AZ-800 Online Practice Questions and Answers

Correct Answer: D

Reference: https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/understand

Correct Answer: A

Create Desktop Shortcuts on Domain Computers via GPO.

Step 1: Open the Group Policy Management Console (gpmc.msc).

Step 2: Right-click an AD container (Organizational Unit) you want to apply a shortcut creation policy. In this case right-click on the OU Server Admins.

Step 3: Select Create a GPO in this domain, and Link it here..

Step 4: Go to the Group Policy Preferences section: User Configuration -> Preferences -> Windows Settings -> Shortcuts. Click it and select New -> Shortcut;

Step 5: Create a new shortcut item with the following settings: Name: Something Target Type: File System Object (you can select a URL or a Shell object here) Location: Desktop Target Path: \\srv1.contoso.com\data

Reference: http://woshub.com/create-desktop-shortcuts-group-policy/

Correct Answer: A

Seize operations master roles

You cannot use AD DS snap-ins to seize operations master roles. Instead, you must use either the ntdsutil.exe command-line tool or Windows PowerShell to seize roles.

To seize or transfer the FSMO roles by using the Ntdsutil utility, follow these steps:

Step 1: Sign in to a member computer, in our case DC2, that has the AD RSAT tools installed, or a DC that is located in the forest where FSMO roles are being transferred.

Step 2: Select Start > Run, type ntdsutil in the Open box, and then select OK.

Step 3: Type roles, and then press Enter.

Note:

To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?, and then press Enter.

Step 4: Type connections, and then press Enter.

Step 5: Type connect to server , and then press Enter.

Step 6: At the server connections prompt, type q, and then press Enter.

Step 7: To seize the role: Type seize , and then press Enter.

In our case we type: size schema master.

Step 8: At the fsmo maintenance prompt, type q, and then press Enter to gain access to the ntdsutil prompt. Type q, and then press Enter to quit the Ntdsutil utility.

Reference: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/transfer-or-seize-fsmo-roles-in-ad-ds

Correct Answer: B

Reference: https://docs.microsoft.com/en-us/virtualization/windowscontainers/container-networking/network-drivers-topologies

Correct Answer: D

Hybrid Azure AD join needs to be configured to enable Computer1 to be used in Conditional Access Policies. Synchronized users, universal groups and domain local groups can be used in Conditional Access Policies.

Correct Answer: C

First add another network interface to Server1, then connect it to Subnet2.

Virtual network and subnets.

A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security. Each NIC in a VM is connected to one subnet in one virtual network. NICs connected to subnets

(same or different) within a virtual network can communicate with each other without any extra configuration.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/network-overview

Correct Answer: A

Create Automation PowerShell runbook using managed identity This tutorial walks you through creating a PowerShell runbook in Azure Automation that uses a managed identity, rather than the Run As account to interact with resources. PowerShell runbooks are based on Windows PowerShell. A managed identity from Azure Active Directory (Azure AD) allows your runbook to easily access other Azure AD-protected resources.

Prerequisites

*

An Azure Automation account with at least one user-assigned managed identity.

*

Etc.

Reference: https://learn.microsoft.com/en-us/azure/automation/learn/powershell-runbook-managed-identity

Correct Answer:

Reference: https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/session-configurations?view=powershell-7.2 https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/new-pssessionconfigurationfile?view=powershell-7.2

Correct Answer:

Box 1: AAD DC Administrators group

To create a custom password policy in a managed domain, you must be signed in to a user account that's a member of the AAD DC Administrators group.

Box 2: AADDC Users organizational unit (OU)

Password policies can only be applied to groups. In the Locations dialog, expand the domain name, such as aaddscontoso.com, then select an OU, such as AADDC Users. If you have a custom OU that contains a group of users you wish to

apply, select that OU.

Reference: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/password-policy

Correct Answer:

Box 1: DC1 and DC2 only Install the Azure AD Password Protection agent on

Incorrect:

* RODC1 Read-only domain controller considerations Password change or set events aren't processed and persisted on read-only domain controllers (RODCs). Instead, they're forwarded to writable domain controllers. You don't have to install the Microsoft Entra Password Protection DC agent software on RODCs.

Box 2: Server2

Install the Azure AD Password Protection Proxy on

Microsoft Entra Password Protection proxy service

The following requirements apply to the Microsoft Entra Password Protection proxy service:

*

Network access must be enabled for the set of ports and URLs specified in the Application Proxy environment setup procedures.

*

Etc.

Note: Deployment strategy

The following diagram shows how the basic components of Microsoft Entra Password Protection work together in an on-premises Active Directory environment:

Reference: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy