Practice Free AZ-800 Exam Online Questions
HOTSPOT
You have an on-premises server named Server1 that runs Windows Server and has internet connectivity.
You have an Azure subscription.
You need to monitor Server1 by using Azure Monitor.
Which resources should you create in the subscription, and what should you install on Server1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new site named Site4 and associate Site4 to DEFAULTSITELINK.
Does this meet the goal?
- A . Yes
- B . No
SIMULATION
Task 8
You need to create an Active Directory Domain Services (AD DS) site named Site2 that is associated to an IP address range of 192.168.2.0 to 192.168.2.255.
On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open Active Directory Sites and Services from the Administrative Tools menu or by typing dssite.msc in the Run box.
In the left pane, right-click on Sites and select New Site.
In the New Object – Site dialog box, enter Site2 as the Name of the new site. Select a site link to associate the new site with, such as DEFAULTIPSITELINK, and click OK. You can also create a new site link if you want to customize the replication frequency and schedule between the sites.
For more information on how to create a site link, see Create a Site Link.
In the left pane, right-click on Subnets and select New Subnet.
In the New Object – Subnet dialog box, enter 192.168.2.0/24 as the Prefix of the subnet. This notation represents the IP address range of 192.168.2.0 to 192.168.2.255 with a subnet mask of 255.255.255.0. Select Site2 as the Site object to associate the subnet with, and click OK.
Wait for the changes to replicate to other domain controllers. You can verify the site and subnet creation by checking the Sites and Subnets containers in Active Directory Sites and Services. Now, you have created an AD DS site named Site2 that is associated to an IP address range of 192.168.2.0 to 192.168.2.255. You can add domain controllers to the new site and configure the site links and site link bridges to optimize the replication topology.
HOTSPOT
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each forest contains a single domain.
The domains contain the servers shown in the following table.
You need to configure resources based constrained delegation so that the users. In contoso.com can use Windows Admin Center on Server) to connect to Server?
How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-adcomputer?view=windowsserver2022-ps
HOTSPOT
You have a file server named Server1 that runs Windows Server and contains the volumes shown in the following table.
On which volumes can you use BitLocker Drive Encryption (BitLocker) and disk quotas? To answer select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/windows-server/storage/refs/refs-overview
SIMULATION
Task 2
You need to ensure that you can manage SRV1 remotely by using PowerShell
Step 1: Enable PowerShell Remoting on SRV1 On SRV1, run the following command to enable PowerShell Remoting:
Enable-PSRemoting -Force
This command configures the computer to receive PowerShell remote commands that are sent by using the WS-Management technology.
Step 2: Configure the TrustedHosts List (If Needed) If you’re managing SRV1 from a computer that is not part of the same domain, you’ll need to add the managing computer’s name to the TrustedHosts list on SRV1:
Set-Item wsman:localhostClientTrustedHosts -Value "ManagingComputerName" -Concatenate – Force
Replace “ManagingComputerName” with the name of your managing computer.
Step 3: Start a Remote Session From your managing computer, start a remote session with SRV1
using the Enter-PSSession cmdlet:
Enter-PSSession -ComputerName SRV1 -Credential (Get-Credential)
This command prompts you for credentials and then starts a remote session with SRV1.
Step 4: Run Remote Commands Once the remote session is established, you can run any PowerShell command as if you were directly on SRV1. For example: Get-Service
This command gets the status of services on SRV1.
Step 5: Exit the Remote Session When you’re finished, exit the remote session:
Exit-PSSession
Note: Ensure that both the managing computer and SRV1 are properly configured to communicate over the network, and that any firewalls allow for the necessary ports (default is 5985 for HTTP and 5986 for HTTPS) to be open for WS-Management traffic12.
By following these steps, you should be able to manage SRV1 remotely using PowerShell. Make sure you have the appropriate administrative privileges to perform these actions.
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure AD Connect.
The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1. You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared
You need to create a security group that meets the following requirements:
• Can contain users from the AD DS domain
• Can be used to authorize user access to share 1 and share2
What should you do?
- A . in the AD DS domain, create a universal security group
- B . in the Azure AD tenant create a security group that has assigned membership
- C . in the Azure AD Tenant create a security group that has dynamic membership.
- D . in the Azure AD tenant create a Microsoft 365 group
Topic 1, Contoso Ltd
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more Information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements, if the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
AD DS Environment
The network contains an on-premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains two domains named contoso.com and canada.contoso.com.
The forest contains the domain controllers shown in the following table.
All the domain controllers are global catalog servers.
Server Infrastructure
The network contains the servers shown in the following table.
A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Servei4 uses the private profile.
Server2 hosts three virtual machines named VM1. VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.
Existing Identities
The forest contains the users shown in the following table.
The forest contains the groups shown in the following table.
Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out another administrator can connect to the console session as the currently signed-in user.
Requirements
Contoso identifies the following technical requirements:
• Change the replication schedule for all site links to 30 minutes.
• Promote Server1 to a domain controller in canada.contoso.com.
• Install and authorize Server3 as a DHCP server.
• Ensure that User! can manage the membership of all the groups in ContosoOU3.
• Ensure that you can manage Server4 from Server1 by using PowerShell removing.
• Ensure that you can run virtual machines on VM1.
• Force users to provide credentials when they connect to VM2.
• On VM3, ensure that Data Deduplication on all volumes is possible.
You need to meet the technical requirements for Server1.
Which users can currently perform the required tasks?
- A . Admin1 only
- B . Admin3 only
- C . Admin1 and Admin3 only
- D . Admin1 Admin2. and Admm3
HOTSPOT
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com.
The forest contains a child domain named east.contoso.com and the servers shown in the following table.
You need to create a folder for the Central Store to manage Group Policy template files for the entire forest.
What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You haw? a server named Host! that has the Hyper-V server role installed. Host! hosts a virtual machine named VM1.
You have a management server named Server! that runs Windows Server. You remotely manage Host1 from Server1 by using Hyper-V Manager.
You need to ensure that you can access a USB hard drive connected to Server1 when you connect to VM1 by using Virtual Machine Connection.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . From the Hyper-V Settings of Host1, select Allow enhanced session mode
- B . From Disk Management on Host1. attach a virtual hard disk.
- C . From Virtual Machine Connection, switch to a basic session.
- D . From Virtual Machine Connection select Show Options and then select the USB hard drive.
- E . From Disk Management on Host1, select Rescan Disks
A, D
Explanation:
Reference: https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/learn-more/use-local-resources-on-hyper-v-virtual-machine-with-vmconnect