[Sep 03, 2024] Latest AZ-800 Exam with Accurate Administering Windows Server Hybrid Core Infrastructure PDF Questions
Practice To AZ-800 - Exam4Labs Remarkable Practice On your Administering Windows Server Hybrid Core Infrastructure Exam
NEW QUESTION # 68
Your network contains an Azure AD Domain Services domain named contoso.com.
You need to configure a password policy for the local user accounts on the Azure virtual machines joined to contoso.com.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 69
SIMULATION
You need to configure SRV1 as a DNS server. SRV1 must be able resolve names from the contoso.com domain by using DC1. All other names must be resolved by using the root hint servers.
To complete this task, sign in the required computer or computers.
Answer:
Explanation:
NEW QUESTION # 70
Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Configure the IIS application pool to run as Network Service.
2 - Create a group managed service account (gMSA) in Active Directory.
3 - Create the Key Destribution Services (KDS) root key in AD DS.
Topic 2, Contoso Ltd
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements, if the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
AD DS Environment
The network contains an on-premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains two domains named contoso.com and canada.contoso.com. The forest contains the domain controllers shown in the following table.
All the domain controllers are global catalog servers.
Server Infrastructure
The network contains the servers shown in the following table.
A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Servei4 uses the private profile.
Server2 hosts three virtual machines named VM1. VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.
Existing Identities
The forest contains the users shown in the following table.
The forest contains the groups shown in the following table.
Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out another administrator can connect to the console session as the currently signed-in user.
Requirements
Contoso identifies the following technical requirements:
* Change the replication schedule for all site links to 30 minutes.
* Promote Server1 to a domain controller in canada.contoso.com.
* Install and authorize Server3 as a DHCP server.
* Ensure that User! can manage the membership of all the groups in Contoso\OU3.
* Ensure that you can manage Server4 from Server1 by using PowerShell removing.
* Ensure that you can run virtual machines on VM1.
* Force users to provide credentials when they connect to VM2.
* On VM3, ensure that Data Deduplication on all volumes is possible.
NEW QUESTION # 71
Your company has offices in Boston and Montreal. The offices are connected by using a 10-Mbps WAN link that is often saturated The office in Boston contains the following:
* An Active Directory Domain Services (AD DS) domain controller named DC1.
* A server named Server1 that runs Windows Server and has the File Server role installed The office in Montreal contains 20 client computers that run Windows 10 Montreal does NOT have any servers.
The company plans to deploy a new line of business (LOB) application to all the client computers. The installation source files for the application are in \\Server\Apps.
Answer:
Explanation:
Explanation
NEW QUESTION # 72
You need to meet the technical requirements for the site links. Which users can perform the required tasks?
- A. Admin3 only
- B. Admin1, Adrrun2. and Admin3
- C. Admin1 and Admin3 only
- D. Admin1 only
- E. Admin1 and Admin2 only
Answer: E
Explanation:
Membership in the Enterprise Admins group or the Domain Admins group in the forest root domain is required.
NEW QUESTION # 73
You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?
- A. Schema Admins
- B. Enterprise Admins
- C. Group Policy Creator Owners
- D. AAD DC Administrators
- E. Domain Admins
Answer: B
Explanation:
Reference:
https://social.technet.microsoft.com/wiki/contents/articles/20579.delegation-of-group-policy-full-administration.aspx
NEW QUESTION # 74
You have an Azure Active Directory Domain Services (Azure AD DS) domain.
You create a new user named Admin1.
You need Admin1 to deploy custom Group Policy settings to all the computers in the domain. The solution must use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy
NEW QUESTION # 75
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the VPN servers shown in the following table.
You have a server named NPS1 that has Network Policy Server (NPS) installed. NPS1 has the following RADIUS clients:
VPN1, VPN2, and VPN3 use NPS1 for RADIUS authentication. All the users in contoso.com are allowed to establish VPN connections. For each of the following statements, select Yes If the statement is true.
Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Text, letter Description automatically generated
NEW QUESTION # 76
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
The contoso.local zone contains zone delegations for east.contoso.local and west.contoso.local.
All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: On Server2, you create a conditional forwarder for west.contoso.local. On Server3, you create a conditional forwarder for east.contoso.local.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION # 77
You have an onpremises DNS server named Server1 that runs Windows Server. Server 1 hosts a DNS zone named fabrikam.com You have an Azure subscription that contains the resources shown in the following table.
Answer:
Explanation:
NEW QUESTION # 78
You have an Azure virtual machine named Server1 that runs a network management application. Server1 has the following network configuration.
* Network interface.Nic1
* IP address 10.1.1.1/24
* Connected to: Vnet1/Subnet1
You need connect Server1 to an additional subnet named Vnet1/Subnet2.
What should you do?
- A. Modify the IP configurations of Nic1.
- B. Add a network interface to server1.
- C. Add an IP configuration to Nic1.
- D. Create a private endpoint on Subnet2
Answer: D
NEW QUESTION # 79
Your network contains the segments shown in the following table.
You have servers that run Windows Server and are configured as shown in the following table.
You deploy a server named Server4 that runs Windows Server and has a static IP address of 172.16.1.1. You connect Server4 to Segment1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
A screenshot of a computer Description automatically generated
NEW QUESTION # 80
You have an Azure subscription that contains the storage accounts shown in the following table.
In the East US Azure region, you create a storage sync service named Synd.
You need to create a sync group in Synd.
Which storage accounts can you use, and what can you specify as the cloud endpoints? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 81
You have on-premises servers that run Windows Server as shown in the following table.
You have an Azure subscription that contains a virtual machine named VMV You need to ensure that you can manage all the servers by using Azure Arc. The solution must minimize administrative effort.
On which servers should you install the Azure Connected Machine agent?
- A. VM1 only
- B. Server1 and VM2 only
- C. Server1, VM1, and VM2
- D. VM1 and VM2 only
- E. Server1 only
- F. VM2only
Answer: B
NEW QUESTION # 82
You have a server named Server1 that hosts Windows containers.
You plan to deploy an application that will have multiple containers. Each container will be on the same subnet. Each container requires a separate MAC address and IP address. Each container must be able to communicate by using its IP address.
You need to create a Docker network that supports the deployment of the application.
Which type of network should you create?
- A. NAT
- B. I2bridge
- C. transparent
- D. I2tunnel
Answer: C
Explanation:
Transparent network driver
Containers attached to a network created with the 'transparent' driver will be directly connected to the physical network through an external Hyper-V switch. IPs from the physical network can be assigned statically (requires user-specified --subnet option) or dynamically using an external DHCP server.
L2bridge network driver
Containers attached to a network created with the 'l2bridge' driver will be connected to the physical network through an external Hyper-V switch. In l2bridge, container network traffic will have the same MAC address as the host due to Layer-2 address translation (MAC re-write) operation on ingress and egress. In datacenters, this helps alleviate the stress on switches having to learn MAC addresses of sometimes short-lived containers. L2bridge networks can be configured in 2 different ways
https://docs.microsoft.com/en-us/virtualization/windowscontainers/container-networking/network- drivers-topologies
NEW QUESTION # 83
You have an onpremises DNS server named Server1 that runs Windows Server. Server 1 hosts a DNS zone named fabrikam.com You have an Azure subscription that contains the resources shown in the following table.
Answer:
Explanation:
NEW QUESTION # 84
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a server named Server1 and the users shown in the following table.
Server1 contains a folder named D:\Folder1. The advanced security settings for Folder1 are configured as shown in the Permissions exhibit. (Click the Permissions tab.)
Folder1 is shared by using the following configurations:
The share permissions for Share1 are shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
To access files in a shared folder, you need to be granted permissions on the folder (NTFS permissions) AND permissions on the share. The most restrictive permission of the folder permissions and share permissions apply.
Box 1: Yes
Group1 has Read access to Folder1 and Change access to Share1. Therefore, User1 can read the files in Share1.
Box 2: No
Group3 has Full Control access to Share1. However, Group3 has no permissions configured Folder1.
Therefore, User3 cannot access the files in Share1.
Box 3: Yes
Group2 has write permission to Folder1. However, Group2 has no permission on Share1. Therefore, users in Group2 cannot access files in the shared folder.
Access Based Enumeration when enabled hides files and folders that users do not have permission to access.
However, Access Based Enumeration is not enabled on Share1. This is indicated by the FolderEnumerationMode - Unrestricted setting. Therefore, the share will be visible to User2 even though User2 cannot access the shared folder.
NEW QUESTION # 85
You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan to implement self-service password reset (SSPR) in Azure AD.
You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.
What should you do?
- A. Run the Microsoft Azure Active Directory Connect wizard and select Password writeback.
- B. Grant the Change password permission for the domain to the Azure AD Connect service account.
- C. Grant the impersonate a client after authentication user right to the Azure AD Connect service account.
- D. Deploy the Azure AD Password Protection proxy service to the on premises network.
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
Topic 2, Contoso Ltd
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more Information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements, if the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
AD DS Environment
The network contains an on-premises Active Directory Domain Services (AD DS) forest named contoso.com.
The forest contains two domains named contoso.com and canada.contoso.com. The forest contains the domain controllers shown in the following table.
All the domain controllers are global catalog servers.
Server Infrastructure
The network contains the servers shown in the following table.
A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Servei4 uses the private profile.
Server2 hosts three virtual machines named VM1. VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.
Existing Identities
The forest contains the users shown in the following table.
The forest contains the groups shown in the following table.
Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out another administrator can connect to the console session as the currently signed-in user.
Requirements
Contoso identifies the following technical requirements:
* Change the replication schedule for all site links to 30 minutes.
* Promote Server1 to a domain controller in canada.contoso.com.
* Install and authorize Server3 as a DHCP server.
* Ensure that User! can manage the membership of all the groups in Contoso\OU3.
* Ensure that you can manage Server4 from Server1 by using PowerShell removing.
* Ensure that you can run virtual machines on VM1.
* Force users to provide credentials when they connect to VM2.
* On VM3, ensure that Data Deduplication on all volumes is possible.
NEW QUESTION # 86
......
Microsoft AZ-800 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Deploy and manage Active Directory Domain Services (AD DS) in onpremises and cloud environments (30-35%) | |
| Deploy and manage AD DS domain controllers | - deploy and manage domain controllers on-premises - deploy and manage domain controllers in Azure - deploy Read-Only Domain Controllers (RODCs) - troubleshoot flexible single master operations (FSMO) roles |
| Configure and manage multi-site, multi-domain, and multi-forest environments | - configure and manage forest and domain trusts - configure and manage AD DS sites - configure and manage AD DS replication |
| Create and manage AD DS security principals | - create and manage AD DS users and groups - manage users and groups in multi-domain and multi-forest scenarios - implement group managed service accounts (gMSAs) - join Windows Servers to AD DS, Azure AD DS, and Azure AD |
| Implement and manage hybrid identities | - implement Azure AD Connect - manage Azure AD Connect Synchronization - implement Azure AD Connect cloud sync - integrate Azure AD, AD DS, and Azure AD DS - manage Azure AD DS - manage Azure AD Connect Health - manage authentication in on-premises and hybrid environments - configure and manage AD DS passwords |
| Manage Windows Server by using domain-based Group Policies | - implement Group Policy in AD DS - implement Group Policy Preferences in AD DS - implement Group Policy in Azure AD DS |
Manage Windows Servers and workloads in a hybrid environment (10-15%) | |
| Manage Windows Servers in a hybrid environment | - deploy a Windows Admin Center gateway server - configure a target machine for Windows Admin Center - configure PowerShell Remoting - configure CredSSP or Kerberos delegation for second hop remoting - configure JEA for PowerShell Remoting |
| Manage Windows Servers and workloads by using Azure services | - manage Windows Servers by using Azure Arc - assign Azure Policy Guest Configuration - deploy Azure services using Azure Virtual Machine extensions on non-Azure machines - manage updates for Windows machines - integrate Windows Servers with Log Analytics - integrate Windows Servers with Azure Security Center - manage IaaS virtual machines (VMs) in Azure that run Windows Server - implement Azure Automation for hybrid workloads - create runbooks to automate tasks on target VMs - implement DSC to prevent configuration drift in IaaS machines |
Manage virtual machines and containers (15-20%) | |
| Manage Hyper-V and guest virtual machines | - enable VM enhanced session mode - manage VM using PowerShell Remoting, PowerShell Direct, and HVC.exe - configure nested virtualization - configure VM memory - configure Integration Services - configure Discrete Device Assignment - configure VM Resource Groups - configure VM CPU Groups - configure hypervisor scheduling types - manage VM Checkpoints - implement high availability for virtual machines - manage VHD and VHDX files - configure Hyper-V network adapter - configure NIC teaming - configure Hyper-V switch |
| Create and manage containers | - create Windows Server container images - manage Windows Server container images - configure Container networking - manage container instances |
| Manage Azure Virtual Machines that run Windows Server | - manage data disks - resize Azure Virtual Machines - configure continuous delivery for Azure Virtual Machines - configure connections to VMs - manage Azure Virtual Machines network configuration |
Implement and manage an on-premises and hybrid networking infrastructure (15-20%) | |
| Implement on-premises and hybrid name resolution | - integrate DNS with AD DS - create and manage zones and records - configure DNS forwarding/conditional forwarding - integrate Windows Server DNS with Azure DNS private zones - implement DNSSEC |
| Manage IP addressing in on-premises and hybrid scenarios | - implement and manage IPAM - implement and configure the DHCP server role (on-premises only) - resolve IP address issues in hybrid environments - create and manage scopes - create and manage IP reservations - implement DHCP high availability |
| Implement on-premises and hybrid network connectivity | - implement and manage the Remote Access role - implement and manage Azure Network Adapter - implement and manage Azure Extended Network - implement and manage Network Policy Server role - implement Web Application Proxy - implement Azure Relay - implement site-to-site virtual private network (VPN) - implement Azure Virtual WAN - implement Azure AD Application Proxy |
Exam Questions and Answers for AZ-800 Study Guide Questions and Answers!: https://www.exam4labs.com/AZ-800-practice-torrent.html
Practice To AZ-800 - Exam4Labs Remarkable Practice On your Administering Windows Server Hybrid Core Infrastructure Exam: https://drive.google.com/open?id=1LZqjV064TgsJm11BzQ_5esBCvfrhA8Jw