Microsoft Microsoft Certifications AZ-800 Questions & Answers

• Question 181:

  HOTSPOT

  Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.

  

  You need to configure DC3 to be the authoritative time server for the domain.

  Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: PDC emulator How to configure an authoritative time server in Windows Server To configure the PDC in the root of an Active Directory forest to synchronize with an external time source, follow these steps:

  Change the server type to NTP. To do this, follow these steps:

  1.

  Select Start > Run, type regedit, and then select OK.

  2.

  Locate and then select the following registry subkey:

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

  In the pane on the right, right-click Type, and then select Modify.

  In Edit Value, type NTP in the Value data box, and then select OK.

  3.

  Set AnnounceFlags to 5. To do this, follow these steps:

  Etc.

  Box 2: Active Directory Users and Computers Transfer FSMO Roles Using ADUC GUI Just like PowerShell you need to log into the server that you will be transferring to.

  Open the Active Directory Users and Computers console, then right-click on the domain and click on operations masters.

  

  You should now see a screen with three tabs (RID, PDC, and Infrastructure).

  To transfer one of these roles just click on the change button. You can't select which domain controller to transfer the role to, that is why you need to log into the server that you want to transfer to. if I wanted to transfer the RID role to DC3 I would log into that server.

  Reference: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/configure-authoritative-time-server https://activedirectorypro.com/transfer-fsmo-roles

• Question 182:

  HOTSPOT

  Your on-premises network contains a server named Server1 and uses an IP address space of 192.168.10.0/24.

  You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 uses an IP address space of 192.168.10.0/24.

  You need to migrate Server1 to Subnet1. You must use Azure Extended Network to maintain the existing IP address of Server1.

  What is the minimum number of virtual machines that you should deploy? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point

  Hot Area:

  

  Correct Answer:

  

  Box 1: 1 Configuration in Azure Before you use Windows Admin Center, you must perform the following steps through the Azure Portal:

  1.

  Create a Virtual network in Azure that contains at least two subnets, in addition to subnets required for your gateway connection. One of the subnets you create must use the same subnet CIDR as the on-premises subnet you want to extend. The subnet must be unique within your routing domain so that it does not overlap with any on-premises subnets.

  2.

  Configure a virtual network gateway to use a site-to-site or ExpressRoute connection to connect the virtual network to your on-premises network.

  3.

  Create a Windows Server 2022 Azure Edition VM in Azure that is capable of running nested virtualization. This is one of your two virtual appliances. Connect the primary network interface to the routable subnet, and the second network interface to the extended subnet.

  Note: Extended network for Azure requires Windows Server 2022 Azure Edition for the VM that is running in Azure.

  4.

  Etc.

  Box 2: 1 On-premises configuration You must also perform some manual configuration in your on-premises infrastructure, including creating a VM to serve as the on-premises virtual appliance:

  1.

  Make sure the subnets are available on the physical machine where you will deploy the on-premises VM (virtual appliance). This includes the subnet you want to extend and a second subnet that is unique and doesn't overlap with any subnets in the Azure virtual network.

  2.

  Create a Windows Server 2019 or 2022 VM on any hypervisor that supports nested virtualization. This is the on-premises virtual appliance. We recommend that you create this as a highly available VM in a cluster. Connect a virtual network adapter to the routable subnet and a second virtual network adapter to the extended subnet.

  3.

  Etc.

  Note: Azure using extended network for Azure

  Extended network for Azure enables you to stretch an on-premises subnet into Azure to let on-premises virtual machines keep their original on-premises private IP addresses when migrating to Azure.

  The network is extended using a bidirectional VXLAN tunnel between two Windows Server 2019 VMs acting as virtual appliances, one running on-premises and the other running in Azure, each also connected to the subnet to be extended.

  Each subnet that you are going to extend requires one pair of appliances. Multiple subnets can be extended using multiple pairs

  Reference: https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-network

• Question 183:

  HOTSPOT

  Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com.

  The forest contains a child domain named east.contoso.com and the servers shown in the following table.

  

  You need to create a folder for the Central Store to manage Group Policy template files for the entire forest.

  What should you name the folder, and on which server should you create the folder?

  To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 184:

  HOTSPOT

  Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.

  

  The domain trust has the following configurations:

  1.

  Name: adatum.com

  2.

  Type: External

  3.

  Direction: One-way. outgoing

  4.

  Outgoing trust authentication level: Domain-wide authentication

  

  The forests contain the network shares shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 185:

  HOTSPOT

  You have a server named Server1 that has the Hyper-V server role installed. Server1 hosts the virtual machines shown in the following exhibit.

  

  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: VM1, VM2, and VM3

  The following table shows the minimum virtual machine configuration version required to use some Hyper-V features.

  *

  Production Checkpoints Minimum VM configuration version: 6.2

  *

  Hibernation support Minimum VM configuration version: 9.0

  Box 2: Only VM1 and VM2

  VM configuration version 9.0 introduced hibernation support.

  Reference:

  https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/upgrade-virtual-machine-version-in-hyper-v-on-windows-or-windows-server

  https://www.appuntidallarete.com/how-to-install-and-configure-free-hyper-v-server-2019-2016-2/

• Question 186:

  HOTSPOT

  You have a server named Server1 that runs Windows Server and contains three volumes named C, D, and E.

  Files are stored on Server1 as shown in the following table.

  

  For volume D, Data Deduplication is enabled and set to General purpose file server. You perform the following actions:

  1.

  Move File1 to volume D.

  2.

  Copy File2 to volume D and name the copy File4.

  3.

  Move File3 to volume E

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Reference: https://learn.microsoft.com/en-us/windows-server/storage/data-deduplication/overview

• Question 187:

  HOTSPOT

  Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure AD tenant. The tenant contains a group named Group1 and the users shown in the following table.

  

  Domain/OU filtering in Azure AD Connect is configured as shown in the Filtering exhibit. (Click the Filtering tab.)

  

  You review the Azure AD Connect configurations as shown in the Configure exhibit. (Click the Configure tab.)

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  1.

  User1 can use self-service password reset (SSPR) to reset his password.

  -> [YES]. User1 can use self-service password reset (SSPR) because they are in the synchronized organizational unit (OU1), and "Enable Password writeback" is configured.

  2.

  If User1 connects to Microsoft Exchange Online, an on-premises domain controller provides authentication.

  -> [Yes]. When User1 connects to Microsoft Exchange Online or any other Azure AD-integrated service, their authentication request is passed directly to an on-premises AD domain controller for validation because Pass-through Authentication (PTA) is used.

  3.

  You can add User2 to Group1 as a member.

  -> [No]. User2 is in OU2, which is not selected for synchronization according to the provided configuration details. Since User2's OU is not included in the synchronization scope, you cannot directly add User2 to Group1 from the on-premises AD.

• Question 188:

  HOTSPOT

  Your on-premises network contains an Active Directory Domain Services (AD DS) domain.

  You plan to sync the domain with an Azure AD tenant by using Azure AD Connect cloud sync.

  You need to meet the following requirements:

  1.

  Install the software required to sync the domain and Azure AD.

  2.

  Enable password hash synchronization.

  What should you install, and what should you use to enable password hash synchronization? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: Azure AD Connect Implement password hash synchronization with Azure AD Connect sync

  When you install Azure AD Connect by using the Express Settings option, password hash synchronization is automatically enabled.

  Box 2: Azure Portal Express installation of Azure AD Connect

  1.

  Sign in as Local Administrator on the server you want to install Azure AD Connect on. The server you sign in on will be the sync server.

  2.

  Go to AzureADConnect.msi and double-click to open the installation file.

  3.

  In Welcome, select the checkbox to agree to the licensing terms, and then select Continue.

  4.

  In Express settings, select Use express settings

  Reference: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-password-hash-synchronization https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-install-express

• Question 189:

  HOTSPOT

  Your network contains two Active Directory Domain Services (AD DS) forests as shown in the following exhibit.

  

  The forests contain the domain controllers shown in the following table.

  

  You perform the following actions on DC1:

  1.

  Create a user named User1.

  2.

  Extend the schema with a new attribute named Attribute1.

  To which domain controllers are User1 and Attribute1 replicated? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  User1:

  This is a domain-level object.

  Since DC1 and DC2 are in the same domain (adatum.com), User1 will be replicated to DC2.

  DC3 is in a different domain (west.adatum.com), but it is in the same forest. Since it's a Global Catalog (GC) server, it will receive a partial replica of the adatum.com domain, including the newly created User1.

  DC4 is in a completely different forest (contoso.com) and there is no direct trust relationship between contoso.com and west.adatum.com, so User1 will not be replicated to DC4.

  Attribute1:

  This is a schema-level object. The schema is a forest-wide object.

  The schema master for the adatum.com forest is DC1, so any changes to the schema (such as adding a new attribute) are initially made on DC1.

  These changes are then replicated to all other domain controllers in the adatum.com forest, which includes DC2 and DC3.

  However, DC4 is in a different forest, so it will not receive the schema changes made in the adatum.com forest.

  In summary, User1 and Attribute1 will be replicated to DC2 and DC3

• Question 190:

  HOTSPOT

  You have an Active Directory Domain Services (AD DS) domain that contains a group named Group1.

  You need to create a group managed service account (gMSA) named Account1. The solution must ensure that Group1 can use Account1.

  How should you complete the script? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer: