100+ Free Azure AZ-720 Practice Questions
Pass your Troubleshooting Microsoft Azure Connectivity (AZ-720) exam on the first try — instant access, no signup required.
You need to verify whether traffic from a specific source IP can reach a destination IP and port on an Azure VM through all configured NSGs and route tables. Which Network Watcher tool should you use?
Key Facts: Azure AZ-720 Exam
700/1000
Passing Score
Microsoft
100 min
Exam Duration
Microsoft
$165
Exam Fee (US)
Microsoft
6 domains
Skill Areas
Microsoft AZ-720 outline
25-30%
Largest Domain
Troubleshoot networks
Jul 31, 2023
Retirement Date
Microsoft Learn
AZ-720 is Microsoft's specialty exam for Azure connectivity troubleshooting. It uses a 700/1000 passing score, runs about 100 minutes, costs US$165 in the United States, and is delivered by Pearson VUE. Microsoft retired the exam on July 31, 2023, but its objectives remain a strong reference for Azure support engineers. The official skills outline weights Troubleshoot networks at 25-30%, Hybrid and cloud connectivity at 20-25%, Authentication and access control at 15-20%, with Business continuity, PaaS, and VM connectivity each at 5-10%.
Sample Azure AZ-720 Practice Questions
Try these sample questions to test your Azure AZ-720 exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.
1You need to verify whether traffic from a specific source IP can reach a destination IP and port on an Azure VM through all configured NSGs and route tables. Which Network Watcher tool should you use?
2A user reports that an Azure VM cannot reach a public web service. After running IP Flow Verify the result shows that traffic is denied by a rule named DefaultOutboundDenyAll. Where should you look to fix this?
3You need to view the actual NSG rules applied to a network interface, including merged rules from both subnet-level and NIC-level NSGs. Which feature provides this view?
4NSG flow logs version 2 are being ingested into a Log Analytics workspace. Which Azure feature processes the raw flow logs into traffic insights and visualizations?
5You need to determine the next hop that Azure will use for a packet leaving an Azure VM destined for an on-premises subnet. Which Network Watcher tool gives this answer?
6Which statement about Azure route precedence is correct?
7You configure an NSG rule with priority 200 to deny all inbound traffic on port 3389 and another rule with priority 100 to allow 3389 from a management subnet. What happens?
8You need to allow outbound HTTPS from app subnet VMs to Azure Storage in the same region without exposing the traffic to the public internet. Which simplest NSG construct identifies the destination?
9You want to write NSG rules using groups of VM NICs (not IP ranges) so that rules survive IP changes. Which feature supports this?
10A site-to-site VPN tunnel between an on-premises VPN device and an Azure VPN Gateway is not establishing. Both sides report negotiation failures during phase 1. What should you check first?
About the Azure AZ-720 Exam
Exam AZ-720 validates the ability to troubleshoot Azure networking and connectivity issues end to end. Candidates are expected to diagnose problems with Azure virtual networks, NSGs, routing, VPN and ExpressRoute, DNS, Azure Firewall, Application Gateway, Front Door, Load Balancer, private endpoints, and VM connectivity, using Network Watcher, Log Analytics, and the Azure portal as primary tools. The exam was retired by Microsoft on July 31, 2023; the content remains widely used as a benchmark for Azure connectivity engineering skills.
Assessment
Typically 40-60 multiple-choice and scenario items focused on Azure connectivity troubleshooting
Time Limit
100 minutes
Passing Score
700/1000
Exam Fee
$165 (Microsoft / Pearson VUE)
Azure AZ-720 Exam Content Outline
Troubleshoot business continuity issues
Diagnose and resolve issues with backup, recovery services, replication, and DR connectivity that affect Azure workload availability.
Troubleshoot hybrid and cloud connectivity issues
Resolve VPN, ExpressRoute, BGP, route filter, gateway transit, point-to-site, and Virtual WAN problems between Azure and on-premises networks.
Troubleshoot Platform as a Service (PaaS) issues
Diagnose connectivity to App Service, Storage, SQL, Key Vault, private endpoints, service endpoints, and private DNS resolution chains.
Troubleshoot authentication and access control issues
Resolve identity-related connectivity failures including RBAC, managed identity, certificate auth on P2S, Azure AD blocked sign-ins, and resource access policies.
Troubleshoot networks
Triage NSG rules, effective security rules, route tables, BGP routes, NSG flow logs, IP Flow Verify, Connection Monitor, Network Watcher, Azure Firewall, Application Gateway, Front Door, and Load Balancer behaviors.
Troubleshoot VM connectivity issues
Resolve VM-side networking problems including SNAT exhaustion, default outbound, host firewalls, IMDS reachability, packet capture, and Bastion access.
How to Pass the Azure AZ-720 Exam
What You Need to Know
- Passing score: 700/1000
- Assessment: Typically 40-60 multiple-choice and scenario items focused on Azure connectivity troubleshooting
- Time limit: 100 minutes
- Exam fee: $165
Keys to Passing
- Complete 500+ practice questions
- Score 80%+ consistently before scheduling
- Focus on highest-weighted sections
- Use our AI tutor for tough concepts
Azure AZ-720 Study Tips from Top Performers
Frequently Asked Questions
Is AZ-720 still active?
Microsoft retired AZ-720 on July 31, 2023. The exam content remains a useful benchmark for Azure support engineers focused on connectivity troubleshooting, and many learners continue to study the objectives to validate real-world skills.
What is the AZ-720 passing score?
AZ-720 used Microsoft's standard scaled scoring with a passing score of 700 out of 1000. The exam typically delivered around 40-60 questions in 100 minutes, including scenario-style items.
How much did AZ-720 cost?
The standard United States exam fee for AZ-720 was US$165, charged through Pearson VUE. Pricing varied by country and region. Discounts could apply for students, MCT instructors, and partner programs.
What domains does AZ-720 cover?
AZ-720 measured six skill areas: Troubleshoot business continuity (5-10%), Troubleshoot hybrid and cloud connectivity (20-25%), Troubleshoot PaaS (5-10%), Troubleshoot authentication and access control (15-20%), Troubleshoot networks (25-30%), and Troubleshoot VM connectivity (5-10%).
What tools should I master for AZ-720?
Network Watcher (IP Flow Verify, Connection Monitor, Connection Troubleshoot, Effective security rules, Packet capture, Topology, Next Hop), Azure Monitor / Log Analytics (NSG flow logs v2, Traffic Analytics, AzureDiagnostics queries), Azure Firewall logs, Application Gateway backend health, and VPN/ExpressRoute diagnostic logs.
Are there prerequisites for AZ-720?
Microsoft did not require formal prerequisites, but recommended significant Azure networking experience. Candidates were expected to know routing, NSG behavior, hybrid connectivity, DNS, identity-related access controls, and the relevant Azure CLI/PowerShell commands for diagnostics.