AZ-801: Configuring Windows Server Hybrid Advanced Services Topic 2
Topic #: 3
You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed. You have a Hyper-V failover cluster named Cluster1. All servers are members of the same domain.
You need to ensure that you use Hyper-V Replica with Kerberos authentication on the default port to replicate virtual machines from Cluster1 to Server1.
What should you do on Server1?
A. Add primary servers to the Hyper-V Replica Broker configuration.
B. From Hyper-V Settings, select Enable incoming and outgoing live migrations.
C. From Windows Defender Firewall with Advanced Security, enable the Hyper-V Replica HTTPS Listener (TCP-In) rule.
D. From Windows Defender Firewall with Advanced Security, enable the Hyper-V Replica HTTP Listener (TCP-In) rule.
Selected Answer: A
Question #: 14
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The functional level of the forest is Windows Server
2012 R2. All domain controllers run Windows Server 2012 R2.
Sysvol replicates by using the File Replication Service (FRS).
You plan to replace the existing domain controllers with new domain controllers that will run Windows Server 2022.
You need to ensure that you can add the first domain controller that runs Windows Server 2022.
Solution: You run the Active Directory Migration Tool (ADMT).
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 14
Topic #: 1
You have 10 servers that run Windows Server in a workgroup.
You need to configure the servers to encrypt all the network traffic between the servers. The solution must be as secure as possible.
Which authentication method should you configure in a connection security rule?
A. NTLMv2
B. pre-shared key
C. Kerberos V5
D. computer certificate
Selected Answer: D
Question #: 15
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a failover cluster named Cluster1 that hosts an application named App1.
The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)
The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)
Server1 shuts down unexpectedly.
You need to ensure that when you start Server1, App1 continues to run on Server2.
Solution: From the General settings, you increase the priority of Server2 in the Preferred Owners list.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 15
Topic #: 5
You have five Azure virtual machines. You have a dedicated Azure Storage account to collect performance data.
You need to send the collected data directly to the Azure Storage account.
What should you install on the virtual machines?
A. the Azure Connected Machine agent
B. the Telegraf agent
C. the Dependency agent
D. the Azure Monitor agent
E. the Azure Diagnostics extension
Selected Answer: E
Question #: 15
Topic #: 3
You have an on-premises server named Server1 that runs Windows Server. You have an Azure subscription.
You plan to back up the files and folders on Server1 to Azure by using Azure Backup.
You need to define how long the backups will be retained.
What should you use to configure the retention?
A. Windows Server Backup
B. a Recovery Services vault
C. the Microsoft Azure Recovery Services (MARS) agent
D. Backup center
Selected Answer: C
Question #: 15
Topic #: 4
Your on-premises network has 200-Mbps connection to Azure and contains a server named Server that stores 70 TB of data files.
You have an Azure Storage account named storage1.
You plan to migrate the data files from Server1 to a blob storage container in storage1. Testing shows that copying the data files by using azcopy will take approximately 35 days.
You need to minimize how long it will take to migrate the data to Azure.
What should you use?
A. Azure Storage Explorer
B. Azure Data Box
C. Storage Migration Service
D. Azure File Sync
Selected Answer: B
Question #: 15
Topic #: 1
You have an Azure virtual machine named VM1 that runs Windows Server.
You need to encrypt the contents of the disks on VM1 by using Azure Disk Encryption.
What is a prerequisite for implementing Azure Disk Encryption?
A. Customer Lockbox for Microsoft Azure
B. an Azure key vault
C. a BitLocker recovery key
D. data-link layer encryption in Azure
Selected Answer: B
Question #: 16
Topic #: 5
You have an Azure virtual machine named VM1 that runs Windows Server.
When you attempt to install the Azure Performance Diagnostics extension on VM1, the installation fails.
You need to identify the cause of the installation failure.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Sign in to VM1 and verify the MonitoringAgent.log file.
B. Sign in to VM1 and verify the WaAppAgent.log file.
C. From the Azure portal, view the alerts for VM1.
D. From the Azure portal, view the activity log for VM1.
Selected Answer: BD
Question #: 16
Topic #: 4
You need to use a comma-separated value (CSV) file to import server inventory to Azure Migrate.
Which fields are mandatory for each entry in the CSV file?
A. Server name, IP addresses, OS version, and Number of disks
B. Server name, Cores, OS Name, and Memory (in MB)
C. Server name, IP addresses, Disk 1 size (in GB), and CPU utilization percentage
Selected Answer: B
Question #: 16
Topic #: 2
Your company uses Storage Spaces Direct.
You need to view the available storage in a Storage Space Direct storage pool.
What should you use?
A. System Configuration
B. Resource Monitor
C. the Get-StorageFileServer cmdlet
D. Windows Admin Center
Selected Answer: D
Question #: 16
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains two servers named Server1 and Server2 that run Windows
Server.
You need to ensure that you can use the Computer Management console to manage Server2. The solution must use the principle of least privilege.
Which two Windows Defender Firewall with Advanced Security rules should you enable on Server2? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. the COM+ Network Access (DCOM-In) rule
B. all the rules in the Remote Event Log Management group
C. the Windows Management Instrumentation (WMI-In) rule
D. the COM+ Remote Administration (DCOM-In) rule
E. the Windows Management Instrumentation (DCOM-In) rule
Selected Answer: AB
Question #: 17
Topic #: 1
You have a server that runs Windows Server. The server is configured to encrypt all incoming traffic by using a connection security rule.
You need to ensure that Server1 can respond to the unencrypted tracert commands initiated from computers on the same network.
What should you do from Windows Defender Firewall with Advanced Security?
A. From the IPsec Settings, configure IPsec defaults.
B. Create a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.
C. Change the Firewall state of the Private profile to Off.
D. From the IPsec Settings, configure IPsec exemptions.
Selected Answer: D
Question #: 17
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The functional level of the forest is Windows Server
2012 R2. All domain controllers run Windows Server 2012 R2.
Sysvol replicates by using the File Replication Service (FRS).
You plan to replace the existing domain controllers with new domain controllers that will run Windows Server 2022.
You need to ensure that you can add the first domain controller that runs Windows Server 2022.
Solution: You raise the domain and forest functional levels.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 17
Topic #: 5
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 20 Active Directory sites. All user management is performed from a central site.
You add users to a group.
You discover that group changes do NOT appear on a domain controller in a remote site.
You need to identify whether the group changes appear on other domain controllers.
What should you use?
A. Active Directory Sites and Services
B. Active Directory Replication Status Tool
C. Microsoft Support and Recovery Assistant
D. File Replication Service (FRS) Status Viewer
Selected Answer: B
Question #: 17
Topic #: 2
Your company uses Storage Spaces Direct.
You need to view the available storage in a Storage Space Direct storage pool.
What should you use?
A. the Get-StorageSubsystem cmdlet
B. File Server Resource Manager (FSRM)
C. Disk Management
D. Failover Cluster Manager
Selected Answer: D
Question #: 18
Topic #: 3
Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains two virtual machines named VM1 and VM2 that run Windows Server.
You plan to implement a failover cluster named Cluster1 that will use VM1 and VM2 as nodes.
You need to ensure that Cluster1 can use floating IP addresses.
Which two components should you deploy? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Network Load Balancing (NLB)
B. the MultiPoint Services role
C. the Network Controller role
D. the Host Guardian Service role
E. Software Load Balancer (SLB)
Selected Answer: AE
Question #: 18
Topic #: 2
Your network contains an Active Directory Domain Services (AD DS) forest.
You need to deploy a Storage Spaces Direct converged infrastructure. The solution must meet the following requirements:
• Use an Ethernet fabric.
• Eliminate the need for Data Center Bridging (DCB).
Which Remote Direct Memory Access (RDMA) networking technology should you implement?
A. InfiniBand
B. RoCEv2
C. iWARP
D. RoCEv1
Selected Answer: C
Question #: 18
Topic #: 5
You have an Azure virtual machine named VM1 that runs Windows Server.
You plan to deploy a new line-of-business (LOB) application to VM1.
You need to prevent the application from creating child processes.
What should you configure on VM1?
A. Microsoft Defender Credential Guard
B. Microsoft Defender Application Control
C. Microsoft Defender SmartScreen
D. Exploit protection
Selected Answer: D
Question #: 18
Topic #: 1
You have an Azure virtual machine named VM1.
You enable Microsoft Defender SmartScreen on VM1.
You need to ensure that the SmartScreen messages displayed to users are logged.
What should you do?
A. From a command prompt, run WinRM quickconfig.
B. From the local Group Policy, modify the Advanced Audit Policy Configuration settings.
C. From Event Viewer, enable the Debug log.
D. From the Windows Security app, configure the Virus & threat protection settings.
Selected Answer: C
Question #: 19
Topic #: 2
Your company uses Storage Spaces Direct.
You need to view the available storage in a Storage Space Direct storage pool.
What should you use?
A. Disk Management
B. System Configuration
C. the Get-StorageFileServer cmdlet
D. Windows Admin Center
Selected Answer: D
Question #: 19
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy Azure Migrate to an on-premises network.
You have an on-premises physical server named Server1 that runs Windows Server and has the following configurations:
• Operating system disk: 600 GB
• Data disk: 3 TB
• NIC Teaming: Enabled
• Mobility service: Installed
• Windows Defender Firewall: Enabled
• Microsoft Defender Antivirus: Enabled
You need to ensure that you can use Azure Migrate to migrate Server1.
Solution: You disable Windows Defender Firewall on Server1.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 19
Topic #: 5
Your network contains an Active Directory Domain Services (AD DS) domain. All domain members have Microsoft Defender Credential Guard with UEFI lock configured.
In the domain, you deploy a server named Server1 that runs Windows Server. You disable Credential Guard on Server1.
You need to ensure that Server1 is NOT subject to Credential Guard restrictions.
What should you do next?
A. Disable the Turn on Virtualization Based Security group policy setting.
B. Run dism and specify the /Disable-Feature and /FeatureName:IsolatedUserMode parameters.
C. Run the Device Guard and Credential Guard hardware readiness tool.
Selected Answer: A
Question #: 20
Topic #: 5
You have three servers named Server1, Server2, and Server3 that run Windows Server. The servers have the Hyper-V server role installed and are configured in a Storage Spaces Direct cluster named Cluster1.
Cluster1 hosts a virtual machine named VM1 that has Windows Admin Center installed.
You manage all servers and clusters by using Windows Admin Center.
You purchase an Azure subscription.
You need to configure email alerts in Azure Monitor for the following:
✑ Disk Capacity Utilization Over 80 % for 10 Minutes
✑ Any critical alert in the cluster system event log
✑ Memory Utilization over 95 % for 10 Minutes
✑ Heartbeat fewer than 5 beats for 5 Minutes
✑ CPU Utilization over 85 % for 10 Minutes
✑ Any health service faults for the cluster
The solution must use the minimum amount of administrative effort.
What should you do?
A. From the Azure portal, configure Azure Monitor and onboard Cluster1 by using Azure Arc.
B. From Windows Admin Center, configure Azure Monitor and onboard Cluster1.
C. Configure Azure Monitor and manually install the Microsoft Monitoring Agent on Server1 Server2, and Server3
Selected Answer: A
Question #: 20
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy Azure Migrate to an on-premises network.
You have an on-premises physical server named Server1 that runs Windows Server and has the following configurations:
• Operating system disk: 600 GB
• Data disk: 3 TB
• NIC Teaming: Enabled
• Mobility service: Installed
• Windows Defender Firewall: Enabled
• Microsoft Defender Antivirus: Enabled
You need to ensure that you can use Azure Migrate to migrate Server1.
Solution: You shrink the data disk on Server1.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 21
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy Azure Migrate to an on-premises network.
You have an on-premises physical server named Server1 that runs Windows Server and has the following configurations:
• Operating system disk: 600 GB
• Data disk: 3 TB
• NIC Teaming: Enabled
• Mobility service: Installed
• Windows Defender Firewall: Enabled
• Microsoft Defender Antivirus: Enabled
You need to ensure that you can use Azure Migrate to migrate Server1.
Solution: You disable NIC Teaming on Server1.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 21
Topic #: 5
You have three servers named Server1, Server2, and Server3 that run Windows Server and have the Hyper-V server role installed. Server1 hosts an Azure
Migrate appliance named Migrate1.
You plan to migrate virtual machines to Azure.
You need to ensure that any new virtual machines created on Server1, Server2, and Server3 are available in Azure Migrate.
What should you do?
A. On the network that has Migrate1 deployed, deploy a WINS server.
B. On Migrate1, set the Startup Type of the Computer Browser service to Automatic.
C. On the DNS server used by Migrate1, create a GlobalName zone.
D. On Migrate1, add a discovery source.
Selected Answer: D
Question #: 21
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a failover cluster named Cluster1 that hosts an application named App1.
The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)
The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)
Server1 shuts down unexpectedly.
You need to ensure that when you start Server1, App1 continues to run on Server2.
Solution: From the General settings, you increase the priority of Server2 in the Preferred Owners list.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 22
Topic #: 1
You have an Azure subscription that contains a user named User1 and the resources shown in the following table.
User1 has a computer named Computer1 that runs Windows 11. User1 works from home and establishes a Point-to-Site (P2S) connection to GW1 to access AppSvr1.
You deploy the resources shown in the following table.
User1 cannot access AppSvr2.
You need to ensure that User1 can access AppSvr2.
What should you do?
A. On Computer1, download and reinstall the VPN client.
B. Create a route table and associate the table with GatewaySubnet on VNet1.
C. On Computer1, modify the Windows Defender Firewall settings.
D. Add a service endpoint to VNet2.
Selected Answer: A
Question #: 22
Topic #: 5
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server. The subscription contains the storage accounts shown in the following table.
You plan to enable boot diagnostics for VM1.
You need to configure storage for the boot diagnostics logs and snapshots.
Which storage account should you use?
A. storage1
B. storage2
C. storage3
D. storage4
Selected Answer: B
Question #: 22
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a failover cluster named Cluster1 that hosts an application named App1.
The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)
The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)
Server1 shuts down unexpectedly.
You need to ensure that when you start Server1, App1 continues to run on Server2.
Solution: From the Failover settings, you select Prevent failback.
Does this meet the goal?
A. Yes
B. No
Selected Answer: D
Question #: 22
Topic #: 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy Azure Migrate to an on-premises network.
You have an on-premises physical server named Server1 that runs Windows Server and has the following configurations:
• Operating system disk: 600 GB
• Data disk: 3 TB
• NIC Teaming: Enabled
• Mobility service: Installed
• Windows Defender Firewall: Enabled
• Microsoft Defender Antivirus: Enabled
You need to ensure that you can use Azure Migrate to migrate Server1.
Solution: You disable Microsoft Defender Antivirus on Server1.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 23
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises server named Server1 that runs Windows Server.
You have a Microsoft Sentinel instance.
You add the Windows Firewall data connector in Microsoft Sentinel.
You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.
Solution: You install the Log Analytics agent on Server1.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 24
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises server named Server1 that runs Windows Server.
You have a Microsoft Sentinel instance.
You add the Windows Firewall data connector in Microsoft Sentinel.
You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.
Solution: You onboard Server1 to Microsoft Defender for Endpoint.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
