AZ-800: Administering Windows Server Hybrid Core Infrastructure Topic 4
Question #: 38
Topic #: 5
You have a server named Server1 that runs Windows Server. The disks on Server1 are configured as shown in the following exhibit.
You need to convert volume E to ReFS. The solution must meet the following requirements:
• The data on volume E needs to be retained.
• Minimize administrative effort.
What should you do first?
A. Back up the data on volume E.
B. Take Disk 2 offline.
C. Convert Disk 2 to a dynamic disk.
D. Run convert.exe.
Selected Answer: A
Question #: 39
Topic #: 1
Your on-premises network contains an Active Directory domain named contoso.com. You have an Azure AD tenant.
You plan to sync contoso.com with the Azure AD tenant by using Azure AD Connect cloud sync.
You need to create an account that will be used by Azure AD Connect cloud sync.
Which type of account should you create?
A. system-assigned managed identity
B. group managed service account (gMSA)
C. user
D. InetOrgPerson
Selected Answer: C
Question #: 40
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.
You need to ensure that if an attacker compromises the computer account of RODC1, the attacker cannot view the Employee-Number AD DS attribute.
Which partition should you modify?
A. configuration
B. global catalog
C. domain
D. schema
Selected Answer: D
Question #: 41
Topic #: 5
You have a server named Server1 that runs Windows Server and contains a file share named Share1.
You need to prevent users from storing MP4 files in Share1. The solution must ensure that the users can store other types of files in the share.
What should you configure on Server1?
A. File Management Tasks
B. NTFS Quotas
C. NTFS permissions
D. file screens
Selected Answer: D
Question #: 44
Topic #: 5
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the servers shown in the following table.
You need to create a Distributed File System (DFS) namespace that will contain the following:
• A domain-based namespace named \\contoso.com\Public
• A folder named Finance
Which servers can you configure as folder targets for the Finance folder?
A. Server3 only
B. Server2 and Server3 only
C. Server1 and Server3 only
D. Server1, Server2, and Server3 only
E. Server1, Server2, Server3, and Server4
Selected Answer: B
Question #: 44
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the resources shown in the following table.
You plan to replicate a volume from Server1 to Server2 by using Storage Replica.
You need to configure Storage Replica.
Where should you install Windows Admin Center?
A. Server1
B. CLIENT1
C. DC1
D. Server2
Selected Answer: B
Question #: 45
Topic #: 1
You have an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with Azure AD by using Azure AD Connect.
You enable password protection for contoso.com.
You need to prevent users from including the word contoso as part of their password.
What should you use?
A. the Azure Active Directory admin center
B. Active Directory Users and Computers
C. Synchronization Service Manager
D. Windows Admin Center
Selected Answer: A
Question #: 46
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers.
You plan to store a DNS zone in a custom Active Directory partition.
You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.
What should you use?
A. Windows Admin Center
B. Set-DnsServer
C. New-ADObject
D. ntdsutil.exe
Selected Answer: A
Question #: 48
Topic #: 1
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.
You deploy an app that adds custom attributes to the domain.
From Azure Cloud Shell, you discover that you cannot query the custom attributes of users.
You need to ensure that the custom attributes are available in Azure AD.
Which task should you perform from Microsoft Azure Active Directory Connect first?
A. Configure device options
B. Manage federation
C. Customize synchronization options
D. Refresh directory schema
Selected Answer: C
Question #: 49
Topic #: 1
You have an Active Directory Domain Services (AD DS) domain that contains the domain controllers shown in the following table.
The domain contains an app named App1 that uses a custom application partition to store configuration data.
You decommission App1.
When you attempt to remove the custom application partition, the process fails.
Which domain controller is unavailable?
A. DC1
B. DC2
C. DC3
D. DC4
Selected Answer: B
Question #: 51
Topic #: 1
Case Study –
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study –
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview –
Company Information –
ADatum Corporation is a manufacturing company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.
Fabrikam Partnership –
ADatum recently partnered with 2 company named Fabrikam, Inc.
Fabrikam is a manufacturing company that has a main office in Boston and a branch office in Orlando.
Both companies intend to collaborate on several joint projects.
Existing Environment –
ADatum AD DS Environment –
The on-premises network of A. Datum contains an Active Directory Domain Services (AD DS) forest named adatum.com.
The forest contains two domains named adatum.com and east.adatum.com and the domain controllers shown in the following table.
Fabrikam AD DS Environment –
The on-premises network of Fabrikam contains an AD DS forest named fabrikam.com.
The forest contains two domains named fabrikam.com and south.fabrikam.com.
The fabrikam.com domain contains an organizational unit (OU) named Marketing.
Server Infrastructure –
The adatum.com domain contains the servers shown in the following table.
HyperV1 contains the virtual machines shown in the following table.
All the virtual machines on HyperV1 have only the default management tools installed.
SSPace1 contains the Storage Spaces virtual disks shown in the following table.
Azure Resources –
ADatum has an Azure subscription that contains an Azure AD tenant. Azure AD Connect is configured to sync the adatum.com forest with Azure AD.
The subscription contains the virtual networks shown in the following table.
The subscription contains the Azure Private DNS zones shown in the following table.
The subscription contains the virtual machines shown in the following table.
All the servers are in a workgroup.
The subscription contains a storage account named storage1 that has a file share named share1.
Requirements –
Planned Changes –
ADatum plans to implement the following changes:
• Sync Data1 to share1.
• Configure an Azure runbook named Task1.
• Enable Azure AD users to sign in to Server1.
• Create an Azure DNS Private Resolver that has the following configurations:
• Name: Private1
• Region: West US
• Virtual network: VNet1
• Inbound endpoint: SubnetB
• Enable users in the adatum.com domain to access the resources in the south.fabrikam.com domain.
Technical Requirements –
ADatum identifies the following technical requirements:
• The data on SSPace1 must be available always.
• DC2 must become the schema master if DC1 fails.
• VM3 must be configured to enable per-folder quotas.
• Trusts must allow access to only the required resources.
• The users in the Marketing OU must have access to storage1.
• Azure Automanage must be used on all supported Azure virtual machines.
• A direct SSH session must be used to manage all the supported virtual machines on HyperV1.
You need to ensure that access to storage1 for the Marketing OU users meets the technical requirements.
What should you implement?
A. Active Directory Federation Services (AD FS)
B. Azure AD Connect in staging mode
C. Azure AD Connect cloud sync
D. Azure AD Connect in active mode
Selected Answer: A
Question #: 52
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) domain.
You plan to use Active Directory Administrative Center to create a new user named User1.
Which two attributes are required to create User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Password
B. Profile path
C. User SamAccountName logon
D. Full name
E. First name
F. User UPN logon
Selected Answer: AC
Question #: 55
Topic #: 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new site named Site4 and associate Site4 to DEFAULTIPSITELINK.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 61
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains a user named User1. User1 is a member of a group named Group1 and is in an organizational unit (OU) named OU1.
The domain has minimum password lengths configured as shown in the following table.
What is the minimum password length that User1 should use when changing to a new password?
A. 7
B. 8
C. 10
D. 12
E. 14
Selected Answer: A
Question #: 62
Topic #: 1
SIMULATION
–
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
To complete this task, sign in the required computer or computers.
A. 7
B. 8
C. 10
D. 12
E. 14
Selected Answer: A
Question #: 2
Topic #: 11
HOTSPOT –
You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
A A
Question #: 2
Topic #: 13
HOTSPOT –
For each of the following statements, select Yes if the statement is true. Otherwise. select No.
NOTE: Each correct selection is worth one point.
Hot Area:
N Y N
Question #: 2
Topic #: 5
HOTSPOT –
You need to sync files from an on premises server named Server1 to Azure by using Azure File Sync.
You have a cloud tiering policy that is configured for 30 percent free space and 70 days.
Volume E on Server1 is 500 GB.
A year ago, you configured E:\Data on Server1 to sync by using Azure File Sync. The files that are visible in E:\Data are shown in the following table.
Volume E does NOT contain any other files.
Where are File1 and File3 located? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
C B
Question #: 2
Topic #: 2
DRAG DROP –
You have a server named Server1 that has Windows Admin Center installed. The certificate used by Windows Admin Center was obtained from a certification authority (CA).
The certificate expires.
You need to replace the certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
1. Obtain and install a new certificate
2. Copy the certificate thumbprint
3. Run Windows Admin Center Setup and select Change
Question #: 1
Topic #: 12
HOTSPOT –
You need to configure Azure File Sync to meet the file sharing requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
C A
Question #: 1
Topic #: 10
HOTSPOT –
You need to meet the technical requirements for VM1.
Which cmdlet should you run first? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Question #: 1
Topic #: 2
HOTSPOT –
You have 10 on-premises servers that run Windows Server.
You plan to use Azure Network Adapter to connect the servers to the resources in Azure.
Which prerequisites do you require on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
D C
Question #: 1
Topic #: 5
HOTSPOT –
You have on-premises file servers that run Windows Server as shown in the following table.
You have the Azure file shares shown in the following table.
You add a Storage Sync Service named Sync1 and an Azure File Sync sync group named Group1. Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 with Sync1. You add D:\Folder1 from Server1 as a server endpoint in Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
N N Y
Question #: 1
Topic #: 4
HOTSPOT –
Your network contains two VLANs for client computers and one VLAN for a datacenter. Each VLAN is assigned an IPv4 subnet. Currently, all the client computers use static IP addresses.
You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate option the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
C B
Question #: 1
Topic #: 9
HOTSPOT –
You need to meet the technical requirements for Server4.
Which cmdlets should you run on Server1 and Server4? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
C A
Question #: 4
Topic #: 6
DRAG DROP –
You need to meet the security requirements for passwords.
Where should you configure the components for Azure AD Password Protection? To answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Question #: 4
Topic #: 5
HOTSPOT –
You have a file server named Server1 that runs Windows Server and contains the volumes shown in the following table.
On which volumes can you use BitLocker Drive Encryption (BitLocker) and disk quotas? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
BitLocker: C, D, E
Disk quotas: C, D
Question #: 4
Topic #: 7
HOTSPOT –
Which groups can you add to Group3 and Group5? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Group 3 = Group 1, 2 4 and 5 only.
Group 5 = Group 4 only.
Question #: 3
Topic #: 2
HOTSPOT –
You have an on-premises server named Server1 that runs Windows Server and has internet connectivity.
You have an Azure subscription.
You need to monitor Server1 by using Azure Monitor.
Which resources should you create in the subscription, and what should you install on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
B A
Question #: 3
Topic #: 6
DRAG DROP –
Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
1. Configure the IIS app pool to run as Network Service
2. Create gMSA
3. Create the key
Question #: 3
Topic #: 5
HOTSPOT –
You have on-premises servers that run Windows Server as shown in the following table.
You have an Azure file share named share1 that stores two files named File2.docx and File3.docx.
You create an Azure File Sync sync group that includes the following endpoints:
✑ share1
✑ D:\Folder1 on Server1
✑ D:\Data1 on Server2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
N N Y
Question #: 7
Topic #: 1
DRAG DROP –
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local
Administrators group on Server1.
You need to recommend a deployment plan that meets the following requirements:
✑ Ensures that a user named User1 can perform the RODC installation on Server1
✑ Ensures that you can control the AD DS replication schedule to the Server1
✑ Ensures that Server1 is in a new site named RemoteSite1
Uses the principle of least privilege
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Question #: 6
Topic #: 2
HOTSPOT –
You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed.
You need to limit which Hyper-V module cmdlets helpdesk users can use when administering Server1 remotely.
You configure Just Enough Administration (JEA) and successfully build the role capabilities and session configuration files.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
C D
Question #: 6
Topic #: 3
HOTSPOT –
You have a Windows Server container host named Server1 that has a single disk.
On Server1, you plan to start the containers shown in the following table.
Which isolation mode can you use for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
1-Hyper-v
2-hyper-v or process
3-Hyper-v or process
Question #: 6
Topic #: 1
HOTSPOT –
You have an Azure Active Directory Domain Services (Azure AD DS) domain.
You create a new user named Admin1.
You need Admin1 to deploy custom Group Policy settings to all the computers in the domain. The solution must use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
Hot Area:
A C
Question #: 5
Topic #: 2
HOTSPOT –
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each forest contains a single domain.
The domains contain the servers shown in the following table.
You need to configure resource based constrained delegation so that the users in contoso.com can use Windows Admin Center on Server1 to connect to Server2.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
B A
Question #: 5
Topic #: 1
DRAG DROP –
You create a new Azure subscription.
You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines.
You need to ensure that the virtual machines can join to Azure AD DS.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
1. Create Virtual Network
2. Create AD DS instance, because in the wizard you have to select virtual network to deploy it on
3. Modify the DNS server settings in the Virtual Network/Subnets
Question #: 11
Topic #: 5
HOTSPOT –
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a server named Server1 that has the
DFS Namespaces role service installed. Server1 hosts a domain-based Distributed File System (DFS) Namespace named Files.
The domain contains a file server named Server2. Server2 contains a shared folder named Share1. Share1 contains a subfolder named Folder1.
In the Files namespace, you create a folder named Folder1 that has a target of \\Server2.contoso.com\Share1\Folder1.
You need to configure a logon script that will map drive letter M to Folder1. The solution must use the path of the DFS Namespace.
How should you configure the command to map the drive letter? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
