Administering Windows Server Hybrid Core Infrastructure
Exam Details
Exam Code
:AZ-800
Exam Name
:Administering Windows Server Hybrid Core Infrastructure
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:247 Q&As
Last Updated
:Mar 24, 2025
Microsoft Microsoft Certifications AZ-800 Questions & Answers
Question 191:
HOTSPOT
Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains the servers shown in the following table.
The domain controllers do NOT have internet connectivity.
You plan to implement Azure AD Password Protection for the domain.
You need to deploy Azure AD Password Protection agents. The solution must meet the following requirements:
1.
All Azure AD Password Protection policies must be enforced.
2.
Agent updates must be applied automatically.
3.
Administrative effort must be minimized.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: DC1 and DC2 only Install the Azure AD Password Protection agent on
Incorrect:
* RODC1 Read-only domain controller considerations Password change or set events aren't processed and persisted on read-only domain controllers (RODCs). Instead, they're forwarded to writable domain controllers. You don't have to install the Microsoft Entra Password Protection DC agent software on RODCs.
Box 2: Server2
Install the Azure AD Password Protection Proxy on
Microsoft Entra Password Protection proxy service
The following requirements apply to the Microsoft Entra Password Protection proxy service:
*
Network access must be enabled for the set of ports and URLs specified in the Application Proxy environment setup procedures.
*
Etc.
Note: Deployment strategy
The following diagram shows how the basic components of Microsoft Entra Password Protection work together in an on-premises Active Directory environment:
Your on-premises network contains a single-domain Active Directory Domain Services (AD DS) forest. You have an Azure AD tenant named contoso.com. The AD DS forest syncs with the Azure AD tenant by using Azure AD Connect.
You need to ensure that users in the forest that have a custom attribute of NoSync are excluded from synchronization.
How should you configure the Azure AD Connect cloudFiltered attribute, and which tool should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: True
Attribute-based filtering
Inbound filtering
Inbound filtering uses the default configuration, where objects going to Microsoft Entra ID must have the metaverse attribute cloudFiltered not set to a value to be synchronized. If this attribute's value is set to True, then the object isn't
synchronized. It shouldn't be set to False, by design. To make sure other rules have the ability to contribute a value, this attribute is only supposed to have the values True or NULL (absent).
Box 2: Synchronization Rules Editor
Example.
Negative filtering: "do not sync these"
In the following example, you filter out (not synchronize) all users where extensionAttribute15 has the value NoSync.
1.
Sign in to the server that is running Microsoft Entra Connect Sync by using an account that is a member of the ADSyncAdmins security group.
2.
Start *Synchronization Rules Editor* from the Start menu.
3.
Make sure Inbound is selected, and click Add New Rule.
Inbound filtering uses the default configuration, where objects going to Microsoft Entra ID must have the metaverse attribute cloudFiltered not set to a value to be synchronized. If this attribute's value is set to True, then the object isn't
synchronized. It shouldn't be set to False, by design. To make sure other rules have the ability to contribute a value, this attribute is only supposed to have the values True or NULL (absent).
Box 2: Synchronization Rules Editor
Example.
Negative filtering: "do not sync these"
In the following example, you filter out (not synchronize) all users where extensionAttribute15 has the value NoSync.
1.
Sign in to the server that is running Microsoft Entra Connect Sync by using an account that is a member of the ADSyncAdmins security group.
2.
Start *Synchronization Rules Editor* from the Start menu.
3.
Make sure Inbound is selected, and click Add New Rule.
4.
Etc.
Reference:
Question 193:
HOTSPOT
You have an Active Directory Domain Services (AD DS) domain that contains the member servers shown in the following table.
Server3 contains a data disk named Disk1 that has Data Deduplication installed. Disk1 contains the files shown in the following table.
Server3 fails.
You need to recover the files on Disk1.
Which files can you recover if you attach Disk1 to Server1, and which files can you recover if you attach Disk1 to Server2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: File1.txt, File2.doc, File3.sys, and File4.bmp
Box 2: No files can be recovered
The data deduplication feature enables backup applications to perform optimized backup and restore of volumes that are enabled for data deduplication.
You have a server named Server1 that runs Windows Server. Server1 has a single network interface and the Hyper-V virtual switches shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 195:
HOTSPOT
You have a Windows Server container host named Server1.
You start the containers on Server1 as shown in the following table.
You need to validate the status of ProcessA and ProcessC.
Where can you verify that ProcessA and ProcessC are in a running state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
ProcessA is in a container that has process isolation. So, both Container1 and the host (Server1) can see the process. Per this article "When you have a Windows container running in process isolation mode, all processes are isolated
between the containers so they have no influence on each other. However, the security boundary between container host and containers is simply the process isolation itself, which means the container host has visibility into the processes
running inside the container." https://argonsys.com/microsoft-cloud/library/how-to-identify-processes-running-inside-a-windows-container-from-the-container-host/
ProcessC is in a hyper-V isolation container in contrast, so only Container3 can see the process.
So, Container1 and Server1 only for the first answer. Container3 only for the second one.
Question 196:
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.
You plan to implement Azure Automanage for Windows Server.
You need to identify the operating system prerequisites.
Which virtual machines support Hotpatch, and which virtual machines support SMB over QUIC? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: VM2 only
Hotpatch
Hotpatch is supported on the following operating systems for VMs running on Azure and Azure Stack HCI:
Windows Server 2022 Datacenter: Azure Edition Core
Windows Server 2022 Datacenter: Azure Edition with Desktop Experience
Box 2: VM1 only
SMB over QUIC:
To use SMB over QUIC, you need the following things:
A file server running Windows Server 2022 Datacenter: Azure Edition (Microsoft Server Operating Systems)
A Windows 11 computer (Windows for business)
Windows Admin Center (Homepage)
A Public Key Infrastructure to issue certificates like Active Directory Certificate Server or access to a trusted third party certificate issuer like Verisign, Digicert, Let's Encrypt, and so on.
You have an Azure subscription that contains a virtual network named VNet1. Vnet1 contains three subnets named Subnet1, Subnet2, and Subnet3.
You deploy a virtual machine that has the following settings:
1.
Name:VM1
2.
Subnet: Subnet2
3.
Network interface name: NIC1
4.
Operating system: Windows Server 2022
You need to ensure that VM1 can route traffic between Subnet1 and Subnet3. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Enable IP forwarding for NIC1
IP forwarding enables a NIC attached to a VM to:
Receive network traffic not destined for any of the IP addresses assigned in any of the NIC's IP configurations.
Send network traffic with a different source IP address than is assigned in any of the NIC's IP configurations.
You must enable IP forwarding for every NIC attached to the VM that needs to forward traffic. A VM can forward traffic whether it has multiple NICs or a single NIC attached to it.
IP forwarding is typically used with user-defined routes.
Box 2: Run the route add command
User-defined
You can create custom, or user-defined(static), routes in Azure to override Azure's default system routes, or to add more routes to a subnet's route table. In Azure, you create a route table, then associate the route table to zero or more virtual
network subnets. Each subnet can have zero or one route table associated to it.
Example:
To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type:
You have an Azure subscription and a computer named Computer1 that runs Windows 11.
From the Azure portal, you deploy a virtual machine named VM1 that runs Windows Server. You configure VM1 to use the default settings.
You need to ensure that you can connect to VM1 by using PowerShell remoting.
Which cmdlet should you run, and what should you use to run the cmdlet? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: A PowerShell session on VM1
Box 2: Enable-AzVMPSRemoting
Connecting to VMs with Azure PSRemoting
Enabling Azure PSRemoting
With the Enable-AzureVMPSRemoting cmdlet, Azure PowerShell configures the pieces necessary for running commands and code against target VMs in Azure, much like you do on-premises. To do this, it performs the following:
Based on the Operating System, it ensures WinRM (Windows) or SSH (Linux) is setup.
It ensures Network Security Group rules are in place to allow communication to the target, again based on communications type.
For Linux VMs, it installs PowerShell core on the target system.
To enable your VMs for PSRemoting in Azure, you would run a command similar to these for windows and Linux VMs:
# Enable Windows VM PS Azure:\> Enable-AzVMPSRemoting -Name 'vm-win-01' -ResourceGroupName 'azure-cloudshell-demo' -Protocol https -OsType Windows
# Enable Linux VM PS Azure:\> Enable-AzVMPSRemoting -Name 'vm-lin-01' -ResourceGroupName 'azure-cloudshell-demo' -Protocol ssh -OsType Linux
You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed. Server1 contains a virtual machine named VM1 that runs Windows Server.
You need to install the Hyper-V server role on VM1.
Which PowerShell command should you run first? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Set-VMHost Set-VMHost Module: Hyper-V Configures a Hyper-V host.
Indicates whether users can use enhanced mode when they connect to virtual machines on this server by using Virtual Machine Connection.
Note: Enhanced session mode enables you to copy and paste the commands from the Hyper-V host to VMs, between VMs, and between RDP sessions. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy on one computer, then right-clicking and selecting paste on another computer.
To ensure that enhanced session mode is enabled on the Hyper-V host, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
Set-VMhost -EnableEnhancedSessionMode $TRUE
Incorrect:
* Set-VMFirmware Module: Hyper-V Sets the firmware configuration of a virtual machine.
Description
The Set-VMFirmware cmdlet sets the firmware configuration of a Generation 2 virtual machine.
You have a Windows Server 2022 container host named Host1 and a container registry that contains the container images shown in the following table.
You need to run the containers on Host1.
Which isolation mode can you use for each image? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Hyper-V isolation or process isolation Isolation Modes Windows Server host OS compatibility
Box 2: Hyper-V isolation only
Note: Windows containers offer two distinct modes of runtime isolation: process and Hyper-V isolation. Containers running under both isolation modes are created, managed, and function identically. They also produce and consume the same container images. The difference between the isolation modes is to what degree of isolation is created between the container, the host operating system, and all of the other containers running on that host.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-800 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
