Microsoft AZ-801 Online Practice Questions and Exam Preparation

Microsoft AZ-801 Online Questions & Answers

• Question 221:

  You have an on-premises server named Setver1 that runs Windows Server 2022 Standard.

  You have an Azure subscription that contains the virtual machines shown in the following table.

  

  The subscription contains a Microsoft Sentinel instance named Sentinel1 in the Central US Azure region.

  You need to implement the Windows Firewall connector.

  Which servers can send Windows Firewall logs to Sentinel1?

  A. VM1 only
  B. VM2only
  C. VM1 and Server1 only
  D. VM1.VM2, and VM3 only
  E. VM1. VM2, and Server1 only
  F. VM1, VM2. VM3. and Server1
  E. VM1. VM2, and Server1 only

• Question 222:

  DRAG DROP

  You are planning the DHCP1 migration to support the DHCP migration plan.

  Which two PowerShell cmdlets should you run on DHCP1, and which two PowerShell cmdlets should you run on DHCP2? To answer, drag the appropriate cmdlets to the correct servers. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  References:

  https://theitbros.com/how-to-migrate-dhcp-to-windows-server-2016/

• Question 223:

  You have the servers shown in the following table.

  

  You need to ensure that you can validate network connectivity from Server1 to Server2 by using the ping command.

  What should you do first?

  A. For Server2, enable the File and Printer Sharing (Echo Request ?ICMPv4-In) firewall rule.
  B. For Server2, add a connection security rule.
  C. For Server1, enable the File and Printer Sharing (Echo Request ?ICMPv4-Out) firewall rule.
  D. For Server1, add a connection security rule.
  E. From Server2, run winrm quickconfig.
  A. For Server2, enable the File and Printer Sharing (Echo Request ?ICMPv4-In) firewall rule.

  ---

  Explanation

  To enable ping from an Active Directory (AD) server to a workgroup server, you must first ensure they are on the same network or have a route between them, and then configure the workgroup server's [Server2] Windows Firewall to allow ICMP Echo Requests by enabling the "File and Printer Sharing (Echo Request - ICMPv4-In)" inbound rule.

  References:

  https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/active-directory-domain-join-troubleshooting-guidance

• Question 224:

  HOTSPOT

  Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains servers that run Windows Server as shown in the following table.

  

  You need to implement Microsoft Defender for Identity. The solution must meet the following requirements:

  Ensure that all AD DS authentication events are captured.

  Prevent the use of port mirroring.

  What should you create in the domain, and what is the minimum number of Defender for Identity sensors that you should deploy? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: A group managed service account (gMSA)

  Start by downloading the sensor to a Domain Controller(DC). The sensor needs to run on every DC in your environment. But if your security team just had a fit reading that sentence, you can install the sensor on a standalone server and then set up network packet capture using port mirroring and Windows event forwarding to gather the necessary data. On the installation page, you're given an access key that you'll need to enter during the sensor setup.

  Once installed, you need to configure an account in AD that will read the relevant information. In earlier versions, this was simply a user account (and you still need that if you're running servers on Server 2008 R2 SP1), but an option now is to use a Group Managed Service Account (gMSA). This is a better option as AD takes care of rolling over the password (every 30 days by default), and it can be used on all DCs in your forest.

  Incorrect:

  A computer object

  A service principal name (SPN)

  Box 2: 2

  One for each of the two Domain controllers.

  Note: How many Defender for Identity sensors do I need?

  We recommend that you have a Defender for Identity sensor or standalone sensor for each one of your domain controllers.

  References:

  https://www.hornetsecurity.com/en/blog/m365-defender-for-identity/

  https://learn.microsoft.com/en-us/defender-for-identity/technical-faq

• Question 225:

  You have the resources shown in the following table.

  

  Your on-premises network is connected to VNet1 by using a Site-to Site VPN.

  The network traffic sent from Server fails to reach VM1.

  You need to review the contents of the network traffic sent from Server1 to VM1.

  What should you do first?

  A. From Server1, enable Windows Firewall logs.
  B. From Windows Admin Center, enable the Packet Monitoring extension.
  C. From NSG1, enable NSG flow logs.
  D. From Azure Network Watcher, add a packet capture
  C. From NSG1, enable NSG flow logs.

  ---

  Explanation

  To review network traffic content from an on-premises server to an Azure VM, use Azure Network Watcher's VNet Flow Logs on the Azure VM side and packet capture tools like Wireshark on both the on-premises server and the Azure VM to capture traffic details.

  1. Enable VNet Flow Logs (Azure Side)

  Enable Network Watcher: Navigate to the Azure portal, search for "Network Watcher", and enable it for your subscription if it isn't already.

  Enable Flow Logs: In Network Watcher, select "VNet flow logs" and enable it for the virtual network containing your Azure VM. This will capture the network traffic data flowing through the virtual machine's network interface.

  Configure Log Analytics: Flow logs are stored in a Log Analytics workspace. Ensure you have a Log Analytics workspace configured and that VNet flow logs are sending data to it.

  Analyze Logs: Use the Log Analytics interface to query the collected network data for insights into traffic patterns and content.

  2. Packet Capture (On-Premises and Azure VM)

  On-Premises Server: Install a packet capture tool like Wireshark on the Windows Server to capture the outbound traffic before it leaves your premises and heads to Azure. Azure VM: Install a similar packet capture tool (e.g., using the Network Watcher Agent extension) on the Azure VM to capture the traffic after it arrives in the Azure network and before it's processed by applications.

  Analysis: You can then compare the captured packets from both locations to understand the traffic flow and any modifications or content differences.

  3. Etc References:

  https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-overview

• Question 226:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a server named Server1 that runs Windows Server.

  You need to ensure that only specific applications can modify the data in protected folders on Server1.

  Solution: From Virus & threat protection, you configure Tamper Protection.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/customize-controlled-folders?view=o365-worldwide

• Question 227:

  HOTSPOT

  You have 50 on-premises servers that run Windows Server.

  You have an Azure subscription that contains a Microsoft Sentinel workspace.

  You plan to monitor the servers by using Microsoft Sentinel

  You need to perform the following actions in Microsoft Sentinel from the Azure portal:

  Add the Windows Forwarded Events data connector.

  Create a playbook that has an incident trigger.

  Which two settings should you use? To answer, select the appropriate settings in the answer area

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Data connectors

  Add the Windows Forwarded Events data connector.

  To add the Windows Forwarded Events data connector to Microsoft Sentinel, navigate to Configuration > Data connectors, select the Windows Security Events via AMA connector, open the connector page, and follow the instructions to create a Data Collection Rule (DCR) that targets the desired servers and event logs using the Azure Monitor Agent (AMA).

  Box 2: Automation

  Create a playbook that has an incident trigger.

  To create a Microsoft Sentinel playbook with an incident trigger, navigate to the Automation page in the Defender or Azure portal, select Create > Playbook with incident trigger, and then follow the wizard to provide basic information, establish connections (using the default managed identity), review the settings, and create the playbook. After creation, the playbook opens in the Logic Apps designer, where you can define the automation workflow.

  

  References:

  https://learn.microsoft.com/en-us/azure/sentinel/automation/create-playbooks

• Question 228:

  You have two Azure virtual networks named Vnet1 and Vnet2.

  You have a Windows 10 device named Client1 that connects to Vnet1 by using a Point-to-Site (P2S) IKEv2 VPN.

  You implement virtual network peering between Vnet1 and Vnet2. Vnet1 allows gateway transit Vnet2 can use the remote gateway.

  You discover that Client1 cannot communicate with Vnet2.

  You need to ensure that Client1 can communicate with Vnet2.

  Solution: You enable BGP on the gateway of Vnet1.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

• Question 229:

  DRAG DROP

  You have two physical servers named AppSrv1 and AppSrv2 and an unconfigured server named Server1. All the servers run Windows Server. Only Server1 can access the internet.

  You plan to use Azure Site Recovery to replicate AppSrv1 and AppSrv2 to Azure.

  You need to deploy the required components to AppSrv1, AppSrv2, and Server1.

  Which components should you deploy? To answer, drag the appropriate components to the correct servers. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  References:

  https://docs.microsoft.com/en-us/azure/site-recovery/physical-azure-architecture

  https://docs.microsoft.com/en-us/azure/site-recovery/physical-azure-set-up-source

• Question 230:

  You need to meet the technical requirements for Cluster3.

  What should you include in the solution?

  A. Enable integration services on all the virtual machines.
  B. Add a Windows Server server role.
  C. Configure a fault domain doe the cluster.
  D. Add a failover cluster role.
  D. Add a failover cluster role.

  ---

  Explanation

  The Hyper-V replica broker role is required on the cluster.

  References:

  https://docs.microsoft.com/en-us/virtualization/community/team-blog/2012/20120327-why-is-the-hyper-v-replica-broker-required