Practice Free AZ-800 Exam Online Questions
HOTSPOT
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a file server named Server1 and three users named User1, User2, and User3.
Server1 contains a shared folder named Share1 that has the following configurations:
The share permissions for Share1 are configured as shown in the Share Permissions exhibit.
Share1 contains a file named File1.bxt.
The share settings for File1.txt are configured as shown in the File Permissions exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
DRAG DROP
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. Contoso.com contains three child domains named amer.contoso.com, apac.contoso.com, and emea.contoso.com. Fabrikam.com contains a child domain named apac.fabrikam.com. A bidirectional forest trust exists between contoso.com and fabrikam.com.
You need to provide users in the contoso.com forest with access to the resources in the fabrikam.com forest.
The solution must meet the following requirements:
• Users in contoso.com must only be added directly to groups in the contoso.com forest.
• Permissions to access the resources in fabrikam.com must only be granted directly to groups in the fabrikam.com forest.
• The number of groups must be minimized.
Which type of groups should you use to organize the users and to assign permissions? To answer, drag the appropriate group types to the correct requirements. Each group type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Your network contains an Active Domain Services (AD DS) forest. The forest contains three domains.
Each domain contains 10 domain controllers.
You plan to store a DNS zone in a custom active Directory partition.
You need to create the Active Directory partition for the zone. The partition replicate to only four of the domain controllers.
What should you use?
- A . Active Directory Sites and Services
- B . Active Directory Administrator Center
- C . dnscmd.exe
- D . DNS Manager
SIMULATION
Task 7
You need to collect the recommended Windows Performance Counters from SRV1 in a Log Analytics workspace.
The required tiles are stored in a shared folder named dcinstall.
Step 1: Access the Log Analytics Workspace Log in to the Azure portal and navigate to your Log Analytics workspace.
Step 2: Configure Performance Counters In the Log Analytics workspace, select Advanced settings and then choose Data > Windows Performance Counters1. You can add the recommended performance counters by selecting the + button. If you’re using legacy agent management, you can add counters from the Legacy agents management menu2.
Step 3: Add Performance Counters Select the counters you want to collect. You can add common counters quickly by checking the boxes next to them. For specific counters, enter the name of the counter in the format object(instance)counter. For example, to collect the Processor Time counter for all instances of the Processor object, specify Processor(_Total) % Processor Time.
Step 4: Set Sample Interval When adding a counter, you can set the sample interval, which is the frequency at which data is collected. The default is 10 seconds, but you can change this to a higher value if needed.
Step 5: Apply Configuration After adding the desired performance counters, select Apply at the top of the screen to save the configuration.
Step 6: Install and Configure the Agent Ensure that the Microsoft Monitoring Agent (MMA) is installed on SRV1. Configure the agent to report to your Log Analytics workspace by specifying the workspace ID and key during setup.
Step 7: Verify Data Collection After the agent is configured, it will start collecting the specified performance counters. You can verify the data collection in the Log Analytics workspace by running queries against the collected data.
Note: The legacy Log Analytics agent will be deprecated by August 2024. Migrate to the Azure Monitor agent before this date to continue ingesting data3.
By following these steps, you should be able to collect the recommended Windows Performance Counters from SRV1 in your Log Analytics workspace. Ensure that you have the necessary permissions and that SRV1 has network connectivity to Azure services.
HOTSPOT
Your network contains an Active Directory Domain Services (AD DS) domain.
The domain contains the domain controllers shown in the following table.
You need to configure DC3 to be the authoritative time server for the domain.
Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have on-premises servers that run Windows Server as shown in the following table.
You have an Azure subscription that contains a virtual machine named VMV
You need to ensure that you can manage all the servers by using Azure Arc. The solution must minimize administrative effort.
On which servers should you install the Azure Connected Machine agent?
- A . Server1 only
- B . VM1 only
- C . VM2only
- D . VM1 and VM2 only
- E . Server1 and VM2 only
- F . Server1, VM1, and VM2
HOTSPOT
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a server named Server1 and the users shown.
In the following table.
Server1 contains a folder named D:Folder1.
The advanced security settings for Folder 1 are configured as shown in the Permissions exhibit. (Click the Permissions lab.)
Folder1 is shared by using the following configurations
SIMULATION
Task 10
You use a Group Policy preference to map \dd.contoso.cominstal1 as drive H for all users. If a user already has an existing drive mapping for H. the new drive mapping must take precedence.
Step 1: Open Group Policy Management Console Open the Group Policy Management Console (GPMC) on a machine that has administrative privileges over the domain.
Step 2: Create or Edit a GPO Create a new Group Policy Object (GPO) or edit an existing one that applies to the users who need the drive mapping.
Step 3: Navigate to Drive Mappings In the GPO Editor, navigate to:
User Configuration -> Preferences -> Windows Settings -> Drive Maps
Step 4: New Drive Mapping Right-click on Drive Maps and select New -> Mapped Drive.
Step 5: Configure Drive Mapping In the New Drive Properties window, configure the following settings:
Action: Select Replace. This action will overwrite any existing mappings with the same drive letter.
Location: Enter the UNC path \dd.contoso.cominstal1.
Drive Letter: Choose H: from the drop-down menu.
Reconnect: Check this option if you want the drive mapping to persist across logon sessions.
Label As: Optionally, provide a label for the drive mapping.
Hide/Show this drive: Set according to your preference.
Hide/Show all drives: Set according to your preference.
Step 6: Common Tab Go to the Common tab and configure the following:
Run in logged-on user’s security context (user policy option): Check this option.
Item-level targeting: Click on Targeting and set up any specific criteria if needed.
Step 7: Apply the GPO Click Apply and then OK to save the drive mapping configuration.
Step 8: Link the GPO Link the GPO to an Organizational Unit (OU) or domain that contains the users who should receive the drive mapping.
Step 9: Update Group Policy Instruct users to log off and log back on, or use the gpupdate /force command to refresh Group Policy on their computers.
SIMULATION
Task 12
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open Group Policy Management from the Administrative Tools menu or by typing gpmc.msc in the Run box.
In the left pane, expand your domain and right-click on Group Policy Objects. Select New to create a new GPO.
In the New GPO dialog box, enter GPO1 as the Name of the new GPO and click OK. You can also optionally select a source GPO to copy the settings from.
Right-click on the new GPO and select Edit to open the Group Policy Management Editor. Here, you can configure the settings that you want to apply to the group under the Computer Configuration and User Configuration nodes. For more information on how to edit a GPO, see Edit a Group Policy Object.
Close the Group Policy Management Editor and return to the Group Policy Management console. Right-click on the new GPO and select Scope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.
Under the Security Filtering section, click on Authenticated Users and then click on Remove. This will remove the default permission granted to all authenticated users and computers to apply the GPO. Click on Add and then type the name of the group that you want to apply the GPO to, such as MemberServers. Click OK to add the group to the security filter. You can also click on Advanced to browse the list of groups available in the domain.
Optionally, you can also configure the WMI Filtering section to further filter the GPO based on the Windows Management Instrumentation (WMI) queries. For more information on how to use WMI filtering, see Filter the scope of a GPO by using WMI filters.
To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and select Link an Existing GPO. Select the GPO that you created, such as GPO1, and
click OK. You can also change the order of preference by using the Move Up and Move Down buttons. Wait for the changes to replicate to other domain controllers. You can also force the update of the GPO by using the gpupdate /force command on the domain controller or the client computers.
For more information on how to update a GPO, see Update a Group Policy Object.
Now, you have created a GPO named GPO1 that only applies to a group named MemberServers. You can verify the GPO application by using the gpresult /r command on a member server and checking the Applied Group Policy Objects entry. You can also use the Group Policy Results wizard in the Group Policy Management console to generate a report of the GPO application for a specific computer or user. For more information on how to use the Group Policy Results wizard, see Use the Group Policy Results Wizard.
SIMULATION
Task 6
You need to ensure that you can manage DC1 by using Windows Admin Center on SRV1.
The required source files are located in a folder named \dc1.contoso.cominstall.
On SRV1, open a web browser and go to the folder named dc1.contoso.cominstall. Download the Windows Admin Center installer file (WindowsAdminCenter.msi) and save it to a local folder, such as C:Temp.
Run the Windows Admin Center installer file and follow the installation wizard. You can choose to install Windows Admin Center as a desktop app or as a service. For more information on how to install Windows Admin Center, see Install Windows Admin Center.
After the installation is complete, launch Windows Admin Center from the Start menu or the desktop shortcut. If you installed Windows Admin Center as a service, you can access it from a web browser by using the URL https://localhost:6516 or https://<SRV1>:6516, where <SRV1> is the name or IP address of SRV1.
On the Windows Admin Center dashboard, click Add to add a new connection. Select Server as the connection type and enter the name or IP address of DC1 in the Server name field. Optionally, you can specify the display name, description, and tags for the connection. Click Submit to add DC1 as a managed server.
On the Windows Admin Center dashboard, you should see DC1 listed under the Servers section. Click
on DC1 to open the server overview page. From here, you can manage various aspects of DC1, such as roles and features, certificates, devices, events, files, firewall, processes, registry, services, and more. For more information on how to use Windows Admin Center to manage servers, see Manage servers with Windows Admin Center.
Now, you can manage DC1 by using Windows Admin Center on SRV1. You can also add more servers or other types of connections to Windows Admin Center and manage them from the same interface