Practice Free AZ-800 Exam Online Questions
DRAG DROP
Your network contains an Active Directory domain, a web app named App1, and a perimeter network. The perimeter network contains a server named Server1 that runs Windows Server. You plan to provide external access to App1.
You need to implement the Web Application Proxy role service on Server1.
Which role should you add to Server1, and which role should you add to the network? To answer, drag the appropriate roles to the correct targets. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You have two servers that have the Hyper-V server role installed. The servers are joined to a failover cluster both servers can connect to the same disk on an iSCSi storage device. You plan to use the iSCSI storage to store highly available Hyper-V virtual machines that will support live migration functionality. You need to configure a storage resource in the failover cluster to store the virtual machines.
What should you configure?
- A . a storage pool
- B . attributed File System (DFS) Replication
- C . a mirrored volume
- D . Cluster Shared volumes (CSV)
You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app
named App1 and a firewall named Firewall1.
You have an Azure subscription.
Internal users connect to App1 by using WebSockets.
You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.
What should you include in the solution?
- A . Microsoft Application Request Routing (ARR) Version 2
- B . Web Application Proxy
- C . Azure Relay
- D . Azure Application Gateway
You have an Azure virtual machine named VM1 that has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11. You use the computer for server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.
What should you configure?
- A . an Azure Bastion host on the virtual network that contains VM1.
- B . a VPN connection to the virtual network that contains VM1.
- C . a network security group 1NSG) rule that allows inbound traffic on port 443.
- D . a private endpoint on the virtual network that contains VM1.
B
Explanation:
Reference: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a DNS server named Server1. Server1 hosts a DNS zone named fabrikam.com that was signed by DNSSEC.
You need to ensure that all the member servers in the domain perform DNSSEC validation for the fabrikam.com namespace.
What should you do?
- A . On Served, run the Add-DnsServerTrustAnchor cmdlet.
- B . On each member server, run the Add-DnsServerTrustAnchor cmdlet.
- C . From a Group Policy Object (GPO). add a rule to the Name Resolution Policy Table (NRPT).
- D . From a Group Policy Object (GPO). modify the Network List Manager policies.
HOTSPOT
Your network contains two VLANs for client computers and one VLAN for a datacenter Each VLAN is assigned an IPv4 subnet Currently, all the client computers use static IP addresses. You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: 3
You need a DHCP scope for each of the three subnets.
Box 2: 2
The two client VLANs need a DHCP Relay Agent to forward DHCP requests to the DHCP server. The datacenter VLAN that contains the DHCP server does not require a DHCP Relay Agent.
DRAG DROP
You create a new Azure subscription.
You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines. The virtual machines will be joined to Azure AD DS.
You need to deploy Active Directory Domain Services (AD DS) to ensure that the virtual machines can be deployed and joined to Azure AD DS.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance
Topic 5, Labs
SIMULATION
Task 1
You need to prevent domain users from saving executable files in a share named \SRVlDat a. The users must be able to save other files to the share.
Right-click on File Groups and select Create File Group.
In the File Group Properties dialog box, enter a name for the file group, such as Executable Files. In the Files to include box, enter the file name extensions that you want to block, such as .exe, .bat, .cmd, .com, .msi, .scr. You can use wildcards to specify multiple extensions, such as *.exe.
Click OK to create the file group.
In the left pane, click on File Screen Templates.
Right-click on File Screen Templates and select Create File Screen Template.
In the File Screen Template Properties dialog box, enter a name for the template, such as Block Executable Files.
On the Settings tab, select the option Active screening: Do not allow users to save unauthorized files. On the File Groups tab, check the box next to the file group that you created, such as Executable Files.
On the Notification tab, you can configure how to notify users and administrators when a file screening event occurs, such as sending an email, logging an event, or running a command or script. You can also customize the message that users see when they try to save a blocked file. Click OK to create the file screen template.
In the left pane, click on File Screens.
Right-click on File Screens and select Create File Screen.
In the Create File Screen dialog box, enter the path of the folder that you want to apply the file screening to, such as SRVlData.
Select the option Derive properties from this file screen template (recommended) and choose the template that you created, such as Block Executable Files. Click Create to create the file screen.
Now, domain users will not be able to save executable files in the share named SRVlData. They will be able to save other files to the share.
You have a server named Server1 that runs Windows Server.
You plan to host applications in Windows containers.
You need to configure Server1 to run containers.
What should you install?
- A . Windows Admin Center
- B . the Windows Subsystem for Linux
- C . Doctor
- D . Hyper-V
HOTSPOT
Your on-premises network contains an Active Directory Domain Services (AD DS) domain.
The domain contains the servers shown in the following table.
The domain controllers do NOT have internet connectivity.
You plan to implement Azure AD Password Protection for the domain.
You need to deploy Azure AD Password Protection agents.
The solution must meet the following requirements:
• All Azure AD Password Protection policies must be enforced.
• Agent updates must be applied automatically.
• Administrative effort must be minimized.
What should you do? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
