Microsoft AZ-800 Dumps (V17.02) – All the AZ-800 Updated Questions are Real and Approved by Experts

1. Topic 1, Contoso Ltd

Overview

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more Information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements, if the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

AD DS Environment

The network contains an on-premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains two domains named contoso.com and canada.contoso.com.

The forest contains the domain controllers shown in the following table.

All the domain controllers are global catalog servers.

Server Infrastructure

The network contains the servers shown in the following table.

A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Servei4 uses the private profile.

Server2 hosts three virtual machines named VM1. VM2, and VM3.

VM3 is a file server that stores data in the volumes shown in the following table.

Group Policies

The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.

Existing Identities

The forest contains the users shown in the following table.

The forest contains the groups shown in the following table.

Current Problems

When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out another administrator can connect to the console session as the currently signed-in user.

Requirements

Contoso identifies the following technical requirements:

• Change the replication schedule for all site links to 30 minutes.

• Promote Server1 to a domain controller in canada.contoso.com.

• Install and authorize Server3 as a DHCP server.

• Ensure that User! can manage the membership of all the groups in ContosoOU3.

• Ensure that you can manage Server4 from Server1 by using PowerShell removing.

• Ensure that you can run virtual machines on VM1.

• Force users to provide credentials when they connect to VM2.

• On VM3, ensure that Data Deduplication on all volumes is possible.

You need to meet the technical requirements for Server1.

Which users can currently perform the required tasks?

2. You need to meet the technical requirements for the site links.

Which users can perform the required tasks?

3. HOTSPOT

You need to meet the technical requirements for VM1.

Which cmdlet should you run first? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. You need to meet the technical requirements for VM3

On which volumes can you enable Data Deduplication?

5. HOTSPOT

Which groups can you add lo Group3 and Groups? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

6. You need to meet the technical requirements for User1. The solution must use the principle of least privilege.

What should you do?

7. HOTSPOT

Which groups can you add to Group3 and Group5? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

8. HOTSPOT

You need to meet the technical requirements for Server4.

Which cmdlets should you run on Server1 and Server4? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

9. You need to meet the technical requirements for VM2.

What should you do?

10. HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

11. Topic 2, Fabrikam inc.

Overview

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more Information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements, if the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview

Fabrikam, Inc. Is a manufacturing company that has a main office In New York and a branch office in Seattle.

On-premises Servers

The on-premises network contains servers that run Windows Server as shown in the following table.

DC1 hosts all the operation master roles.

WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.

On-premises Network

The New York and Seattle offices are connected by using redundant WAN links.

The client computers in each office get IP addresses from their local DHCP server.

DHCP! contains a scope named Scope1 that has addresses for the New York office.

DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.

Group Policy Object (GPOs)

The cwp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.

Requirements:

Fabrikam Identifies the following planned changes:

• Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.

• Replace the WAN links between the Seattle and New York offices by using Azure Virtual

WAN and ExpressRoute. Both on-premises offices will be connected to Vnet1 by using ExpressRoute.

• Create three Azure file shares named newyorkfiles, seattfefiles, and companyfiles.

• Create a domain controller named dc3.corp.fabrikam,com in Vnet1.

• Deploy an Azure Virtual Desktop host pool lo Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD joined.

• License all servers for Microsoft Defender for servers.

• Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.

Networking Requirements

Fabrikam identifies the following security requirements:

• Apply GP04 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout lime manually from their client computer.

• Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.

• Prevent user passwords from containing all or part of words that are based on the company name, such as Fab. fabrikam or fsbr! |.

• Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.

• Prevent domain controllers from directly contacting hosts on the internet.

File Sharing Requirements

You need to configure the synchronization of Azure files to meet the following requirements:

• Ensure that seattlefiles syncs to FS2.

• Ensure that newyorkfiles syncs to FS1.

• Ensure that companyfiles syncs to both FS1 and FS2.

DRAG DROP

You need to meet the security requirements for passwords.

Where should you configure the components for Azure AD Password Protection? lo answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.

12. You need to implement a name resolution solution that meets the networking requirements.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point

13. What should you implement for the deployment of DC3?

14. HOTSPOT

You need to configure Azure File Sync to meet the file sharing requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

15. You need to configure remote administration to meet the security requirements.

What should you use?

16. You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements.

What should you configure?

17. You are planning the implementation Azure Arc to support the planned changes. You need to configure the environment to support configuration management policies.

What should you do?

18. DRAG DROP

Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

19. HOTSPOT

You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.

What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

20. You need to implement an availability solution for DHCP that meets the networking requirements.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

21. Topic 3, Datum Corporation

Overview

A. Datum Corporation is a manufacturing company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.

A. Datum recently partnered with a company named Fabrikam, Inc.

Fabrikam is a manufacturing company that has a main office in Boston and a branch office in Orlando.

Both companies intend to collaborate on several joint projects.

The on-premises network of

A. Datum contains an Active Directory Domain Services (AD DS) forest named adatum.com.

The forest contains two domains named adatum.com and east.adatum.com and the domain controllers shown in the following table.

The on-premises network of Fabrikam contains an AD DS forest named fabrikam.com.

The forest contains two domains named fabrikam.com and south.fabrikam.com.

The fabrikam.com domain contains an organizational unit (OU) named Marketing.

The adatum.com domain contains the servers shown in the following table.

HyperV1 contains the virtual machines shown in the following table.

All the virtual machines on HyperV1 have only the default management tools installed.

SSPace1 contains the Storage Spaces virtual disks shown in the following table.

A. Datum has an Azure subscription that contains a Microsoft Entra tenant. Microsoft Entra Connect is configured to sync the adatum.com forest with Microsoft Entra ID.

The subscription contains the virtual networks shown in the following table.

The subscription contains the Azure Private DNS zones shown in the following table.

The subscription contains the virtual machines shown in the following table.

All the servers are in a workgroup.

The subscription contains a storage account named storage1 that has a file share named share1.

A. Datum plans to implement the following changes:

• Sync Data1 to share1.

• Configure an Azure runbook named Task1.

• Enable Microsoft Entra users to sign in to Server1.

• Create an Azure DNS Private Resolver that has the following configurations:

o Name: Private1

o Region: West US

o Virtual network: VNet1

o Inbound endpoint: SubnetB

• Enable users in the adatum.com domain to access the resources in the south.fabrikam.com domain.

A. Datum identifies the following technical requirements:

• The data on SSPace1 must be available always.

• DC2 must become the schema master if DC1 fails.

• VMS must be configured to enable per-folder quotas.

• Trusts must allow access to only the required resources.

• The users in the Marketing OU must have access to storage!

• Azure Automanage must be used on all supported Azure virtual machines.

• A direct SSH session must be used to manage all the supported virtual machines on HyperV1.

You need to implement the planned changes for the Azure DNS Private Resolver.

Which private DNS zones can you use for name resolution?

A. Zone1.com only

B. Zone2.com only

C. Zone1.com and Zone2.com only

D. Zone2.com and Zone3.com only

E. Zone1.com, Zone2.com, and Zone3.com

22. HOTSPOT

You need to ensure that data availability on SSPace1 meets the technical requirements.

What is the maximum number of physical disks that can fail on each disk? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

23. DRAG DROP

You need to implement the planned change for Data1.

Which actions should you perform in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

24. You need to implement the planned changes for Microsoft Entra users to sign in to Server1.

Which PowerShell cmdlet should you run?

25. You need to ensure that access to storage1 for the Marketing OU users meets the technical requirements.

What should you implement?

26. HOTSPOT

You need to meet technical requirements for HyperV1.

Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

27. You need to ensure that Automanage meets the technical requirements.

On which Azure virtual machines should you enable Automanage?

28. Which two languages can you use for Task1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

29. You need to ensure that VM3 meets the technical requirements.

What should you install first?

30. DRAG DROP

DC1 fails.

You need to meet the technical requirements for the schema master.

Yourunntdsutil.exe.

Which five commands should you run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order?

31. Topic 4, Misc Questions

You have an Azure virtual machine named VM1 that runs Windows Server.

You perform the following actions on VM1:

• Create a folder named Folder1 on volume C

• Create a folder named Folder2 on volume D.

• Add a new data disk to VM1 and create a new volume that is assigned drive letter E.

• Install an app named App1 on volume E.

You plan to resize VM1.

Which objects will present after you resize VM1?

32. HOTSPOT

You have a Windows Server container host named Server1 and an Azure subscription.

You deploy an Azure container registry named Registry1 to the subscription.

On Server1, you create a container image named image1.

You need to store imager in Registry1.

Which command should you run on Server1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

33. You have a Windows Server container host named Server 1 and a container image named Image1. You need to start a container from image1. The solution must run the container on a Hyper-V virtual machine.

Which parameter should you specify when you run the docker run command?

34. You have a server named Server1 that hosts Windows containers. You plan to deploy an application that will have multiple containers. Each container will be You need to create a Docker network that supports the deployment of the application.

Which type of network should you create?

35. You plan to deploy a containerized application that requires .NET Core.

You need to create a container image for the application. The image must be as small as possible.

Which base image should you use?

36. You haw an Azure virtual machine named VM1 that runs Windows Server

You need to configure the management of VM1 to meet the following requirements:

• Require administrators to request access to VM1 before establishing a Remote Desktop connection.

• Limit access to VM1 from specific source IP addresses.

• Limit access to VMI to a specific management port

What should you configure?

37. You haw? a server named Host! that has the Hyper-V server role installed. Host! hosts a virtual machine named VM1.

You have a management server named Server! that runs Windows Server. You remotely manage Host1 from Server1 by using Hyper-V Manager.

You need to ensure that you can access a USB hard drive connected to Server1 when you connect to VM1 by using Virtual Machine Connection.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

38. HOTSPOT

You plan to deploy an Azure virtual machine that will run Windows Server.

You need to ensure that an Azure Active Directory (Azure AD) user [email protected] can connect 10 the virtual machine by using the Azure Serial Console.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

39. Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com The domain contains three servers that run Windows Server and have the Hyper-V server rote installed. Each server has a Switch Embedded Teaming (SET) team

You need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server

settings are configured properly on each server.

What should you use?

40. HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com.

The domain contains a 'He server named Server1 and three users named User1.

User2 and User), Server1 contains a shared folder named Share1 tha1 has the following configurations:

The share permissions for Share1 are configured as shown in the Share Permissions exhibit. (Click the Share Permissions tab.)

Share1 contains a file named Filel.txt. The advanced security settings for Filel.txt are configured as shown in the File Permissions exhibit. (Click the File Permissions tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: f ach correct selection is worth one point.

41. You have five tile servers that run Windows Server.

You need to block users from uploading video files that have the .mov extension to shared folders on the file servers. All other types of files must be allowed. The solution must minimize administrative effort.

What should you create?

42. HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com.

The domain contains a server named Server1 and the users shown.

In the following table.

Server1 contains a folder named D:Folder1. The advanced security settings for Folder 1 are configured as shown in the Permissions exhibit. (Click the Permissions lab.)

Folder1 is shared by using the following configurations

43. HOTSPOT

You need to sync files from an on-premises server named Server1 to Azure by using Azure File Sync You have a cloud tiering policy that is configured for 30 percent free space and 70 days. Volume f on Server1 is 500 GB.

A year ago. you configured E:Oata on Server1 to sync by using Azure File Sync.

The files that are visible in E:Data are shown in the following table.

Volume E does NOT contain any other files.

Where are File1 and flle3 located? To answer, select the appropriate options In the answer area.

44. HOTSPOT

You have a file server named Server1 that runs Windows Server and contains the volumes shown in the following table.

On which volumes can you use BitLocker Drive Encryption (BitLocker) and disk quotas? To answer select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

45. HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.

The domain contains a server named Server1 that has the DFS Namespaces role service installed.

Server! hosts a domain-based Distributed File System (DFS) Namespace named Files.

The domain contains a tile server named Server2. Seiver2 contains a shared folder named Share1.

Share1 contains a subfolder named Folder 1.

In the Files namespace, you create a folder named Folder! that has a target of \Server2.contoso.comShare1Folder1.

You need to configure a logon script that will map drive letter M to Folder1. The solution must use the path of the DFS Namespace.

How should you complete the command to map the drive letter? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

46. You have a server named Server1 that runs Windows Server.

Server1 has the storage pools shown in the following table.

You plan to create a virtual disk named VDisk1 that will use storage tiers.

Which pools can you use to create VDisk1?

47. DRAG DROP

You have two on-premises servers named Server1 and Servet2 that run Windows Server.

You have an Azure Storage account named storage1 that contains a file share named share'. Server1 syncs with share1 by using Azure File Sync

You need to configure Server2 to sync with share1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

48. You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. You plan deploy 100 new Azure virtual machines that will run Windows Server. You need to ensure that each new virtual machine is joined to the AD DS domain.

What should you use?

49. DRAG DROP

You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.

You deploy five servers to the domain. You add the servers to a group named iTFarmHosts.

You plan to configure a Network Load Balancing (NIB) cluster named NLBCluster.contoso.com that will contain the five servers.

You need to ensure that the NLB service on the nodes of the cluster can use a group managed service account (gMSA) to authenticate.

Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdiets from the list of cmdlets to the answer area and arrange them in the correct order.

50. You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant

You have several Windows 10 devices that are Azure AD hybrid-joined.

You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.

Which optional feature should you select in Azure AD Connect?

51. Your network contains an on -premises Active Directory Domain Services (AD DS) domain named contoso.com.

The domain contains the objects shown in the following table.

You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect. You need to ensure that all the objects can be used in Conditional Access policies.

What should you do?

52. Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.

You need to minimize the convergence time for changes to Active Directory.

What should you do?

53. HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com.

in the contoso.com domain, you create two users named Admin1 and Admin2.

You need to ensure that the users can perform the following tasks:

• Admin1 can create and manage Active Directory sites.

• Admin2 can deploy domain controller to the easl.conloso.com domain.

The solution must use the principle of least privilege.

To which group should you add each user? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

54. Your network contains an Active Directory Domain Services (AD DS) domain- The domain contains 10 servers that run Windows Server. The servers have static IP addresses. You plan to use DHCP to assign IP addresses to the servers.

You need to ensure that each server always receives the same IP address.

Which type of identifier should you use to create a DHCP reservation for each server?

55. You have an on-premises server named Server1 that runs Windows Server. You have an Azure virtual network that contains an Azure virtual network gateway. You need to connect only Server1 to the Azure virtual network.

What should you use?

56. HOTSPOT

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant

You have an on-premises web app named WebApp1 that only supports Kerberos authentication.

You need to ensure that users can access WebApp1 by using their Azure AD account. The solution must minimize administrative effort.

What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

57. HOTSPOT

Your network contains two VLANs for client computers and one VLAN for a datacenter Each VLAN is assigned an IPv4 subnet Currently, all the client computers use static IP addresses. You plan to deploy a DHCP server to the VLAN in the datacenter.

You need to use the DHCP server to provide IP configurations to all the client computers.

What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

58. You have a server that runs Windows Server and has the DHCP Server role installed.

The server has a scope named Scope! that has the following configurations:

• Address range: 192.168.0.2 to 192.16B.1.2M. Mask 255.255.254.0

• Router: 192.168.0.1

• Lease duration: 3 days

• DNS server 172.16.0.254

You have 50 Microsoft Teams Phone devices from the same vendor. All the devices have MAC addresses within the same range.

You need to ensure that all the Teams Phone devices that receive a lease from Scope1 have IP addresses in the range of 192.168.1.100 to 192.168.1.200. The solution must NOT affect other DHCP clients that receive IP configurations from Scope1.

What should you create?

59. HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.

The domain contains the VPN servers shown in the following table.

You have a server named NPS1 that has Network Policy Server (NPS) installed.

NPS1 has the following RADIUS clients:

VPN1, VPN2, and VPN3 use NPS1 for RADIUS authentication. All the users in contoso.com are allowed to establish VPN connections. For each of the following statements, select Yes If the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

60. You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant The on-premises network is connected to Azure by using a Site-to-Site VPN.

You have the DNS zones shown in the following table.

You need to ensure that names from (aDiifcam.com can be resolved from the on-premises network.

Which two actions should you perform? Each correct answer presents part of the solution, NOTE: Each correct selection Is worth one point

61. HOTSPOT

You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed.

You need 10 limit which Hyper-V module cmdlets helpdesk users can use when administering Server

1 remotely.

You configure Just Enough Administration (JEA) and successfully build the role capabilities and session configuration files.

How should you complete the PowerShell command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

62. HOTSPOT

Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each forest contains a single domain.

The domains contain the servers shown in the following table.

You need to configure resources based constrained delegation so that the users In contoso.com can use Windows Admin Center on Server) to connect to Server? How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

63. Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic.

The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only.

You plan to manage the servers in the branch office by using a Windows Admin Center gateway.

On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings.

You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway.

Which inbound TCP port should you allow?

64. You have an Azure subscription that contains the following resources:

• An Azure Log Analytics workspace

• An Azure Automation account

• Azure Arc.

You have an on-premises server named Server1 that is onboaraed to Azure Arc You need to manage Microsoft updates on Server! by using Azure Arc

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point

65. HOTSPOT

You have an Azure subscription named sub1 and 500 on-premises virtual machines that run Windows Server.

You plan to onboard the on-premises virtual machines to Azure Arc by running the Azure Arc deployment script

You need to create an identity that mil be used by the script to authenticate access to sub1. The solution must use the principle of least privilege.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

66. You have an Azure virtual machine named VM1 that has a private IP address only.

You configure the Windows Admin Center extension on VM1.

You have an on-premises computer that runs Windows 11. You use the computer for server management.

You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.

What should you configure?

67. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.

You open a new branch office that contains only client computers.

You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.

Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.

Does this meet the goal?

68. Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.

You open a new branch office that contains only client computers.

You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.

Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.

Does this meet the goal?

69. Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.

You open a new branch office that contains only client computers.

You need to ensure that the client computers in the new office are primarily authenticated by the

domain controllers in Site1.

Solution: You create a new subnet object that is associated to Site1.

Does this meet the goal?

70. Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.

You need to identify which server is the PDC emulator for the domain.

Solution: From a command prompt, you run netdom.exe query fsmo.

Does this meet the goal?

71. Your network contains an Active Directory Domain Services (AD DS) domain named conioso.com.

You need to identify which server is the PDC emulator for the domain.

Solution: from Active Directory Users and Computers, you right-click contoso.com in the console tree, and then select Operations Master

Does this meet the goal?

72. Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.

You need to identify which server is the PDC emulator for the domain.

Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.

Does this meet the goal?

73. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.

You need to identify which server is the PDC emulator for the domain.

Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations Master.

Does this meet the goal?

74. You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.

You plan to implement self-service password reset (SSPR) in Azure AD.

You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.

What should you do?

75. You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.

You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.

To which group should you add the administrator?

76. DRAG DROP

You create a new Azure subscription.

You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines. The virtual machines will be joined to Azure AD DS.

You need to deploy Active Directory Domain Services (AD DS) to ensure that the virtual machines can be deployed and joined to Azure AD DS.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

77. HOTSPOT

You have an Azure Active Directory Domain Services (Azure AD DS) domain.

You create a new user named Admin1.

You need Admin1 to deploy custom Group Policy settings to all the computers in the domain. The solution must use the principle of least privilege.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

78. DRAG DROP

Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.

You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.

You need to recommend a deployment plan that meets the following requirements:

Ensures that a user named User1 can perform the RODC installation on Server1 Ensures that you can control the AD DS replication schedule to the Server1 Ensures that Server1 is in a new site named RemoteSite1 Uses the principle of least privilege

Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

79. Your network contains an Active Directory Domain Services (AD DS) domain.

You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences.

You plan to link GPO1 to the domain.

You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort.

Which type of item level targeting should you use?

80. DRAG DROP

You deploy a new Active Directory Domain Services (AD DS) forest named contoso.com. The domain contains three domain controllers named DC1, DC2, and DC3.

You rename Default-First-Site-Name as Site1.

You plan to ship DC1, DC2, and DC3 to datacenters in different locations.

You need to configure replication between DC1, DC2, and DC3 to meet the following requirements:

Each domain controller must reside in its own Active Directory site.

The replication schedule between each site must be controlled independently.

Interruptions to replication must be minimized.

Which three actions should you perform in sequence in the Active Directory Sites and Services console? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

81. Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com.

The root domain contains the domain controllers shown in the following table.

A failure of which domain controller will prevent you from creating application partitions?

82. HOTSPOT

You have 10 on-premises servers that run Windows Server.

You plan to use Azure Network Adapter to connect the servers to the resources in Azure.

Which prerequisites do you require on-premises and in Azure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

83. DRAG DROP

You have a server named Server1 that has Windows Admin Center installed. The certificate used by Windows Admin Center was obtained from a certification authority (CA).

The certificate expires.

You need to replace the certificate.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

84. HOTSPOT

You have an on-premises server named Server1 that runs Windows Server and has internet connectivity.

You have an Azure subscription.

You need to monitor Server1 by using Azure Monitor.

Which resources should you create in the subscription, and what should you install on Server1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

85. You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.

A user named Admin1 is a member of the local Administrators group on Server1 and Server2.

You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.

You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.

What should you do first?

86. You have an Azure virtual machine named VM1 that runs Windows Server.

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1.

What should you do?

87. You have an Azure virtual machine named VM1 that runs Windows Server and has the following configurations:

✑ Size: D2s_v4

✑ Operating system disk: 127-GiB standard SSD

✑ Data disk 128-GiB standard SSD

✑ Virtual machine generation: Gen 2

You plan to perform the following changes to VM1:

✑ Change the virtual machine size to D4s_v4.

✑ Detach the data disk.

✑ Add a new standard SSD.

Which changes require downtime for VM1?

88. HOTSPOT

You have a Windows Server container host named Server1 that has a single disk.

On Server1, you plan to start the containers shown in the following table.

Which isolation mode can you use for each container? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

89. DRAG DROP

You have a server named Server1 that runs Windows Server and has the Hyper V server role installed. Server1 hosts a virtual machine named VM1.

Server1 has an NVMe storage device. The device is currently assigned to VM1 by using Discrete Device Assignment.

You need to make the device available to Server1.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

90. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are planning the deployment of DNS to a new network.

You have three internal DNS servers as shown in the following table.

The contoso.local zone contains zone delegations for east.contoso.local and west.contoso.local. All the DNS servers use root hints.

You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.

Solution: You configure Server2 and Server3 to forward DNS requests to 10.0.1.10.

Does this meet the goal?