AZ-800: Administering Windows Server Hybrid Core Infrastructure Topic 1
Question #: 1
Topic #: 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations
Master.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 1
Topic #: 7
You need to meet the technical requirements for Server1.
Which users can currently perform the required tasks?
A. Admin3 only
B. Admin1 and Admin3 only
C. Admin1 only
D. Admin1, Admin2, and Admin3
Selected Answer: B
Question #: 1
Topic #: 13
You need to meet the technical requirements for VM3.
On which volumes can you enable Data Deduplication?
A. C and D only
B. D only
C. C, D, E, and F
D. D and E only
E. D, E, and F only
Selected Answer: D
Question #: 1
Topic #: 3
You have a server named Host1 that has the Hyper-V server role installed. Host1 hosts a virtual machine named VM1.
You have a management server named Server1 that runs Windows Server. You remotely manage Host1 from Server1 by using Hyper-V Manager.
You need to ensure that you can access a USB hard drive connected to Server1 when you connect to VM1 by using Virtual Machine Connection.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From the Hyper-V Settings of Host1, select Allow enhanced session mode.
B. From Virtual Machine Connection, select Show Options, and then select the USB hard drive.
C. From Virtual Machine Connection, switch to a basic session.
D. From Disk Management on Host1, select Rescan Disks.
E. From Disk Management on Host1, attach a virtual hard disk.
Selected Answer: AB
Question #: 1
Topic #: 6
You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements.
What should you configure?
A. loopback processing in GPO4
B. security filtering for the link of GPO1
C. loopback processing in GPO1
D. the Enforced property for the link of GPO4
E. the Enforced property for the link of GPO1
F. security filtering for the link of GPO4
Selected Answer: A
Question #: 1
Topic #: 11
You need to implement a name resolution solution that meets the networking requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Configure the DNS Servers settings for Vnet1.
B. On DC3, install the DNS Server role.
C. Create a virtual network link in the corp.fabrikam.com Azure private DNS zone.
D. Configure a conditional forwarder on DC3.
E. Enable autoregistration in the corp.fabrikam.com Azure private DNS zone.
F. Create an Azure private DNZ zone named corp.fabrikam.com.
G. Create an Azure DNZ zone named corp.fabrikam.com.
Selected Answer: AB
Question #: 1
Topic #: 8
You are planning the implementation Azure Arc to support the planned changes.
You need to configure the environment to support configuration management policies.
What should you do?
A. Create a hybrid runbook worker in Azure Automation.
B. Deploy the Azure Monitor agent to all the servers.
C. Deploy the Azure Connected Machine agent to all the servers.
D. Hybrid Azure AD join all the serves.
Selected Answer: C
Question #: 2
Topic #: 7
You need to meet the technical requirements for the site links.
Which users can perform the required tasks?
A. Admin1, Admin2, and Admin3
B. Admin1 and Admin3 only
C. Admin1 only
D. Admin1 and Admin2 only
E. Admin3 only
Selected Answer: C
Question #: 2
Topic #: 3
You have a Windows Server container host named Server1 and a container image named image1.
You need to start a container from image1. The solution must run the container on a Hyper-V virtual machine.
Which parameter should you specify when you run the docker run command?
A. –expose
B. –privileged
C. –runtime
D. –isolation
E. –entrypoint
Selected Answer: D
Question #: 2
Topic #: 10
You need to meet the technical requirements for VM2.
What should you do?
A. Implement shielded virtual machines.
B. Enable the Guest services integration service.
C. Implement Credential Guard.
D. Enable enhanced session mode.
Selected Answer: D
Question #: 2
Topic #: 4
You have a server that runs Windows Server and has the DHCP Server role installed. The server has a scope named Scope1 that has the following configurations:
✑ Address range: 192.168.0.2 to 192. 168.1.254
✑ Mask: 255.255.254.0
✑ Router: 192.168.0.1
✑ Lease duration: 3 days
DNS server: 172.16.0.254 –
You have 50 Microsoft Teams Phone devices from the same vendor. All the devices have MAC addresses within the same range.
You need to ensure that all the Teams Phone devices that receive a lease from Scope1 have IP addresses in the range of 192.168.1.100 to 192.168.1.200. The solution must NOT affect other DHCP clients that receive IP configurations from Scope1.
What should you create?
A. a scope
B. a filter
C. scope options
D. a policy
Selected Answer: D
Question #: 2
Topic #: 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 2
Topic #: 6
What should you implement for the deployment of DC3?
A. Azure Active Directory Domain Services (Azure AD DS)
B. an Azure virtual machine
C. an Azure AD administrative unit
D. Azure AD Application Proxy
Selected Answer: B
Question #: 3
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
The contoso.local zone contains zone delegations for east.contoso.local and west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: You configure Server2 and Server3 to forward DNS requests to 10.0.1.10.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 3
Topic #: 1
You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan to implement self-service password reset (SSPR) in Azure AD.
You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.
What should you do?
A. Deploy the Azure AD Password Protection proxy service to the on premises network.
B. Run the Microsoft Azure Active Directory Connect wizard and select Password writeback.
C. Grant the Change password permission for the domain to the Azure AD Connect service account.
D. Grant the impersonate a client after authentication user right to the Azure AD Connect service account.
Selected Answer: B
Question #: 3
Topic #: 3
You plan to deploy a containerized application that requires .NET Core.
You need to create a container image for the application. The image must be as small as possible.
Which base image should you use?
A. Windows Server
B. Nano Server
C. Windows
D. Server Core
Selected Answer: B
Question #: 3
Topic #: 7
You need to meet the technical requirements for User1. The solution must use the principle of least privilege.
What should you do?
A. Add Users1 to the Server Operators group in contoso.com.
B. Create a delegation on contoso.com.
C. Add Users1 to the Account Operators group in contoso.com.
D. Create a delegation on OU3.
Selected Answer: D
Question #: 3
Topic #: 11
You need to configure remote administration to meet the security requirements.
What should you use?
A. an Azure Bastion host
B. Azure AD Privileged Identity Management (PIM)
C. the Remote Desktop extension for Azure Cloud Services
D. just in time (JIT) VM access
Selected Answer: D
Question #: 4
Topic #: 2
You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.
A user named Admin1 is a member of the local Administrators group on Server1 and Server2.
You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.
You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.
What should you do first?
A. From the Azure portal, generate a new onboarding script.
B. Assign Admin1 the Azure Connected Machine Onboarding role for RG1.
C. Hybrid Azure AD join Server1 and Server2.
D. Create an Azure cloud-only account for Admin1.
Selected Answer: A
Question #: 4
Topic #: 3
You have an Azure virtual machine named VM1 that runs Windows Server.
You perform the following actions on VM1:
✑ Create a folder named Folder1 on volume C.
✑ Create a folder named Folder2 on volume D.
✑ Add a new data disk to VM1 and create a new volume that is assigned drive letter E.
✑ Install an app named App1 on volume E.
You plan to resize VM1.
Which objects will present after you resize VM1?
A. Folder1, volume E, and App1 only
B. Folder1 only
C. Folder1 and Folder2 only
D. Folder1, Folder2, App1, and volume E
Selected Answer: A
Question #: 4
Topic #: 1
You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?
A. AAD DC Administrators
B. Domain Admins
C. Schema Admins
D. Enterprise Admins
E. Group Policy Creator Owners
Selected Answer: A
Question #: 4
Topic #: 11
You need to implement an availability solution for DHCP that meets the networking requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. On DHCP1, create a scope that contains 25 percent of the IP addresses from Scope2.
B. On the router in each office, configure a DHCP relay.
C. DHCP2, configure a scope that contains 25 percent of the IP addresses from Scope1.
D. On each DHCP server, install the Failover Clustering feature and add the DHCP cluster role.
E. On each DHCP scope, configure DHCP failover.
Selected Answer: BE
Question #: 4
Topic #: 4
You have an on-premises network that is connected to an Azure virtual network by using a Site-to-Site VPN. Each network contains a subnet that has the same IP address space. The on-premises subnet contains a virtual machine.
You plan to migrate the virtual machine to the Azure subnet.
You need to migrate the on premises virtual machine to Azure without modifying the IP address. The solution must minim administrative effort.
What should you implement before you perform the migration?
A. Azure Extended Network
B. Azure Virtual Network NAT
C. Azure Application Gateway
D. Azure virtual network peering
Selected Answer: A
Question #: 5
Topic #: 7
You need to meet the technical requirements for Server3.
Which users can perform the required tasks?
A. Admin3 only
B. Admin1 and Admin3 only
C. Admin1 only
D. Admin1, Admin2, and Admin3
E. Admin1 and Admin2 only
Selected Answer: C
Question #: 5
Topic #: 5
You have a server that runs Windows Server and contains a shared folder named UserData.
You need to limit the amount of storage space that each user can consume in UserData.
What should you use?
A. Storage Spaces
B. Work Folders
C. Distributed File System (DFS) Namespaces
D. File Server Resource Manager (FSRM)
Selected Answer: D
Question #: 5
Topic #: 3
You have an Azure virtual machine named VM1 that runs Windows Server and has the following configurations:
✑ Size: D2s_v4
✑ Operating system disk: 127-GiB standard SSD
✑ Data disk 128-GiB standard SSD
✑ Virtual machine generation: Gen 2
You plan to perform the following changes to VM1:
✑ Change the virtual machine size to D4s_v4.
✑ Detach the data disk.
✑ Add a new standard SSD.
Which changes require downtime for VM1?
A. Detaching the data disk only and adding a new standard SSD.
B. Detaching the data disk only.
C. Changing the virtual machine size only.
D. Adding a new standard SSD only.
Selected Answer: C
Question #: 5
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
The contoso.local zone contains zone delegations for east.conloso.local and west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: On Server2 and Server3, you configure a conditional forwarder for contoso.local.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 6
Topic #: 4
You have servers that have the DNS Server role installed. The servers are configured as shown in the following table.
All the client computers in the New York office use Server2 as the DNS server.
You need to configure name resolution in the New York office to meet the following requirements:
✑ Ensure that the client computers in New York can resolve names from contoso.com.
✑ Ensure that Server2 forwards all DNS queries for internet hosts to 131. 107.100.200.
The solution must NOT require modifications to Server1.
Which two components should you configure on Server2? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a forwarder
B. a conditional forwarder
C. a delegation
D. a secondary zone
E. a reverse lookup zone
Selected Answer: AB
Question #: 6
Topic #: 5
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains two servers named Server1 and Server2.
Server1 contains a disk named Disk2. Disk2 contains a folder named UserData. UserData is shared to the Domain Users group. Disk2 is configured for deduplication. Server1 is protected by using Azure Backup.
Server1 fails.
You connect Disk2 to Server2.
You need to ensure that you can access all the files on Disk2 as quickly as possible.
What should you do?
A. Create a storage pool.
B. Restore files from Azure Backup.
C. Install the File Server Resource Manager server role.
D. Install the Data Deduplication server role.
Selected Answer: D
Question #: 7
Topic #: 4
You have an Azure virtual machine named VM1 that runs Windows Server.
You need to configure the management of VM1 to meet the following requirements:
✑ Require administrators to request access to VM1 before establishing a Remote Desktop connection.
✑ Limit access to VM1 from specific source IP addresses.
✑ Limit access to VM1 to a specific management port.
What should you configure?
A. a network security group (NSG)
B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
C. Microsoft Defender for Cloud
D. Azure Front Door
Selected Answer: C
Question #: 7
Topic #: 2
You have an Azure virtual machine named VM1 that runs Windows Server.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1.
What should you do?
A. Add the PowerShell Desired State Configuration (DSC) extension to VM1.
B. Configure VM1 to use a user-assigned managed identity.
C. Configure VM1 to use a system-assigned managed identity.
D. Add the Custom Script Extension to VM1.
Selected Answer: C
Question #: 7
Topic #: 5
You have five file servers that run Windows Server.
You need to block users from uploading video files that have the .mov extension to shared folders on the file servers. All other types of files must be allowed. The solution must minimize administrative effort.
What should you create?
A. a Dynamic Access Control central access policy
B. a data loss prevention (DLP) policy
C. a Dynamic Access Control central access rule
D. a file screen
Selected Answer: D
Question #: 8
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) domain. The network also contains 20 domain controllers, 100 member servers, and 100 client computers.
You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences.
You plan to link GPO1 to the domain.
You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group
Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort.
Which type of item level targeting should you use?
A. Domain
B. Operating System
C. Security Group
D. Environment Variable
Selected Answer: C
Question #: 8
Topic #: 3
You have a server named Server1 that hosts Windows containers.
You plan to deploy an application that will have multiple containers. Each container will be on the same subnet. Each container requires a separate MAC address and IP address. Each container must be able to communicate by using its IP address.
You need to create a Docker network that supports the deployment of the application.
Which type of network should you create?
A. NAT
B. transparent
C. I2bridge
D. I2tunnel
Selected Answer: B
Question #: 8
Topic #: 4
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a DNS server named Server1. Server1 hosts a DNS zone named fabrikam.com that was signed by DNSSEC.
You need to ensure that all the member servers in the domain perform DNSSEC validation for the fabrikam.com namespace.
What should you do?
A. On Server1, run the Add-DnsServerTrustAnchor cmdlet.
B. On each member server, run the Add-DnsServerTrustAnchor cmdlet.
C. From a Group Policy Object (GPO), add a rule to the Name Resolution Policy Table (NRPT).
D. From a Group Policy Object (GPO), modify the Network List Manager policies.
Selected Answer: C
Question #: 9
Topic #: 2
You have an Azure virtual machine named VM1 that has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11. You use the computer for server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.
What should you configure?
A. an Azure Bastion host on the virtual network that contains VM1.
B. a VPN connection to the virtual network that contains VM1.
C. a private endpoint on the virtual network that contains VM1.
D. a network security group (NSG) rule that allows inbound traffic on port 443.
Selected Answer: B
Question #: 9
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
The contoso.local zone contains zone delegations for east.contoso.local and west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: On Server2, you create a conditional forwarder for contoso.local and west.contoso.local. On Server3, you create a conditional forwarder for contoso.local and east.contoso.local.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 9
Topic #: 3
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan deploy 100 new Azure virtual machines that will run Windows Server.
You need to ensure that each new virtual machine is joined to the AD DS domain.
What should you use?
A. an Azure Resource Manager (ARM) template
B. a Group Policy Object (GPO)
C. Azure AD Connect
D. an Azure management group
Selected Answer: A
Question #: 10
Topic #: 3
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains three servers that run
Windows Server and have the Hyper-V server role installed. Each server has a Switch Embedded Teaming (SET) team.
You need to verify that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server to support an
Azure Stack HCI cluster.
What should you use?
A. Server Manager
B. the Get-NetAdapter cmdlet
C. Failover Cluster Manager
D. the Validate-DCB cmdlet
Selected Answer: D
Question #: 10
Topic #: 2
Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic.
The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only.
You plan to manage the servers in the branch office by using a Windows Admin Center gateway.
On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings.
You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway.
Which inbound TCP port should you allow?
A. 443
B. 3389
C. 5985
D. 6516
Selected Answer: A
Question #: 10
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The root domain contains the domain controllers shown in the following table.
A failure of which domain controller will prevent you from creating application partitions?
A. DC1
B. DC2
C. DC3
D. DC4
E. DC5
Selected Answer: A
Question #: 10
Topic #: 4
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 10 servers that run Windows Server. The servers have static
IP addresses.
You plan to use DHCP to assign IP addresses to the servers.
You need to ensure that each server always receives the same IP address.
Which type of identifier should you use to create a DHCP reservation for each server?
A. NetBIOS name
B. MAC address
C. fully qualified domain name (FQDN)
D. universally unique identifier (UUID)
Selected Answer: B
Question #: 11
Topic #: 1
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the objects shown in the following table.
You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
You need to ensure that all the objects can be used in Conditional Access policies.
What should you do?
A. Select the Configure Hybrid Azure AD join option.
B. Change the scope of Group1 and Group2 to Global.
C. Clear the Configure device writeback option.
D. Change the scope of Group2 to Universal.
Selected Answer: A
Question #: 11
Topic #: 2
You have an Azure subscription that contains the following resources.
✑ An Azure Log Analytics workspace
✑ An Azure Automation account
✑ Azure Arc
You have an on-premises server named Server1 that is onboarded to Azure Arc.
You need to manage Microsoft updates on Server1 by using Azure Arc.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From the Automation account, enable Update Management for Server1.
B. From the Virtual machines data source of the Log Analytics workspace, connect Server1.
C. On Server1, install the Azure Monitor agent
D. Add Microsoft Sentinel to the Log Analytics workspace
Selected Answer: AC
Question #: 12
Topic #: 1
Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.
You need to minimize the convergence time for changes to Active Directory.
What should you do?
A. For each site link, modify the replication schedule.
B. For each site links, modify the site link costs.
C. Create a site link bridge that contains all the site links.
D. For each site link, modify the options attribute.
Selected Answer: A
Question #: 12
Topic #: 4
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The on-premises network is connected to Azure by using a Site-to-Site VPN.
You have the DNS zones shown in the following table.
You need to ensure that names from fabrikam.com can be resolved from the on-premises network.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a stub zone for fabrikam.com on DC1.
B. Create a conditional forwarder for fabrikam.com on DC1.
C. Create a secondary zone for fabrikam.com on DC1.
D. Deploy an Azure virtual machine that runs Windows Server. Modify the DNS Servers settings for the virtual network.
E. Deploy an Azure virtual machine that runs Windows Server. Configure the virtual machine as a DNS forwarder.
Selected Answer: BE
Question #: 13
Topic #: 4
You have an on-premises server named Server1 that runs Windows Server.
You have an Azure virtual network that contains an Azure virtual network gateway.
You need to connect only Server1 to the Azure virtual network.
What should you use?
A. a Site-to-Site VPN
B. Azure Network Adapter
C. an ExpressRoute circuit
D. Azure Extended Network
Selected Answer: B
Question #: 13
Topic #: 5
You have a server named Server1 that runs Windows Server. Server1 has the storage pools shown in the following table.
You plan to create a virtual disk named VDisk1 that will use storage tiers.
Which pools can you use to create VDisk1?
A. Pool2 only
B. Pool1 only
C. Pool1, Pool2, and Pool3
D. Pool1 and Pool2 only
E. Pool3 only
F. Pool2 and Pool3 only
G. Pool1 and Pool3 only
Selected Answer: F
Question #: 14
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
The contoso.local zone contains zone delegations for east.contoso.local and west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: On Server2, you create a conditional forwarder for west.contoso.local. On Server3, you create a conditional forwarder for east.contoso.local.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 14
Topic #: 5
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers.
You plan to store a DNS zone in a custom Active Directory partition.
You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.
What should you use?
A. ntdsutil.exe
B. Active Directory Sites and Services
C. Set-DnsServer
D. DNS Manager
Selected Answer: D
Question #: 14
Topic #: 1
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.
Which optional feature should you select in Azure AD Connect?
A. Device writeback
B. Group writeback
C. Azure AD app and attribute filtering
D. Password writeback
E. Directory extension attribute sync
Selected Answer: A
Question #: 15
Topic #: 3
You have an Azure virtual machine named Server1 that runs a network management application. Server1 has the following network configurations:
* Network interface: Nic1
* IP address: 10.1.1.1/24
* Connected to: Vnet1/Subnet1
You need to connect Server1 to an additional subnet named Vnet1/Subnet2.
What should you do?
A. Modify the IP configurations of Nic1.
B. Add an IP configuration to Nic1.
C. Add a network interface to Server1.
D. Create a private endpoint on Subnet2.
Selected Answer: C
Question #: 15
Topic #: 5
You have two severs that have the Hyper-V server role installed. The servers are joined to a failover cluster. Both servers can connect to the same disk on an iSCSI storage device.
You plan to use the iSCSI storage to store highly available Hyper-V virtual machines that will. support live migration functionally.
You need to configure a storage resource in the failover cluster to store the virtual machines.
What should you configure?
A. Cluster Shared Volumes (CSV)
B. Distributed File System (DFS) Replication
C. a storage pool
D. a mirrored volume
Selected Answer: A
