Microsoft Microsoft Certifications AZ-800 Questions & Answers

• Question 81:

  You need to implement the planned changes for the Azure DNS Private Resolver.

  Which private DNS zones can you use for name resolution?

  A. Zone1.com only

  B. Zone2.com only

  C. Zone1.com and Zone2.com only

  D. Zone2.com and Zone3.com only

  E. Zone1.com, Zone2.com, and Zone3.com

  Correct Answer: A

  Azure DNS Private Resolver is a new service that enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers.

  Azure DNS Private Resolver requires an Azure Virtual Network. When you create an Azure DNS Private Resolver inside a virtual network, one or more inbound endpoints are established that can be used as the destination for DNS queries.

  The DNS query process when using an Azure DNS Private Resolver is summarized below:

  1.

  A client in a virtual network issues a DNS query.

  2.

  If the DNS servers for this virtual network are specified as custom, then the query is forwarded to the specified IP addresses.

  3.

  If Default (Azure-provided) DNS servers are configured in the virtual network, and there are Private DNS zones linked to the same virtual network, these zones are consulted.

  4.

  If the query doesn't match a Private DNS zone linked to the virtual network, then Virtual network links for DNS forwarding rulesets are consulted.

  5.

  If no ruleset links are present, then Azure DNS is used to resolve the query.

  6.

  If ruleset links are present, the DNS forwarding rules are evaluated.

  7.

  If a suffix match is found, the query is forwarded to the specified address.

  8.

  If multiple matches are present, the longest suffix is used.

  9.

  If no match is found, no DNS forwarding occurs and Azure DNS is used to resolve the query.

  Note: Planned changes:

  Create an Azure DNS Private Resolver that has the following configurations:

  Name: Private1

  Region: West US

  Virtual network: VNet1

  Inbound endpoint: SubnetB

  The subscription contains the Azure Private DNS zones shown in the following table.

  Zone1.com has Virtual network link in VNET1.

  Zone2.com has Virtual network link in VNET2.

  Zone3.com has no Virtual network links.

  https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview

• Question 82:

  You need to implement the planned changes for Azure AD users to sign in to Server1.

  Which PowerShell cmdlet should you run?

  A. New-ADComputer

  B. Set-AzVM

  C. Set-AzVMExtension

  D. Add-ADComputerServiceAccount

  Correct Answer: C

  Enable Azure AD users to sign in to Server1.

  Sever1 is a Windows Server 2022 Datacenter. Azure Edition server with Trusted launch running in a Virtual machine.

  Set-AzVMExtension

  Updates extension properties or adds an extension to a virtual machine.

  Description

  The Set-AzVMExtension cmdlet updates properties for existing Virtual Machine Extensions or adds an extension to a virtual machine.

  Note: Enable Azure AD login for a Windows VM in Azure

  To use Azure AD login for a Windows VM in Azure, you must:

  Enable the Azure AD login option for the VM.

  Configure Azure role assignments for users who are authorized to log in to the VM.

  There are two ways to enable Azure AD login for your Windows VM:

  The Azure portal, when you're creating a Windows VM.

  Azure Cloud Shell, when you're creating a Windows VM or using an existing Windows VM.

  Install the Azure AD login VM extension to enable Azure AD login for Windows VMs. VM extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. Use az vm extension set

  to install the AADLoginForWindows extension on the VM named myVM in the myResourceGroup resource group.

  The following example uses the Azure CLI to install the extension:

  AzureCLI

  az vm extension set \ --publisher Microsoft.Azure.ActiveDirectory \ --name AADLoginForWindows \ --resource-group myResourceGroup \ --vm-name myVM

  Reference: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows https://learn.microsoft.com/en-us/powershell/module/az.compute/set-azvmextension

• Question 83:

  You need to ensure that VM3 meets the technical requirements.

  What should you install first?

  A. Enhanced Storage

  B. the iSNS Server service

  C. File Server Resource Manager (FSRM)

  D. Windows Standards-Based Storage Management

  Correct Answer: C

  VM3 must be configured to enable per-folder quotas.

  VM3 is a Windows Server 2022 Standard server, joined to the adatum.com domain, and has the File and Storage Services role installed.

  Configure Disk Quota using FSRM (Windows Server 2012 R2)

  File Server Resource Manager is a pack of tools for Windows Server® 2008 or above that allows administrators to control and manage the quantity and type of data files that is stored on their network or servers.

  Disk Quota is a tool part of the FSRM Pack of tools. It helps to Manage the capacity of a storage device on the server or network.

  Example:

  Configure Disk Quota on DC1

  Step 1

  Go to Server Manager

  Step 2

  On the Server Manager Console. Select “Tools” on the right top corner and choose “File Server Resource Manager”

  Step 3

  On the File Server Resource Manager console, select “Quota Management -> Quotas”, Then Right-Click on “Quotas”. Select “Create Quota”

  Step 4

  Browser for Quota Path

  Step 5

  Select “Define Custom Quota Properties” and choose “custom Properties”

  Step 6

  Under the “Space Limit” Section, specify your preferred limit and choose “Ok”

  Step 7

  Select “Create”

  Step 8

  Save as a template with your preferred name. Our is “Graphic files template” and choose ‘OK’

  We are done.

  Reference:

  https://vincenttechblog.com/disk-quota-fsrm-windows-server-2012-r2/

• Question 84:

  You need to implement a name resolution solution that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  A. Create an Azure private DNS zone named corp.fabhkam.com.

  B. Create a virtual network link in the coip.fabnkam.com Azure private DNS zone.

  C. Create an Azure DNS zone named corp.fabrikam.com.

  D. Configure the DNS Servers settings for Vnet1.

  E. Enable autoregistration in the corp.fabnkam.com Azure private DNS zone.

  F. On DC3, install the DNS Server role.

  G. Configure a conditional forwarder on DC3.

  Correct Answer: DF

  Virtual machines in an Azure virtual network receive their DNS configuration from the DNS settings configured on the virtual network. You need to configure the Azure virtual network to use DC3 as the DNS server. Then all virtual machines in the virtual network will use DC3 and their DNS server.

• Question 85:

  You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements. What should you configure?

  A. loopback processing in GPO4

  B. security filtering for the link of GPO1

  C. loopback processing in GPO1

  D. the Enforced property for the link of GPO4

  E. the Enforced property for the link of GPO1

  F. security filtering for the link of GPO4

  Correct Answer: A

• Question 86:

  You need to implement an availability solution for DHCP that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  A. On DHCP1, create a scope that contains 25 percent of the IP addresses from Scope2.

  B. On the router in each office, configure a DHCP relay.

  C. DHCP2, configure a scope that contains 25 percent of the IP addresses from Scope1.

  D. On each DHCP server, install the Failover Clustering feature and add the DHCP cluster role.

  E. On each DHCP scope, configure DHCP failover.

  Correct Answer: BE

  Reference: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831385(v=ws.11)

• Question 87:

  You are planning the implementation Azure Arc to support the planned changes.

  You need to configure the environment to support configuration management policies.

  What should you do?

  A. Hybrid Azure AD join all the servers.

  B. Create a hybrid runbook worker m Azure Automation.

  C. Deploy the Azure Connected Machine agent to all the servers.

  D. Deploy the Azure Monitor agent to all the servers.

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/azure/azure-arc/servers/plan-at-scale-deployment

• Question 88:

  What should you implement for the deployment of DC3?

  A. Azure Active Directory Domain Services (Azure AD DS).

  B. Azure AD Application Proxy.

  C. An Azure virtual machine.

  D. An Azure AD administrative unit.

  Correct Answer: C

  Create a domain controller named dc3.corp.fabrikam.com in Vnet1.

  In a hybrid network, you can configure Azure virtual machines as domain controllers. The domain controllers in Azure communicate with the on-premises domain controllers in the same way that on-premises domain controllers communicate

  with each other.

• Question 89:

  You need to configure remote administration to meet the security requirements. What should you use?

  A. an Azure Bastion host

  B. Azure AD Privileged Identity Management (PIM)

  C. the Remote Desktop extension for Azure Cloud Services

  D. just in time (JIT) VM access

  Correct Answer: D

  Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc

• Question 90:

  Take two steps to implement an availability solution for DHCP. You must meets the networking requirements.

  Choose the correct action from the following options.

  NOTE: Each correct selection is worth one point.

  A. Add the DHCP cluster role on each DHCP server and install the Failover Clustering feature

  B. Configure a DHCP relay on the router in each office.

  C. Configure a scope that contains 25 percent of the IP addresses from Scope1 on DHCP2.

  D. Create a scope that contains 25 percent of the IP addresses from Scope2 On DHCP1.

  E. Configure DHCP failover on each DHCP scope

  Correct Answer: AE