Exam AZ-720: Troubleshooting Microsoft Azure Connectivity
Candidates who have familiarity with networking and hybrid settings, as well as an understanding of routing, permissions, and account restrictions, should take Exam AZ-720: Troubleshooting Microsoft Azure Connectivity. The exam requires the ability to detect problems with business continuity, hybrid environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control, networking, and virtual machine connection using accessible tools.
Exam knowledge areas:
- Candidates for the Azure Support Engineer for Connectivity Specialty certification are support engineers with subject matter knowledge in employing advanced troubleshooting methods to fix networking and connectivity issues in Azure.
- Secondly, professionals in this area have the skills to troubleshoot issues with Azure Virtual Machines, virtual networks, and connections between on-premises and Azure services in hybrid settings.
- They diagnose and uncover root causes for complicated situations using a variety of methods and technology.
Exam Details
- There are 40-60 questions in the Microsoft AZ-720 exam.
- Questions on the Microsoft AZ-720 can be:
- scenario-based single-answer questions,
- multiple-choice questions, arrange in the correct sequence type questions
- drag & drop questions
- mark review
- drag, and drop
- A candidate must, however, achieve a score of 700 or better in order to pass the exam. Furthermore, the exam is only offered in English and will cost you $165 USD.
Exam Course Outline
To assist in better preparation for the AZ-720 exam, Microsoft provides a course outline that covers the major sections. This includes the following:
1. Troubleshoot business continuity issues (5–10%)
Troubleshoot backup issues
- review and interpret backup logs
- troubleshoot Azure virtual machines backup issues including restarting a failed backup job
- troubleshoot issues with Azure Backup agents
- troubleshooting Azure Backup Server issues
- checking scheduled backups
Check recovery issues
- troubleshooting Azure Site Recovery issues
- check site recovery in hybrid scenarios that include Hyper-V, VMware ESX, or System Center Configuration, Manager
- troubleshooting restore issues when using Azure Backup Agent, Azure backup, or Azure Backup Server
- check issues recovering files from an Azure virtual machine backup
2. Troubleshoot hybrid and cloud connectivity issues (20–25%)
Troubleshooting virtual network (VNet) connectivity
- troubleshooting virtual private network (VPN) gateway transit issues
- check hub-and-spoke VNet configuration issues
- troubleshooting global VNet peering connectivity issues
- check peered connections
Troubleshooting name resolution issues
- check name resolution for scenarios that use Azure-provided name resolution
- troubleshoot name resolution for scenarios that use custom DNS servers
- review and interpret DNS audit logs
- troubleshooting name resolution for Azure private DNS zones
- check issues with DNS records at public DNS providers
- diagnose domain delegation issues
Troubleshoot point-to-site virtual private network (VPN) connectivity
- troubleshoot Windows VPN client configuration issues
- check OpenVPN VPN client configuration issues
- troubleshoot macOS VPN client configuration issues
- troubleshooting issues with certificate-based VPN connections
- check issues with RADIUS-based VPN connections
- troubleshooting Azure Active Directory (Azure AD) authentication issues
Troubleshooting site-to-site virtual private network connectivity
- review and interpret network logs and captured network traffic from a VPN gateway
- determine the root cause for latency issues within site-to-site VPNs
- review and interpret gateway configuration scripts
- reset a VPN gateway
- troubleshoot gateway issues by running Log Analytics queries
Troubleshoot Azure ExpressRoute connectivity issues
- determine whether routes are live and correctly configured
- validate the peering configuration for an ExpressRoute circuit
- reset an ExpressRoute circuit
- troubleshoot route filtering
- troubleshoot custom-defined routes
- determine the root cause for latency issues related to ExpressRoute
3. Troubleshoot Platform as a Service issues (5–10%)
Check PaaS services
- troubleshooting issues connecting to a PaaS
- troubleshoot firewalls for PaaS services
- troubleshooting PaaS configuration issues
- determine the root cause for service-level throttling
Troubleshooting PaaS integration issues
- troubleshooting issues integrating PaaS services with virtual networks
- check subnet delegation issues
- troubleshooting issues with private endpoints and service endpoints
- troubleshoot issues with Azure Private Link
4. Troubleshoot authentication and access control issues (15–20%)
Troubleshoot Azure AD authentication
- determine why on-premises systems cannot connect to Azure resources
- troubleshooting Azure AD configuration issues
- troubleshoot self-service password reset issues
- troubleshooting issues with multifactor authentication
Check hybrid authentication
- troubleshooting Azure AD Connect synchronization issues
- check Azure AD to Active Directory Domain Services (Azure AD DS) integration issues
- troubleshooting connectivity issues between Azure AD and Active Directory Federation Services (AD FS)
- troubleshoot issues with pass-through authentication and password hash synchronization
- troubleshooting Azure AD Application Proxy connectivity issues
Diagnosing authorization issues
- troubleshooting role-based access control (RBAC) issues
- troubleshoot issues storing encrypted passwords in Azure Key Vault
- troubleshooting sign-in issues related to Azure AD Conditional Access policies
5. Troubleshoot networks (25–30%)
Troubleshoot Azure network security issues
- determine why Azure Web Application Firewall is blocking traffic
- troubleshoot encryption and certificate issues for point-to-site and site-to-site scenarios
- check connectivity to secure endpoints
Troubleshooting Azure network security groups (NSGs)
- diagnose NSG configuration issues
- review and interpret NSG flow logs
- determine whether a VM or a group of VMs is associated with an application security group (ASG)
Troubleshooting Azure Firewall issues
- troubleshooting an application, network, and infrastructure rules
- troubleshoot network address translation (NAT) and distributed network address translation (DNAT) rules
- troubleshooting Azure Firewall Manager configuration issues
Diagnosing latency issues
- determine the root cause for VM-level throttling
- deciding the root cause for latency issues when connecting to Azure virtual machines
- determining the root cause for throttling between source and destination resources
- troubleshoot bandwidth availability issues
- determine whether resource response times meet service-level agreements (SLAs)
Troubleshoot routing and traffic control
- review and interpret route tables
- troubleshooting asymmetric routing
- troubleshooting issues with user-defined routes
- troubleshoot issues related to forced tunneling
- troubleshooting Border Gateway Protocol (BGP) issues
- troubleshoot virtual network peering, transitive routing, and service chaining
- troubleshooting routing configuration issues in Azure
Troubleshooting load-balancing issues
- determine whether VMs in a load-balanced cluster are healthy
- troubleshoot issues with Azure Load Balancer
- review and interpret load balancer rules
- troubleshoot traffic distribution issues
- evaluate the configuration of Azure Traffic Manager
- troubleshoot issues with Azure Traffic Manager profiles
- troubleshooting port exhaustion issues
- troubleshoot issues with Azure Front Door
- troubleshooting issues with Azure Application Gateway
6. Troubleshoot VM connectivity issues (5–10%)
Diagnosing Azure Bastion
- troubleshooting issues deploying Azure Bastion
- check connectivity issues
- troubleshoot authorization issues
Troubleshooting just-in-time (JIT) VM access
- validate connectivity with a VM
- troubleshoot Microsoft Defender for Cloud configuration issues
- determine which resources are authorized to use JIT VM access
AZ-720: Troubleshooting Microsoft Azure Connectivity Exam FAQs
Exam Policies
All test-related facts and information, as well as exam-giving methods, are contained in the Microsoft Certification exam policies. According to these exam policies, certain rules must be followed during exam time or at testing venues. The following are some of them:
- Exam retake policy
- According to this rule, candidates who fail the exam for the first time must wait 24 hours before retaking it. During this time, they can reschedule the exam on the certification dashboard.
- Secondly, they may be asked to wait at least 14 days before taking the exam again if this happens a second time. However, a 14-day waiting period is imposed between the third and fourth attempts, as well as the fourth and fifth attempts.
- Candidates, on the other hand, are limited to five attempts per year. In addition, the 12-month period begins with the first attempt.
- Exam reschedule and the cancellation policy
- Candidates must reschedule and cancel exam appointments at least 24 hours before the appointment. Furthermore, those who reschedule or cancel less than 24 hours before the appointment will forfeit their exam money.
- Additionally, if candidates used a voucher purchased by their company, their company may be penalized if they postpone or cancel an appointment less than 24 hours before it.
Study Guide for Microsoft AZ-720 Exam
1. Exam objectives
Candidates must be familiarized with the exam objectives in order to get a head start on the Microsoft AZ-720 exam preparation. The exam objectives for the Microsoft AZ-720 exam contain essential subjects that will help you understand the major portions. This exam assesses your technical ability to do the following tasks:
- Troubleshoot business continuity issues
- Troubleshoot hybrid and cloud connectivity issues
- Troubleshooting Platform as a Service issues
- Troubleshoot authentication and access control issues
- Troubleshooting network
- Troubleshoot VM connectivity issues
So, examine the exam guide to gain a better understanding of the topics and to boost your preparation.
2. Microsoft Learning Path
Microsoft provides you with a learning path that includes modules to assist you in studying for your exams. To discover everything you need to know about the AZ-720 test and to study for it, go to the Microsoft official website. Candidates will also learn from the modules covered in this course in terms of improved learning subjects and passing exams. However, the test learning path includes the following:
Azure Support Engineer for Connectivity Specialty
When working with cloud-based assets, networking is essential. This learning path goes through the many connectivity difficulties that a network engineer could go against, as well as the troubleshooting techniques to fix them.
Prerequisites:
- Demonstrating:
- understanding of the OSI model and Azure CLI
- understanding of PowerShell
- Knowing the process of running Cloud Shell to run commands
Modules include:
- Troubleshoot business continuity with Microsoft Azure:
- This module walks you through some of the challenges you could run into when troubleshooting Azure backup and recovery.
- Troubleshoot name resolution issues in Microsoft Azure:
- This module examines challenges with name resolution for public, private, and internal networks that link to Azure.
- Troubleshoot cloud and hybrid connectivity in Microsoft Azure:
- Microsoft ExpressRoute, Azure virtual networks, and Azure Virtual WAN are all used to troubleshoot cloud and hybrid connections. This module allows you to manage and troubleshoot various network setups to meet the demands of your company.
- Troubleshoot platform-as-a-service issues in Microsoft Azure:
- To get the most out of Azure PaaS services, you need to be able to resolve connection issues quickly and efficiently, both across PaaS services and between on-premises users.
- Troubleshoot authentication and access control issues in Microsoft Azure:
- To provide excellent security, Microsoft Azure uses a sophisticated authentication and access control mechanism. Self-service password reset, multifactor authentication, hybrid integration, and passwordless authentication are all options for Azure Active Directory (AD) authentication.
- Troubleshoot network security issues with Microsoft Azure:
- Monitor the network issues in a virtual network involving WAF, NSG, Azure Firewall, and latency.
- Troubleshoot connectivity issues with virtual machines in Microsoft Azure:
- With Azure Bastion and just-in-time access to Virtual Machines, you can troubleshoot deployment, connection, and permission issues.
- Troubleshoot VPN gateways in Microsoft Azure:
- The usage of Virtual Private Networks (VPNs) and network setup are critical to the success of collaborative working. We’ll look at how to monitor and troubleshoot site-to-site and point-to-site VPNs in this section.
3. Microsoft Docs
The Microsoft documentation is a knowledge base that contains in-depth information regarding the test subjects covered in the AZ-720 exam. You may also learn about the various sizes of different Azure services by reading Microsoft documentation. This is made up of courses that will help you learn lots about the many services and ideas included in the test.
4. Online Study Groups
Candidates might profit from online study groups when it comes to studying for tests. Joining study groups, in other words, will keep you in touch with experts and professionals who have previously walked this path. This group can also be used to discuss any test-related problems or issues, as well as to prepare for the AZ-720 exam.
5. Practice Tests
Practice examinations are essential for improving your knowledge. You will learn about your weak and strong areas by assessing yourself with Microsoft AZ-720 practice exams. You will also be able to enhance your response abilities, which will help you to save time on the test. After you’ve completed a full topic, it’s advisable to take the AZ-720 exam practice tests. This will also help with revision efficiency. Go ahead to find the best practice exam tests to help you prepare for the certification exam.