Practice Free AZ-800 Exam Online Questions
SIMULATION
Task 2
You plan to promote a domain controller named DC3 in a site in Seattle.
You need to ensure that DC3 only replicates with DC1 and DC2 between 8 pm and 6 AM.
Objective: Configure DC3 to replicate with DC1 and DC2 only between 8:00 PM and 6:00 AM.
Step-by-Step Guide: Replication Scheduling for DC3
✅ Step 1: Promote DC3 to a Domain Controller (if not already done)
Use Server Manager or PowerShell to install the Active Directory Domain Services role and promote the server as a domain controller.
Example PowerShell command to install the AD DS role:
powershell
Copy
Install-WindowsFeature AD-Domain-Services
To promote:
powershell
Copy
Install-ADDSDomainController -DomainName "contoso.com"
✅ Step 2: Open Active Directory Sites and Services Log in to DC3 or another DC with administrative tools. Open Active Directory Sites and Services (dssite.msc).
✅ Step 3: Locate the Site
In the left pane, expand the Sites container and find the site that contains DC3.
Expand the site to find Servers.
Under Servers, select DC3.
✅ Step 4: Configure Replication Connection Objects Expand DC3 and click on NTDS Settings.
In the right pane, you’ll see connection objects to other domain controllers (these represent replication partners).
✅ Step 5: Adjust the Replication Schedule for Each Connection For each connection object to DC1 and DC2:
Right-click the connection object and select Properties.
Click the Change Schedule button.
✅ Step 6: Set the Replication Schedule
In the schedule window, you’ll see a grid of hours.
Clear all hours except the time window of 8 PM to 6 AM (in 1-hour blocks).
Select 8 PM to 6 AM (10 hours total) for all days.
Click OK to save.
✅ Step 7: Verify and Document
Ensure that both connection objects (to DC1 and DC2) have the updated schedule.
Document your configuration as part of your environment’s change control.
You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.
A user named Admin1 is a member of the local Administrators group on Server1 and Server2.
You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.
You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.
What should you do first?
- A . From the Azure portal, generate a new onboarding script.
- B . Assign Admin1 the Azure Connected Machine Onboarding role for RG1.
- C . Hybrid Azure AD join Server1 and Server2.
- D . Create an Azure cloud-only account for Admin1.
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal
HOTSPOT
You have an Azure subscription that contains the storage accounts shown in the following table.
In the East US Azure region, you create a storage sync service named Synd.
You need to create a sync group in Synd.
Which storage accounts can you use, and what can you specify as the cloud endpoints? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an on-premises server named Server1 that runs Windows Server. You have an Azure virtual network that contains an Azure virtual network gateway. You need to connect only Server1 to the Azure virtual network.
What should you use?
- A . Azure Network Adapter
- B . a Site-to-Site VPN
- C . an ExpressRoute circuit
- D . Azure Extended Network
B
Explanation:
Reference: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/use-azure-network-adapter
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
Reference: https://activedirectorypro.com/how-to-check-fsmo-roles/
You have a server that runs Windows Server 2022 and has the network adapters shown in the following table.
You need to configure NIC learning for LAN2 and LAN3. The solution must support Dynamic Virtual Machine Multi-Queue (d.VMMQ).
What should you use?
- A . Static teaming mode
- B . Switch Embedded Teaming (SET)
- C . load balancing and failover (LBFO)
- D . LACP teaming mode
HOTSPOT
Your on-premises network contains an Active Directory Domain Services (AD DS) domain.
The domain contains the servers shown in the following table.
The domain controllers do NOT have internet connectivity.
You plan to implement Azure AD Password Protection for the domain.
You need to deploy Azure AD Password Protection agents.
The solution must meet the following requirements:
• All Azure AD Password Protection policies must be enforced.
• Agent updates must be applied automatically.
• Administrative effort must be minimized.
What should you do? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.
You need to minimize the convergence time for changes to Active Directory.
What should you do?
- A . For each site link, modify the options attribute.
- B . For each site link, modify the site link costs.
- C . For each site link, modify the replication schedule.
- D . Create a site link bridge that contains all the site links.
C
Explanation:
Reference: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/determining-the-interval