Administering Windows Server

Hybrid Core Infrastructure

Exam AZ-800

109 Questões para o Exame AZ-800

Como estudar para o Exame

m
Faça um resumo do que viu e leu nas aulas, livros e apostilas que usou para estudar.
Um resumo reforça todos os temas estudados e facilita a fixação dos conceitos
aprendidos.
Antes de começar a estudar NÃO faça questionários ou simulados!

co
Pela minha experiência, os alunos que estão iniciando os estudos e tentam responder
um simulado acabam frustrados e desistem de se inscrever pois os resultados, com
raras exceções, são sempre frustrantes.
Simulados e questionários só na última semana antes do exame, incluindo as questões
desse documento. o.
Ao estudar, tente fazer na prática as funções que está estudando. A Microsoft dá
bastante ênfase para a prática nos seus exames, portanto é importante ter um
ambiente para testar funções, comandos e procedimentos, isso facilita muito o
ld
entendimento e a fixação de todos os assuntos estudados.
Nas semanas que antecedem o exame utilize este nosso documento, você vai notar
que a grande maioria das questões não só tem a resposta, mas também uma
na

explicação sobre a resposta e também um link para o site da Microsoft que contém a
teoria que justifica a solução apontada.
Se você quer realmente ser aprovado nos exames utilize as questões não só para
decorar, mas sim como uma ferramenta de estudo para mostrar o que você já domina e
onde você pode melhorar.
oI

A ideia que me levou à criação desse documento foi de utilizar perguntas de prova para
levar o candidato a estudar mais diretamente os assuntos que ainda não domina e tirar
dúvidas que não podem ser levadas no dia do exame.
Ti

Boa sorte!!

Tio Inaldo

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 1
Your network contains an Active Directory Domain Services (AD DS) domain named
contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-
Name in the console tree, and then select Properties.

m
Does this meet the goal?

A. Yes
B. No

co
Correct Answer: B

QUESTION 2

contoso.com.
o.
Your network contains an Active Directory Domain Services (AD DS) domain named

You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory
ld
Domains and Trusts in the console tree, and then select Operations Master.
Does this meet the goal?

A. Yes
na

B. No

Correct Answer: B
oI

QUESTION 3
Your network contains an Active Directory Domain Services (AD DS) domain named
contoso.com.
You need to identify which server is the PDC emulator for the domain.
Ti

Solution: From a command prompt, you run netdom.exe query fsmo.

Does this meet the goal?

A. Yes
B. No

Correct Answer: A

Reference:
https://activedirectorypro.com/how-to-check-fsmo-roles/
https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 4
Your network contains an Active Directory Domain Services (AD DS) domain named
contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: from Active Directory Users and Computers, you right-click contoso.com in the
console tree, and then select Operations Master.

m
Does this meet the goal?

A. Yes
B. No

co
Correct Answer: A

QUESTION 5 o.
You have an on premises Active Directory Domain Services (AD DS) domain that syncs
with an Azure Active Directory (Azure AD) tenant.
You plan to implement self-service password reset (SSPR) in Azure AD.
ld
You need to ensure that users that reset their passwords by using SSPR can use the
new password resources in the AD DS domain.
What should you do?
na

A. Deploy the Azure AD Password Protection proxy service to the on premises network.
B. Run the Microsoft Azure Active Directory Connect wizard and select Password
writeback.
C. Grant the Change password permission for the domain to the Azure AD Connect
service account.
oI

D. Grant the impersonate a client after authentication user right to the Azure AD
Connect service account.

Correct Answer: B
Ti

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-
sspr-writeback

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 6
You have an Azure Active Directory Domain Services (Azure AD DS) domain named
contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects
(GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?

m
A. AAD DC Administrators
B. Domain Admins
C. Schema Admins

co
D. Enterprise Admins
E. Group Policy Creator Owners

Correct Answer: B

Explanation: o.
Only the Domain Admins group and the Enterprise Admins group can fully manage
GPOs. Members of the Group Policy Creator Owners group can create new GPOs but
they can't link the GPOs to sites, the domain or OUs and they cannot manage existing
ld
GPOs.

Reference:
https://social.technet.microsoft.com/wiki/contents/articles/20579.delegation-of-group-
na

policy-full-administration.aspx
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 7
You create a new Azure subscription.
You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure
virtual machines. The virtual machines will be joined to Azure AD DS.
You need to deploy Active Directory Domain Services (AD DS) to ensure that the virtual
machines can be deployed and joined to Azure AD DS.
Which three actions should you perform in sequence?

m
To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:

co
o.
ld
na

Correct Answer:
oI
Ti

Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-
instance

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 8
You have an Azure Active Directory Domain Services (Azure AD DS) domain.
You create a new user named Admin1.
You need Admin1 to deploy custom Group Policy settings to all the computers in the
domain. The solution must use the principle of least privilege.
What should you include in the solution?

m
To answer, select the appropriate options in the answer area. NOTE: Each correct
selection is worth one point.

co
Correct Answer:
o.
ld
na
oI

Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-
policy
Ti

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/create-ou

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 9
Your network contains a single domain Active Directory Domain Services (AD DS)
forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a
server named Server1. A user named User1 is a member of the local Administrators
group on Server1.

m
You need to recommend a deployment plan that meets the following requirements:
 Ensures that a user named User1 can perform the RODC installation on Server1
 Ensures that you can control the AD DS replication schedule to the Server1
 Ensures that Server1 is in a new site named RemoteSite1

co
Use the principle of least privilege.
Which three actions should you recommend performing in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:
o.
ld
na
oI

Correct Answer:
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Explanation:
Box 1
We need to create a site and subnet for the remote site. The new site will be added to
the Default IP Site Link so we don't need to create a new site link. You configure the
replication schedule on the site link.
Box 2

m
When we pre-create an RODC account, we can specify who is allowed to attach the
server to the prestaged account. This means that the User1 does not need to be added
to the Domain Admins group.
Box 3

co
User1 can connect the RODC to the prestaged account by running the AD DS
installation wizard.

Reference:
https://mehic.se/2018/01/02/how-to-install-and-configure-read-only-domain-controller-
rodc-2016/ o.
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/rodc/install-a-
windows-server-2012-active-directory-read-only-domain-controller--rodc---level-200-
ld
QUESTION 10
Your network contains an Active Directory Domain Services (AD DS) domain. The
network also contains 20 domain controllers, 100 member servers, and 100 client
na

computers.
You have a Group Policy Object (GPO) named GPO1 that contains Group Policy
preferences.
You plan to link GPO1 to the domain.
You need to ensure that the preference in GPO1 apply only to domain member servers
oI

and NOT to domain controllers or client computers. All the other Group Policy settings
in GPO1 must apply to all the computers. The solution must minimize administrative
effort.
Which type of item level targeting should you use?
Ti

A. Domain
B. Operating System
C. Security Group
D. Environment Variable

Correct Answer: B

Reference:

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-
2012-r2-and-2012/dn789189(v=ws.11)#operating-system-targeting

QUESTION 11
You deploy a new Active Directory Domain Services (AD DS) forest named
contoso.com. The domain contains three domain controllers named DC1, DC2, and
DC3.

m
You rename Default-First-Site-Name as Site1.
You plan to ship DC1, DC2, and DC3 to datacenters in different locations.
You need to configure replication between DC1, DC2, and DC3 to meet the following
requirements:

co
 Each domain controller must reside in its own Active Directory site.
 The replication schedule between each site must be controlled independently.
 Interruptions to replication must be minimized.
Which three actions should you perform in sequence in the Active Directory Sites and
Services console?

arrange them in the correct order.

Select and Place:
o.
To answer, move the appropriate actions from the list of actions to the answer area and
ld
na
oI

Correct Answer:
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

m
co
QUESTION 12
Your network contains an Active Directory Domain Services (AD DS) forest named
contoso.com. The root domain contains the domain controllers shown in the following
table. o.
ld
na

A failure of which domain controller will prevent you from creating application partitions?

A. DC1
B. DC2
C. DC3
oI

D. DC4
E. DC5

Correct Answer: A
Ti

Reference:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 13
You have 10 on-premises servers that run Windows Server.
You plan to use Azure Network Adapter to connect the servers to the resources in
Azure.
Which prerequisites do you require on-premises and in Azure?
To answer, select the appropriate options in the answer area.

m
NOTE: Each correct selection is worth one point.

co
o.
ld
Correct Answer:
na
oI
Ti

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-
center/azure/use-azure-networkadapter

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 14
You have a server named Server1 that has Windows Admin Center installed. The
certificate used by Windows Admin Center was obtained from a certification authority
(CA).
The certificate expires.
You need to replace the certificate.

m
Which three actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:

co
o.
ld
na

Correct Answer:
oI
Ti

Reference:
https://www.starwindsoftware.com/blog/change-the-windows-admin-center-certificate

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 15
You have an on-premises server named Server1 that runs Windows Server and has
internet connectivity.
You have an Azure subscription.
You need to monitor Server1 by using Azure Monitor.
Which resources should you create in the subscription and what should you install on

m
Server1?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

co
o.
ld
Correct Answer:
na
oI
Ti

Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/gateway
https://docs.microsoft.com/en-us/windowsserver/manage/windows-admin-
center/azure/azure-monitor

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 16
You have an on premises Active Directory Domain Services (AD DS) domain that syncs
with an Azure Active Directory (Azure AD) tenant. The domain contains two servers
named Server1 and Server2.
A user named Admin1 is a member of the local Administrators group on Server1 and
Server2.

m
You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be
added to a resource group named RG1.
You need to ensure that Admin1 can configure Server1 and Server2 to be managed by
using Azure Arc.

co
What should you do first?

A. From the Azure portal, generate a new onboarding script.

B. Assign Admin1 the Azure Connected Machine Onboarding role for RG1.
C. Hybrid Azure AD join Server1 and Server2.
o.
D. Create an Azure cloud-only account for Admin1.

Correct Answer: B
ld
Reference:
https://docs.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal
na

QUESTION 17
Your network contains two Active Directory Domain Services (AD DS) forests named
contoso.com and fabrikam.com. A two way forest trust exists between the forests. Each
forest contains a single domain.
oI

The domains contain the servers shown in the following table.

Ti

You need to configure resource based constrained delegation so that the users in
contoso.com can use Windows Admin Center on Server1 to connect to Server2.
How should you complete the command?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

m
co
Correct Answer:

o.
ld
na
oI

Reference:
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-
constrained-delegation-overview
https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-
Ti

adcomputer?view=windowsserver2022-ps

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 18
You have a server named Server1 that runs Windows Server and has the Hyper-V
server role installed.
You need to limit which Hyper-V module cmdlets helpdesk users can use when
administering Server1 remotely.
You configure Just Enough Administration (JEA) and successfully build the role

m
capabilities and session configuration files.
How should you complete the PowerShell command?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

co
o.
ld
na

Correct Answer:
oI
Ti

Reference:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/new-
pssessionconfigurationfile?view=powershell-7.2

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 19
You have an Azure virtual machine named VM1 that runs Windows Server.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to ensure that you can use the Azure Policy guest configuration feature to
manage VM1.
What should you do?

m
A. Add the PowerShell Desired State Configuration (DSC) extension to VM1.
B. Configure VM1 to use a user-assigned managed identity.
C. Configure VM1 to use a system-assigned managed identity.

co
D. Add the Custom Script Extension to VM1.

Correct Answer: C

Reference:
o.
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/guest-configuration
ld
QUESTION 20
You have a server named Host1 that has the Hyper-V server role installed. Host1 hosts
a virtual machine named VM1.
You have a management server named Server1 that runs Windows Server. You
na

remotely manage Host1 from Server1 by using Hyper-V Manager.

You need to ensure that you can access a USB hard drive connected to Server1 when
you connect to VM1 by using Virtual Machine Connection.
Which two actions should you perform?
Each correct answer presents part of the solution.
oI

NOTE: Each correct selection is worth one point.

A. From the Hyper-V Settings of Host1, select Allow enhanced session mode
B. From Virtual Machine Connection, select Show Options, and then select the USB
Ti

hard drive.
C. From Virtual Machine Connection, switch to a basic session.
D. From Disk Management on Host1, select Rescan Disks.
E. From Disk Management on Host1, attach a virtual hard disk.

Correct Answer: A B

Reference:
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/learn-more/use-
local-resources-on-hyperv-virtual-machine-with-vmconnect
https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 21
You have a Windows Server container host named Server1 and a container image
named image1.
You need to start a container from image1. The solution must run the container on a
Hyper-V virtual machine.
Which parameter should you specify when you run the docker run command?

m
A. --expose
B. --privileged
C. --runtime

co
D. --entrypoint
E. --isolation

Correct Answer: E

Reference: o.
https://docs.docker.com/language/nodejs/run-containers/
https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-
ld
containers/hyperv-container

QUESTION 22
na

You plan to deploy a containerized application that requires .NET Core.

You need to create a container image for the application.
The image must be as small as possible.
Which base image should you use?
oI

A. Windows Server
B. Nano Server
C. Windows
D. Server Core
Ti

Correct Answer: B

Explanation:
Nano Server base container image
This is our smallest base container image. As mentioned above, this means less APIs
available. For Nano Server, we focused on scenarios where developers will be writing
new applications on which the framework can target the specific APIs of Nano Server.
Examples of frameworks, languages, or apps that are supported on Nano Server are
.Net Core (now called .Net)
https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Reference:
https://techcommunity.microsoft.com/t5/containers/nano-server-x-server-core-x-server-
which-base-image-is-theright/ba-p/2835785

m
QUESTION 23
You have an Azure virtual machine named VM1 that runs Windows Server.
You perform the following actions on VM1:
 Create a folder named Folder1 on volume C.

co
 Create a folder named Folder2 on volume D.
 Add a new data disk to VM1 and create a new volume that is assigned drive
letter E.
 Install an app named App1 on volume E.
You plan to resize VM1.

A. Folder1, volume E, and App1 only

B. Folder1 only
o.
Which objects will present after you resize VM1?
ld
C. Folder1 and Folder2 only
D. Folder1, Folder2, App1, and volume E
E. Install an app named App1 on volume E.
na

Correct Answer: A

Explanation:
The folder2 is on D: which by default is the scratch disk that is wiped on a re-boot, a re-
size of the VM requires a reboot of the VM, therefore the contents of D will be wiped.
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 24
You have an Azure virtual machine named VM1 that runs Windows Server and has the
following configurations:
 Size: D2s_v4
 Operating system disk: 127-GiB standard SSD
 Data disk 128-GiB standard SSD

m
 Virtual machine generation: Gen 2
You plan to perform the following changes to VM1:
 Change the virtual machine size to D4s_v4.
 Detach the data disk.

co
 Add a new standard SSD.
Which changes require downtime for VM1?

A. Detaching the data disk only and adding a new standard SSD.
B. Detaching the data disk only.

D. Adding a new standard SSD only.

ANSWER: C
o.
C. Changing the virtual machine size only.
ld
Explanation:
Data disks can be added and detached without requiring downtime. Changing the VM
size requires the VM to be restarted.
na

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/convert-disk-storage
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 25
You have a Windows Server container host named Server1 that has a single disk.
On Server1, you plan to start the containers shown in the following table.

m
Which isolation mode can you use for each container?

co
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

o.
ld
na

Correct Answer:
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Reference:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-
containers/hyperv-container

QUESTION 26
You have a server named Server1 that runs Windows Server and has the Hyper-V

m
server role installed. Server1 hosts a virtual machine named VM1.
Server1 has an NVMe storage device. The device is currently assigned to VM1 by using
Discrete Device Assignment.
You need to make the device available to Server1.

co
Which four actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:

o.
ld
na

Correct Answer:
oI
Ti

Reference:
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-
v/deploy/deploying-storage-devices-usingdda

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 27
You have a server named Server1 that hosts Windows containers.
You plan to deploy an application that will have multiple containers. Each container will
be on the same subnet. Each container requires a separate MAC address and IP
address. Each container must be able to communicate by using its IP address.
You need to create a Docker network that supports the deployment of the application.

m
Which type of network should you create?

A. transparent
B. I2bridge

co
C. NAT
D. I2tunnel

Correct Answer: A

Explanation:
Transparent network driver
o.
Containers attached to a network created with the 'transparent' driver will be directly
connected to the physical network through an external Hyper-V switch. IPs from the
ld
physical network can be assigned statically (requires user-specified --subnet option) or
dynamically using an external DHCP server.

L2bridge network driver

na

Containers attached to a network created with the 'l2bridge' driver will be connected to
the physical network through an external Hyper-V switch. In l2bridge, container network
traffic will have the same MAC address as the host due to Layer-2 address translation
(MAC re-write) operation on ingress and egress. In datacenters, this helps alleviate the
stress on switches having to learn MAC addresses of sometimes short-lived containers.
oI

L2bridge networks can be configured in 2 different ways.

Reference:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/container-
Ti

networking/network-drivers-topologies

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 28
Your network contains two VLANs for client computers and one VLAN for a datacenter.
Each VLAN is assigned an IPv4 subnet. Currently, all the client computers use static IP
addresses.
You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client
computers.

m
What is the minimum number of scopes and DHCP relays you should create?
To answer, select the appropriate option the answer area.
NOTE: Each correct selection is worth one point.

co
o.
ld
Correct Answer:
na
oI

Explanation:
Box 1: 3
Ti

You need a DHCP scope for each of the three subnets.

Box 2: 2
The two client VLANs need a DHCP Relay Agent to forward DHCP requests to the
DHCP server. The datacenter VLAN that contains the DHCP server does not require a
DHCP Relay Agent.

Reference:
https://sites.google.com/site/chaseerry/cisco-routing/dhcp-relay-agent---one-dhcp-
server-for-many-vlans

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 29
You have a server that runs Windows Server and has the DHCP Server role installed.
The server has a scope named Scope1 that has the following configurations:
 Address range: 192.168.0.2 to 192. 168.1.254
 Mask: 255.255.254.0
 Router: 192.168.0.1

m
 Lease duration: 3 days
 DNS server: 172.16.0.254
You have 50 Microsoft Teams Phone devices from the same vendor. All the devices
have MAC addresses within the same range.

co
You need to ensure that all the Teams Phone devices that receive a lease from Scope1
have IP addresses in the range of 192.168.1.100 to 192.168.1.200. The solution must
NOT affect other DHCP clients that receive IP configurations from Scope1.
What should you create?

A. a scope
B. a filter
C. scope options
D. a policy
o.
ld
Correct Answer: D

Reference:
na

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-
2012-R2-and-2012/dn425040(v=ws.11)
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 30
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.

m
The contoso.local zone contains zone delegations for east.contoso.local and
west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal
namespaces and internet hosts.

co
Solution: You configure Server2 and Server3 to forward DNS requests to 10.0.1.10.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

QUESTION 31
o.
ld
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
na

The contoso.local zone contains zone delegations for east.contoso.local and

west.contoso.local. All the DNS servers use root hints.
oI

You need to ensure that all the DNS servers can resolve the names of all the internal
namespaces and internet hosts.
Solution: On Server2 and Server3, you configure a conditional forwarder for
contoso.local.
Does this meet the goal?
Ti

A. Yes
B. No

Correct Answer: B

Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-
2008-r2-and-2008/cc794735(v=ws.10)

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 32
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.

m
The contoso.local zone contains zone delegations for east.contoso.local and
west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal

co
namespaces and internet hosts.
Solution: On Server2, you create a conditional forwarder for contoso.local and
west.contoso.local. On Server3, you create a conditional forwarder for contoso.local and
east.contoso.local.
Does this meet the goal?

A. Yes
B. No
o.
ld
Correct Answer: A

QUESTION 33
na

You are planning the deployment of DNS to a new network.

You have three internal DNS servers as shown in the following table.
oI

The contoso.local zone contains zone delegations for east.contoso.local and

west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal
Ti

namespaces and internet hosts.

Solution: On Server2, you create a conditional forwarder for west.contoso.local. On
Server3, you create a conditional forwarder for east.contoso.local.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 34
You have an on-premises network that is connected to an Azure virtual network by
using a Site-to-Site VPN. Each network contains a subnet that has the same IP address
space. The on-premises subnet contains a virtual machine.
You plan to migrate the virtual machine to the Azure subnet.
You need to migrate the on premises virtual machine to Azure without modifying the IP

m
address. The solution must minim administrative effort.
What should you implement before you perform the migration?

A. Azure Extended Network

co
B. Azure Virtual Network NAT
C. Azure Application Gateway
D. Azure virtual network peering

Correct Answer: A

Reference:
o.
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-
center/azure/azure-extended-network
ld
QUESTION 35
na

You have servers that have the DNS Server role installed. The servers are configured
as shown in the following table.
oI

All the client computers in the New York office use Server2 as the DNS server.
You need to configure name resolution in the New York office to meet the following
requirements:
Ti

 Ensure that the client computers in New York can resolve names from
contoso.com.
 Ensure that Server2 forwards all DNS queries for internet hosts to
131.107.100.200.
The solution must NOT require modifications to Server1.
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

A. a forwarder
B. a conditional forwarder
C. a delegation
D. a secondary zone
E. a reverse lookup zone

m
ANSWER: A B

Explanation:
A conditional forwarder is required for contoso.com.

co
A forwarder is required for all other domains.
When you have a conditional forwarder and a forwarder configured, the conditional
forwarder will be used for the specified domain.
You could use a secondary zone for contoso.com but that would require a configuration
change on Server1.

QUESTION 36
o.
ld
You have an Azure virtual machine named VM1 that runs Windows Server.
You need to configure the management of VM1 to meet the following requirements:
 Require administrators to request access to VM1 before establishing a Remote
Desktop connection.
na

 Limit access to VM1 from specific source IP addresses.

 Limit access to VM1 to a specific management port.
What should you configure?

A. a network security group (NSG)

oI

B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

C. Microsoft Defender for Cloud
D. Azure Front Door
Ti

Correct Answer: C

Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-
usage?tabs=jit-config-asc%2Cjitrequest-asc

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 37
Your network contains an Active Directory Domain Services (AD DS) domain named
contoso.com. The domain contains a DNS server named Server1. Server1 hosts a DNS
zone named fabrikam.com that was signed by DNSSEC.
You need to ensure that all the member servers in the domain perform DNSSEC
validation for the fabrikam.com namespace.

m
What should you do?

A. On Server1, run the Add-DnsServerTrustAnchor cmdlet.

B. On each member server, run the Add-DnsServerTrustAnchor cmdlet.

co
C. From a Group Policy Object (GPO), add a rule to the Name Resolution Policy Table
(NRPT).
D. From a Group Policy Object (GPO), modify the Network List Manager policies.

Correct Answer: C
o.
ld
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 38
You have on-premises file servers that run Windows Server as shown in the following
table.

m
You have the Azure file shares shown in the following table.

co
You add a Storage Sync Service named Sync1 and an Azure File Sync sync group
named Group1.
Group1 uses share1 as a cloud endpoint.
You register Server1 and Server2 with Sync1. You add D:\Folder1 from Server1 as a
server endpoint in Group1.

select No.
o.
For each of the following statements, select Yes if the statement is true. Otherwise,

NOTE: Each correct selection is worth one point.

Hot Area:
ld
na
oI

Correct Answer:
Ti

Reference:
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-planning

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 39
You need to sync files from an on premises server named Server1 to Azure by using
Azure File Sync.
You have a cloud tiering policy that is configured for 30 percent free space and 70 days.
Volume E on Server1 is 500 GB.
A year ago, you configured E:\Data on Server1 to sync by using Azure File Sync. The
files that are visible in E:\Data are shown in the following table.

m
co
Volume E does NOT contain any other files.
Where are File1 and File3 located?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area: o.
ld
na

Correct Answer:
oI
Ti

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-
center/azure/azure-file-sync
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-cloud-tiering-overview
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-cloud-tiering-
policy?source=recommendations

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 40
You have a file server named Server1 that runs Windows Server and contains the
volumes shown in the following table.

m
On which volumes can you use BitLocker Drive Encryption (BitLocker) and disk quotas?
To answer, select the appropriate options in the answer area.

co
NOTE: Each correct selection is worth one point.

o.
ld
na

Correct Answer:
oI
Ti

Reference:
https://docs.microsoft.com/en-us/windows-server/storage/refs/refs-overview

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 41
You have a server that runs Windows Server and contains a shared folder named
UserData. You need to limit the amount of storage space that each user can consume
in UserData.
What should you use?

m
A. Storage Spaces
B. Work Folders
C. Distributed File System (DFS) Namespaces
D. File Server Resource Manager (FSRM)

co
Correct Answer: D

Explanation:
File Server Resource Manager includes the following features:
o.
Quota management allows you to limit the space that is allowed for a volume or folder,
and they can be automatically applied to new folders that are created on a volume. You
can also define quota templates that can be applied to new volumes or folders.
ld
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/fsrm/fsrm-overview

QUESTION 42
na

Your network contains an Active Directory Domain Services (AD DS) domain named
contoso.com. The domain contains two servers named Server1 and Server2.
Server1 contains a disk named Disk2. Disk2 contains a folder named UserData.
UserData is shared to the Domain Users group. Disk2 is configured for deduplication.
Server1 is protected by using Azure Backup.
oI

Server1 fails.
You connect Disk2 to Server2.
You need to ensure that you can access all the files on Disk2 as quickly as possible.
What should you do?
Ti

A. Create a storage pool.

B. Restore files from Azure Backup.
C. Install the File Server Resource Manager server role.
D. Install the Data Deduplication server role.

Correct Answer: D

Reference:
https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/overview
https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 43
You have five file servers that run Windows Server.
You need to block users from uploading video files that have the .mov extension to
shared folders on the file servers. All other types of files must be allowed. The solution
must minimize administrative effort.
What should you create?

m
A. a Dynamic Access Control central access policy
B. a data loss prevention (DLP) policy
C. a Dynamic Access Control central access rule

co
D. a file screen

Correct Answer: D

Explanation:
o.
On the File Screening Management node of the File Server Resource Manager MMC
snap-in, you can perform the following tasks:
 Create file screens to control the types of files that users can save, and generate
notifications when users attempt to save unauthorized files.
ld
 Define file screening templates that can be applied to new volumes or folders
and that can be used across an organization.
 Create file screening exceptions that extend the flexibility of the file screening
rules.
na

Reference:
https://docs.microsoft.com/en-us/windows-server/storage/fsrm/file-screening-
management
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 44
Your network contains an Active Directory Domain Services (AD DS) domain named
adatum.com. The domain contains a file server named Server1 and three users named
User1, User2, and User3.
Server1 contains a shared folder named Share1 that has the following configurations:

m
co
o.
The share permissions for Share1 are configured as shown in the Share Permissions
exhibit.
ld
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Share1 contains a file named File1.txt. The advanced security settings for File1.txt are
configured as shown in the File Permissions exhibit.

m
co
o.
ld
For each of the following statements, select Yes if the statement is true. Otherwise,
select No.
NOTE: Each correct selection is worth one point.
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Correct Answer:

m
co
QUESTION 45
You have a server named Server1.
o.
You plan to use Storage Spaces to expand the storage available to Server1. You attach
ld
eight physical disks to Server1. Four disks are HDDs and four are SSDs.
You need to create a volume on Server1 that will use the storage on all the new disks.
The solution must provide the fastest read performance for frequently used files.
Which three actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and
na

arrange them in the correct order.

Select and Place:
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Correct Answer:

m
co
Reference: o.
https://redmondmag.com/articles/2018/07/31/storage-spaces-windows-server-2016-
1.aspx
https://redmondmag.com/articles/2018/08/02/storage-spaces-windows-server-2016-
ld
2.aspx
na

QUESTION 46
Your network contains an on-premises Active Directory Domain Services (AD DS)
domain named contoso.com. The domain contains three servers that run Windows
Server and have the Hyper-V server rote installed. Each server has a Switch Embedded
Teaming (SET) team. You need to verity that Remote Direct Memory Access (RDMA)
oI

and all the required Windows Server settings are configured properly on each server.
What should you use?

A. Server Manager
Ti

B. the validate-DCB cmdlet

C. the Get-NetAdaptor cmdlet
D. Failover Cluster Manager

Correct Answer: B

Reference:
https://github.com/Microsoft/Validate-DCB

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 47
You have a server named Server1 that runs Windows Server. Server1 has the storage
pools shown in the following table.

m
You plan to create a virtual disk named VDisk1 that will use storage tiers. Which pools
can you use to create VDisk1?

co
A. Pool2 and Pool3 only
B. Pool2 only
C. Pool1 only
D. Pool1, Pool2, and Pool3
E. Pool1 and Pool2 only
F. Pool1 and Pool3 only
G. Pool3 only
o.
ld
Correct Answer: A

Explanation:
Storage tiering requires both standard HDDs and SSDs. We cannot use Pool1 because
na

it does not have any SSDs.

QUESTION 48
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs
with an Azure Active Directory (Azure AD) tenant. You plan deploy 100 new Azure
oI

virtual machines that will run Windows Server. You need to ensure that each new virtual
machine is joined to the AD DS domain.
What should you use?

A. Azure AD Connect
Ti

B. a Group Policy Object (GPO)

C. an Azure Resource Manager (ARM) template
D. an Azure management group

Correct Answer: C

Reference:
https://www.ludovicmedard.com/create-an-arm-template-of-a-virtual-machine-
automaticallyjoined-to-a-domain/

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 49
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs
with an Azure Active Directory (Azure AD) tenant.
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello
for Business.

m
Which optional feature should you select in Azure AD Connect?

A. Device writeback
B. Group writeback

co
C. Password writeback
D. Directory extension attribute sync
E. Azure AD app and attribute filtering

Correct Answer: A

Explanation:
o.
Hybrid certificate trust deployments need the device writeback feature. Authentication to
the Windows Server 2016 Active Directory Federation Services needs both the user and
ld
the computer to authenticate. Typically the users are synchronized, but not devices.
This prevents AD FS from authenticating the computer and results in Windows Hello for
Business certificate enrollment failures. For this reason, Windows Hello for Business
deployments need device writeback, which is an Azure Active Directory premium
na

feature.

Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-
business/hellohybrid-cert-trust-prereqs
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 50
Your network contains an on-premises Active Directory Domain Services (AD DS)
domain named contoso.com. The domain contains the objects shown in the following
table.

m
You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by

co
using Azure AD Connect. You need to ensure that all the objects can be used in
Conditional Access policies.
What should you do?

A. Change the scope of Group2 to Universal.

o.
B. Clear the Configure device writeback option.
C. Change the scope of Group1 and Group2 to Global.
D. Select the Configure Hybrid Azure AD join option.
ld
Correct Answer: D

Explanation:
Hybrid Azure AD join needs to be configured to enable Computer1 to be used in
na

Conditional Access Policies. Synchronized users, universal groups and domain local
groups can be used in Conditional Access Policies.

QUESTION 51
oI

Your network contains a multi-site Active Directory Domain Services (AD DS) forest.
Each Active Directory site is connected by using manually configured site links and
automatically generated connections.
You need to minimize the convergence time for changes to Active Directory.
Ti

What should you do?

A. For each site link, modify the options attribute.

B. For each site link, modify the site link costs.
C. For each site link, modify the replication schedule.
D. Create a site link bridge that contains all the site links.

Correct Answer: A

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
Explanation:
When you configure manual site link replication schedule is already setup to 15 minute
replication cycle you can not lower more down. So only option left is to change link site
option attribute for use notify setting.

Reference:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/determining-the-

m
interval

QUESTION 52

co
Your network contains an Active Directory Domain Services (AD DS) domain. The
domain contains 10 servers that run Windows Server. The servers have static IP
addresses.
You plan to use DHCP to assign IP addresses to the servers.
You need to ensure that each server always receives the same IP address.

A. universally unique identifier (UUID)

B. fully qualified domain name (FQDN)
o.
Which type of identifier should you use to create a DHCP reservation for each server?
ld
C. NetBIOS name
D. MAC address

Correct Answer: D
na

Reference:
https://docs.microsoft.com/en-
us/powershell/module/dhcpserver/adddhcpserverv4reservation?view=windowsserver20
22-ps
oI

QUESTION 53
You have an on-premises server named Server1 that runs Windows Server. You have
Ti

an Azure virtual network that contains an Azure virtual network gateway. You need to
connect only Server1 to the Azure virtual network. What should you use?

A. Azure Network Adapter

B. a Site-to-SiteVPN
C. an ExpressRoute circuit
D. Azure Extended Network

Correct Answer: A

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-
center/azure/useazure-network-adapte

m
QUESTION 54
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs
with an Azure Active Directory (Azure AD) tenant. The on-premises network is
connected to Azure by using a Site-to- Site VPN. You have the DNS zones shown in the

co
following table.

premises network.
Which two actions should you perform?
o.
You need to ensure that names from fabrikam.com can be resolved from the on-
ld
Each correct answer presents part of the solution, NOTE:
Each correct selection is worth one point

A. Create a conditional forwarder for fabrikam.com on DC1.

na

B. Create a stub zone for fabrikam.com on DC1.

C. Create a secondary zone for fabrikam.com on Azure.
D. Deploy an Azure virtual machine that runs Windows Server. Modify the DNS Servers
settings for the virtual network.
E. Deploy an Azure virtual machine that runs Windows Server. Configure the virtual
oI

machine as a DNS forwarder.

Correct Answer: A E
Ti

Reference:
https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-
workloadsusing-a-dns-forwarder

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 55
Your company has a main office and a branch office. The two offices are connected by
using a WAN link. Each office contains a firewall that filters WAN traffic.
The network in the branch office contains 10 servers that run Windows Server. All
servers are administered from the main office only.
You plan to manage the servers in the branch office by using a Windows Admin Center

m
gateway.
On a server in the branch office, you install the Windows Admin Center gateway by
using the defaults settings.
You need to configure the firewall in the branch office to allow the required inbound

co
connection to the Windows Admin Center gateway.
Which inbound TCP port should you allow?

A. 443
B. 3389
C. 5985
D. 6516

Correct Answer: A
o.
ld
Explanation:
The default port for the Windows Admin Center Gateway Installation is Port 443 – it is
recommended to use this default port.
na

Reference:
https://www.manfredhelber.de/installing-and-configuring-windows-admin-center-for-
windows-server-2022-management/
oI

QUESTION 56
You have an Azure subscription that contains the following resources:
Ti

• An Azure Log Analytics workspace

• An Azure Automation account
• Azure Arc.
You have an on-premises server named Server1 that is onboaraed to Azure Arc. You
need to manage Microsoft updates on Server1 by using Azure Arc. Which two actions
should you perform?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

A. Add Microsoft Sentinel to the Log Analytics workspace

B. On Server1, install the Azure Monitor agent
C. From the Automation account, enable Update Management for Server1.
D. From the Virtual machines data source of the Log Analytics workspace, connect
Server1.

m
Correct Answer: B C

Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-

co
framework/manage/hybrid/server/bestpractices/arc-update-management

QUESTION 57
You have a Windows Server container host named Server1 and an Azure subscription.
o.
You deploy an Azure container registry named Registry1 to the subscription.
On Server1, you create a container image named image1.
You need to store imager in Registry1.
Which command should you run on Server1?
ld
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
na
oI

Correct Answer:
Ti

Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-
dockercli?tabs=azure-cli#push-the-image-to-your-registry

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 58
You have an Azure virtual machine named VM1 that has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11. You use the computer for
server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to

m
manage VM1.
What should you configure?

A. an Azure Bastion host on the virtual network that contains VM1.

co
B. a VPN connection to the virtual network that contains VM1.
C. a network security group (NSG) rule that allows inbound traffic on port 443.
D. a private endpoint on the virtual network that contains VM1.

Correct Answer: B

Reference:
o.
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-
center/azure/managevm
ld
QUESTION 59
na

Your network contains an Active Directory Domain Services (AD DS) forest. The forest
contains three Active Directory sites named Site1, Site2, and Site3. Each site contains
two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily
oI

authenticated by the domain controllers in Site1.

Solution: You create an organization unit (OU) that contains the client computers in the
branch office. You configure the Try Next Closest Site Group Policy Object (GPO)
setting in a GPO that is linked to the new OU.
Ti

Does this meet the goal?

A. Yes
B. No

Correct Answer: B

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 60
Your network contains an Active Directory Domain Services (AD DS) forest. The forest
contains three Active Directory sites named Site1, Site2, and Site3. Each site contains
two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily
authenticated by the domain controllers in Site1.

m
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in
a GPO that is linked to Site1.
Does this meet the goal?
A. Yes

co
B. No

Correct Answer: B

QUESTION 61
o.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest
contains three Active Directory sites named Site1, Site2, and Site3. Each site contains
two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
ld
You need to ensure that the client computers in the new office are primarily
authenticated by the domain controllers in Site1.
Solution: You create a new subnet object that is associated to Site1.
Does this meet the goal?
na

A. Yes
B. No

Correct Answer: B
oI

QUESTION 62
Your network contains an Active Directory Domain Services (AD DS) forest. The forest
contains three Active Directory sites named Site1, Site2, and Site3. Each site contains
two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
Ti

You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily
authenticated by the domain controllers in Site1.
Solution: You create a new site named Site4 and associate Site4 to
DEFAULTSITELINK.
Does this meet the goal?
A. Yes
B. No

Correct Answer: B
https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 63
You plan to deploy an Azure virtual machine that will run Windows Server.
You need to ensure that an Azure Active Directory (Azure AD) user named
[email protected] can connect to the virtual machine by using the Azure Serial
Console.
What should you do?

m
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

co
Correct Answer:
o.
ld
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 64
Your network contains an Active Directory Domain Services (AD DS) domain named
adatum.com. The domain contains a server named Server1 and the users shown in the
following table.

m
Server1 contains a folder named D:\Folder1. The advanced security settings for Folder1

co
are configured as shown in the Permissions exhibit.

o.
ld
na
oI

Folder1 is shared by using the following configurations:

Ti

The share permissions for Share1 are show in the following table.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

m
co
Correct Answer:

o.
ld
na

Explanation:
Box 1: Yes
Group1 has Read access to Folder1 and Change access to Share1. Therefore, User1
can read the files in Share1.
oI

Box 2: No
Group3 has Full Control access to Share1. However, Group3 has no permissions
configured Folder1.
Ti

Therefore, User3 cannot access the files in Share1.

Box 3: No
Group2 has write permission to Folder1. However, Group2 has no permission on
Share1. Therefore, users in Group2 cannot access files in the shared folder.
Access Based Enumeration when enabled hides files and folders that users do not have
permission to access. However, Access Based Enumeration is not enabled on Share1.
This is indicated by the FolderEnumerationMode – Unrestricted setting. Therefore, the
share will be visible to User2 even though User2 cannot access the shared folder.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 65
Your network contains an Active Directory Domain Services (AD DS) domain named
contoso.com.
The domain contains a server named Server1 that has the DFS Namespaces role
service installed.
Server1 hosts a domain-based Distributed File System (DFS) Namespace named Files.

m
The domain contains a file server named Server2. Server2 contains a shared folder
named Share1.
Share1 contains a subfolder named Folder1.
In the Files namespace, you create a folder named Folder1 that has a target of

co
\\Server2.contoso.com\Share1\Folder1.
You need to configure a logon script that will map drive letter M to Folder1. The solution
must use the path of the DFS Namespace.
How should you complete the command to map the drive letter?
To answer, select the appropriate options in the answer area.
o.
NOTE: Each correct selection is worth one point.
ld
na

Correct Answer:
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 66
You have two on-premises servers named Server1 and Server2 that run Windows
Server.
You have an Azure Storage account named storage1 that contains a file share named
share1. Server1 syncs with share1 by using Azure File Sync. You need to configure
Server2 to sync with share1.

m
Which three actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:

co
o.
ld
Correct Answer:
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 67
You deploy a single-domain Active Directory Domain Services (AD DS) forest named
contoso.com.
You deploy five servers to the domain. You add the servers to a group named
iTFarmHosts.
You plan to configure a Network Load Balancing (NLB) cluster named

m
NLBCluster.contoso.com that will contain the five servers.
You need to ensure that the NLB service on the nodes of the cluster can use a group
managed service account (gMSA) to authenticate.
Which three PowerShell cmdlets should you run in sequence?

co
To answer, move the appropriate cmdlets from the list of cmdlets to the answer area
and arrange them in the correct order.
Select and Place:

o.
ld
na

Correct Answer:
oI
Ti

Reference:
https://docs.microsoft.com/en-us/windows-server/security/group-managed-
serviceaccounts/create-the-key-distribution-services-kds-root-key
https://docs.microsoft.com/en-us/windows-server/security/group-managed-
serviceaccounts/getting-started-with-group-managed-service-accounts

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 68
Your network contains an Active Directory Domain Services (AD DS) forest named
contoso.com. The forest contains a child domain named east.contoso.com.
In the contoso.com domain, you create two users named Admin1 and Admin2.
You need to ensure that the users can perform the following tasks:
 Admin1 can create and manage Active Directory sites.

m
 Admin2 can deploy domain controller to the east.contoso.com domain.
The solution must use the principle of least privilege.
To which group should you add each user?
To answer, select the appropriate options in the answer area.

co
NOTE: Each correct selection is worth one point.
Hot Area:

o.
ld
na

Correct Answer:
oI
Ti

Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-
access/ras/multisite/configure/step-2-configure-the-multisite-infrastructure

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 69
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs
with an Azure Active Directory (Azure AD) tenant. You have an on-premises web app
named WebApp1 that only supports Kerberos authentication.
You need to ensure that users can access WebApp1 by using their Azure AD account.
The solution must minimize administrative effort.

m
What should you configure?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

co
o.
ld
Correct Answer:
na
oI
Ti

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-
add-onpremises-application

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 70
Your network contains an Active Directory Domain Services (AD DS) domain named
contoso.com.
The domain contains the VPN servers shown in the following table.

m
You have a server named NPS1 that has Network Policy Server (NPS) installed. NPS1

co
has the following RADIUS clients:

o.
ld
na
oI

VPN1, VPN2, and VPN3 use NPS1 for RADIUS authentication. All the users in
Ti

contoso.com are allowed to establish VPN connections. For each of the following
statements, select Yes If the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

m
co
Correct Answer:

o.
ld
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 71
Your network contains two Active Directory Domain Services (AD DS) forests named
contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each
forest contains a single domain. The domains contain the servers shown in the following
table.

m
co
You need to configure resources based constrained delegation so that the users In
contoso.com can use Windows Admin Center on Server1 to connect to Server2.
How should you complete the command? To answer, select the appropriate options in
the answer area. NOTE: Each correct selection is worth one point.

o.
ld
Correct Answer:
na

Reference:
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-
authentication-overview
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 72
You have an Azure subscription named sub1 and 500 on-premises virtual machines
that run Windows Server.
You plan to onboard the on-premises virtual machines to Azure Arc by running the
Azure Arc deployment script. You need to create an identity that will be used by the
script to authenticate access to sub1. The solution must use the principle of least

m
privilege.
How should you complete the command?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

co
Correct Answer:
o.
ld
na

Reference:
https://docs.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 73
You have an on premises DNS server named Server1 that runs Windows Server.
Server1 hosts a DNS zone named fabrikam.com.
You have an Azure subscription that contains the resources shown in the following
table.

m
co
You need to design a solution that will automatically resolve the names of any PaaS

o.
resources for which you configure private endpoints in Vnet1.
How should you configure the name resolution?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
ld
na

Correct Answer:
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 74
Your network contains three Active Directory Domain Services (AD DS) forests as
shown in the following exhibit.

m
co
The network contains the users shown in the following table.
o.
The network contains the security groups shown in the following table.
ld
na

For each of the following statements, select Yes if the statement is true, Otherwise,
select No.
NOTE: Each correct selection is worth one point.
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
Correct Answer:

m
co
Explication:
Box 1: Yes
o.
User1 is in east.contoso.com. Group1 is Domain Local group in west.adutm.com.
Accounts from any domain or any trusted domain Global groups from any domain or
any trusted domain can be members of Domain Local groups.
ld
Accounts, Global groups, and Universal groups from other forests and from external
domains can also be members of Domain Local groups.

Box 2: No
na

User2 is in the fabrikam.com domain.

Group3 is a Universal group in east.contso.com.
Only accounts from any domain in the same forest can be added as members.

Box 3: No
oI

The trust does not exist between contoso.com and fabrikam.com.

Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-
control/active-directory-security-groups
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 75
You create an Azure virtual machine named Server1 that runs Windows Server.
Server1 has the disk configurations shown in the following exhibit.

m
co
o.
ld
You need to create a new 100-GB volume on Server1.
na

Which three actions should you perform in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Correct Answer:

m
co
Explanation:
Step 1: Create and attach a new data disk
Add a data disk.
1. Sign in to the Azure portal.
o.
2. Search for and select Virtual machines.
3. Select a virtual machine from the list.
ld
4. On the Virtual machine pane, select Disks.
5. On the Disks pane, select Create and attach a new disk.
6. In the drop-downs for the new disk, make the selections you want, and name the
disk.
na

7. Select Save to create and attach the new data disk to the VM.

Step 2: Initialize the disk

Initialize a new data disk.
1. Connect to the VM.
oI

2. Select the Windows Start menu inside the running VM and enter diskmgmt.msc in the
search box. The Disk Management console opens.
3. Disk Management recognizes that you have a new, uninitialized disk and the Initialize
Disk window appears.
Ti

4. Verify the new disk is selected and then select OK to initialize it.
5. The new disk appears as unallocated. Right-click anywhere on the disk and select
New simple volume. The New Simple Volume Wizard window opens.
6. Etc.

Step 3: Create a new simple volume

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/attach-managed-disk-
portal

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 76
You plan to deploy an Azure virtual machine that win run Windows Server. The virtual
machine will host an Active Directory Domain Services (AD DS) domain controller and a
drive named f: on a new virtual disk.
You need to configure storage for the virtual machine. The solution must meet the
following requirements:

m
 Maximize resiliency for AD DS.
 Prevent accidental data loss.
How should you configure the storage? To answer, select the appropriate options in the
answer area.

co
NOTE: Each correct selection is worth one point.

o.
ld
Correct Answer:
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 77
Your network contains a two-domain on-premises Active Directory Domain Services
(AD DS) forest named Contoso.com. The forest contains the domain controllers shown
in the following table.

m
co
You create an Active Directory site named Site3. Site1, Site2 and Site3 each has a
dedicated site link to the Hub site.
In Site3, you install a new server named Server1.
You need to promote Server1 to an ROOC in child.contoso.com by using the install
from Media (IFM) option. The solution must minimize network traffic.
What should you do?
o.
To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
ld
na
oI

Correct Answer:
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 78
You have a Group Policy Object (GPO) named GPO1 that contains user settings only.
You plan to apply GPO1 to a global security group named Group1.
You link GP01 to the domain, and you remove all the permissions granted to the
Authenticated Users group.
You need to configure permissions for GP01 to meet the following requirements:

m
 GPO1 must apply only to the users in Group 1.
 The solution must use the principle of least privilege.
Which permissions should you grant to Group1 and the Domain Computers group?
To answer, select the appropriate options in the answer area.

co
NOTE: Each correct selection is worth one point.
Hot Area:

o.
ld
Correct Answer:
na
oI
Ti

Explanation:
Permissions for Group1 should be "Apply group policy and Read" and for Domain
Computers correct permissions are "Read only". When you choose "Read only" for
Group1 GPO will not be applied for members of Group1. You shouldn't choose "Apply
group policy" specific permission for Domain Computers group, because this GPO is
not designed for this group, but this group have to have Read specific permission.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 79
You have a server named Server1 that runs Windows Server. Server1 has a just-a-
bunch-of-disks (JBOD) enclosure attached.
You plan to create a storage pool on Server1 and a virtual disk that will use a mirror
layout.
You are considering whether to use a two-way or a three-way mirror layout.

m
What is the minimum number of disks required for each type of minor layout?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

co
o.
ld
na

Correct Answer:
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 80
Your company has offices in Boston and Montreal. The offices are connected by using a
10-Mbps WAN link that is often saturated. The office in Boston contains the following:
 An Active Directory Domain Services (AD DS) domain controller named DC1.
 A server named Server1 that runs Windows Server and has the File Server role
installed.

m
The office in Montreal contains 20 client computers that run Windows 10. Montreal does
NOT have any servers.
The company plans to deploy a new line of business (LOB) application to all the client
computers. The installation source files for the application are in \\Server\Apps.

co
You need to make the installation source files available to the client computers in the
Montreal office by using the minimum amount of WAN bandwidth possible.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
o.
ld
na

Correct Answer:
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 81
Your network contains an Active Domain Services (AD DS) forest. The forest contains
three domains.
Each domain contains 10 domain controllers.
You plan to store a DNS zone in a custom active Directory partition.
You need to create the Active Directory partition for the zone. The partition replicate to

m
only four of the domain controllers.
What should you use?

A. Active Directory Sites and Services

co
B. Active Directory Administrator Center
C. dnscmd.exe
D. DNS Manager

Correct Answer: C

QUESTION 82
o.
ld
Your network contains an Active Directory Domain Services (AD DS) forest. The forest
contains three domains. Each domain contains 10 domain controllers.
You plan to store a DNS zone in a custom Active Directory partition.
You need to create the Active Directory partition for the zone. The partition must
na

replicate to only four of the domain controllers.

What should you use?

A. ntdsutil.exe
B. Active Directory Sites and Services
oI

C. New-ADobject
D. Active Directory Administrative Center

Correct Answer: A
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 83
Your network contains an Active Directory Domain Service (AD DS) forest named
contoso.com. The forest root domain contains a server named server1. contoso.com.
A two-way forest trust exists between the contoso.com forest and an AD DS forest
named fabrikam.com. The fabrikam.com forest contains 10 child domains.
You need to ensure that only the members of a group named fabrikam\Group1 can

m
authenticate to server1.contoso.com.
What should you do first?

A. Change the trust to a one-way external trust.

co
B. Add fabrikam\Group1 to the local Users group on server1.contoso.com.
C. Enable SID filtering for the trust.
D. Enable Selective authentication for the trust.

Correct Answer: D

Explanation:
o.
Selective authentication restricts access over an external or forest trust to only those
users in a trusted domain or forest who have been explicitly given authentication
ld
permissions to computer objects (resource computers) residing in the trusting domain or
forest. This authentication setting must be manually enabled.
Note: When a two way Forest Trust is created between Forest A and Forest B, all
domains in Forest A will trust all domains in Forest B and vice versa.
na

Incorrect:
Not B: When SID Filtering is enabled, all the foreign SIDs will be removed (quarantined)
from user's access token while accessing any resource through Forest Trust. The most
common impact of this is, a migrated user account which is still using any resource
oI

using old SID will not be able to access that resource anymore. This is because when
SID Filtering is enabled, it will block (filter) SID History through a Forest Trust.
When we create a forest Trust, SID Filtering is enabled by default. In some cases, we
need to disable SID Filtering.
Ti

Not D: When a two way Forest Trust is created between Forest A and Forest B, all
domains in Forest A will trust all domains in Forest B and vice versa.
If a one way Forest Trust is created, where Forest A is Trusting Domain and Forest B is
Trusted Domain, then Forest B can access resources within Forest A, however Forest A
cannot access resources within Forest B.

Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-
2003/cc755321(v=ws.10)
https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
QUESTION 84
Your network contains a single-domain Active Directory Domain Services (AD DS)
forest named contoso.com. The forest contains the servers shown in the following
exhibit table.

m
You plan to install a line-of-business (LOB) application on Server1. The application will
install a custom Windows service.
A new corporate security policy states that all custom Windows services must run under

co
the context of a group managed service account (gMSA). You deploy a root key.
You need to create, configure, and install the gMSA that will be used by the new
application.
Which two actions should you perform?
Each correct answer presents part of the solution.
o.
NOTE: Each correct selection is worth one point.

A. On Server1, run the install-ADServiceAccount cmdlet.

B. On DC1, run the New-ADServiceAccount cmdlet.
ld
C. On DC1, run the Set_ADComputer cmdlet.
D. ON DC1, run the Install-ADServiceAccount cmdlet.
E. On Server1, run the Get-ADServiceAccount cmdlet.
na

Correct Answer: B E

Explanation:
Step 1: Provisioning group Managed Service Accounts
(B) Create a gMSA using the New-ADServiceAccount cmdlet.
oI

Step 2: Configuring service identity application service

If using security groups for managing member hosts, add the computer account for the
new member host to the security group (that the gMSA's member hosts are a member
of).
To add member hosts using the Set-ADServiceAccount cmdlet:
Ti

1. On the Windows Server 2012 domain controller (DC1, not Server1), run Windows
PowerShell from the Taskbar.
2. At the command prompt for the Windows PowerShell Active Directory module, type
the following commands, and then press ENTER:
Get-ADServiceAccount [-Identity] <string> -Properties
PrincipalsAllowedToRetrieveManagedPassword
(E) At the command prompt for the Windows PowerShell Active Directory module, type
the following commands, and then press ENTER:

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Set-ADServiceAccount [-Identity] <string> -

PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>
Etc.

Reference:
https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-

m
accounts/getting-started-with-group-managed-service-accounts

QUESTION 85

co
You have an Azure virtual machine named Server1 that runs a network management
application.
Server1 has the following network configuration:
 Network interface.Nic1
 IP address 10.1.1.1/24
 Connected to: Vnet1/Subnet1 o.
You need connect Server1 to an additional subnet named Vnet1/Subnet2.
What should you do?
ld
A. Create a private endpoint on Subnet2
B. Add a network interface to server1.
C. Modify the IP configurations of Nic1.
D. Add an IP configuration to Nic1.
na

Correct Answer: B

Explanation:
First add another network interface to Server1, then connect it to Subnet2.
oI

Virtual network and subnets.

A subnet is a range of IP addresses in the virtual network. You can divide a virtual
network into multiple subnets for organization and security. Each NIC in a VM is
connected to one subnet in one virtual network. NICs connected to subnets (same or
Ti

different) within a virtual network can communicate with each other without any extra
configuration.

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-overview

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 86
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs
with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure
AD Connect.
The AD DS domain contains a server named Server1. Server1 contains a shared folder
named share1.

m
You have an Azure Storage account named storage2 that uses Azure AD-based access
control. The storage2 account contains a share named share2.
You need to create a security group that meets the following requirements:
 Can contain users from the AD DS domain

co
 Can be used to authorize user access to share 1 and share2
What should you do?

A. in the AD DS domain, create a universal security group.

B. in the Azure AD tenant create a security group that has assigned membership.
o.
C. in the Azure AD tenant create a security group that has dynamic membership.
D. in the Azure AD tenant create a Microsoft 365 group.

Correct Answer: B
ld
QUESTION 87
na

You have a server named Server1 that runs Windows Server.

You plan to host applications in Windows containers.
You need to configure Server1 to run containers. What should you install?

A. Windows Admin Center

oI

B. the Windows Subsystem for Linux

C. Docker
D. Hyper-V
Ti

Correct Answer: C

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 88
You have two servers that have the Hyper-V server role installed. The servers are
joined to a failover cluster. Both servers can connect to the same disk on an iSCSi
storage device. You plan to use the iSCSI storage to store highly available
Hyper-V virtual machines that will support live migration functionality. You need to
configure a storage resource in the failover cluster to store the virtual machines.

m
What should you configure?

A. a storage pool
B. attributed File System (DFS) Replication

co
C. a mirrored volume
D. Cluster Shared volumes (CSV)

Correct Answer: D

QUESTION 89
o.
Your network contains an Active Directory forest. The forest contains two domains
named contoso.com and east.contoso.com and the servers shown in the following
ld
table.
na

Contoso.com contains a user named User1.

oI

You add User1 to the built-in Backup Operators group in contoso.com.

Which servers can User1 back up?

A. DC1 only
B. Server1 only
Ti

C. DC1 and DC2 only

D. DC1 and Server1 only
E. DC1, DC2, Server1, and Server2

Correct Answer: A

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 90
Your network contains an Azure Active Directory Domain Services (Azure AD DS)
domain named contoso.com.
You need to configure a password policy for the local user accounts on the Azure virtual
machines joined to contoso.com.
What should you do?

m
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

co
Correct Answer:
o.
ld
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Estudos de Caso AZ-800

m
Case Study
This is a case study. Case studies are not timed separately. You can use as much
exam times as you would like to complete each case. However, there may be additional
studies and sections on this exam. You must manage your time to ensure that you are

co
able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference
information that is provided in the case study. Case studies might contain exhibits and
other resources that provide more information about the scenario that is described in
the case study. Each question is independent of the other questions in this case study.
o.
At the end of this case study, a review screen will appear. This screen allows you to
review your answers and to make changes before you move to the next section of the
exam. After you begin a new section, you cannot return to this section.
ld
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in
the left pane to explore the content of the case study before you answer the questions.
Clicking these buttons displays information such as business requirements, existing
na

environment, and problem statements. When you are ready to answer a question, click
the Question button to return to the question.
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
Case Study 1 – Fabrikam

Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a
branch office in Seattle.

Existing Environment - On-premises Servers

m
The on-premises network contains servers that run Windows Server as shown in the
following table.

co
o.
ld
na

DC1 hosts all the operation master roles.

VM1 and VM2 are connected to the internet.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
oI

On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
Ti

DHCP1 contains a scope named Scope1 that has addresses for the New York office.
DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.

Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS)
domain named corp.fabrikam.com.
Currently, all the service accounts use individual domain user accounts.
All domain controllers have the DNS Server role installed and host a copy of the Active
Directory integrated DNS zone of corp.fabrikam.com.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD)
tenant.

Group Policy Objects (GPOs)

The corp.fabrikam.com domain contains the organizational units (OUs) and custom
Group Policy Objects (GPOs) shown in the following table.

m
co
Requirements - Planned Changes
o.
Fabrikam identifies the following planned changes:
ld
 Create a single Azure subscription named Sub1 that will contain a single Azure
virtual network named Vnet1.
 Replace the WAN links between the Seattle and New York offices by using Azure
Virtual WAN and ExpressRoute. Both on premises offices will be connected to
na

Vnet1 by using ExpressRoute.

 Create three Azure file shares named newyorkfiles, seattlefiles, and
companyfiles.
 Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
 Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop
oI

session hosts will be hybrid Azure AD joined.

 License all servers for Microsoft Defender for servers.
 Use Azure Policy to enforce configuration management policies on the servers in
Azure and on-premises.
Ti

Networking Requirements
Fabrikam identifies the following networking requirements:
 Implement Virtual WAN and ensure that all the network traffic between the sites
uses Virtual WAN. All communications must occur over ExpressRoute.
 If a DHCP server fails, ensure that the client computers can continue to receive
their dynamic IP address and renew their existing lease.
 Ensure that the resources in Vnet1 can resolve the names of the on-premises
servers in the corp.fabrikam.com domain.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Security Requirements
Fabrikam identifies the following security requirements:
 Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure
Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be
able to control the lockout time manually from their client computer.
 Ensure that server administrators request approval before they can establish a

m
Remote Desktop connection to an Azure virtual machine. If the request is
approved, the connection must be established within two hours.
 Prevent user passwords from containing all or part of words that are based on
the company name, such as Fab, f@br1kAm or fabr!|.

co
 Ensure that all instances of Webapp1 use the same service account. The
password of the service account must change automatically every 30 days.
 Prevent domain controllers from directly contacting hosts on the internet.

File Sharing Requirements

requirements:
o.
You need to configure the synchronization of Azure files to meet the following

 Ensure that seattlefiles syncs to FS2.

 Ensure that newyorkfiles syncs to FS1.
ld
 Ensure that companyfiles syncs to both FS1 and FS2.
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 91
Which three actions should you perform in sequence to meet the security requirements
for Webapp1?
To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Select and Place:

m
co
o.
ld
Correct Answer:
na
oI
Ti

Reference:
https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-
accounts/group-managedservice-accounts-overview

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 92
You need to meet the security requirements for passwords.
Where should you configure the components for Azure AD Password Protection?
To answer, drag the appropriate components to the correct locations. Each component
may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.

m
NOTE: Each correct selection is worth one point.
Select and Place:

co
o.
ld
Correct Answer:
na
oI
Ti

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-
password-ban-bad-on-premises

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 93
You need to configure network communication between the Seattle and New York
offices. The solution must meet the networking requirements.
What should you configure?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

m
co
o.
ld
Correct Answer:
na
oI
Ti

Reference:
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-expressroute-portal

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 94
You need to configure remote administration to meet the security requirements.
What should you use?

A. an Azure Bastion host

B. Azure AD Privileged Identity Management (PIM)

m
C. the Remote Desktop extension for Azure Cloud Services
D. just in time (JIT) VM access

Correct Answer: D

co
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-
usage?tabs=jit-config-asc%2Cjitrequest-asc

QUESTION 95
o.
You need to implement an availability solution for DHCP that meets the networking
ld
requirements.
Which two actions should you perform?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
na

A. On DHCP1, create a scope that contains 25 percent of the IP addresses from

Scope2.
B. On the router in each office, configure a DHCP relay.
C. On DHCP2, configure a scope that contains 25 percent of the IP addresses from
oI

Scope1.
D. On each DHCP server, install the Failover Clustering feature and add the DHCP
cluster role.
E. On each DHCP scope, configure DHCP failover.
Ti

Correct Answer: B E

Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-
2012-r2-and-2012/hh831385(v=ws.11)

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 96
You need to implement a name resolution solution that meets the networking
requirements.
Which two actions should you perform?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

m
A. Create an Azure private DNS zone named corp.fabrikam.com.
B. Create a virtual network link in the corp.fabrikam.com Azure private DNS zone.
C. Create an Azure DNS zone named corp.fabrikam.com.

co
D. Configure the DNS Servers settings for Vnet1.
E. Enable autoregistration in the corp.fabrikam.com Azure private DNS zone.
F. On DC3, install the DNS Server role.
G. Configure a conditional forwarder on DC3.

Correct Answer: DF

Explanation:
o.
Virtual machines in an Azure virtual network receive their DNS configuration from the
ld
DNS settings configured on the virtual network. You need to configure the Azure virtual
network to use DC3 as the DNS server. Then all virtual machines in the virtual network
will use DC3 and their DNS server.
na

QUESTION 97
What should you implement for the deployment of DC3?

A. Azure Active Directory Domain Services (Azure AD DS}

oI

B. Azure AD Application Proxy

C. an Azure virtual machine
D. an Azure AD administrative unit
Ti

Correct Answer: C

Explanation:
Create a domain controller named DC3.corp.fabrikam.com in Vnet1.
In a hybrid network, you can configure Azure virtual machines as domain controllers.
The domain controllers in Azure communicate with the on-premises domain controllers
in the same way that on premises domain controllers communicate with each other.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 98
You need to configure the Group Policy settings to ensure that the Azure Virtual
Desktop session hosts meet the security requirements.
What should you configure?

A. security filtering for the link of GP04

m
B. security filtering for the link of GPO1
C. loopback processing in GPO4
D. the Enforced property for the link of GP01
E. loopback processing in GPO1

co
F. the Enforced property for the link of GP04

Correct Answer: C

QUESTION 99
o.
You are planning the implementation Azure Arc to support the planned changes. You
need to configure the environment to support configuration management policies. What
ld
should you do?

A. Hybrid Azure AD join all the servers.

B. Create a hybrid runbook worker on Azure Automation.
na

C. Deploy the Azure Connected Machine agent to all the servers.

D. Deploy the Azure Monitor agent to all the servers.

Correct Answer: C
oI

Reference:
https://docs.microsoft.com/en-us/azure/azure-arc/servers/plan-at-scale-deployment
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800
Case Study 2 - Contoso

Overview
Contoso, Ltd. is a company that has a main office in Seattle and two branch offices in
Los Angeles and Montreal.

Existing Environment - AD DS Environment

m
The network contains an on premises Active Directory Domain Services (AD DS) forest
named contoso.com. The forest contains two domains named contoso.com and
canada.contoso.com.
The forest contains the domain controllers shown in the following table.

co
o.
All the domain controllers are global catalog servers.
ld
Server infrastructure
The network contains the servers shown in the following table.
na

A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall
oI

on Server4 uses the private profile.

Server2 hosts three virtual machines named VM1, VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Ti

Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following
table.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Existing Identities

m
The forest contains the users shown in the following table.

co
The forest contains the groups shown in the following table.

o.
ld
na

Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine
Connection, and then disconnects from the session without signing out, another
administrator can connect to the console session as the currently signed in user.
oI

Requirements - Technical Requirements

Contoso identifies the following technical requirements:
 Change the replication schedule for all site links to 30 minutes.
 Promote Server1 to a domain controller in canada.contoso.com.
Ti

 Install and authorize Server3 as a DHCP server.

 Ensure that User1 can manage the membership of all the groups in
Contoso\OU3.
 Ensure that you can manage Server4 from Server1 by using PowerShell
remoting.
 Ensure that you can run virtual machines on VM1.
 Force users to provide credentials when they connect to VM2.
 On VM3, ensure that Data Deduplication on all volumes is possible.

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 100
You need to meet the technical requirements for User1. The solution must use the
principle of least privilege.
What should you do?

m
A. Add User1 to the Server Operators group in contoso.com.
B. Create a delegation on contoso.com.
C. Add User1 to the Account Operators group in contoso.com.
D. Create a delegation on OU3.

co
Correct Answer: D

Reference:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-
o.
administration-of-account-ousand-resource-ous
ld
QUESTION 101
Which groups can you add to Group3 and Group5?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Correct Answer:

m
co
Reference:
o.
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-
control/active-directory-security-groups
ld
QUESTION 102
You need to meet the technical requirements for VM3.
na

On which volumes can you enable Data Deduplication?

A . D and E only
B . C, D, E, and F
C . D only
oI

D . C and D only
E . D, E, and F only

Correct Answer: A
Ti

Reference:
https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/understand
https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/interop

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 103
You need to meet the technical requirements for Server1.
Which users can currently perform the required tasks?

A. Admin1 only
B. Admin3 only

m
C. Admin1 and Admin3 only
D. Admin1 Admin2. and Admm3

Correct Answer: C

co
QUESTION 104
You need to meet the technical requirements for the site links.

A. Admin1 only
B. Admin1 and Admin3 only
o.
Which users can perform the required tasks?
ld
C. Admin1 and Admin2 only
D. Admin3 only
E. Admin1, Adrrun2. and Admin3
na

Correct Answer: C

Explanation:
Membership in the Enterprise Admins group or the Domain Admins group in the forest
root domain is required.
oI

QUESTION 105
Ti

You need to meet the technical requirements for VM2.

What should you do?

A. Implement shielded virtual machines.

B. Enable the Guest services integration service.
C. Implement Credential Guard.
D. Enable enhanced session mode.

Correct Answer: D

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

Explanation:
Prevent a VMConnect user from taking over another user's VMConnect session
Turn on enhanced session mode on Hyper-V host.
Not having enhanced session mode turned on may pose a security and privacy risk. If a
user is connected and logged on to a virtual machine through VMConnect and another
authorized user connects to the same virtual machine, the session will be taken over by

m
the second user and the first user will lose the session. The second user will be able to
view the first user's desktop, documents, and applications.

Reference:

co
https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/learn-
more/hyper-v-virtual-machine-connect

QUESTION 106 o.
You need to meet the technical requirements for VM1.
Which cmdlet should you run first?
To answer, select the appropriate options in the answer area.
ld
NOTE: Each correct selection is worth one point.
na
oI

Correct Answer:
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 107
You need to meet the technical requirements for Server4.
Which cmdlets should you run on Server1 and Server4?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

m
co
o.
ld
Correct Answer:
na
oI
Ti

Reference:
https://4sysops.com/wiki/enable-powershell-remoting/

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 108
According to the configuration of GPO1, GPO2 and Default domain Policy we can state.
For each of the following statements, select Yes if the statement is true. Otherwise,
select No.
NOTE: Each correct selection is worth one point.

m
co
Correct Answer:
o.
ld
na
oI
Ti

https://tioinaldo.com
 Administering Windows Server
Hybrid Core Infrastructure
Exam AZ-800

QUESTION 109
You need to meet the technical requirements for Server3.
Which users can perform the required tasks?

A. Admin3 only
B. Admin1 and Admin3 only

m
C. Admin1 only
D. Admin1, Admin2, and Admin3
E. Admin1 and Admin2 only

co
Correct Answer: B

Explanation:
Admin1 OK: Enterprise Admins is a built-in group that by default has administrative
access to all domains in a forest. Enterprise Admins is a member of the
o.
Administrators group in all domains in a forest.
Admin3 OK: Domain Admin and in the correct domain.

Note: Install and authorize Server3 as a DHCP server.

ld
Server3 is a member server in the canada.contoso.com domain in the Montreal Active
Directory site.
Admin1 is a in the Contoso\OU1, and is a member of Contoso\Enterprise Admins.
Admin2 is a in the Contoso\OU1, and is a member of Contoso\Domain Admins.
na

Admin3 is a in the Contoso\OU3, and is a member of Canada\Domain Admins.

Reference:
https://www.ravenswoodtechnology.com/ad-roles-enterprise-admins-and-schema-
admins/
oI
Ti

https://tioinaldo.com