Microsoft AZ-800 ACTUAL EXAM QUESTIONS
218 Total Questions
$45 3 Months Free Updates
$67.5 3 Months Free Updates
218 Total Questions
$58.5 3 Months Free Updates
Experience the quality of our Microsoft Administering Windows Server Hybrid Core Infrastructure AZ-800 exam with free practice questions and answers. At Pass4Exams, we take pride in being a trusted source for Microsoft AZ-800 exam preparation. Download our reliable and up-to-date AZ-800 dumps today and prepare to pass your exam with complete confidence backed by our money-back guarantee.
Question # 1
You need to ensure that VM3 meets the technical requirementsWhat should you install first?
A. Enhanced Storage
B. File Server Resource Manager (FSRM)
C. Windows Standards-Based Storage Management
D. the iSNS Server service
Question # 2
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains three servers that run Windows Server and have the Hyper-V server role installed. Each server has a Switch Embedded Teaming (SET) team.You need to verify that Remote Direct Memory Access (RDMA) and required Windows Server settings are configured properly on each server to support a failover cluster.What should you use?
A. the validate-DCB cmdlet
B. Server Manager
C. the Get-NetAdapter cmdlet
D. Failover Cluster Manager
Question # 3
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a DNS server named Server1. Server1 hosts a DNS zone named fabrikam.com that was signed by DNSSEC.You need to ensure that all the member servers in the domain perform DNSSEC validation for the fabrikam.com namespace. What should you do?
A. On Served, run the Add-DnsServerTrustAnchor cmdlet.
B. On each member server, run the Add-DnsServerTrustAnchor cmdlet.
C. From a Group Policy Object (GPO). add a rule to the Name Resolution Policy Table (NRPT).
D. From a Group Policy Object (GPO). modify the Network List Manager policies.
Question # 4
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure AD Connect.The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1.You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared You need to create a security group that meets the following requirements:• Can contain users from the AD DS domain• Can be used to authorize user access to share 1 and share2What should you do?
A. in the AD DS domain, create a universal security group
B. in the Azure AD tenant create a security group that has assigned membership
C. in the Azure AD Tenant create a security group that has dynamic membership.
D. in the Azure AD tenant create a Microsoft 365 group
Question # 5
You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. You plan to implement self-service password reset (SSPR) in Azure AD.You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain. What should you do?
A. Deploy the Azure AD Password Protection proxy service to the on premises network.
B. Run the Microsoft Azure Active Directory Connect wizard and select Password
writeback.
C. Grant the Change password permission for the domain to the Azure AD Connect service
account.
D. Grant the impersonate a client after authentication user right to the Azure AD Connect
service account.
Question # 6
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.You need to identify which server is the PDC emulator for the domain.Solution: From a command prompt, you run netdom.exe query fsmo.Does this meet the goal?
A. Yes
B. No
Question # 7
You have two servers that have the Hyper-V server role installed. The servers are joined to a failover cluster both servers can connect to the same disk on an iSCSi storage device. You plan to use the iSCSI storage to store highly available Hyper-V virtual machines that will support live migration functionality. You need to configure a storage resource in the failover cluster to store the virtual machines. What should you configure?
A. a storage pool
B. attributed File System (DFS) Replication
C. a mirrored volume
D. Cluster Shared volumes (CSV)
Question # 8
Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic. The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only.You plan to manage the servers in the branch office by using a Windows Admin Center gateway.On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings.You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway. Which inbound TCP port should you allow?
A. 443
B. 3389
C. 5985
D. 6516
Question # 9
You have an Azure subscription that contains the following resources:• An Azure Log Analytics workspace • An Azure Automation account • Azure Arc.You have an on-premises server named Server1 that is onboaraed to Azure Arc You need to manage Microsoft updates on Server! by using Azure Arc Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
A. Add Microsoft Sentinel to the Log Analytics workspace
B. On Server1, install the Azure Monitor agent
C. From the Automation account, enable Update Management for Server1.
D. From the Virtual machines data source of the Log Analytics workspace, connect
Server1.
Question # 10
Your network contains an Active Directory Domain Services (AD DS) domain named conioso.com. You need to identify which server is the PDC emulator for the domain.Solution: from Active Directory Users and Computers, you right-click contoso.com in the console tree, and then select Operations MasterDoes this meet the goal?
A. Yes
B. No
Question # 11
You have a server named Server1 that runs Windows Server. You plan to host applications in Windows containers. You need to configure Server1 to run containers. What should you install?
A. Windows Admin Center
B. the Windows Subsystem for Linux
C. Doctor
D. Hyper-V
Question # 12
Your network contains an Active Directory Domain Services (AD DS) domain. You plan to use Active Directory Administrative Center to create a new user named User1. Which two attributes are required to create User1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Password
B. Profile path
C. User SameAccountName logon
D. Full name
E. First name
F. User UPN logon
Question # 13
You have an on-premises server named Server! that runs Windows Server. You have an Azure subscription that contains a virtual network named VNet1.You need to connect Server! to VNet1 by using Azure Network Adapter.What should you use?
A. Azure AD Connect
B. Device Manager
C. the Azure portal
D. Windows Admin Center
Question # 14
Your network contains an Active Directory Domain Services (AD DS) domain- The domain contains 10 servers that run Windows Server. The servers have static IP addresses.You plan to use DHCP to assign IP addresses to the servers.You need to ensure that each server always receives the same IP address.Which type of identifier should you use to create a DHCP reservation for each server?
A. universally unique identifier (UUID)
B. fully qualified domain name (FQDN)
C. NetBIOS name
D. MAC address
Question # 15
You have an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with Azure AD by using A2ure AD Connect.You enable password protection for contoso.com.You need to prevent users from including the word Contoso as part of their password.What should you use?
A. the Azure Active Directory admin center
B. Active Directory Users and Computers
C. Synchronization Service Manager
D. Windows Admin Center
Question # 16
You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com. You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.To which group should you add the administrator?
A. AAD DC Administrators
B. Domain Admins
C. Schema Admins
D. Enterprise Admins
E. Group Policy Creator Owners
Question # 17
Task 4 You need to register SRV1 to sync Azure file shares The registration must use the 34646045 Storage Sync Service. The required source files are located in a folder named \\dc1.contoso.com\install. You do NOT need to configure file share synchronization at this time and you do NOT need to update the agent.
Question # 18
You haw? a server named Host! that has the Hyper-V server role installed. Host! hosts a virtual machine named VM1.You have a management server named Server! that runs Windows Server. You remotely manage Host1 from Server1 by using Hyper-V Manager.You need to ensure that you can access a USB hard drive connected to Server1 when you connect to VM1 by using Virtual Machine Connection.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. From the Hyper-V Settings of Host1, select Allow enhanced session mode
B. From Disk Management on Host1. attach a virtual hard disk.
C. From Virtual Machine Connection, switch to a basic session.
D. From Virtual Machine Connection select Show Options and then select the USB hard
drive.
E. From Disk Management on Host1, select Rescan Disks
Question # 19
Task 10 You need to configure Hyper-V to ensure that running virtual machines can be moved between SRV1 and SRV2 without downtime. You do NOT need to move any virtual machines at this time.
Question # 20
Task 6 You need to ensure that you can manage DC1 by using Windows Admin Center on SRV1. The required source files are located in a folder named \\dc1.contoso.com\install.
Question # 21
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server. You plan to manage VM1 by using a PowerShell runbook.You need to create the runbook. What should you create first?
A. an Azure workbook
B. a Microsoft Power Automate flow
C. a Log Analytics workspace
D. an Azure Automation account
Question # 22
You plan to deploy a containerized application that requires .NET Core.You need to create a container image for the application. The image must be as small as possible.Which base image should you use?
A. Nano Server
B. Server Cote
C. Windows Server
D. Windows
Question # 23
Task 9 You plan to create group managed service accounts (gMSAs). You need to configure the domain to support the creation of gMSAs.
Question # 24
Task 11 You need to ensure that all DHCP clients that get an IP address from SRV1 will be configured to use DC1 as a DNS server.
Question # 25
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers. You plan to store a DNS zone in a custom Active Directory partition.You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.What should you use?
A. DNS Manager
B. New-ADObjett
C. dnscnd.exe
D. Windows Admin Center
Question # 26
Task2 You need to ensure that the Azure file share named share1 can sync to on-premises servers. The required source files are located in a folder named \\dc1.contoso.com\install. You do NOT need to specify the on-premises servers at this time.
Question # 27
Task 12 You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
Question # 28
You have an Azure virtual machine named VM1 that runs Windows Server. You perform the following actions on VM1:• Create a folder named Folder1 on volume C• Create a folder named Folder2 on volume D.• Add a new data disk to VM1 and create a new volume that is assigned drive letter E.• Install an app named App1 on volume E.You plan to resize VM1.Which objects will present after you resize VM1?
A. Folded and Folder2 only
B. Folder1, volume E, and App1 only
C. Folder1 only
D. Folded. Folder2. App1, and volume E
Question # 29
You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server 1, Server2, and Server3 that run Windows Server.You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3. but access to the resource is denied.You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort. What should you do?
A. Configure Kerberos constrained delegation.
B. Configure Just Enough Administration (JEA).
C. Configure selective authentication for the domain.
D. Disable the Enforce user logon restrictions policy setting for the domain.
Question # 30
Task 1 You need to prevent domain users from saving executable files in a share named \\SRVl\Data. The users must be able to save other files to the share.
Question # 31
Task 8 You need to create an Active Directory Domain Services (AD DS) site named Site2 that is associated to an IP address range of 192.168.2.0 to 192.168.2.255.
Question # 32
Your network contains a DHCP server.You plan to add a new subnet and deploy Windows Server to the subnet.You need to use the server as a DHCP relay agent.Which role should you install on the server?
A. Network Policy and Access Services
B. Remote Access
C. Network Controller
D. DHCP Server
Question # 33
Task 7 You need to monitor the security configuration of DC1 by using Microsoft Defender for Cloud. The required source files are located in a folder named \\dc1.contoso.com\install
Question # 34
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant. You deploy an app that adds custom attributes to the domain. From Azure Cloud Shell, you discover that you cannot query the custom attributes of users. You need to ensure that the custom attributes are available in Microsoft Entra ID. Which task should you perform from Microsoft Entra Connect first?
A. Refresh directory schema
B. Configure device options
C. Customize synchronization options
D. Manage federation
Question # 35
You have a server that runs Windows Server and has the DHCP Server role installed. The server has a scope named Scope! that has the following configurations: • Address range: 192.168.0.2 to 192.16B.1.2M . Mask 255.255.254.0• Router: 192.168.0.1• Lease duration: 3 days• DNS server 172.16.0.254 You have 50 Microsoft Teams Phone devices from the same vendor. All the devices have MAC addresses within the same range.You need to ensure that all the Teams Phone devices that receive a lease from Scope1 have IP addresses in the range of 192.168.1.100 to 192.168.1.200. The solution must NOT affect other DHCP clients that receive IP configurations from Scope1. What should you create?
A. a policy
B. a scope
C. a fitter
D. scope options
Question # 36
Task 5 You need to ensure that a DHCP scope named scope! on SRV1 can service client requests.
Question # 37
Task 3 You need to configure SRV1 as a DNS server. SRV1 must be able resolve names from the contoso.com domain by using DC1. All other names must be resolved by using the root hint servers
Question # 38
You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.A user named Admin1 is a member of the local Administrators group on Server1 and Server2.You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc. What should you do first?
A. From the Azure portal, generate a new onboarding script.
B. Assign Admin1 the Azure Connected Machine Onboarding role for RG1.
C. Hybrid Azure AD join Server1 and Server2.
D. Create an Azure cloud-only account for Admin1.
Question # 39
You need to implement the planned changes for the Azure DNS Private Resolver. Which private DNS zones can you use for name resolution?
A. Zone1.com only
B. Zone2.com only
C. Zone1.com and Zone2.com only
D. Zone2.com and Zone3.com only
E. Zone1.com, Zone2.com, and Zone3.com
Question # 40
Your network contains an Active Directory Domain Services (AD DS) domain. You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences. You plan to link GPO1 to the domain. You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort. Which type of item level targeting should you use?
A. Domain
B. Operating System
C. Security Group
D. Environment Variable
Question # 41
You have an Azure virtual machine named VM1 that runs Windows Server. You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1. What should you do?
A. Add the PowerShell Desired State Configuration (DSC) extension to VM1.
B. Configure VM1 to use a user-assigned managed identity.
C. Configure VM1 to use a system-assigned managed identity.
D. Add the Custom Script Extension to VM1.
Question # 42
You need to ensure that VM3 meets the technical requirements.What should you install first?
A. Enhanced Storage
B. File Server Resource Manager (FSRM)
C. Windows Standards-Based Storage Management
D. the iSNS Server service
Question # 43
You need to ensure that access to storage1 for the Marketing OU users meets the technical requirements.What should you implement?
A. Microsoft Entra Connect cloud sync
B. Active Directory Federation Services (AD FS)
C. Microsoft Entra Connect in staging mode
D. Microsoft Entra Connect in active mode
Question # 44
You need to ensure that Automanage meets the technical requirements.On which Azure virtual machines should you enable Automanage?
A. Server1 only
B. Server2 only
C. Server1 and Server2 only
D. Server2 and Server3 only
E. Server1 and Server4 only
Question # 45
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK. You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1. Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.Does this meet the goal?
A. Yes
B. No
Question # 46
You have a server named Server1 that runs Windows Server and contains two drives named C and D. Server1 hosts multiple file shares. You enable Data Deduplication on drive D and select the General purpose file server workload. You need to minimize the space consumed by files that were recently modified or deleted. What should you do?
A. Run the set-dedupvolume cmdlet and configure the scrubbing job.
B. Run the Set-DedupSchedule Cmdlet and configure a GarbageCollection job.
C. Run the set-Dedupvoiume cmdlet and configure the InputOutputScale settings.
D. Run the Set-DedupSchedule cmdlet and configure the optimization job.
Question # 47
You need to implement the planned changes for Microsoft Entra users to sign in to Server1.Which PowerShell cmdlet should you run?
A. Add-ADComputerServiceAccount
B. Set-AzVM
C. Set-AzVMExtension
D. New-ADComputer
Question # 48
Which two languages can you use for Task1? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. Java
B. Bicep
C. JavaScript
D. Python
E. PowerShell
Question # 49
You have an on-premises server named Server1 that runs Windows Server. You have an Azure virtual network that contains an Azure virtual network gateway. You need to connect only Server1 to the Azure virtual network. What should you use?
A. Azure Network Adapter
B. a Site-to-Site VPN
C. an ExpressRoute circuit
D. Azure Extended Network
Question # 50
You need to implement an availability solution for DHCP that meets the networking requirements.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. On DHCP1. create a scope that contains 25 percent of the IP addresses from Scope2.
B. On the router in each office, configure a DHCP relay.
C. DHCP2. configure a scope that contains 25 percent of the IP addresses from Scope 1 .
D. On each DHCP server, install the Failover Clustering feature and add the DHCP cluster role.
E. On each DHCP scope, configure DHCP failover.
Question # 51
You need to configure remote administration to meet the security requirements. What should you use?
A. just in time (JIT) VM access
B. Azure AD Privileged Identity Management (PIM)
C. the Remote Desktop extension for Azure Cloud Services
D. an Azure Bastion host
Question # 52
You have an on-premises server named Server 1 that runs Windows Server. You have an Azure subscription that contains a virtual network named VNetl. You need to connect Server! to VNetl by using Azure Network Adapter. What should you use?
A. the Azure portal
B. Azure AD Connect
C. Device Manager
D. Windows Admin Center
Question # 53
You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements. What should you configure?
A. security filtering for the link of GP04
B. security filtering for the link of GPO1
C. loopback processing in GPO4
D. the Enforced property for the link of GP01
E. loopback processing in GPO1
F. the Enforced property for the link of GP04
Question # 54
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK. You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1. Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1. Does this meet the goal?
A. Yes
B. No
Question # 55
You are planning the implementation Azure Arc to support the planned changes. You need to configure the environment to support configuration management policies. What should you do?
A. Hybrid Azure AD join all the servers.
B. Create a hybrid runbook worker m Azure Automation.
C. Deploy the Azure Connected Machine agent to all the servers.
D. Deploy the Azure Monitor agent to all the servers.
Question # 56
You have an Azure virtual machine named VM1 that runs Windows Server and has the following configurations:Size: D2s_v4Operating system disk: 127-GiB standard SSDData disk 128-GiB standard SSD Virtual machine generation: Gen 2You plan to perform the following changes to VM1:Change the virtual machine size to D4s_v4.Detach the data disk.Add a new standard SSD.Which changes require downtime for VM1?
A. Detaching the data disk only and adding a new standard SSD.
B. Detaching the data disk only.
C. Changing the virtual machine size only.
D. Adding a new standard SSD only.
Question # 57
Your network contains a Active Directory Domain Service (AD DS) forest named contoso.com. The forest root domain contains a server named server1. contoso.com.A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains.You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.comWhat should you do first?
A. Change the trust to a one-way external trust.
B. Add fabrikam\Group1 to the local Users group on server1.contoso.com.
C. Enable SID filtering for the trust.
D. Enable Selective authentication for the trust.
Question # 58
What should you implement for the deployment of DC3?
A. Azure Active Directory Domain Services (Azure AD DS}
B. Azure AD Application Proxy
C. an Azure virtual machine
D. an Azure AD administrative unit
Question # 59
You haw an Azure virtual machine named VM1 that runs Windows Server You need to configure the management of VM1 to meet the following requirements: • Require administrators to request access to VM1 before establishing a Remote Desktop connection. • Limit access to VM1 from specific source IP addresses. • Limit access to VMI to a specific management port. What should you configure?
A. a network security group (NSG)
B. Azure Active Directory (Azure AD) Privileged identity Management (PIM)
C. Azure Front Door
D. Microsoft Defender for Cloud
Question # 60
You have an on-premises network that is connected to an Azure virtual network by using a Site-to-Site VPN.Each network contains a subnet that has the same IP address space. The on-premises subnet contains a virtual machine.You plan to migrate the virtual machine to the Azure subnet.You need to migrate the on premises virtual machine to Azure without modifying the IP address. The solution must minim administrative effort. What should you implement before you perform the migration?
A. Azure Extended Network
B. Azure Virtual Network NAT
C. Azure Application Gateway
D. Azure virtual network peering
Question # 61
You need to implement a name resolution solution that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point
A. Create an Azure private DNS zone named corp.fabhkam.com.
B. Create a virtual network link in the coip.fabnkam.c om Azure private DNS zone.
C. Create an Azure DNS zone named corp.fabrikam.com.
D. Configure the DNS Servers settings for Vnet1.
E. Enable autoregistration in the corp.fabnkam.com Azure private DNS zone.
F. On DC3, install the DNS Server role.
G. Configure a conditional forwarder on DC3.
Question # 62
You have a server named Server1 that runs Windows Server and contains a file share named Share1. You need to prevent users from stoning MP4 files in Share1. The solution must ensure that the users can store other types of files in the share. What should you configure on Server1?
A. File Management Tasks
B. NTFS Quotas
C. NTFS permissions
D. file screens
Question # 63
You need to meet the technical requirements for the site links. Which users can perform the required tasks?
A. Admin1 only
B. Admin1 and Admin3 only
C. Admin1 and Admin2 only
D. Admin3 only
E. Admin1, Adrrun2. and Admin3
Question # 64
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant You have several Windows 10 devices that are Azure AD hybrid-joined. You need to ensure that when users sign in to the devices, they can use Windows Hello for Business. Which optional feature should you select in Azure AD Connect?
A. Device writeback
B. Group writeback
C. Password writeback
D. Directory extension attribute sync
E. Azure AD app and attribute filtering
Question # 65
You have an Azure virtual machine named Served that runs a network management application. Server1 has the following network configurations: • Network interface: Nic1 • IP address. 10.1.1.1/24 • Connected to: VnetVSubnet1 You need to connect Server1 to an additional subnet named Vnet1/Subnet2. What should you do?
A. Modify the IP configurations of Nic1.
B. Add a network interface to Server1.
C. Add an IP configuration to Nic1.
D. Create a private endpoint on Subnet2
Question # 66
You need to meet the technical requirements for VM3On which volumes can you enable Data Deduplication?
A. D and E only
B. C, D, E, and F
C. D only
D. C and D only
E. D, E, and F only
Question # 67
You need to meet the technical requirements for VM2.What should you do?
A. Implement shielded virtual machines.
B. Enable the Guest services integration service.
C. Implement Credential Guard.
D. Enable enhanced session mode.
Question # 68
You have a server named Server1 that hosts Windows containers. You plan to deploy an application that will have multiple containers. Each container will be You need to create a Docker network that supports the deployment of the application. Which type of network should you create?
A. transparent
B. I2bridge
C. NAT
D. I2tunnel
Question # 69
You need to meet the technical requirements for Server1. Which users can currently perform the required tasks?
A. Admin1 only
B. Admin3 only
C. Admin1 and Admin3 only
D. Admin1 Admin2. and Admm3
Question # 70
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server. You build an app named App1. You need to configure continuous integration and continuous deployment (CI/CD) of App1 to VM1. What should you create first?
A. a managed identity
B. an App Service Environment
C. an Azure Automation account
D. an Azure DevOps organization
Question # 71
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.You need to identify which server is the PDC emulator for the domain.Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations Master.Does this meet the goal?
A. Yes
B. No
Question # 72
You have an Azure virtual machine named VM1 that has a private IP address only.You configure the Windows Admin Center extension on VM1. You have an on-premises computer that runs Windows 11. You use the computer for server management. You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1. What should you configure?
A. an Azure Bastion host on the virtual network that contains VM1.
B. a VPN connection to the virtual network that contains VM1.
C. a network security group 1NSG) rule that allows inbound traffic on port 443.
D. a private endpoint on the virtual network that contains VM1.
Question # 73
You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app named App1 and a firewall named Firewall1.You have an Azure subscription.Internal users connect to App1 by using WebSockets.You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.What should you include in the solution?
A. Microsoft Application Request Routing (ARR) Version 2
B. Web Application Proxy
C. Azure Relay
D. Azure Application Gateway
Question # 74
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com The domain contains three servers that run Windows Server and have the Hyper-V server rote installed. Each server has a Switch Embedded Teaming (SET) teamYou need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server.What should you use?
A. Server Manager
B. the validate-DCB cmdtet
C. the Get-NetAdaptor cmdlet
D. Failover Cluster Manager
Question # 75
You need to meet the technical requirements for User1. The solution must use the principle of least privilege.What should you do?
A. Add Users1 to the Server Operators group in contoso.com.
B. Create a delegation on contoso.com.
C. Add Users1 to the Account Operators group in contoso.com.
D. Create a delegation on OU3.
Question # 76
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK. You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1. Solution: You create a new subnet object that is associated to Site1. Does this meet the goal?
A. Yes
B. No
Question # 77
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.You plan deploy 100 new Azure virtual machines that will run Windows Server. You need to ensure that each new virtual machine is joined to the AD DS domain. What should you use?
A. Azure AD Connect
B. a Group Policy Object (GPO)
C. an Azure Resource Manager (ARM) template
D. an Azure management group
Question # 78
Your network contains an Active Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers. You plan to store a DNS zone in a custom active Directory partition. You need to create the Active Directory partition for the zone. The partition replicate to only four of the domain controllers. What should you use?
A. Active Directory Sites and Services
B. Active Directory Administrator Center
C. dnscmd.exe
D. DNS Manager
Question # 79
You have a server that runs Windows Server and contains a shared folder named UserData.You need to limit the amount of storage space that each user can consume in UserData.What should you use?
A. Storage Spaces
B. Work Folders
C. Distributed File System (DFS) Namespaces
D. File Server Resource Manager (FSRM)
Question # 80
Note: This question is part of a series of questions that present the same scenario.Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3.Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.Solution: You create a new site named Site4 and associate Site4 to DEFAULTSITELINK. Does this meet the goal?
A. Yes
B. No
Question # 81
Your on-premises network contains an Active Directory domain named contoso.com. You have an Azure AD tenant. You plan to sync contoso.com with the Azure AD tenant by usingAzure AD Connect cloud sync. You need to create an account that will be used by Azure AD Connect cloud sync. Which type of account should you create?
A. system-assigned managed identity
B. group managed service account (gMSA)
C. user
D. InetOrgPerson
Question # 82
You have five tile servers that run Windows Server. You need to block users from uploading video files that have the .mov extension to shared folders on the file servers. All other types of files must be allowed. The solution must minimize administrative effort.What should you create?
A. a Dynamic Access Control central access policy
B. a file screen
C. a Dynamic Access Control central access rule
D. a data loss prevention (DLP) policy