Top Tips Of Most Up-to-date AZ-800 Samples

NEW QUESTION 1

You need to configure remote administration to meet the security requirements. What should you use?

• A. just in time (JIT) VM access
• B. Azure AD Privileged Identity Management (PIM)
• C. the Remote Desktop extension for Azure Cloud Services
• D. an Azure Bastion host

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc

NEW QUESTION 2
HOTSPOT
You have a server named Server1 that runs Windows Server. Server1 has a single network interface and the Hyper-V virtual switches shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 3

You have an Active Directory domain that contains a file server named Server1. Server1 runs Windows Server and includes the file shares shown in the following table.

When users login to the network they receive the following network drive mappings.
• H: maps to Wserver1\users\%UserName%
• G: maps to \\server1\%Department%
You need to limit the amount of space consumed by user's on Server!. The solution must meet the following requirements:
• Prevent users using more than 5GB of space on their H: drive
• Prevent Accounts department users from using more than 10GB of space on the G: drive
• Prevent Marketing department users from using more than 15GB of space on the G: drive
• Prevent Customer Service department users from using more than 2GB of space on the G: drive
• Minimize administrative effort What should you use?

• A. File Server Resource Manager (FSRM) quotas
• B. Storage tiering
• C. NTFS Disk quotas
• D. Group Policy Preferences

Answer: A

NEW QUESTION 4

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains two servers named Server1 and Server2.
Server1 contains a disk named Disk2. Disk2 contains a folder named UserData. UserData is shared to the Domain Users group. Disk2 is configured for deduplication. Server1 is protected by using Azure Backup.
Server1 fails.
You connect Disk2 to Server2.
You need to ensure that you can access all the files on Disk2 as quickly as possible. What should you do?

• A. Create a storage pool.
• B. Restore files from Azure Backup.
• C. Install the File Server Resource Manager server role.
• D. Install the Data Deduplication server role.

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/overview

NEW QUESTION 5

You have an on-premises network that is connected to an Azure virtual network by using a Site-to-Site VPN. Each network contains a subnet that has the same IP address space. The on-premises subnet contains a virtual machine.
You plan to migrate the virtual machine to the Azure subnet.
You need to migrate the on premises virtual machine to Azure without modifying the IP address. The solution must minim administrative effort.
What should you implement before you perform the migration?

• A. Azure Extended Network
• B. Azure Virtual Network NAT
• C. Azure Application Gateway
• D. Azure virtual network peering

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-network

NEW QUESTION 6
DRAG DROP
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server. VM1 contains a 128-GB operating system disk.
You need to increase the size of volume C on VM1 to 250 GB.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7
HOTSPOT
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant
You have an on-premises web app named WebApp1 that only supports Kerberos authentication.
You need to ensure that users can access WebApp1 by using their Azure AD account. The solution must minimize administrative effort.
What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure AD Connect.
The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1.
You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared
You need to create a security group that meets the following requirements:
• Can contain users from the AD DS domain
• Can be used to authorize user access to share 1 and share2 What should you do?

• A. in the AD DS domain, create a universal security group
• B. in the Azure AD tenant create a security group that has assigned membership
• C. in the Azure AD Tenant create a security group that has dynamic membership.
• D. in the Azure AD tenant create a Microsoft 365 group

Answer: B

NEW QUESTION 9

You need to meet the technical requirements for VM2. What should you do?

• A. Implement shielded virtual machines.
• B. Enable the Guest services integration service.
• C. Implement Credential Guard.
• D. Enable enhanced session mode.

Answer: D

NEW QUESTION 10

Your network contains a single-domain Active Directory Domain Services (AD DS) forest named conto.com. The forest contains the servers shown in the following exhibit table.

You plan to install a line-of-business (LOB) application on Server1. The application will install a custom windows services.
A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key.
You need to create, configure, and install the gMSA that will be used by the new application.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. On Server1, run the install-ADServiceAccount cmdlet.
• B. On DC1, run the New-ADServiceAccount cmdlet.
• C. On DC1, run the Set_ADComputer cmdlet.
• D. ON DC1, run the Install-ADServiceAccount cmdlet.
• E. On Server1, run the Get-ADServiceAccount cmdlet.

Answer: AB

NEW QUESTION 11

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 12
HOTSPOT
Which groups can you add lo Group3 and Groups? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 13

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains a user named User1 and the servers shown in the following table.

You need to ensure that User1 can manage only Scope1 and Scope3. What should you do?

• A. Add User1 to the DHCP Administrators group on Server1 and Server2.
• B. Implement IP Address Management (IPAM).
• C. Add User1 to the DHCP Administrators domain local group.
• D. Implement Windows Admin Center and add connections to Server1 and Server2.

Answer: B

NEW QUESTION 14
SIMULATION
Task 9
You plan to create group managed service accounts (gMSAs).
You need to configure the domain to support the creation of gMSAs.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15
HOTSPOT
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.

You need to configure DC3 to be the authoritative time server for the domain.
Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16

Your network contains an Active Directory Domain Services (AD DS) domain named conioso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: from Active Directory Users and Computers, you right-click contoso.com in the console tree, and then select Operations Master
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 17

You have servers that have the DNS Server role installed. The servers are configured as shown in the following table.

All the client computers in the New York office use Server2 as the DNS server. You need to configure name resolution in the New York office to meet the following
requirements:
✑ Ensure that the client computers in New York can resolve names from contoso.com.
✑ Ensure that Server2 forwards all DNS queries for internet hosts to 131.107.100.200.
The solution must NOT require modifications to Server1. Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. a forwarder
• B. a conditional forwarder
• C. a delegation
• D. a secondary zone
• E. a reverse lookup zone

Answer: AB

Explanation:
A conditional forwarder is required for contoso.com. A forwarder is required for all other domains.
When you have a conditional forwarder and a forwarder configured, the conditional forwarder will be used for the specified domain.
You could use a secondary zone for contoso.com but that would require a configuration change on Server1.

NEW QUESTION 18

You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server 1, Server2, and Server3 that run Windows Server.
You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3. but access to the resource is denied.
You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort. What should you do?

• A. Configure Kerberos constrained delegation.
• B. Configure Just Enough Administration (JEA).
• C. Configure selective authentication for the domain.
• D. Disable the Enforce user logon restrictions policy setting for the domain.

Answer: A

NEW QUESTION 19

Your network contains a Active Directory Domain Service (AD DS) forest named contoso.com. The forest root domain contains a server named server1. contoso.com.
A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains.
You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.com.
What should you do first?

• A. Change the trust to a one-way external trust.
• B. Add fabrikam\Group1 to the local Users group on server1.contoso.com.
• C. Enable SID filtering for the trust.
• D. Enable Selective authentication for the trust.

Answer: B

NEW QUESTION 20
......