure VM backup job is failing.

You need to troubleshoot the issue.

Solution: Install the VM guest agent by using administrative permissions.

Does the solution meet the goal?

35. A company deploys ExpressRoute.

The company reports that there is an autonomous system (AS) number mismatch.

You need to identify the AS number of the circuit.

Which PowerShell cmdlet should you run?