Practice Free AZ-800 Exam Online Questions
HOTSPOT
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each forest contains a single domain.
The domains contain the servers shown in the following table.
You need to configure resources based constrained delegation so that the users. In contoso.com can use Windows Admin Center on Server) to connect to Server?
How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-adcomputer?view=windowsserver2022-ps
DRAG DROP
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.
You need to recommend a deployment plan that meets the following requirements:
Ensures that a user named User1 can perform the RODC installation on Server1
Ensures that you can control the AD DS replication schedule to the Server1
Ensures that Server1 is in a new site named RemoteSite1 Uses the principle of least privilege
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Box 1.
We need to create a site and subnet for the remote site. The new site will be added to the Default IP Site Link so we don’t need to create a new site link. You configure the replication schedule on the site link.
Box 2.
When we pre-create an RODC account, we can specify who is allowed to attach the server to the prestaged account. This means that the User1 does not need to be added to the Domain Admins group.
Box3.
User1 can connect the RODC to the prestaged account by running the AD DS installation wizard.
Reference: https://mehic.se/2018/01/02/how-to-install-and-configure-read-only-domain-controller-rodc-2016/
HOTSPOT
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com.
The domain contains a ‘He server named Server1 and three users named User1.
User2 and User), Server1 contains a shared folder named Share1 tha1 has the following configurations:
The share permissions for Share1 are configured as shown in the Share Permissions exhibit. (Click the Share Permissions tab.)
Share1 contains a file named Filel.txt. The advanced security settings for Filel.txt are configured as shown in the File Permissions exhibit. (Click the File Permissions tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Active Directory domain that contains a file server named Server1.
Server1 runs Windows Server and includes the file shares shown in the following table.
When users login to the network they receive the following network drive mappings.
• H: maps to Wserver1users%UserName%
• G: maps to \server1%Department%
You need to limit the amount of space consumed by user’s on Server!.
The solution must meet the following requirements:
• Prevent users using more than 5GB of space on their H: drive
• Prevent Accounts department users from using more than 10GB of space on the G: drive
• Prevent Marketing department users from using more than 15GB of space on the G: drive
• Prevent Customer Service department users from using more than 2GB of space on the G: drive
• Minimize administrative effort
What should you use?
- A . File Server Resource Manager (FSRM) quotas
- B . Storage tiering
- C . NTFS Disk quotas
- D . Group Policy Preferences
Your network contains an Active Directory Domain Services (AD DS) domain.
The domain contains a user named User1 and the servers shown in the following table.
You need to ensure that User1 can manage only Scope1 and Scope3.
What should you do?
- A . Add User1 to the DHCP Administrators group on Server1 and Server2.
- B . Implement IP Address Management (IPAM).
- C . Add User1 to the DHCP Administrators domain local group.
- D . Implement Windows Admin Center and add connections to Server1 and Server2.
You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?
- A . AAD DC Administrators
- B . Domain Admins
- C . Schema Admins
- D . Enterprise Admins
- E . Group Policy Creator Owners
B
Explanation:
Only the Domain Admins group and the Enterprise Admins group can fully manage GPOs. Members of the Group Policy Creator Owners group can create new GPOs but they can’t link the GPOs to sites, the domain or OUs and they cannot manage existing GPOs.
HOTSPOT
You have an Azure subscription and a computer named Computed that runs Windows 11.
From the Azure portal, you deploy a virtual machine named VM1 that runs Windows Server. You configure VM1 to use the default settings.
You need to ensure that you can connect to VM1 by using PowerShell remoting.
Which cmdlet should you run, and what should you use to run the cmdlet? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Topic 5, Labs
SIMULATION
Task 1
You need to prevent domain users from saving executable files in a share named \SRVlDat a. The users must be able to save other files to the share.
Right-click on File Groups and select Create File Group.
In the File Group Properties dialog box, enter a name for the file group, such as Executable Files. In the Files to include box, enter the file name extensions that you want to block, such as .exe, .bat, .cmd, .com, .msi, .scr. You can use wildcards to specify multiple extensions, such as *.exe.
Click OK to create the file group.
In the left pane, click on File Screen Templates.
Right-click on File Screen Templates and select Create File Screen Template.
In the File Screen Template Properties dialog box, enter a name for the template, such as Block Executable Files.
On the Settings tab, select the option Active screening: Do not allow users to save unauthorized files. On the File Groups tab, check the box next to the file group that you created, such as Executable Files.
On the Notification tab, you can configure how to notify users and administrators when a file screening event occurs, such as sending an email, logging an event, or running a command or script. You can also customize the message that users see when they try to save a blocked file. Click OK to create the file screen template.
In the left pane, click on File Screens.
Right-click on File Screens and select Create File Screen.
In the Create File Screen dialog box, enter the path of the folder that you want to apply the file screening to, such as SRVlData.
Select the option Derive properties from this file screen template (recommended) and choose the template that you created, such as Block Executable Files. Click Create to create the file screen.
Now, domain users will not be able to save executable files in the share named SRVlData. They will be able to save other files to the share.
DRAG DROP
Your network contains an Active Directory domain, a web app named App1, and a perimeter network. The perimeter network contains a server named Server1 that runs Windows Server. You plan to provide external access to App1.
You need to implement the Web Application Proxy role service on Server1.
Which role should you add to Server1, and which role should you add to the network? To answer, drag the appropriate roles to the correct targets. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
HOTSPOT
You need to sync files from an on-premises server named Server1 to Azure by using Azure File Sync You have a cloud tiering policy that is configured for 30 percent free space and 70 days. Volume f on Server1 is 500 GB.
A year ago. you configured E:Oata on Server1 to sync by using Azure File Sync.
The files that are visible in E:Data are shown in the following table.
Volume E does NOT contain any other files.
Where are File1 and flle3 located? To answer, select the appropriate options In the answer area.
