AZ-801: Configuring Windows Server Hybrid Advanced Services Topic 3
Question #: 24
Topic #: 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From App & browser control, you configure Reputation-based protection.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 25
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises server named Server1 that runs Windows Server.
You have a Microsoft Sentinel instance.
You add the Windows Firewall data connector in Microsoft Sentinel.
You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.
Solution: You install the Microsoft Integration Runtime on Server1.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 26
Topic #: 5
You have an Azure virtual machine named VM1 that runs Windows Server.
The operating system on VM1 fails to fully initialize its network stack, and you cannot establish a network connection.
You need to establish an interactive shell session.
What should you use?
A. Azure Bastion
B. Serial console
C. just-in-time (JIT) VM access
Selected Answer: B
Question #: 27
Topic #: 1
Your network contains an Active Directory Domain Services (AD DS) forest. The forest functional level is Windows Server 2012 R2. The forest contains the domains shown in the following table.
You create a user named Admin1.
You need to ensure that Admin1 can add a new domain controller that runs Windows Server 2022 to the east.contoso.com domain. The solution must follow the principle of least privilege.
To which groups should you add Admin1?
A. EAST\Domain Admins only
B. CONTOSO\Enterprise Admins only
C. CONTOSO\Schema Admins and EAST\Domain Admins
D. CONTOSO\Enterprise Admins and CONTOSO\Schema Admins
Selected Answer: A
Question #: 28
Topic #: 1
You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains the resources shown in the following table.
Sub1 has Microsoft Defender for Servers enabled. You are assigned the Contributor role for Sub1.
You need to implement just-in-time (JIT) VM access for VM1.
What should you do first?
A. Create a network security group (NSG).
B. Enable enhanced security in Microsoft Defender for Cloud.
C. Request the Owner role for Sub1.
D. Create an application security group.
Selected Answer: A
Question #: 29
Topic #: 5
HOTSPOT
–
You have an Azure virtual machine named VM1 that runs Windows Server.
You need to perform the following tasks on VM1:
• Configure Windows Defender Firewall to allow Remote Desktop connections,
• Configure where to store the logs of the virtual machine console.
Which two settings should you use? To answer, select the settings in the answer area.
NOTE: Each correct selection is worth one point,
A. Create a network security group (NSG).
B. Enable enhanced security in Microsoft Defender for Cloud.
C. Request the Owner role for Sub1.
D. Create an application security group.
Selected Answer: D
Question #: 1
Topic #: 4
DRAG DROP –
You manage 200 physical servers that run Windows Server.
You plan to migrate the servers to Azure.
You need to prepare for discovery of the servers by using Azure Migrate.
Which three actions should you perform in sequence on a physical server? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Question #: 1
Topic #: 11
HOTSPOT –
You are planning the www.fabrikam.com website migration to support the Azure migration plan.
How should you configure WebApp1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
A D
Question #: 1
Topic #: 7
HOTSPOT –
You need to configure BitLocker on Server4.
On which volumes can you turn on BitLocker, and on which volumes can you turn on auto-unlock? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
D C
Question #: 1
Topic #: 13
HOTSPOT –
You need to implement alerts for the domain controllers. The solution must meet the technical requirements.
What should you do on the domain controllers, and what should you create on Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
C C
Question #: 1
Topic #: 3
HOTSPOT –
You have a Hyper-V failover cluster named Cluster1 at a main datacenter. Cluster1 contains two nodes that have the Hyper-V server role installed. Cluster1 hosts
10 highly available virtual machines.
You have a cluster named Cluster2 in a disaster recovery site. Cluster2 contains two nodes that have the Hyper-V server role installed.
You plan to use Hyper-V Replica to replicate the virtual machines from Cluster1 to Cluster2.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
C D
Question #: 1
Topic #: 6
DRAG DROP –
You are planning the implementation of Cluster2 to support the on-premises migration plan.
You need to ensure that the disks on Cluster2 meet the security requirements.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
1. Add a disk resource to the cluster.
2. Create a Cluster Shared Volume (CSV).
3. Enable BitLocker on the volume.
4. Update the BitLockerProtectorInfo property of the volume.
5. Put the disk in maintenance mode.
Question #: 1
Topic #: 12
HOTSPOT –
You are planning the europe.fabrikam.com migration to support the on-premises migration plan.
Where should you install the Password Export Server (PES) service, where should you generate the encryption key? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
D C
Question #: 28
Topic #: 1
You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains the resources shown in the following table.
Sub1 has Microsoft Defender for Servers enabled. You are assigned the Contributor role for Sub1.
You need to implement just-in-time (JIT) VM access for VM1.
What should you do first?
A. Create a network security group (NSG).
B. Enable enhanced security in Microsoft Defender for Cloud.
C. Request the Owner role for Sub1.
D. Create an application security group.
A
Question #: 4
Topic #: 1
DRAG DROP –
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
The AD DS domain contains a domain controller named DC1. DC1 does NOT have internet access.
You need to configure password security for on-premises users. The solution must meet the following requirements:
✑ Prevent the users from using known weak passwords.
✑ Prevent the users from using the company name in passwords.
What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Question #: 3
Topic #: 3
HOTSPOT –
You have a Hyper-V failover cluster named Cluster1 that uses a cloud witness. Cluster1 hosts a virtual machine named VM1 that runs Windows Server.
You need to fail over VM1 automatically to a different node when a service named Service1 on VM1 fails.
What should you do on Cluster1 and VM1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
B B
Question #: 3
Topic #: 7
HOTSPOT –
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Y Y N
Question #: 2
Topic #: 6
HOTSPOT –
You need to implement a security policy solution to authorize the applications. The solution must meet the security requirements.
Which service should you use to enforce the security policy, and what should you use to manage the policy settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
A C
Question #: 2
Topic #: 4
DRAG DROP –
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The functional level of the forest and the domain is Windows
Server 2012 R2. The domain contains the domain controllers shown in the following table.
You need to raise the forest functional level to Windows Server 2016. The solution must meet the following requirements:
✑ Ensure that there are three domain controllers after you raises the level.
✑ Minimize how long the FSMO roles are unavailable.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Question #: 2
Topic #: 7
HOTSPOT –
What is the effective minimum password length for User1 and Admin1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
User1 – 9
Admin1 – 8
Question #: 2
Topic #: 11
HOTSPOT –
You are planning the DHCP1 migration to support the DHCP migration plan.
Which two PowerShell cmdlets should you run on DHCP1, and which two PowerShell cmdlets should you run on DHCP2? To answer, drag the appropriate cmdlets to the correct servers. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Question #: 6
Topic #: 4
DRAG DROP –
You have a server named Server1 that runs Windows Server and has the Web Server (IIS) server role installed. Server1 hosts an ASP.NET Core web app named
WebApp1 and the app’s source files.
You install Docker on Server1.
You need to ensure that you can deploy WebApp1 to an Azure App Service web app from the Azure Container Registry.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Question #: 6
Topic #: 1
DRAG DROP –
Your network contains an Active Directory Domain Services (AD DS) domain.
You need to implement a solution that meets the following requirements:
✑ Ensures that the members of the Domain Admins group are allowed to sign in only to domain controllers
✑ Ensures that the lifetime of Kerberos Ticket Granting Ticket (TGT) for the members of the Domain Admins group is limited to one hour
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
1- Create an authentication policy silo.
2- Create an authentication policy.
3- Assign the authentication policy silo to user and computer accounts.
Question #: 5
Topic #: 1
HOTSPOT –
The Default Domain Policy Group Policy Object (GPO) is shown in the GPO exhibit. (Click the GPO tab.)
The members of a group named Service Accounts are shown in the Group exhibit. (Click the Group tab.)
An organizational unit (OU) named ServiceAccounts is shown in the OU exhibit. (Click the OU tab.)
You create a Password Settings Object (PSO) as shown in the PSO exhibit. (Click the PSO tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Y N N
Question #: 5
Topic #: 3
DRAG DROP –
You have two Azure virtual machines named VM1 and VM2. VM1 is backed up to an Azure Recovery Services vault daily and retains backups for 30 days.
You need to restore an individual file named C:\Data\Important.docx from VM1 to VM2. The solution must minimize administrative effort.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Question #: 5
Topic #: 4
HOTSPOT –
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the servers shown in the following table.
Server3 contains a share named Share1.
On Server1, DHCP has the following configurations:
✑ Conflict detection attempts: 3
✑ An IPv4 scope named Scope1 that has the following settings:
1. Address Pool: 172.16.10.100 – 172.16.10.130
2. Address Leases:
– 172.16.10.100 computer1.contoso.com
– 172.16.10.101 computer2.contoso.com
✑ Reservations: 172.16.10.101 computer2.contoso.com
✑ Policies: Policy1
You perform the following actions:
On Server1, you run –
Export-DhcpServer -File \\Server3\Share1\File1.xml.
✑ On Server2, you run
Import-DhcpServer -File \\Server3\Share1\File1.xml
-BackupPath \\Server3\Share1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Y Y Y
Question #: 5
Topic #: 2
HOTSPOT –
You have a failover cluster named FC1 that contains two nodes named Server1 and Server2. FC1 is configured to use a file share witness.
You plan to configure FC1 to use a cloud witness.
You need to configure Azure Storage accounts for the cloud witness.
Which storage account type and authorization method should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
D A
Question #: 4
Topic #: 3
DRAG DROP –
You have two physical servers named AppSrv1 and AppSrv2 and an unconfigured server named Server1. All the servers run Windows Server. Only Server1 can access the internet.
You plan to use Azure Site Recovery to replicate AppSrv1 and AppSrv2 to Azure.
You need to deploy the required components to AppSrv1, AppSrv2, and Server1.
Which components should you deploy? To answer, drag the appropriate components to the correct servers. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Question #: 4
Topic #: 11
HOTSPOT –
You are planning the migration of APP3 and APP4 to support the Azure migration plan.
What should you do on Cluster1 and in Azure before you perform the migration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
C D
Question #: 4
Topic #: 9
DRAG DROP –
You need to meet the technical requirements for Cluster2.
Which four actions should you perform in sequence before you can enable replication? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Question #: 8
Topic #: 3
DRAG DROP –
You have an Azure subscription that contains an Azure Recovery Services vault.
You have an on-premises physical server that runs Windows Server.
You need to back up the server daily to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Question #: 8
Topic #: 5
HOTSPOT –
You have a server named Server1 that runs Windows Server.
On Server1, you create a Data Collector Set named CollectorSet1 based on the Basic template.
You need to configure CollectorSet1 to meet the following requirements:
✑ Older performance counter logs must be overwritten by new ones.
✑ Performance counter logging must stop if there is less than 500 MB of free disk space.
What should you configure for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
