New Microsoft AZ-800 Dumps & Questions Updated on 2022
Dumps to Pass your AZ-800 Exam with 100% Real Questions and Answers
Schedule exam
Languages: English, Japanese, Chinese (Simplified), Korean, German, French, Spanish, Portuguese (Brazil), Arabic (Saudi Arabia), Russian, Chinese (Traditional), Italian, Indonesian (Indonesia)
Retirement date: none
This exam measures your ability to accomplish the following technical tasks: deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments; manage Windows Servers and workloads in a hybrid environment; manage virtual machines and containers; implement and manage an on-premises and hybrid networking infrastructure; and manage storage and file services.
NEW QUESTION 46
You haw an Azure virtual machine named VM1 that runs Windows Server
You need to configure the management of VM1 to meet the following requirements:
* Require administrators to request access to VM1 before establishing a Remote Desktop connection.
* Limit access to VM1 from specific source IP addresses.
* Limit access to VMI to a specific management port
What should you configure?
- A. Microsoft Defender for Cloud
- B. Azure Active Directory (Azure AD) Privileged identity Management (PIM)
- C. a network security group (NSG)
- D. Azure Front Door
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/defender-fo
NEW QUESTION 47
You need to meet the technical requirements for VM3
On which volumes can you enable Data Deduplication?
- A. C and D only
- B. D only
- C. D and E only
- D. D, E, and F only
- E. C, D, E, and F
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/understand
Topic 2, Fabrikam inc.
Requirements:
Fabrikam Identifies the following planned changes:
* Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
* Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and ExpressRoute. Both on-premises offices will be connected to Vnet1 by using ExpressRoute.
* Create three Azure file shares named newyorkfiles, seattfefiles, and companyfiles.
* Create a domain controller named dc3.corp.fabrikam,com in Vnet1.
* Deploy an Azure Virtual Desktop host pool lo Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD joined.
* License all servers for Microsoft Defender for servers.
* Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.
Networking Requirements
Fabrikam identifies the following security requirements:
* Apply GP04 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout lime manually from their client computer.
* Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
* Prevent user passwords from containing all or part of words that are based on the company name, such as Fab. fabrikam or fsbr! |.
* Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
* Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
* Ensure that seattlefiles syncs to FS2.
* Ensure that newyorkfiles syncs to FS1.
* Ensure that companyfiles syncs to both FS1 and FS2.
NEW QUESTION 48
You have a Group Policy Object (GPO) named GPO1 that contains user settings only.
You plan to apply GPO1 to a global security group named Group1.
You link GP01 to the domain, and you remove all the permissions granted to the Authenticated Users group.
You need to configure permissions for GP01 to meet the following requirements.
* GPO1 must apply only to the users in Group 1.
* The solution must use the principle of least privilege
Answer:
Explanation:
NEW QUESTION 49
You need to configure Azure File Sync to meet the file sharing requirements. What should you do? To answer, select the appropriate options in the answer are a. NOTE Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 50
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com The domain contains three servers that run Windows Server and have the Hyper-V server rote installed. Each server has a Switch Embedded Teaming (SET) team You need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server.
What should you use?
- A. the validate-DCB cmdtet
- B. the Get-NetAdaptor cmdlet
- C. Failover Cluster Manager
- D. Server Manager
Answer: A
Explanation:
Reference:
https://github.com/Microsoft/Validate-DCB
NEW QUESTION 51
You need to meet the technical requirements for VM1.
Which cmdlet should you run first? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Topic 2, Fabrikam inc.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP! contains a scope named Scope1 that has addresses for the New York office. DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Group Policy Object (GPOs)
The cwp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.
Requirements:
Fabrikam Identifies the following planned changes:
* Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
* Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and ExpressRoute. Both on-premises offices will be connected to Vnet1 by using ExpressRoute.
* Create three Azure file shares named newyorkfiles, seattfefiles, and companyfiles.
* Create a domain controller named dc3.corp.fabrikam,com in Vnet1.
* Deploy an Azure Virtual Desktop host pool lo Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD joined.
* License all servers for Microsoft Defender for servers.
* Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.
Networking Requirements
Fabrikam identifies the following security requirements:
* Apply GP04 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout lime manually from their client computer.
* Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
* Prevent user passwords from containing all or part of words that are based on the company name, such as Fab. fabrikam or fsbr! |.
* Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
* Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
* Ensure that seattlefiles syncs to FS2.
* Ensure that newyorkfiles syncs to FS1.
* Ensure that companyfiles syncs to both FS1 and FS2.
NEW QUESTION 52
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a file server named Server1 and three users named User1, User2, and User3.
Server1 contains a shared folder named Share1 that has the following configurations:
The share permissions for Share1 are configured as shown in the Share Permissions exhibit.
Share1 contains a file named File1.bxt. The advanced security settings for File1.txt are configured as shown in the File Permissions exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 53
You have five tile servers that run Windows Server.
You need to block users from uploading video files that have the .mov extension to shared folders on the file servers. All other types of files must be allowed. The solution must minimize administrative effort.
What should you create?
- A. a Dynamic Access Control central access policy
- B. a data loss prevention (DLP) policy
- C. a file screen
- D. a Dynamic Access Control central access rule
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/fsrm/file-screening-management
NEW QUESTION 54
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new site named Site4 and associate Site4 to DEFAULTSITELINK.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION 55
Your network contains an on -premises Active Directory Domain Services (AD DS) domain named contoso.com The domain contains the objects shown in the following table.
You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect You need to ensure that all the objects can be used in Conditional Access policies What should you do?
- A. Clear the Configure device writeback option.
- B. Select the Configure Hybrid A2urc AD join option.
- C. Change the scope of Group2 to Universal
- D. Change the scope o' Group1 and Group2 to Global
Answer: A
NEW QUESTION 56
Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.
You need to minimize the convergence time for changes to Active Directory.
What should you do?
- A. Create a site link bridge that contains all the site links.
- B. For each site link, modify the options attribute.
- C. For each site link, modify the site link costs.
- D. For each site link, modify the replication schedule.
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/determining-the-interval
NEW QUESTION 57
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION 58
You have an Azure Active Directory Domain Services (Azure AD DS) domain.
You create a new user named Admin1.
You need Admin1 to deploy custom Group Policy settings to all the computers in the domain. The solution must use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy
NEW QUESTION 59
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.
You need to recommend a deployment plan that meets the following requirements:
Ensures that a user named User1 can perform the RODC installation on Server1
Ensures that you can control the AD DS replication schedule to the Server1
Ensures that Server1 is in a new site named RemoteSite1
Uses the principle of least privilege
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Create a site and a subnet.
2 - Pre-create an RODC account.
3 - Instruct User1 to run the Active Directory Domain Services installation Wizard on Server1.
Reference:
https://mehic.se/2018/01/02/how-to-install-and-configure-read-only-domain-controller-rodc-2016/
NEW QUESTION 60
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com.

The domain contains a 'He server named Server1 and three users named User1. User2 and User), Server1 contains a shared folder named Share1 tha1 has the following configurations:
The share permissions for Share1 are configured as shown in the Share Permissions exhibit. (Click the Share Permissions tab.) Share! contains a file named Filel.txt. The advanced security settings for Filel.txt are configured as shown in the File Permissions exhibit. (Click the File Permissions tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: f ach correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 61
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Reference:
https://activedirectorypro.com/how-to-check-fsmo-roles/
NEW QUESTION 62
You have a Windows Server container host named Server1 that has a single disk.
On Server1, you plan to start the containers shown in the following table.
Which isolation mode can you use for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:

Reference:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/hyperv-container
NEW QUESTION 63
You have an Azure subscription that contains the following resources:
* An Azure Log Analytics workspace
* An Azure Automation account
* Azure Arc.
You have an on-premises server named Served that is onboaraed to Azure Arc You need to manage Microsoft updates on Server! by using Azure Arc Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
- A. From the Automation account, enable Update Management for Server1.
- B. From the Virtual machines data source of the Log Analytics workspace, connect Server1.
- C. Add Microsoft Sentinel to the Log Analytics workspace
- D. On Server1, install the Azure Monitor agent
Answer: A,C
NEW QUESTION 64
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each forest contains a single domain. The domains contain the servers shown in the following table.
You need to configure resources based constrained delegation so that the users In contoso.com can use Windows Admin Center on Server) to connect to Server? How should you complete the command? To answer, select the appropriate options in the answer are
a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-adcomputer?view=windowsserver2022-ps
NEW QUESTION 65
You have two on-premises servers named Server1 and Servet2 that run Windows Server.
You have an Azure Storage account named storage1 that contains a file share named share'. Server1 syncs with share1 by using Azure File Sync You need to configure Server2 to sync with share1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Add a Storage Sync Service to the Azure subscription.
2 - On Server2, install the Azure File Sunc agent.
3 - Register Server2 with the Storage Sync Service.
NEW QUESTION 66
You plan to deploy an Azure virtual machine that will run Windows Server.
You need to ensure that an Azure Active Directory (Azure AD) user [email protected] can connect 10 the virtual machine by using the Azure Serial Console.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview
NEW QUESTION 67
Which groups can you add to Group3 and Group5? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups
NEW QUESTION 68
Your network contains two VLANs for client computers and one VLAN for a datacenter Each VLAN is assigned an IPv4 subnet Currently, all the client computers use static IP addresses.
You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://sites.google.com/site/chaseerry/cisco-routing/dhcp-relay-agent---one-dhcp-server-for-many-vlans
NEW QUESTION 69
You have a server named Server1 that runs Windows Server Server1 has a just-a-bunch-of-disks (JBOD) enclosure attached.
You plan to create a storage pool on Server1 and a virtual disk that will use a mirror layout.
You are considering whether to use a two-way or a three-way mirror layout.
What is the minimum number of disks required for each type of minor layout? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 70
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.
You need to recommend a deployment plan that meets the following requirements:
Ensures that a user named User1 can perform the RODC installation on Server1 Ensures that you can control the AD DS replication schedule to the Server1 Ensures that Server1 is in a new site named RemoteSite1 Uses the principle of least privilege Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Add User1 to the Contoso\Adminisitrator group.
2 - Pre-create an RODC account.
3 - Instruct User1 to run the Active Directory Domain Services installation Wizard on Server1.
NEW QUESTION 71
......
Updated Exam AZ-800 Dumps with New Questions: https://www.getvalidtest.com/AZ-800-exam.html
Today Updated AZ-800 Exam Dumps Actual Questions: https://drive.google.com/open?id=1lIoKTcIGyjByVdlpKeFMDsMMVsqMV2bE