Microsoft AZ-800 Online Practice Questions and Exam Preparation

Microsoft AZ-800 Online Questions & Answers

• Question 141:

  HOTSPOT

  You have the servers shown in the following table.

  

  Server1 contains a virtual machine named VM1 that runs Windows Server. Server1 has an external switch named Switch1. VM1 is connected to Switch1.

  You provision containers on VM1.

  You need to configure networking for VM1. The solution must meet the following requirements:

  1. Ensure that Server3 automatically assigns IP addresses to the containers.

  2. Ensure that the containers can communicate with Server2.

  What should you do? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: MAC address spoofing

  On the network adapter for VM1, enable:

  To enable DHCP to assign IP addresses to containers running on a Hyper-V virtual machine connected to an external switch, ensure the virtual machine's network adapter is configured to use the external switch and that the DHCP server on the network has a scope that includes the container's network. Additionally, consider enabling MAC address spoofing on the virtual machine's network adapter if needed for container networking.

  Note: MAC Address Spoofing :

  Windows Server containers often use MAC address spoofing to enable direct network connectivity for the containers.

  If you encounter issues with DHCP assignment, particularly if the container host is running in a transparent network, you may need to enable MAC address spoofing on the virtual machine's network adapter.

  Box 2: Bridge

  On the container for VM1, set the network driver type: For a Windows Server virtual machine connected to an external Hyper-V switch and provisioned for containers, the recommended network driver type for the containers is L2Bridge.

  L2Bridge Driver:

  This driver mode provides a Layer-2 connection between the container and the external network via the Hyper-V virtual switch. It essentially bridges the container's network traffic directly to the physical network, allowing the container to obtain an IP address from the same network as the host.

  Incorrect:

  * Transparent Driver

  While also providing a Layer-2 connection, it might be less flexible for container networking in a Hyper-V environment.

  * Overlay Networks

  These are typically used for more complex container orchestration scenarios and may not be necessary when using a simple external switch setup

  References:

  https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/enable-nested-virtualization

• Question 142:

  DRAG DROP

  You need to meet the security requirements for passwords.

  Where should you configure the components for Microsoft Entra Password Protection? To answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises

• Question 143:

  You need to implement the planned changes for the Azure DNS Private Resolver.

  Which private DNS zones can you use for name resolution?

  A. Zone1.com only
  B. Zone2.com only
  C. Zone1.com and Zone2.com only
  D. Zone2.com and Zone3.com only
  E. Zone1.com, Zone2.com, and Zone3.com
  A. Zone1.com only

  ---

  Explanation

  Azure DNS Private Resolver is a new service that enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers.

  Azure DNS Private Resolver requires an Azure Virtual Network. When you create an Azure DNS Private Resolver inside a virtual network, one or more inbound endpoints are established that can be used as the destination for DNS queries.

  The DNS query process when using an Azure DNS Private Resolver is summarized below:

  1. A client in a virtual network issues a DNS query.

  2. If the DNS servers for this virtual network are specified as custom, then the query is forwarded to the specified IP addresses.

  3. If Default (Azure-provided) DNS servers are configured in the virtual network, and there are Private DNS zones linked to the same virtual network, these zones are consulted.

  4. If the query doesn't match a Private DNS zone linked to the virtual network, then Virtual network links for DNS forwarding rulesets are consulted.

  5. If no ruleset links are present, then Azure DNS is used to resolve the query.

  6. If ruleset links are present, the DNS forwarding rules are evaluated.

  7. If a suffix match is found, the query is forwarded to the specified address.

  8. If multiple matches are present, the longest suffix is used.

  9. If no match is found, no DNS forwarding occurs and Azure DNS is used to resolve the query.

  Note: Planned changes:

  Create an Azure DNS Private Resolver that has the following configurations:

  Name: Private1

  Region: West US

  Virtual network: VNet1

  Inbound endpoint: SubnetB

  The subscription contains the Azure Private DNS zones shown in the following table.

  Zone1.com has Virtual network link in VNET1.

  Zone2.com has Virtual network link in VNET2.

  Zone3.com has no Virtual network links.

  https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview

• Question 144:

  HOTSPOT

  Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. Contoso.com contains an organizational unit (OU) named OU1.

  You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant named fabrikam.com. Fabrikam.com syncs with contoso.com.

  In Sub1, you create a Microsoft Entra Domain Services domain configured as shown in the following table.\

  

  In domain1.onmicrosoft.com, you create two OUs named OU1 and OU2.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  If you add a user named User1 to OU1 in contoso.com, User1 will sync with the AADDC Users OU in domain1.onmicrosoft.com. - No

  User1 belongs to the contoso.com domain, and although there is synchronization between fabrikam.com and contoso.com, the user will not automatically sync with the AADDC Users OU in domain1.onmicrosoft.com.

  If you add a user named User2 to OU2 in domain1.onmicrosoft.com, User2 will sync with fabrikam.com. - No

  Users in OUs created in domain1.onmicrosoft.com are specific to that domain and will not sync with fabrikam.com unless explicitly configured with synchronization policies, which does not seem to be the case here.

  If you add a user named User3 to fabrikam.com, User3 will sync with the Users container in domain1.onmicrosoft.com. - Yes Since fabrikam.com syncs with domain1.onmicrosoft.com, adding a user to fabrikam.com will result in the user being synced to domain1.onmicrosoft.com

• Question 145:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You are planning the deployment of DNS to a new network.

  You have three internal DNS servers as shown in the following table.

  

  The contoso.local zone contains zone delegations for east.conloso.local and west.contoso.local. All the DNS servers use root hints.

  You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.

  Solution: On Server2 and Server3, you configure a conditional forwarder for contoso.local.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windowsserver-2008-r2-and-2008/cc794735(v=ws.10)

• Question 146:

  Your network contains an Active Directory Domain Services (AD DS) domain.

  You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences.

  You plan to link GPO1 to the domain.

  You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort.

  Which type of item level targeting should you use?

  A. Domain
  B. Operating System
  C. Security Group
  D. Environment Variable
  B. Operating System

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v=ws.11)#operating-system-targeting

• Question 147:

  HOTSPOT

  You plan to deploy an Azure virtual machine that will run Windows Server.

  You need to ensure that a Microsoft Entra user named [email protected] can connect to the virtual machine by using the Azure Serial Console.

  What should you do? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview

  "Boot diagnostics must be enabled for the VM"

  "The Azure account accessing Serial Console must have Virtual Machine Contributor role for both the VM and the boot diagnostics storage account"

• Question 148:

  SIMULATION

  You need to ensure that you can manage DC1 by using Windows Admin Center on SRV1.

  The required source files are located in a folder named \\dc1.contoso.com\install.

  To complete this task, sign in the required computer or computers.

  A. See the explanation below
  B. Placeholder
  C. Placeholder
  D. Placeholder
  A. See the explanation below

  ---

  Explanation

  One possible solution to ensure that you can manage DC1 by using Windows Admin Center on SRV1 is to install Windows Admin Center on SRV1 and add DC1 as a managed server. Windows Admin Center is a web-based management tool that allows you to manage servers, clusters, Windows PCs, and Azure virtual machines (VMs) from a single interface. Here are the steps to install Windows Admin Center on SRV1 and add DC1 as a managed server:

  On SRV1, open a web browser and go to the folder named dc1.contoso.cominstall. Download the Windows Admin Center installer file (WindowsAdminCenter.msi) and save it to a local folder, such as C:Temp.

  Run the Windows Admin Center installer file and follow the installation wizard. You can choose to install Windows Admin Center as a desktop app or as a service. For more information on how to install Windows Admin Center, seeInstall Windows Admin Center.

  After the installation is complete, launch Windows Admin Center from the Start menu or the desktop shortcut. If you installed Windows Admin Center as a service, you can access it from a web browser by using the URL

  https://localhost:6516

  or

  https://<SRV1>:6516, where <SRV1> is the name or IP address of RV1.OntheWindowsAdminCenterdashboard,clickAddtoaddanewconnection.SelectServerastheconnectiontypeandenterthenameorIPaddressofDC1intheServernamefield.Optionally,youcanspecifythedisplayname,description,andtagsfortheconnection.ClickSubmittoaddDC1asamanagedserver.OntheWindowsAdminCenterdashboard,youshouldseeDC1listedundertheServerssection.ClickonDC1toopentheserveroverviewpage.Fromhere,youcanmanagevariousaspectsofDC1,suchasrolesandfeatures,certificates,devices,events,files,firewall,processes,registry,services,andmore.FormoreinformationonhowtouseWindowsAdminCentertomanageservers,seeManageserverswithWindowsAdminCenter.Now,youcanmanageDC1byusingWindowsAdminCenteronSRV1.YoucanalsoaddmoreserversorothertypesofconnectionstoWindowsAdminCenterandmanagethemfromthesameinterface

• Question 149:

  Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.

  You need to minimize the convergence time for changes to Active Directory.

  What should you do?

  A. For each site link, modify the options attribute.
  B. For each site link, modify the site link costs.
  C. For each site link, modify the replication schedule.
  D. Create a site link bridge that contains all the site links.
  A. For each site link, modify the options attribute.

• Question 150:

  You have an on-premises network that is connected to an Azure virtual network by using a Site-to-Site VPN. Each network contains a subnet that has the same IP address space. The on-premises subnet contains a virtual machine.

  You plan to migrate the virtual machine to the Azure subnet.

  You need to migrate the on premises virtual machine to Azure without modifying the IP address. The solution must minim administrative effort.

  What should you implement before you perform the migration?

  A. Azure Extended Network
  B. Azure Virtual Network NAT
  C. Azure Application Gateway
  D. Azure virtual network peering
  A. Azure Extended Network

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-extended-network