AZ-801: Configuring Windows Server Hybrid Advanced Services Topic 1
Question #: 1
Topic #: 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From Virus & threat protection, you configure Controlled folder access.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 1
Topic #: 5
You have an on-premises network and an Azure virtual network.
You establish a Site-to-Site VPN connection from the on-premises network to the Azure virtual network, but the connection frequently disconnects.
You need to debug the IPsec tunnel from Azure.
Which Azure VPN Gateway diagnostic log should you review?
A. GatewayDiagnosticLog
B. RouteDiagnosticLog
C. IKEDiagnosticLog
D. TunnelDiagnosticLog
Selected Answer: C
Question #: 1
Topic #: 8
You are planning the migration of Archive1 to support the on-premises migration plan.
What is the minimum number of IP addresses required for the node and cluster roles on Cluster3?
A. 2
B. 3
C. 4
D. 5
Selected Answer: B
Question #: 1
Topic #: 10
You need to meet technical requirements for Share1.
What should you use?
A. Storage Migration Service
B. File Server Resource Manager (FSRM)
C. Server Manager
D. Storage Replica
Selected Answer: A
Question #: 1
Topic #: 9
You are evaluating technical requirements for Cluster 2.
What is the minimum number of Azure Site Recovery Providers that you should install?
A. 1
B. 4
C. 12
D. 16
Selected Answer: B
Question #: 1
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a failover cluster named Cluster1 that hosts an application named App1.
The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)
The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)
Server1 shuts down unexpectedly.
You need to ensure that when you start Server1, App1 continues to run on Server2.
Solution: From the Failover settings, you select Prevent failback.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 2
Topic #: 3
You have two servers named Server1 and Server2 that run Windows Server. Both servers have the Hyper-V server role installed.
Server1 hosts three virtual machines named VM1, VM2, and VM3. The virtual machines replicate to Server2.
Server1 experiences a hardware failure.
You need to bring VM1, VM2, and VM3 back online as soon as possible.
From the Hyper-V Manager console on Server2, what should you run for each virtual machine?
A. Start
B. Move
C. Unplanned Failover
D. Planned Failover
Selected Answer: C
Question #: 2
Topic #: 5
You have an Azure virtual machine named VM1 that has the Web Server (IIS) server role installed. VM1 hosts a critical line-of-business (LOB) application.
After the security team at your company deploys a new security baseline to VM1, users begin reporting that the application is unresponsive.
You suspect that the security baseline has caused networking issues.
You need to perform a network trace on VM1.
What should you do?
A. From VM1, run netstat.
B. From Performance Monitor on VM1, create a Data Collector Set.
C. From the Azure portal, configure the Diagnostics settings for VM1.
D. From the Azure portal, configure the Performance diagnostics settings for VM1.
Selected Answer: D
Question #: 2
Topic #: 13
You need to meet the technical requirements for User1.
To which group in contoso.com should you add User1?
A. Domain Admins
B. Account Operators
C. Schema Admins
D. Backup Operators
Selected Answer: A
Question #: 2
Topic #: 9
You need to back up Server 4 to meet the technical requirements.
What should you do first?
A. Deploy Microsoft Azure Backup Server (MABS).
B. Configure Windows Server Backup.
C. Install the Microsoft Azure Recovery Services (MARS) agent.
D. Configure Storage Replica.
Selected Answer: C
Question #: 2
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a failover cluster named Cluster1 that hosts an application named App1.
The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)
The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)
Server1 shuts down unexpectedly.
You need to ensure that when you start Server1, App1 continues to run on Server2.
Solution: You increase Maximum failures in the specified period for the App1 cluster role.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 2
Topic #: 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From Virus & threat protection, you configure Tamper Protection
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 3
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a failover cluster named Cluster1 that hosts an application named App1.
The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)
The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)
Server1 shuts down unexpectedly.
You need to ensure that when you start Server1, App1 continues to run on Server2.
Solution: From the General settings, you move Server2 up.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 3
Topic #: 13
Which domain controller should be online to meet the technical requirements for DC4?
A. DC1
B. DC2
C. DC3
Selected Answer: A
Question #: 3
Topic #: 6
You are remediating the firewall security risks to meet the security requirements.
What should you configure to reduce the risks?
A. a Group Policy Object (GPO)
B. adaptive network hardening in Microsoft Defender for Cloud
C. a network security group (NSG) in Sub1
D. an Azure Firewall policy
Selected Answer: A
Question #: 3
Topic #: 5
You have an Azure virtual machine named VM1. Crash dumps for a process named Process1 are enabled for VM1.
When process1.exe on VM1 crashes, a technician must access the memory dump files on the virtual machine. The technician must be prevented from accessing the virtual machine.
To what should you provide the technician access?
A. an Azure file share
B. an Azure Log Analytics workspace
C. an Azure Blob Storage container
D. a managed disk
Selected Answer: B
Question #: 3
Topic #: 4
You have an on-premises server that runs Windows Server and has the Web Server (IIS) server role installed. The server hosts a web app that connects to an on- premises Microsoft SQL Server database.
You plan to migrate the web app to an Azure App Services web app. The database will remain on-premises.
You need to ensure that the migrated web app can access the database.
What should you configure in Azure?
A. an Azure SQL managed instance
B. an on-premises data gateway
C. Azure Extended Network
D. a Hybrid Connection
Selected Answer: D
Question #: 3
Topic #: 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From App & browser control, you configure the Exploit protection settings.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 3
Topic #: 11
You are planning the data share migration to support the on-premises migration plan.
What should you use to perform the migration?
A. Storage Migration Service
B. Microsoft File Server Migration Toolkit
C. File Server Resource Manager (FSRM)
D. Windows Server Migration Tools
Selected Answer: A
Question #: 3
Topic #: 9
You need to meet the technical requirements for Cluster3.
What should you include in the solution?
A. Enable integration services on all the virtual machines.
B. Configure a fault domain doe the cluster.
C. Add a failover cluster role.
Selected Answer: C
Question #: 4
Topic #: 2
You have a failover cluster named Cluster1 that has the following configurations:
✑ Number of nodes: 6
✑ Quorum: Dynamic quorum
✑ Witness: File share, Dynamic witness
What is the maximum number of nodes that can fail simultaneously while maintaining quorum?
A. 1
B. 2
C. 3
D. 4
E. 5
Selected Answer: C
Question #: 4
Topic #: 4
You have two file servers named Server1 and Server2 that run Windows Server. Server1 contains a shared folder named Data. Data contains 10 TB of data.
You plan to decommission Server1.
You need to migrate the files from Data to a new shared folder on Server2. The solution must meet the following requirements:
✑ Ensure that share, file, and folder permissions are copied.
✑ After the initial copy occurs, ensure that changes in \\Server1\Data can be synced to the destination without initiating a full copy.
✑ Minimize administrative effort.
What should you use?
A. xcopy
B. Storage Replica
C. Storage Migration Service
D. azcopy
Selected Answer: C
Question #: 4
Topic #: 6
You are planning the deployment of Microsoft Sentinel.
Which type of Microsoft Sentinel data connector should you use to meet the security requirements?
A. Threat Intelligence – TAXII
B. Azure Active Directory
C. Microsoft Defender for Cloud
D. Microsoft Defender for Identity
Selected Answer: D
Question #: 4
Topic #: 5
You have a server named Server1 that runs the Remote Desktop Session Host role service. Server1 has five custom applications installed.
Users who sign in to Server1 report that the server is slow. Task Manager shows that the average CPU usage on Server1 is above 90 percent. You suspect that a custom application on Server1 is consuming excessive processor capacity.
You plan to create a Data Collector Set in Performance Monitor to gather performance statistics from Server1.
You need to view the resources used by each of the five applications.
Which object should you add to the Data Collector Set?
A. Processor information
B. Processor
C. Process
D. Processor performance
Selected Answer: C
Question #: 5
Topic #: 5
You plan to deploy the Azure Monitor agent to 100 on-premises servers that run Windows Server.
Which parameters should you provide when you install the agent?
A. the client ID and the secret of an Azure service principal
B. the name and the access key of an Azure Storage account
C. a connection string for an Azure SQL database
D. the ID and the key of an Azure Log Analytics workspace
Selected Answer: D
Question #: 6
Topic #: 2
Your company uses Storage Spaces Direct.
You need to view the available storage in a Storage Space Direct storage pool.
What should you use?
A. System Configuration
B. File Server Resource Manager (FSRM)
C. the Get-StorageFileServer cmdlet
D. Failover Cluster Manager
Selected Answer: D
Question #: 6
Topic #: 5
Your on-premises network contains two subnets. The subnets contain servers that run Windows Server as shown in the following table.
Server4 has the following IP configurations:
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . . :
IPv4 Address . . . . . . . . . . . : 192.168.0.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
From Server4, you can ping Server1 and Server2 successfully. When you ping Server3, you get a Request timed out response.
From Server2, you can ping Server1 and Server3 successfully.
The misconfiguration of which component on Server3 can cause the Request timed out response?
A. default gateway
B. IP address
C. subnet mask
D. DNS server
Selected Answer: C
Question #: 7
Topic #: 1
You have an Azure virtual machine named VM1 that runs Windows Server.
You plan to deploy a new line-of-business (LOB) application to VM1.
You need to ensure that the application can create child processes.
What should you configure on VM1?
A. Microsoft Defender Credential Guard
B. Microsoft Defender Application Control
C. Microsoft Defender SmartScreen
D. Exploit protection
Selected Answer: D
Question #: 7
Topic #: 3
You have three Azure virtual machines named VM1, VM2, and VM3 that host a multitier application.
You plan to implement Azure Site Recovery.
You need to ensure that VM1, VM2, and VM3 fail over as a group.
What should you configure?
A. an availability zone
B. a recovery plan
C. an availability set
Selected Answer: B
Question #: 7
Topic #: 5
You have five Azure virtual machines.
You need to collect performance data and Windows Event logs from the virtual machines. The data collected must be sent to an Azure Storage account.
What should you install on the virtual machines?
A. the Azure Connected Machine agent
B. the Azure Monitor agent
C. the Dependency agent
D. the Telegraf agent
E. the Azure Diagnostics extension
Selected Answer: E
Question #: 8
Topic #: 2
You have a Storage Spaces Direct configuration that has persistent memory and contains the data volumes shown in the following table.
You plan to add data volumes to Storage Spaces Direct as shown in the following table.
On which volumes can you use direct access (DAX)?
A. Volume3 only
B. Volume4 only
C. Volume1 and Volume3 only
D. Volume2 and Volume4 only
E. Volume3 and Volume4 only
Selected Answer: A
Question #: 9
Topic #: 5
You have an Azure virtual machine named VM1.
You install an application on VM1, and then restart the virtual machine.
After the restart, you get the following error message: `Boot failure. Reboot and Select proper Boot Device or Insert Boot Media in selected Boot Device.`
You need to mount the operating system disk offline from VM1 to a temporary virtual machine to troubleshoot the issue.
Which command should you run in Azure CLI?
A. az vm repair create
B. az vm boot-diagnostics enable
C. az vm capture
D. az vm disk attach
Selected Answer: A
Question #: 9
Topic #: 1
You have 100 Azure virtual machines that run Windows Server. The virtual machines are onboarded to Microsoft Defender for Cloud.
You need to shut down a virtual machine automatically if Microsoft Defender for Cloud generates the “Antimalware disabled in the virtual machine” alert for the virtual machine.
What should you use in Microsoft Defender for Cloud?
A. a logic app
B. a workbook
C. a security policy
D. adaptive network hardening
Selected Answer: A
Question #: 10
Topic #: 3
You have an on-premises server named Server1 that runs Windows Server and has the Hyper-V server role installed.
You have an Azure subscription.
You plan to back up Server1 to Azure by using Azure Backup.
Which two Azure Backup options require you to deploy Microsoft Azure Backup Server (MABS)? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Bare Metal Recovery
B. Files and folders
C. System State
D. Hyper-V Virtual Machines
Selected Answer: AD
Question #: 10
Topic #: 4
You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed.
You import the Azure Migrate appliance as VM1.
You need to register VM1 with Azure Migrate.
What should you do in Azure Migrate? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a project.
B. Add a migration tool.
C. Add an assessment tool.
D. Generate a project key.
E. Download the Azure Migrate installer script ZIP file.
Selected Answer: AD
Question #: 10
Topic #: 1
You have a Microsoft Sentinel deployment and 100 Azure Arc-enabled on-premises servers. All the Azure Arc-enabled resources are in the same resource group.
You need to onboard the servers to Microsoft Sentinel. The solution must minimize administrative effort.
What should you use to onboard the servers to Microsoft Sentinel?
A. Azure Automation
B. Azure Policy
C. Azure virtual machine extensions
D. Microsoft Defender for Cloud
Selected Answer: B
Question #: 10
Topic #: 5
You have a Site-to-Site VPN between an on-premises network and an Azure VPN gateway. BGP is disabled for the Site-to-Site VPN.
You have an Azure virtual network named Vnet1 that contains a subnet named Subnet1. Subnet1 contains a virtual machine named Server1.
You can connect to Server1 from the on-premises network.
You extend the address space of Vnet1. You add a subnet named Subnet2 to Vnet1. Subnet2 uses the extended address space. You deploy an Azure virtual machine named Server2 to Subnet2.
You cannot connect to Server2 from the on-premises network. Server1 can connect to Server2.
You need to ensure that you can connect to Subnet2 from the on-premises network.
What should you do?
A. Add an additional Site-to-Site VPN between the on-premises network and Vnet1.
B. Add a private endpoint to Subnet2.
C. To Subnet2, add a route table that contains a user-defined route.
D. Update the routing information on the on-premises routers.
Selected Answer: D
Question #: 11
Topic #: 2
You have two Azure virtual machines that run Windows Server.
You plan to create a failover cluster that will host the virtual machines.
You need to configure an Azure Storage account that will be used by the cluster as a cloud witness. The solution must maximize resiliency.
Which type of redundancy should you configure for the storage account?
A. Geo-zone-redundant storage (GZRS)
B. Locally-redundant storage (LRS)
C. Zone-redundant storage (ZRS)
D. Geo-redundant storage (GRS)
Selected Answer: C
Question #: 11
Topic #: 1
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant by using password hash synchronization.
You have a Microsoft 365 subscription.
All devices are hybrid Azure AD-joined.
Users report that they must enter their password manually when accessing Microsoft 365 applications.
You need to reduce the number of times the users are prompted for their password when they access Microsoft 365 and Azure services.
What should you do?
A. In Azure AD, configure a Conditional Access policy for the Microsoft Office 365 applications.
B. In the DNS zone of the AD DS domain, create an autodiscover record.
C. From Azure AD Connect, enable single sign-on (SSO).
D. From Azure AD Connect, configure pass-through authentication.
Selected Answer: C
Question #: 11
Topic #: 4
You have two servers that run Windows Server as shown in the following table.
You need to copy the contents of volume E from Server1 to Server2. The solution must meet the following requirements:
✑ Ensure that files in-use are copied.
✑ Minimize administrative effort.
What should you use?
A. Storage Migration Service
B. Azure File Sync
C. Azure Backup
D. Storage Replica
Selected Answer: C
Question #: 12
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The functional level of the forest is Windows Server
2012 R2. All domain controllers run Windows Server 2012 R2.
Sysvol replicates by using the File Replication Service (FRS).
You plan to replace the existing domain controllers with new domain controllers that will run Windows Server 2022.
You need to ensure that you can add the first domain controller that runs Windows Server 2022.
Solution: You migrate sysvol from FRS to Distributed File System (DFS) Replication.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 12
Topic #: 1
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You have 50 Azure virtual machines that run Windows Server.
You need to ensure that any security exploits detected on the virtual machines are forwarded to Defender for Cloud.
Which extension should you enable on the virtual machines?
A. Vulnerability assessment for machines
B. Microsoft Dependency agent
C. Log Analytics agent for Azure VMs
D. Guest Configuration agent
Selected Answer: A
Question #: 13
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The functional level of the forest is Windows Server
2012 R2. All domain controllers run Windows Server 2012 R2.
Sysvol replicates by using the File Replication Service (FRS).
You plan to replace the existing domain controllers with new domain controllers that will run Windows Server 2022.
You need to ensure that you can add the first domain controller that runs Windows Server 2022.
Solution: You upgrade the PDC emulator.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 13
Topic #: 2
You have a three-node failover cluster.
You need to run pre-scripts and post-scripts when Cluster-Aware Updating (CAU) runs. The solution must minimize administrative effort.
What should you use?
A. Azure Functions
B. Run profiles
C. Windows Server Update Services (WSUS)
D. Scheduled tasks
Selected Answer: B
Question #: 13
Topic #: 5
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains three domain controllers named DC1,
DC2, and DC3.
You connect a Microsoft Defender for Identity instance to the domain.
You need to onboard all the domain controllers to Defender for Identity.
What should you run on the domain controllers?
A. Azure ATP Sensor Setup.exe
B. AzureConnectedMachineAgent.msi
C. MARSAgentInstaller.exe
D. MMASetup-AMD64.exe
Selected Answer: A
Question #: 13
Topic #: 3
You have 200 Azure virtual machines.
You create a recovery plan in Azure Site Recovery to fail over all the virtual machines to an Azure region. The plan has three manual actions.
You need to replace one of the manual actions with an automated process.
What should you use?
A. an Azure Desired State Configuration (DSC) virtual machine extension
B. an Azure Automation runbook
C. an Azure PowerShell function
D. a Custom Script Extension on the virtual machines
Selected Answer: B
Question #: 14
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a failover cluster named Cluster1 that hosts an application named App1.
The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)
The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)
Server1 shuts down unexpectedly.
You need to ensure that when you start Server1, App1 continues to run on Server2.
Solution: You pause the Server1 node in Cluster1 and then start Server1.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
