Practice Free AZ-800 Exam Online Questions
SIMULATION
Task 5
You need to ensure that a DHCP scope named scope! on SRV1 can service client requests.
To activate a DHCP scope on SRV1, perform the following steps:
On SRV1, open DNS Manager from the Administrative Tools menu or by typing dnsmgmt.msc in the Run box.
In the left pane, expand your DHCP server and click on IPv4.
In the right pane, right-click on the scope that you want to activate, such as scope1, and select Activate.
Wait for the scope to be activated. You can verify the activation status by checking the icon next to the scope name. A green arrow indicates that the scope is active, while a red arrow indicates that the scope is inactive.
Now, the DHCP scope named scope1 on SRV1 can service client requests and lease IP addresses to DHCP clients. You can test the DHCP service by using the ipconfig /renew command on a DHCP client computer that is connected to the same subnet as the scope.
SIMULATION
Task 3
You need to run a container that uses the mcr.microsoft.com/windows/servercore/iis image on SRV1. Pott 60 on the container must be published to port 5001 on SRV1 and the container must run in the background.
Step 1: Pull the IIS Image First, pull the IIS image from the Microsoft Container Registry:
docker pull mcr.microsoft.com/windows/servercore/iis
Step 2: Run the Container Next, run the container with the required port mapping and ensure it runs in the background using the -d flag:
docker run -d -p 5001:60 –name iis_container mcr.microsoft.com/windows/servercore/iis
This command will start a container named iis_container using the IIS image, map port 60 inside the container to port 5001 on SRV1, and run the container in detached mode.
Step 3: Verify the Container is Running To verify that the container is running and the port is published, use the following command:
docker ps
This will list all running containers and show the port mappings.
Step 4: Access the IIS Server You can now access the IIS server running in the container by navigating to http://<SRV1_IP>:5001 in a web browser, where <SRV1_IP> is the IP address of SRV1.
Note: Ensure that Docker is installed on SRV1 and that the port 5001 is open on the firewall to allow incoming connections1.
By following these steps, you should be able to run the IIS container on SRV1 with the specified port mapping and have it running in the background.
Your network contains an Active Directory Domain Services (AD DS) domain.
The domain contains the offices shown in the following table.
You need to deploy a Network Policy Server (NPS) named NPS1 to enforce network access policies for all remote connections.
What is the minimum number of RADIUS clients that you should add to NPS1?
- A . 1
- B . 3
- C . 8
- D . 180
- E . 188
HOTSPOT
You have on-premises servers that run Windows Server as shown in the following table.
You have an Azure file share named share1 that stores two files named File2.docx and File3.docx.
You create an Azure File Sync sync group that includes the following endpoints:
✑ share
✑ D:Folder1 on Server1
✑ D:Datal on Server2
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-introduction
HOTSPOT
You have an Active Directory Domain Services (AD DS) domain that contains a group named Group1. You need to create a group managed service account (gMSA) named Account1. The solution must ensure that Group1 can use Account1.
How should you complete the script? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point.
Your network contains an on -premises Active Directory Domain Services (AD DS) domain named contoso.com.
The domain contains the objects shown in the following table.
You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect You need to ensure that all the objects can be used in Conditional Access policies.
What should you do?
- A . Change the scope of Group2 to Universal
- B . Clear the Configure device writeback option.
- C . Change the scope o’ Group1 and Group2 to Global
- D . Select the Configure Hybrid Azure AD join option.
D
Explanation:
Hybrid Azure AD join needs to be configured to enable Computer1 to be used in Conditional Access Policies. Synchronized users, universal groups and domain local groups can be used in Conditional Access Policies.
SIMULATION
Task 9
You plan to create group managed service accounts (gMSAs).
You need to configure the domain to support the creation of gMSAs.
On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open PowerShell as an administrator and run the following command to install the Active Directory module:
Install-WindowsFeature -Name RSAT-AD-PowerShell
Run the following command to create a Key Distribution Service (KDS) root key, which is required for generating passwords for gMSAs. You only need to do this once per domain: Add-KdsRootKey -EffectiveImmediately
Wait for at least 10 hours for the KDS root key to replicate to all domain controllers in the domain. Alternatively, you can use the -EffectiveTime parameter to specify a past date and time for the KDS root key, but this is not recommended for security reasons. For more information, see Add-KdsRootKey.
After the KDS root key is replicated, you can create and configure gMSAs using the New-ADServiceAccount and Set-ADServiceAccount cmdlets. For more information, see Create a gMSA and Configure a gMSA.
Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic.
The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only.
You plan to manage the servers in the branch office by using a Windows Admin Center gateway.
On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings.
You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway.
Which inbound TCP port should you allow?
- A . 443
- B . 3389
- C . 5985
- D . 6516
You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app
named App1 and a firewall named Firewall1.
You have an Azure subscription.
Internal users connect to App1 by using WebSockets.
You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.
What should you include in the solution?
- A . Microsoft Application Request Routing (ARR) Version 2
- B . Web Application Proxy
- C . Azure Relay
- D . Azure Application Gateway