AZ-800 Administering Windows Server Hybrid Core Infrastructure Questions and Answers

Questions 4

You need to implement the planned changes for the Azure DNS Private Resolver.

Which private DNS zones can you use for name resolution?

Options:

Zone1.com only

Zone2.com only

Zone1.com and Zone2.com only

Zone2.com and Zone3.com only

Zone1.com, Zone2.com, and Zone3.com

Buy Now

Questions 5

Which two languages can you use for Task1? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

Java

Bicep

JavaScript

Python

PowerShell

Buy Now

Questions 6

You need to ensure that access to storage1 for the Marketing OU users meets the technical requirements.

What should you implement?

Options:

Microsoft Entra Connect cloud sync

Active Directory Federation Services (AD FS)

Microsoft Entra Connect in staging mode

Microsoft Entra Connect in active mode

Buy Now

Questions 7

You need to ensure that Automanage meets the technical requirements.

On which Azure virtual machines should you enable Automanage?

Options:

Server1 only

Server2 only

Server1 and Server2 only

Server2 and Server3 only

Server1 and Server4 only

Buy Now

Questions 8

You need to ensure that VM3 meets the technical requirements.

What should you install first?

Options:

Enhanced Storage

File Server Resource Manager (FSRM)

Windows Standards-Based Storage Management

the iSNS Server service

Buy Now

Questions 9

You need to implement the planned changes for Microsoft Entra users to sign in to Server1.

Which PowerShell cmdlet should you run?

Options:

Add-ADComputerServiceAccount

Set-AzVM

Set-AzVMExtension

New-ADComputer

Buy Now

Questions 10

You need to ensure that data availability on SSPace1 meets the technical requirements.

What is the maximum number of physical disks that can fail on each disk? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-800 Question 10

Options:

Buy Now

Questions 11

Task 1

You need to create a group-managed service account (gMSA) named gMSA1 and make gMSA1 available on SRV1.

Options:

Buy Now

Questions 12

Task 7

You need to monitor the security configuration of DC1 by using Microsoft Defender for Cloud.

The required source files are located in a folder named \\dc1.contoso.com\install.

Options:

Buy Now

Answer:

See the solution of this Task below.

Explanation:

One possible solution to monitor the security configuration of DC1 by using Microsoft Defender for Cloud is to use the Guest Configuration feature. Guest Configuration is a service that audits settings inside Linux and Windows virtual machines (VMs) to assess their compliance with your organization’s security policies. You can use Guest Configuration to monitor the security baseline settings for Windows Server in the Microsoft Defender for Cloud portal by following these steps:

On DC1, open a web browser and go to the folder named \dc1.contoso.com\install. Download the Guest Configuration extension file (GuestConfiguration.msi) and save it to a local folder, such as C:\Temp.
Run the Guest Configuration extension file and follow the installation wizard. You can choose to install the extension for all users or only for the current user. For more information on how to install the Guest Configuration extension, see Install the Guest Configuration extension.
After the installation is complete, sign in to the Microsoft Defender for Cloud portal (2).
In the left pane, select Security Center and then Recommendations.
In the recommendations list, find and select Vulnerabilities in security configuration on your Windows machines should be remediated (powered by Guest Configuration).
In the Remediate Security Configurations page, you can see the compliance status of your Windows VMs, including DC1, based on the Azure Compute Benchmark. The Azure Compute Benchmark is a set of rules that define the desired configuration state of your VMs. You can also see the number of failed, passed, and skipped rules for each VM. For more information on the Azure Compute Benchmark, see Microsoft cloud security benchmark: Azure compute benchmark is now available.
To view the details of the security configuration of DC1, click on the VM name and then select View details. You can see the list of rules that apply to DC1 and their compliance status. You can also see the severity, description, and remediation steps for each rule. For example, you can see if DC1 has the latest security updates installed, if the firewall is enabled, if the password policy is enforced, and so on.
To monitor the security configuration of DC1 over time, you can use the Compliance over time chart, which shows the trend of compliance status for DC1 in the past 30 days. You can also use the Compliance breakdown chart, which shows the distribution of compliance status for DC1 by rule severity.

By using Guest Configuration, you can monitor the security configuration of DC1 by using Microsoft Defender for Cloud and ensure that it meets your organization’s security standards. You can also use Guest Configuration to monitor the security configuration of other Windows and Linux VMs in your Azure environment.

Questions 13

Task2

You need to ensure that the Azure file share named share1 can sync to on-premises servers.

The required source files are located in a folder named \\dc1.contoso.com\install.

You do NOT need to specify the on-premises servers at this time.

Options:

Buy Now

Answer:

See the solution of this Task below.

Explanation:

One possible solution to ensure that the Azure file share named share1 can sync to on-premises servers is to use Azure File Sync. Azure File Sync allows you to centralize your file shares in Azure Files without giving up the flexibility, performance, and compatibility of an on-premises file server. It does this by transforming your Windows Servers into a quick cache of your Azure file share. You can use any protocol available on Windows Server to access your data locally (including SMB, NFS, and FTPS) and you can have as many caches as you need across the world1.

Here are the steps to configure Azure File Sync for the Azure file share named share1 and the source files located in a folder named \dc1.contoso.com\install:

On the Azure portal, create a Storage Sync Service in the same region as your storage account that contains the Azure file share named share1. For more information on how to create a Storage Sync Service, see How to deploy Azure File Sync.
On the on-premises server that hosts the folder named \dc1.contoso.com\install, install the Azure File Sync agent. For more information on how to install the Azure File Sync agent, see Install the Azure File Sync agent.
On the on-premises server, register the server with the Storage Sync Service that you created in the first step. For more information on how to register a server with a Storage Sync Service, see Register/unregister a server with Storage Sync Service.
On the Azure portal, create a sync group that defines the sync topology for a set of files. In the sync group, select the Azure file share named share1 as the cloud endpoint and the folder named \dc1.contoso.com\install as the server endpoint. For more information on how to create a sync group, see Create a sync group and a cloud endpoint and Create a server endpoint.
Wait for the initial sync to complete. You can monitor the sync progress on the Azure portal or on the on-premises server. For more information on how to monitor sync progress, see [Monitor sync progress].

Once the initial sync is complete, you can add more on-premises servers to the same sync group to sync and cache the content locally. You can also enable cloud tiering to optimize the storage space on the on-premises servers by tiering infrequently accessed or older files to Azure Files.

Questions 14

You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements. What should you configure?

Options:

security filtering for the link of GP04

security filtering for the link of GPO1

loopback processing in GPO4

the Enforced property for the link of GP01

loopback processing in GPO1

the Enforced property for the link of GP04

Buy Now

Questions 15

What should you implement for the deployment of DC3?

Options:

Azure Active Directory Domain Services (Azure AD DS}

Azure AD Application Proxy

an Azure virtual machine

an Azure AD administrative unit

Buy Now

Questions 16

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant The on-premises network is connected to Azure by using a Site-to-Site VPN. You have the DNS zones shown in the following table.

AZ-800 Question 16

You need to ensure that names from (aDiifcam.com can be resolved from the on-premises network Which two actions should you perform? Each correct answer presents part of the solution, NOTE: Each correct selection Is worth one point

Options:

Create a conditional forwarder for fabrikam.com on DC1.

Create a stub zone for fabrikam.com on DC1.

Create a secondary zone for fabnlcam.com on DO.

Deploy an Azure virtual machine that runs Windows Server. Modify the DNS Servers settings for the virtual network.

Deploy an Azure virtual machine that runs Windows Server. Configure the virtual machine &s a DNS forwarder.

Buy Now

Questions 17

Your network contains a Active Directory Domain Service (AD DS) forest named contoso.com. The forest root domain contains a server named server1. contoso.com.

A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains.

You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.com.

What should you do first?

Options:

Change the trust to a one-way external trust.

Add fabrikam\Group1 to the local Users group on server1.contoso.com.

Enable SID filtering for the trust.

Enable Selective authentication for the trust.

Buy Now

Questions 18

You have an Active Directory Domain Services (AD DS) domain that contains the domain controllers shown in the following table.

AZ-800 Question 18

The domain contains an app named App1 that uses a custom application partition to store configuration data.

You decommission App1.

When you attempt to remove the custom application partition, the process fails.

Which domain controller is unavailable?

Options:

DC1

DC2

DC3

DC4

Buy Now

Questions 19

Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.

AZ-800 Question 19

The domain trust has the following configurations:

• Name: adatum.com

• Type: External

• Direction: One-way. outgoing

• Outgoing trust authentication level: Domain-wide authentication

AZ-800 Question 19

The forests contain the network shares shown in the following table.

AZ-800 Question 19

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

AZ-800 Question 19

Options:

Buy Now

Questions 20

You have a server named Server1.

You plan to use Storage Spaces to expand the storage available to Server1. You attach eight physical disks to Server1. Four disks are HDDs and four are SSDs.

You need to create a volume on Server1 that will use the storage on all the new disks. The solution must provide the fastest read performance for frequently used files.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-800 Question 20

Options:

Buy Now

Questions 21

You have an Active Directory domain that contains a file server named Server1. Server1 runs Windows Server and includes the file shares shown in the following table.

AZ-800 Question 21

When users login to the network they receive the following network drive mappings.

• H: maps to Wserver1\users\%UserName%

• G: maps to \\server1\%Department%

You need to limit the amount of space consumed by user's on Server!. The solution must meet the following requirements:

• Prevent users using more than 5GB of space on their H: drive

• Prevent Accounts department users from using more than 10GB of space on the G: drive

• Prevent Marketing department users from using more than 15GB of space on the G: drive

• Prevent Customer Service department users from using more than 2GB of space on the G: drive

• Minimize administrative effort

What should you use?

Options:

File Server Resource Manager (FSRM) quotas

Storage tiering

NTFS Disk quotas

Group Policy Preferences

Buy Now

Questions 22

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains the servers shown in the following table.

The domain controllers do NOT have internet connectivity.

You plan to implement Azure AD Password Protection for the domain.

You need to deploy Azure AD Password Protection agents. The solution must meet the following requirements:

• All Azure AD Password Protection policies must be enforced.

• Agent updates must be applied automatically.

• Administrative effort must be minimized.

What should you do? To answer select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-800 Question 22

Options:

Buy Now

Questions 23

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant

You have several Windows 10 devices that are Azure AD hybrid-joined.

You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.

Which optional feature should you select in Azure AD Connect?

Options:

Device writeback

Group writeback

Password writeback

Directory extension attribute sync

Azure AD app and attribute filtering

Buy Now

Questions 24

You have two servers that have the Hyper-V server role installed. The servers are joined to a failover cluster both servers can connect to the same disk on an iSCSi storage device. You plan to use the iSCSI storage to store highly available Hyper-V virtual machines that will support live migration functionality. You need to configure a storage resource in the failover cluster to store the virtual machines.

What should you configure?

Options:

a storage pool

attributed File System (DFS) Replication

a mirrored volume

Cluster Shared volumes (CSV)

Buy Now

Questions 25

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains two servers named Server1 and Server2.

Server1 contains a disk named Disk2. Disk2 contains a folder named UserData. UserData is shared to the Domain Users group. Disk2 is configured for deduplication. Server1 is protected by using Azure Backup.

Server1 fails.

You connect Disk2 to Server2.

You need to ensure that you can access all the files on Disk2 as quickly as possible.

What should you do?

Options:

Create a storage pool.

Restore files from Azure Backup.

Install the File Server Resource Manager server role.

Install the Data Deduplication server role.

Buy Now

Questions 26

You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app named App1 and a firewall named Firewall1.

You have an Azure subscription.

Internal users connect to App1 by using WebSockets.

You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.

What should you include in the solution?

Options:

Microsoft Application Request Routing (ARR) Version 2

Web Application Proxy

Azure Relay

Azure Application Gateway

Buy Now

Questions 27

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.

You need to identify which server is the PDC emulator for the domain.

Solution: From a command prompt, you run netdom.exe query fsmo.

Does this meet the goal?

Options:

Yes

Buy Now

Questions 28

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers.

You plan to store a DNS zone in a custom Active Directory partition.

You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.

What should you use?

Options:

DNS Manager

New-ADObjett

dnscnd.exe

Windows Admin Center

Buy Now

Questions 29

You need to meet the technical requirements for User1. The solution must use the principle of least privilege.

What should you do?

Options:

Add Users1 to the Server Operators group in contoso.com.

Create a delegation on contoso.com.

Add Users1 to the Account Operators group in contoso.com.

Create a delegation on OU3.

Buy Now

Questions 30

You need to meet the technical requirements for VM2.

What should you do?

Options:

Implement shielded virtual machines.

Enable the Guest services integration service.

Implement Credential Guard.

Enable enhanced session mode.

Buy Now

Questions 31

You need to meet the technical requirements for Server4.

Which cmdlets should you run on Server1 and Server4? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-800 Question 31

Options:

Buy Now

Questions 32

You need to meet the security requirements for passwords.

Where should you configure the components for Azure AD Password Protection? lo answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE Each correct selection is worth one point.

AZ-800 Question 32

Options:

Buy Now

Questions 33

You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-800 Question 33

Options:

Buy Now

Questions 34

You need to implement a name resolution solution that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point

Options:

Create an Azure private DNS zone named corp.fabhkam.com.

Create a virtual network link in the coip.fabnkam.c om Azure private DNS zone.

Create an Azure DNS zone named corp.fabrikam.com.

Configure the DNS Servers settings for Vnet1.

Enable autoregistration in the corp.fabnkam.com Azure private DNS zone.

On DC3, install the DNS Server role.

Configure a conditional forwarder on DC3.

Buy Now

Questions 35

You need to configure Azure File Sync to meet the file sharing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

AZ-800 Question 35

Options:

Buy Now

Questions 36

You need to implement an availability solution for DHCP that meets the networking requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

On DHCP1. create a scope that contains 25 percent of the IP addresses from Scope2.

On the router in each office, configure a DHCP relay.

DHCP2. configure a scope that contains 25 percent of the IP addresses from Scope 1 .

On each DHCP server, install the Failover Clustering feature and add the DHCP cluster role.

On each DHCP scope, configure DHCP failover.

Buy Now

Questions 37

You are planning the implementation Azure Arc to support the planned changes. You need to configure the environment to support configuration management policies. What should you do?

Options:

Hybrid Azure AD join all the servers.

Create a hybrid runbook worker m Azure Automation.

Deploy the Azure Connected Machine agent to all the servers.

Deploy the Azure Monitor agent to all the servers.

Buy Now

Questions 38

You need to configure remote administration to meet the security requirements. What should you use?

Options:

just in time (JIT) VM access

Azure AD Privileged Identity Management (PIM)

the Remote Desktop extension for Azure Cloud Services

an Azure Bastion host

Buy Now

Questions 39

Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-800 Question 39

Options:

Buy Now

Exam Code: AZ-800

Exam Name: Administering Windows Server Hybrid Core Infrastructure

Last Update: Nov 13, 2024

Questions: 230

PDF + Testing Engine

$59.5 ~~$169.99~~

Testing Engine

$45.5 ~~$129.99~~

PDF (Q&A)

$38.5 ~~$109.99~~

11.11 Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

marks4sure logo

Navigation:

AZ-800 Administering Windows Server Hybrid Core Infrastructure Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer: