2025 Valid AZ-800 FREE EXAM DUMPS QUESTIONS & ANSWERS [Q51-Q75]

Share

2025 Valid AZ-800 FREE EXAM DUMPS QUESTIONS & ANSWERS

Free AZ-800 Exam Braindumps Microsoft  Pratice Exam


Exam Content

The next point for you to know is the exam content. The AZ-800 test consists of five topics in which you should be proficient. The first topic is the most extensive one and is dedicated to deploying and managing AD DS in on-premises and cloud environments. In this domain, you should have a good understanding of how to deploy and operate AD DS domain controllers, work in multi-domain, multi-forest, and multi-site environments, apply hybrid identities. In addition, your skills to create and operate AD DS security principals, manage Windows Server will be assessed as well.

The second topic refers to managing Windows Server and workloads in a hybrid environment. This implies that you are competent in dealing with Windows Server in a hybrid environment and Azure services to operate Windows Servers and workloads. Thus, you can demonstrate your skills to configure CredSSP, PowerShell Remoting, JEA, operate updates for Windows machines, manage Windows Servers, integrate Windows Servers with Azure Security Center or Log Analytics.

The third domain focuses on managing virtual machines and containers. The aim of this domain is to measure your abilities in working with VM memory, VM Resource Groups, VM CPU Groups, VM Checkpoints, Integration Services, NIC teaming, and Hyper-V switch. This subject area also includes the ability to create and operate containers, and operate Azure Virtual Machines based on Windows Server.

The fourth domain aims to check your skills in applying and operating an on-premises and hybrid networking infrastructure. In this domain you are expected competency in utilizing on-premises and hybrid name resolution, operating IP addressing in hybrid and on-premises scenarios, applying on-premises and hybrid network connectivity. Thus, you should possess top-notch skills to apply DNSSEC, integrate DNS with AD DS, configure DNS forwarding, operate IPAM, create IP reservations, apply Azure Network Adapter, Web App Proxy, Azure Replay.

The fifth topic refers to managing storage and file services. This part evaluates your skills in operating Azure File Sync, operating Windows Server files shares, and Windows Server storage. To deal with the questions from this domain, you need to be able to create Azure File Sync service, monitor File Sync, create cloud endpoints, BranchCache, apply DFS, configure volumes, disks, and Data Deduplication.


Microsoft AZ-800 certification exam is a great way to demonstrate your expertise in managing and administering Windows Server hybrid core infrastructure. It validates your skills and knowledge in using Azure services and other cloud-based solutions to manage and administer Windows Server environments. Administering Windows Server Hybrid Core Infrastructure certification exam is highly valued by employers and can help you advance your career in IT.


The Microsoft AZ-800 exam is intended for professionals who are responsible for managing and administering hybrid environments that include both on-premises and cloud infrastructures. AZ-800 exam tests the candidate's ability to implement and manage Windows Server workloads in Azure, integrate Azure services with Windows Server, and implement hybrid identity and security solutions.

 

NEW QUESTION # 51
You have a server named Server1 that runs Windows Server and has the Active Directory Federation Services role installed.
You plan to deploy Web Application Proxy to a server named Server2.
You export the Active Directory Federation Services (AD FS) certificate from Server1.
Which actions should you perform on Server2 in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTF: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 52
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.
You deploy five servers to the domain. You add the servers to a group named iTFarmHosts.
You plan to configure a Network Load Balancing (NIB) cluster named NLBCluster.contoso.com that will contain the five servers.
You need to ensure that the NLB service on the nodes of the cluster can use a group managed service account (gMSA) to authenticate.
Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdiets from the list of cmdlets to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation:

Text Description automatically generated
Reference:
https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distri
https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-


NEW QUESTION # 53
You have a server named Server1 that runs Windows Server. Server1 has a single network interface and the Hyper-V virtual switches shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 54
Which groups can you add to Group3 and Group5? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups


NEW QUESTION # 55
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.

The contoso.local zone contains zone delegations for east.contoso.local and west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: You configure Server2 and Server3 to forward DNS requests to 10.0.1.10.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 56
You have a Windows Server 2022 container host named Host1 and a container registry that contains the container images shown in the following table.

You need to run the containers on Host1
Which isolation mode can you use for each image? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 57
You have a server named Server1 that hosts Windows containers. You plan to deploy an application that will have multiple containers. Each container will be You need to create a Docker network that supports the deployment of the application. Which type of network should you create?

  • A. NAT
  • B. I2bridge
  • C. I2tunnel
  • D. transparent

Answer: B


NEW QUESTION # 58
You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-expressroute-portal
Topic 1, Fabrikam inc.
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more Information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements, if the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. Is a manufacturing company that has a main office In New York and a branch office in Seattle.
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.

DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP! contains a scope named Scope1 that has addresses for the New York office. DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Group Policy Object (GPOs)
The cwp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.

Requirements:
Fabrikam Identifies the following planned changes:
* Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
* Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and ExpressRoute. Both on-premises offices will be connected to Vnet1 by using ExpressRoute.
* Create three Azure file shares named newyorkfiles, seattfefiles, and companyfiles.
* Create a domain controller named dc3.corp.fabrikam,com in Vnet1.
* Deploy an Azure Virtual Desktop host pool lo Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD joined.
* License all servers for Microsoft Defender for servers.
* Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.
Networking Requirements
Fabrikam identifies the following security requirements:
* Apply GP04 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout lime manually from their client computer.
* Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
* Prevent user passwords from containing all or part of words that are based on the company name, such as Fab. fabrikam or fsbr! |.
* Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
* Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
* Ensure that seattlefiles syncs to FS2.
* Ensure that newyorkfiles syncs to FS1.
* Ensure that companyfiles syncs to both FS1 and FS2.


NEW QUESTION # 59
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com.


The domain contains a 'He server named Server1 and three users named User1. User2 and User), Server1 contains a shared folder named Share1 tha1 has the following configurations:

The share permissions for Share1 are configured as shown in the Share Permissions exhibit. (Click the Share Permissions tab.) Share1 contains a file named Filel.txt. The advanced security settings for Filel.txt are configured as shown in the File Permissions exhibit. (Click the File Permissions tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: f ach correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 60
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com.
in the contoso.com domain, you create two users named Admin1 and Admin2.
You need to ensure that the users can perform the following tasks:
* Admin1 can create and manage Active Directory sites.
* Admin2 can deploy domain controller to the easl.conloso.com domain.
The solution must use the principle of least privilege.
To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/ras/multisite/configure/step-2-configure-the-multisite-infrastructure


NEW QUESTION # 61
You have on-premises servers that run Windows Server as shown in the following table.
You have an Azure file share named share1 that stores two files named File2.docx and File3.docx.
You create an Azure File Sync sync group that includes the following endpoints:
share
D:\Folder1 on Server1
D:\Datal on Server2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-introduction


NEW QUESTION # 62
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure AD tenant. The tenant contains a group named Group1 and the users shown in the following table.

Domain/OU filtering in Azure AD Connect is configured as shown in the Filtering exhibit. (Click the Filtering tab.)

You review the Azure AD Connect configurations as shown in the Configure exhibit. (Click the Configure tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 63
You have a Windows Server container host named Server1 and an Azure subscription.
You deploy an Azure container registry named Registry1 to the subscription.
On Server1, you create a container image named image1.
You need to store imager in Registry1.
Which command should you run on Server1 ? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli?tabs=azure- cli#push-the-image-to-your-registry


NEW QUESTION # 64
You have a Windows Server 2022 container host named Host1 and a container registry that contains the container images shown in the following table.

You need to run the containers on Host1
Which isolation mode can you use for each image? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 65
You have a Group Policy Object (GPO) named GPO1 that contains user settings only.
You plan to apply GPO1 to a global security group named Group1.
You link GP01 to the domain, and you remove all the permissions granted to the Authenticated Users group.
You need to configure permissions for GP01 to meet the following requirements.
* GPO1 must apply only to the users in Group 1.
* The solution must use the principle of least privilege

Answer:

Explanation:


NEW QUESTION # 66
Task 12
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.

Answer:

Explanation:
See the solution of this Task below
Explanation:
To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:
On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open Group Policy Management from the Administrative Tools menu or by typing gpmc.msc in the Run box.
In the left pane, expand your domain and right-click on Group Policy Objects. Select New to create a new GPO.
In the New GPO dialog box, enter GPO1 as the Name of the new GPO and click OK. You can also optionally select a source GPO to copy the settings from.
Right-click on the new GPO and select Edit to open the Group Policy Management Editor. Here, you can configure the settings that you want to apply to the group under the Computer Configuration and User Configuration nodes. For more information on how to edit a GPO, see Edit a Group Policy Object.
Close the Group Policy Management Editor and return to the Group Policy Management console. Right-click on the new GPO and select Scope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.
Under the Security Filtering section, click on Authenticated Users and then click on Remove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.
Click on Add and then type the name of the group that you want to apply the GPO to, such as MemberServers. Click OK to add the group to the security filter. You can also click on Advanced to browse the list of groups available in the domain.
Optionally, you can also configure the WMI Filtering section to further filter the GPO based on the Windows Management Instrumentation (WMI) queries. For more information on how to use WMI filtering, see Filter the scope of a GPO by using WMI filters.
To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and select Link an Existing GPO. Select the GPO that you created, such as GPO1, and click OK. You can also change the order of preference by using the Move Up and Move Down buttons.
Wait for the changes to replicate to other domain controllers. You can also force the update of the GPO by using the gpupdate /force command on the domain controller or the client computers. For more information on how to update a GPO, see Update a Group Policy Object.
Now, you have created a GPO named GPO1 that only applies to a group named MemberServers. You can verify the GPO application by using the gpresult /r command on a member server and checking the Applied Group Policy Objects entry. You can also use the Group Policy Results wizard in the Group Policy Management console to generate a report of the GPO application for a specific computer or user. For more information on how to use the Group Policy Results wizard, see Use the Group Policy Results Wizard.


NEW QUESTION # 67
You have 10 on-premises servers that run Windows Server.
You plan to use Azure Network Adapter to connect the servers to the resources in Azure.
Which prerequisites do you require on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/use-azure-network-adapter


NEW QUESTION # 68
Your network contains a single-domain Active Directory Domain Services (AD DS) forest named conto.com.
The forest contains the servers shown in the following exhibit table.

You plan to install a line-of-business (LOB) application on Server1. The application will install a custom windows services.
A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key.
You need to create, configure, and install the gMSA that will be used by the new application.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. On Server1, run the install-ADServiceAccount cmdlet.
  • B. On Server1, run the Get-ADServiceAccount cmdlet.
  • C. On DC1, run the Set_ADComputer cmdlet.
  • D. ON DC1, run the Install-ADServiceAccount cmdlet.
  • E. On DC1, run the New-ADServiceAccount cmdlet.

Answer: A,E


NEW QUESTION # 69
Task 9
You plan to create group managed service accounts (gMSAs).
You need to configure the domain to support the creation of gMSAs.

Answer:

Explanation:
See the solution of this Task below
Explanation:
To configure the domain to support the creation of gMSAs, you need to perform the following steps:
On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open PowerShell as an administrator and run the following command to install the Active Directory module:
Install-WindowsFeature -Name RSAT-AD-PowerShell
Run the following command to create a Key Distribution Service (KDS) root key, which is required for generating passwords for gMSAs. You only need to do this once per domain:
Add-KdsRootKey -EffectiveImmediately
Wait for at least 10 hours for the KDS root key to replicate to all domain controllers in the domain. Alternatively, you can use the -EffectiveTime parameter to specify a past date and time for the KDS root key, but this is not recommended for security reasons. For more information, see Add-KdsRootKey.
After the KDS root key is replicated, you can create and configure gMSAs using the New-ADServiceAccount and Set-ADServiceAccount cmdlets. For more information, see Create a gMSA and Configure a gMSA.


NEW QUESTION # 70
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the servers shown in the following table.

The domain contains the users shown in the following table.

On Server2. you run the Enable-PSRemoting cmdlet
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 71
You have an Active Directory Domain Services (AD DS) domain that contains the domain controllers shown in the following table.

The domain contains an app named App1 that uses a custom application partition to store configuration data.
You decommission App1.
When you attempt to remove the custom application partition, the process fails.
Which domain controller is unavailable?

  • A. DC1
  • B. DC2
  • C. DC3
  • D. DC4

Answer: C


NEW QUESTION # 72
You have an on-premises server named Server1 that runs Windows Server and has internet connectivity.
You have an Azure subscription.
You need to monitor Server1 by using Azure Monitor.
Which resources should you create in the subscription, and what should you install on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor


NEW QUESTION # 73
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.
You deploy five servers to the domain. You add the servers to a group named iTFarmHosts.
You plan to configure a Network Load Balancing (NIB) cluster named NLBCluster.contoso.com that will contain the five servers.
You need to ensure that the NLB service on the nodes of the cluster can use a group managed service account (gMSA) to authenticate.
Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdiets from the list of cmdlets to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Add-KdsRootKey
2 - New-ADServiceAccount
3 - Install-ADServiceAccount
Reference:
https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key
https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts


NEW QUESTION # 74
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a file server named Server1 and three users named User1, User2, and User3.
Server1 contains a shared folder named Share1 that has the following configurations:

The share permissions for Share1 are configured as shown in the Share Permissions exhibit.
Share1 contains a file named File1.bxt. The advanced security settings for File1.txt are configured as shown in the File Permissions exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 75
......

Prepare For Realistic AZ-800 Dumps PDF - 100% Passing Guarantee: https://www.free4torrent.com/AZ-800-braindumps-torrent.html

Practice Test for AZ-800 Certification Real 2025 Mock Exam: https://drive.google.com/open?id=1dscu7UWY25JXoYUDWaGkd-iVT4pXXbJg