Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Microsoft > Microsoft Certifications > AZ-800 > AZ-800 Online Practice Questions and Answers

AZ-800 Online Practice Questions and Answers

Questions 4

SIMULATION

You need to replicate a read-only copy of a DNS zone named contoso.com D to SRV2.

To complete this task, sign in the required computer or computers.

A. See explanation below.

B. PlaceHolder

C. PlaceHolder

D. PlaceHolder

Buy Now

Correct Answer: A

Replicate read-only copy DNS zone. Step 1: In DNS Manager log in to SRV2.

Step 2: Right click Forward Lookup Zones, and select New Zone...

Step 3: Select Secondary Zone

Step 4: Select Secondary Zone

Step 5: Enter the same domain name as the first DNS server. In our case: contoso.com

Step 6: At the next screen enter the Hostname or IP address of the primary DNS server and hit Enter. In our case: contoso.com

Step 7: Hit Next, Next, Finish - That's it, you’re all done.

The secondary server will now replicate changes FROM the first DNS server.

Reference: https://cogenesis.com.au/blog/how-to-setup-windows-dns-replication-dns-manager

Questions 5

You have an Azure virtual machine named VM1 that runs Windows Server. You perform the following actions on VM1:

1.

Create a folder named Folder1 on volume C.

2.

Create a folder named Folder2 on volume D.

3.

Add a new data disk to VM1 and create a new volume that is assigned drive letter E.

4.

Install an app named App1 on volume E.

You plan to resize VM1.

Which objects will present after you resize VM1?

A. Folder1, volume E, and App1 only

B. Folder1 only

C. Folder1 and Folder2 only

D. Folder1, Folder2, App1, and volume E

Buy Now

Correct Answer: A

https://docs.microsoft.com/en-us/answers/questions/235/can-i-use-the-temporary-disk-the-d-drive-by-defaul.html

Questions 6

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The on-premises network is connected to Azure by using a Site-to-Site VPN. You have the DNS zones shown in the following table.

You need to ensure that names from fabrikam.com can be resolved from the on-premises network. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Create a stub zone for fabrikam.com on DC1.

B. Create a conditional forwarder for fabrikam.com on DC1.

C. Create a secondary zone for fabrikam.com on DC1.

D. Deploy an Azure virtual machine that runs Windows Server. Modify the DNS Servers settings for the virtual network.

E. Deploy an Azure virtual machine that runs Windows Server. Configure the virtual machine as a DNS forwarder.

Buy Now

Correct Answer: BE

Reference: https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder

Questions 7

Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.

You need to minimize the latency for changes to Active Directory.

What should you do?

A. For each site links, modify the site link costs.

B. Create a site link bridge that contains all the site links.

C. For each site link, modify the optionsattribute.

D. For each site link, modify the replication schedule.

Buy Now

Correct Answer: C

Reconfigure the link site option to use notification.

Details: Active Directory - Change Notification (Inter-Site Replication)

Since we know Active Directory, we know also that its replication works automatically between the domain controllers. The lowest value of this replication schedule is 15 minutes. You can't get lower. If there aren't that many frequent changes,

or the active directory site is not large (probably with only one site) then this value should work for you.

But what if your active directory environment is larger? What if you have more than one site, on different locations, with different networks? Or what if you’ve got some remotedesktop services running in your main site and some users working

with them in a branch office? What about the “I forgot my password” cases?

Well, there is a solution for you. We can tune-up the Active Directory Inter-Site Replication. The inter-site replication works also automatically, and you can also schedule the replication only for 15 minutes. But there are some settings we can

tweak to get the domain controllers pulling the changes made recently.

1.

First open “Active Directory Sites and Services” on your primary domain controller (that's the icon with the blue “building”).

2.

Let's start now with the tuning operation. Expand “Sites” and “Inter-Site Transports” (if you haven't already). Click on the IP folder.

3.

Now right-click (or double-click) on your site link on the right hand side. If you did not rename it, it's just the DEFAULTIPSITELINK. Then click “Properties”. Then click on the “Attribute Editor” tab.

4.

The attribute we should edit is called “options”.

We now have to change this attribute to a specific value which allows us to tweak the inter-site replication.

Value,

1 USE_NOTIFY (use this setting!)

2 TWOWAY_SYNC

4 DISABLE_COMPRESSION

Incorrect:

Not B: Two scenarios in which you need a site link bridge design to control replication flow include controlling replication failover and controlling replication through a firewall.

Not D: The minimal replication schedule is 15 minutes. When you use manual site link replication interval is set to 15 minutes and cannot be lowered further.

Reference: https://www.driftar.ch/2016/10/26/active-directory-change-notification-inter-site-replication/

Questions 8

You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server.

You build an app named App1.

You need to configure continuous integration and continuous deployment (CI/CD) of App1 to VM1.

What should you create first?

A. an App Service Environment

B. an Azure DevOps organization

C. a managed identity

D. an Azure Automation account

Buy Now

Correct Answer: B

Azure Pipelines architecture for IaaS Azure Virtual Machines is an option for hosting custom applications when you want flexible and granular management of your compute. Virtual machines (VMs) should be subject to the same level of engineering rigor as Platform-as-a-Service (PaaS) offerings throughout the development lifecycle. For example, implementing automated build and release pipelines to push changes to the VMs.

This article describes a high-level DevOps workflow for deploying application changes to VMs using continuous integration (CI) and continuous deployment (CD) practices using Azure Pipelines.

Reference: https://learn.microsoft.com/en-us/azure/devops/pipelines/architectures/devops-pipelines-iaas-vms-architecture

Questions 9

You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server.

You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3, but access to the resource is denied.

You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort.

What should you do?

A. Configure Kerberos constrained delegation.

B. Configure Just Enough Administration (JEA).

C. Configure selective authentication for the domain.

D. Disable the Enforce user logon restrictions policy setting for the domain.

Buy Now

Correct Answer: A

Configuring Kerberos constrained delegation allows you to pass your credentials from Server1 to Server3 when accessing a resource. Constrained delegation is a Kerberos feature that restricts the servers to which a service can delegate a user's credentials. This ensures that the delegation is secure and limited to specific services.

Questions 10

DRAG DROP

Your network contains an Active Directory domain, a web app named App1, and a perimeter network. The perimeter network contains a server named Server1 that runs Windows Server.

You plan to provide external access to App1.

You need to implement the Web Application Proxy role service on Server1.

Which role should you add to Server1, and which role should you add to the network? To answer, drag the appropriate roles to the correct targets. Each role may be used once, more than once, or not at all. You may need to drag the split bar

between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place:

Buy Now

Correct Answer:

Box 1: Remote Access

Web Application Proxy is a new Remote Access role service in Windows Server 2012 R2.

To install the Web Application Proxy role service (see step 4 below).

1.

On the edge server, open Server Manager. To do this, click Server Manager on the Start screen, or Server Manager in the taskbar on the desktop.

2.

In the Quick Start tab of the Welcome tile on the Dashboard page, click Add roles and features. Alternatively, you can click Add Roles and Features on the Manage menu.

3.

In the Add Roles and Features Wizard, click Next three times to get to the server role selection screen.

4.

On the Select server roles dialog, select Remote Access, and then click Next.

5.

Click Next twice.

6.

On the Select role services dialog, select Web Application Proxy, click Add Features, and then click Next.

7.

On the Confirm installation selections dialog, click Install.

8.

On the Installation progress dialog, verify that the installation was successful, and then click Close.

Box 2: Active Directory Federation Services Web Application Proxy preauthenticates access to web applications using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy. Using Active Directory Federation Services

This scenario describes the additions and changes that you must make to your AD FS servers to provide the following functionality:

Application publishing For all applications and services that you want to publish through Web Application Proxy, you must configure a relying party on the AD FS server.

Authentication No specific configuration is required to provide authentication for published applications.

Incorrect:

*

Active Directory Certificate Services

*

Network Policy and Access Services

Reference: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn280943(v=ws.11)

Questions 11

HOTSPOT

You plan to deploy an Azure virtual machine that will run Windows Server.

You need to ensure that an Azure Active Directory (Azure AD) user named user1@contoso.com can connect to the virtual machine by using the Azure Serial Console.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Buy Now

Correct Answer:

https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview

"Boot diagnostics must be enabled for the VM"

"The Azure account accessing Serial Console must have Virtual Machine Contributor role for both the VM and the boot diagnostics storage account"

Questions 12

HOTSPOT

You have a Group Policy Object (GPO) named GPO1 that contains user settings only.

You plan to apply GPO1 to a global security group named Group1.

You link GPO1 to the domain, and you remove all the permissions granted to the Authenticated Users group.

You need to configure permissions for GPOI to meet the following requirements:

1.

GPO1 must apply only to the users in Group1.

2.

The solution must use the principle of least privilege.

Which permissions should you grant to Group1 and the Domain Computers group? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Buy Now

Correct Answer:

Questions 13

HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the VPN servers shown in the following table.

You have a server named NPS1 that has Network Policy Server (NPS) installed. NPS1 has the following RADIUS clients:

VPN1, VPN2, and VPN3 use NPS1 for RADIUS authentication. All the users in contoso.com are allowed to establish VPN connections.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Buy Now

Correct Answer:

It is important to remember that the client computers that are connecting to the VPNs are not RADIUS clients. The VPN servers are the RADIUS clients. You configure the RADIUS clients on the RADIUS server (NPS1) server to allow the

VPN servers to use NPS1 to authenticate the connections.

Box 1: No

NPSClient1 is not enabled.

Box 2: Yes

NPSClient2 is configured correctly. It is enabled and has the correct IP address of VPN2.

Box 3: No

NPSClient3 has an incorrect IP address configured for VPN3.

Exam Code: AZ-800
Exam Name: Administering Windows Server Hybrid Core Infrastructure
Last Update: May 27, 2026
Questions: 289

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.