Administering Windows Server Hybrid Core Infrastructure v1.0 (AZ-800)

Page:    1 / 16   
Total 232 questions

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains a user named User1. User1 is a member of a group named Group1 and is in an organizational unit (OU) named OU1.

The domain has minimum password lengths configured as shown in the following table.



What is the minimum password length that User1 should use when changing to a new password?

  • A. 7
  • B. 8
  • C. 10
  • D. 12
  • E. 14


Answer : A

SIMULATION
-

You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.

To complete this task, sign in the required computer or computers.



Answer :

HOTSPOT -
You have 10 on-premises servers that run Windows Server.
You plan to use Azure Network Adapter to connect the servers to the resources in Azure.
Which prerequisites do you require on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/use-azure-network-adapter

DRAG DROP -
You have a server named Server1 that has Windows Admin Center installed. The certificate used by Windows Admin Center was obtained from a certification authority (CA).
The certificate expires.
You need to replace the certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:



Answer :

Step 1: Run Windows Admin Center Setup and select Change.
Updating the certificate used by Windows Admin Center
When you have Windows Admin Center deployed as a service, you must provide a certificate for HTTPS. To update this certificate at a later time, re-run the installer and choose change.


Step 2: Obtain and install a new certificate.
Step 3: Copy the certificate thumbprint.
The final step is to copy the certificate's thumbprint into the setup soon after installing it into the local store.
Reference:
https://4sysops.com/archives/install-an-ssl-certificate-in-windows-admin-center/

HOTSPOT -
You have an on-premises server named Server1 that runs Windows Server and has internet connectivity.
You have an Azure subscription.
You need to monitor Server1 by using Azure Monitor.
Which resources should you create in the subscription, and what should you install on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor

You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.
A user named Admin1 is a member of the local Administrators group on Server1 and Server2.
You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.
You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.
What should you do first?

  • A. From the Azure portal, generate a new onboarding script.
  • B. Assign Admin1 the Azure Connected Machine Onboarding role for RG1.
  • C. Hybrid Azure AD join Server1 and Server2.
  • D. Create an Azure cloud-only account for Admin1.


Answer : B

Reference:
https://docs.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal

HOTSPOT -
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each forest contains a single domain.
The domains contain the servers shown in the following table.

You need to configure resource based constrained delegation so that the users in contoso.com can use Windows Admin Center on Server1 to connect to Server2.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-adcomputer?view=windowsserver2022-ps

HOTSPOT -
You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed.
You need to limit which Hyper-V module cmdlets helpdesk users can use when administering Server1 remotely.
You configure Just Enough Administration (JEA) and successfully build the role capabilities and session configuration files.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/register-jea?view=powershell-7.2

You have an Azure virtual machine named VM1 that runs Windows Server.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1.
What should you do?

  • A. Add the PowerShell Desired State Configuration (DSC) extension to VM1.
  • B. Configure VM1 to use a user-assigned managed identity.
  • C. Configure VM1 to use a system-assigned managed identity.
  • D. Add the Custom Script Extension to VM1.


Answer : C

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/guest-configuration

HOTSPOT -
You have an Azure subscription named sub1 and 500 on-premises virtual machines that run Windows Server.
You plan to onboard the on-premises virtual machines to Azure Arc by running the Azure Arc deployment script.
You need to create an identity that will be used by the script to authenticate access to sub1. The solution must use the principle of least privilege.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal

You have an Azure virtual machine named VM1 that has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11. You use the computer for server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.
What should you configure?

  • A. an Azure Bastion host on the virtual network that contains VM1.
  • B. a VPN connection to the virtual network that contains VM1.
  • C. a private endpoint on the virtual network that contains VM1.
  • D. a network security group (NSG) rule that allows inbound traffic on port 443.


Answer : B

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm

Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic.
The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only.
You plan to manage the servers in the branch office by using a Windows Admin Center gateway.
On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings.
You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway.
Which inbound TCP port should you allow?

  • A. 443
  • B. 3389
  • C. 5985
  • D. 6516


Answer : A

You have an Azure subscription that contains the following resources.
✑ An Azure Log Analytics workspace
✑ An Azure Automation account
✑ Azure Arc
You have an on-premises server named Server1 that is onboarded to Azure Arc.
You need to manage Microsoft updates on Server1 by using Azure Arc.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From the Automation account, enable Update Management for Server1.
  • B. From the Virtual machines data source of the Log Analytics workspace, connect Server1.
  • C. On Server1, install the Azure Monitor agent
  • D. Add Microsoft Sentinel to the Log Analytics workspace


Answer : AC

Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc-update-management

HOTSPOT -
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You have an on-premises web app named WebApp1 that only supports Kerberos authentication.
You need to ensure that users can access WebApp1 by using their Azure AD account. The solution must minimize administrative effort.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

SIMULATION
-

You need to collect errors from the System event log of SRV1 to a Log Analytics workspace.

The required source files are located in a folder named \\dc1.contoso.com\install.

To complete this task, sign in the required computer or computers.



Answer :

Page:    1 / 16   
Total 232 questions