Halloween Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Microsoft AZ-800 Administering Windows Server Hybrid Core Infrastructure Exam Practice Test

Page: 1 / 23
Total 230 questions

Administering Windows Server Hybrid Core Infrastructure Questions and Answers

Question 1

Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com and the servers shown in the following table.

Question # 1

You need to create a folder for the Central Store to manage Group Policy template files for the entire forest.

What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 1

Options:

Question 2

Your on-premises network contains a single-domain Active Directory Domain Services (AD DS) forest. You have an Azure AD tenant named contoso.com. The AD DS forest syncs with the Azure AD tenant by using Azure AD Connect.

You need to ensure that users in the forest that have a custom attribute of NoSync are excluded from synchronization.

How should you configure the Azure AD Connect cloudFiltered attribute, and which tool should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 2

Options:

Question 3

You have a server named Server1 that runs Windows Server and contains two drives named C and D. Server1 hosts multiple file shares.

You enable Data Deduplication on drive D and select the General purpose file server workload.

You need to minimize the space consumed by files that were recently modified or deleted.

What should you do?

Options:

A.

Run the set-dedupvolume cmdlet and configure the scrubbing job.

B.

Run the Set-DedupSchedule Cmdlet and configure a GarbageCollection job.

C.

Run the set-Dedupvoiume cmdlet and configure the InputOutputScale settings.

D.

Run the Set-DedupSchedule cmdlet and configure the optimization job.

Question 4

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.

Question # 4

You need to configure DC3 to be the authoritative time server for the domain.

Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 4

Options:

Question 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.

You open a new branch office that contains only client computers.

You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.

Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 6

You have a Group Policy Object (GPO) named GPO1 that contains user settings only.

You plan to apply GPO1 to a global security group named Group1.

You link GP01 to the domain, and you remove all the permissions granted to the Authenticated Users group.

You need to configure permissions for GP01 to meet the following requirements.

• GPO1 must apply only to the users in Group 1.

• The solution must use the principle of least privilege

Question # 6

Options:

Question 7

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure AD Connect.

The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1.

You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared

You need to create a security group that meets the following requirements:

• Can contain users from the AD DS domain

• Can be used to authorize user access to share 1 and share2

What should you do?

Options:

A.

in the AD DS domain, create a universal security group

B.

in the Azure AD tenant create a security group that has assigned membership

C.

in the Azure AD Tenant create a security group that has dynamic membership.

D.

in the Azure AD tenant create a Microsoft 365 group

Question 8

Your network contains an Active Directory domain named contoso.com. The domain contains the computers shown in the following table.

Question # 8

On Server3, you create a Group Policy Object (GPO) named GP01 and link GPOI to contoso.com. GP01 includes a shortcut preference named Shortcut1 that has item-level targeting configured as shown in the following exhibit.

Question # 8

To which computer will Shortcut1 be applied?

Options:

A.

Server3 only

B.

Computer1 and Server3 only

C.

Server2 and Server3 only

D.

Server1, Server2, and Server3 only

Question 9

Your network contains a Active Directory Domain Service (AD DS) forest named contoso.com. The forest root domain contains a server named server1. contoso.com.

A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains.

You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.com.

What should you do first?

Options:

A.

Change the trust to a one-way external trust.

B.

Add fabrikam\Group1 to the local Users group on server1.contoso.com.

C.

Enable SID filtering for the trust.

D.

Enable Selective authentication for the trust.

Question 10

You have an Azure subscription that contains the virtual networks shown in the following table.

Question # 10

You deploy a virtual machine named VM1 that runs Windows Server. VM1 is connected to Subnet11.

You plan to add an additional network interface named NIC1 to VM1.

To which subnets can NIC1 be attached?

Options:

A.

Subnet11 only

B.

Subnet12 only

C.

Subnet11 and Subnet12only

D.

Subnet12 and Subnet21 only

E.

Subnet11, Subnet12, Subnet21f and Subnet31

Question 11

Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic.

The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only.

You plan to manage the servers in the branch office by using a Windows Admin Center gateway.

On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings.

You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway.

Which inbound TCP port should you allow?

Options:

A.

443

B.

3389

C.

5985

D.

6516

Question 12

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the offices shown in the following table.

Question # 12

You need to deploy a Network Policy Server (NPS) named NPS1 to enforce network access policies for all remote connections.

What is the minimum number of RADIUS clients that you should add to NPS1?

Options:

A.

1

B.

3

C.

8

D.

180

E.

188

Question 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are planning the deployment of DNS to a new network.

You have three internal DNS servers as shown in the following table.

Question # 13

The contoso.local zone contains zone delegations for east.conloso.local and west.contoso.local. All the DNS servers use root hints.

You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.

Solution: On Server2 and Server3, you configure a conditional forwarder for contoso.local.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 14

Task 9

You need to ensure that all the computers in the domain use DNSSEC to resolve names in the adatum.com zone.

Options:

Question 15

Task 3

You need to configure SRV1 as a DNS server. SRV1 must be able resolve names from the contoso.com domain by using DC1. All other names must be resolved by using the root hint servers.

Options:

Question 16

Task 1

You need to create a group-managed service account (gMSA) named gMSA1 and make gMSA1 available on SRV1.

Options:

Question 17

Task 12

You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.

Options:

Question 18

Task 10

You need to configure Hyper-V to ensure that running virtual machines can be moved between SRV1 and SRV2 without downtime.

You do NOT need to move any virtual machines at this time.

Options:

Question 19

Task 8

You need to deploy a new primary DNS zone named fabrikam.com to DC1. The zone must be signed.

Options:

Question 20

Task 5

You have an application that is copied to a folder named C:\app on SRV1. C:\app also contains also a Dockerfile for the app.

On SRV1. you need to create a container image for the application by using the Dockerfile. The container image mutt be named app1.

Options:

Question 21

Task 10

You use a Group Policy preference to map \\dd.contoso.com\instal1 as drive H for all users. If a user already has an existing drive mapping for H. the new drive mapping must take precedence.

Options:

Question 22

Task 7

You need to collect the recommended Windows Performance Counters from SRV1 in a Log Analytics workspace.

The required tiles are stored in a shared folder named \dc\install.

Options:

Question 23

Task 9

You plan to create group managed service accounts (gMSAs).

You need to configure the domain to support the creation of gMSAs.

Options:

Question 24

Task 2

You need to ensure that you can manage SRV1 remotely by using PowerShell

Options:

Question 25

Task 6

You need to ensure that you can manage DC1 by using Windows Admin Center on SRV1.

The required source files are located in a folder named \\dc1.contoso.com\install.

Options:

Question 26

Task 8

You need to create an Active Directory Domain Services (AD DS) site named Site2 that is associated to an IP address range of 192.168.2.0 to 192.168.2.255.

Options:

Question 27

DC1 fails.

You need to meet the technical requirements for the schema master.

Yourunntdsutil.exe.

Which five commands should you run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order?

Question # 27

Options:

Question 28

You need to ensure that VM3 meets the technical requirements.

What should you install first?

Options:

A.

Enhanced Storage

B.

File Server Resource Manager (FSRM)

C.

Windows Standards-Based Storage Management

D.

the iSNS Server service

Question 29

You need to ensure that data availability on SSPace1 meets the technical requirements.

What is the maximum number of physical disks that can fail on each disk? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 29

Options:

Question 30

You need to ensure that access to storage1 for the Marketing OU users meets the technical requirements.

What should you implement?

Options:

A.

Microsoft Entra Connect cloud sync

B.

Active Directory Federation Services (AD FS)

C.

Microsoft Entra Connect in staging mode

D.

Microsoft Entra Connect in active mode

Question 31

You need to implement the planned changes for Microsoft Entra users to sign in to Server1.

Which PowerShell cmdlet should you run?

Options:

A.

Add-ADComputerServiceAccount

B.

Set-AzVM

C.

Set-AzVMExtension

D.

New-ADComputer

Question 32

You need to ensure that Automanage meets the technical requirements.

On which Azure virtual machines should you enable Automanage?

Options:

A.

Server1 only

B.

Server2 only

C.

Server1 and Server2 only

D.

Server2 and Server3 only

E.

Server1 and Server4 only

Question 33

Which two languages can you use for Task1? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Java

B.

Bicep

C.

JavaScript

D.

Python

E.

PowerShell

Question 34

You need to implement the planned changes for the Azure DNS Private Resolver.

Which private DNS zones can you use for name resolution?

Options:

A.

Zone1.com only

B.

Zone2.com only

C.

Zone1.com and Zone2.com only

D.

Zone2.com and Zone3.com only

E.

Zone1.com, Zone2.com, and Zone3.com

Question 35

You need to implement the planned change for Data1.

Which actions should you perform in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Question # 35

Options:

Question 36

You need to meet technical requirements for HyperV1.

Which command should you run? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 36

Options:

Question 37

You need to meet the technical requirements for Server1. Which users can currently perform the required tasks?

Options:

A.

Admin1 only

B.

Admin3 only

C.

Admin1 and Admin3 only

D.

Admin1 Admin2. and Admm3

Question 38

You need to meet the technical requirements for VM3

On which volumes can you enable Data Deduplication?

Options:

A.

D and E only

B.

C, D, E, and F

C.

D only

D.

C and D only

E.

D, E, and F only

Question 39

You need to meet the technical requirements for VM2.

What should you do?

Options:

A.

Implement shielded virtual machines.

B.

Enable the Guest services integration service.

C.

Implement Credential Guard.

D.

Enable enhanced session mode.

Question 40

What should you implement for the deployment of DC3?

Options:

A.

Azure Active Directory Domain Services (Azure AD DS}

B.

Azure AD Application Proxy

C.

an Azure virtual machine

D.

an Azure AD administrative unit

Question 41

You need to implement a name resolution solution that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point

Options:

A.

Create an Azure private DNS zone named corp.fabhkam.com.

B.

Create a virtual network link in the coip.fabnkam.c om Azure private DNS zone.

C.

Create an Azure DNS zone named corp.fabrikam.com.

D.

Configure the DNS Servers settings for Vnet1.

E.

Enable autoregistration in the corp.fabnkam.com Azure private DNS zone.

F.

On DC3, install the DNS Server role.

G.

Configure a conditional forwarder on DC3.

Question 42

You need to configure remote administration to meet the security requirements. What should you use?

Options:

A.

just in time (JIT) VM access

B.

Azure AD Privileged Identity Management (PIM)

C.

the Remote Desktop extension for Azure Cloud Services

D.

an Azure Bastion host

Question 43

You are planning the implementation Azure Arc to support the planned changes. You need to configure the environment to support configuration management policies. What should you do?

Options:

A.

Hybrid Azure AD join all the servers.

B.

Create a hybrid runbook worker m Azure Automation.

C.

Deploy the Azure Connected Machine agent to all the servers.

D.

Deploy the Azure Monitor agent to all the servers.

Question 44

You need to configure Azure File Sync to meet the file sharing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Question # 44

Options:

Question 45

Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 45

Options:

Question 46

You need to implement an availability solution for DHCP that meets the networking requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

On DHCP1. create a scope that contains 25 percent of the IP addresses from Scope2.

B.

On the router in each office, configure a DHCP relay.

C.

DHCP2. configure a scope that contains 25 percent of the IP addresses from Scope 1 .

D.

On each DHCP server, install the Failover Clustering feature and add the DHCP cluster role.

E.

On each DHCP scope, configure DHCP failover.

Question 47

You need to meet the security requirements for passwords.

Where should you configure the components for Azure AD Password Protection? lo answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE Each correct selection is worth one point.

Question # 47

Options:

Question 48

You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements. What should you configure?

Options:

A.

security filtering for the link of GP04

B.

security filtering for the link of GPO1

C.

loopback processing in GPO4

D.

the Enforced property for the link of GP01

E.

loopback processing in GPO1

F.

the Enforced property for the link of GP04

Question 49

You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question # 49

Options:

Page: 1 / 23
Total 230 questions