Microsoft AZ-800 Actual Free Exam Questions & Community Discussion
Task 3
You need to create 3 user named Admin1 in contoso.com. Admin1 must be able to back up and restore files on SRV1. The solution must use principle of the least privilege.
You need to create 3 user named Admin1 in contoso.com. Admin1 must be able to back up and restore files on SRV1. The solution must use principle of the least privilege.
Correct Answer:
See the solution of this Task below.
Explanation:
TASK 3
# Objective:
Create a user named Admin 1 in contoso.com.
Admin1 must be able to back up and restore files on SRV1.
Follow the principle of least privilege.
Step-by-Step Guide
# Step 1: Create the User Account
Log in to a Domain Controller (e.g., DC1) with appropriate admin rights.
Open Active Directory Users and Computers (dsa.msc).
In the contoso.com domain:
Right-click the Users container or another OU where you want to create the account.
Select New > User.
Enter the following:
First name: Admin1
User logon name: Admin1
Click Next and set a password (ensure it meets the domain's password policy).
Configure password options (e.g., User must change password at next logon, if required).
Click Finish.
# Step 2: Grant Backup and Restore Rights on SRV1
By default, Backup Operators have the abili ty to back up and restore files (without giving full admin rights).
Log in to SRV1 (the target server).
Open Computer Management (compmgmt.msc).
In the left pane, expand:
System Tools > Local Users and Groups > Groups.
Find and double-click the Backup Oper ators group.
Click Add.
In the Select Users, Computers, Service Accounts, or Groups window:
Type Admin1.
Click Check Names to resolve the user.
Click OK to add Admin1 to the group.
Click OK again to close the Backup Operators group properties.
# Step 3: Verify Access
Log in as Admin1 on SRV1 and test performing backup and restore operations using tools like Windows Server Backup.
Since Backup Operators can back up and restore data but do not have full administrative privileges, this follows the least priv ilege principle.
# Additional Notes
If you prefer using PowerShell, you can add the user to the group like this on SRV1:
Add-LocalGroupMember -Group " Backup Operators " -Member " contoso\Admin1 "
Explanation:
TASK 3
# Objective:
Create a user named Admin 1 in contoso.com.
Admin1 must be able to back up and restore files on SRV1.
Follow the principle of least privilege.
Step-by-Step Guide
# Step 1: Create the User Account
Log in to a Domain Controller (e.g., DC1) with appropriate admin rights.
Open Active Directory Users and Computers (dsa.msc).
In the contoso.com domain:
Right-click the Users container or another OU where you want to create the account.
Select New > User.
Enter the following:
First name: Admin1
User logon name: Admin1
Click Next and set a password (ensure it meets the domain's password policy).
Configure password options (e.g., User must change password at next logon, if required).
Click Finish.
# Step 2: Grant Backup and Restore Rights on SRV1
By default, Backup Operators have the abili ty to back up and restore files (without giving full admin rights).
Log in to SRV1 (the target server).
Open Computer Management (compmgmt.msc).
In the left pane, expand:
System Tools > Local Users and Groups > Groups.
Find and double-click the Backup Oper ators group.
Click Add.
In the Select Users, Computers, Service Accounts, or Groups window:
Type Admin1.
Click Check Names to resolve the user.
Click OK to add Admin1 to the group.
Click OK again to close the Backup Operators group properties.
# Step 3: Verify Access
Log in as Admin1 on SRV1 and test performing backup and restore operations using tools like Windows Server Backup.
Since Backup Operators can back up and restore data but do not have full administrative privileges, this follows the least priv ilege principle.
# Additional Notes
If you prefer using PowerShell, you can add the user to the group like this on SRV1:
Add-LocalGroupMember -Group " Backup Operators " -Member " contoso\Admin1 "
You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app named App1 and a firewall named Firewall1.
You have an Azure subscription.
Internal users connect to App1 by using WebSockets.
You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.
What should you include in the solution?
You have an Azure subscription.
Internal users connect to App1 by using WebSockets.
You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.
What should you include in the solution?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Your company has a main office and 10 branch offices that are connected by using WAN links. The network contains an Active Dir ectory domain.
All users have laptops and regularly travel between offices.
You plan to implement BranchCache in the branch offices.
In each branch office, you install a server that runs Windows Server and the BranchCache feature. You register the servers in Active Directory.
You need to configure the laptops to use the local BranchCache server automatically. The solution must minimize administrative effort.
Which two Group Policy settings should you configure? To answer, select the settings in the answer a rea.
NOTE: Each correct selection is worth one point.
All users have laptops and regularly travel between offices.
You plan to implement BranchCache in the branch offices.
In each branch office, you install a server that runs Windows Server and the BranchCache feature. You register the servers in Active Directory.
You need to configure the laptops to use the local BranchCache server automatically. The solution must minimize administrative effort.
Which two Group Policy settings should you configure? To answer, select the settings in the answer a rea.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
-- > Turn on BranchCache
-- > Enable Automatic Hosted Cache Di scovery by Service Connection ...
Task 4
You need to register SRV1 to sync Azure file shares The registration must use the 34646045 Storage Sync Service.
The required source files are located in a folder named \\dc1.contoso.com\install.
You do NOT need to configure file share synchronization at this time and you do NOT need to update the agent.
You need to register SRV1 to sync Azure file shares The registration must use the 34646045 Storage Sync Service.
The required source files are located in a folder named \\dc1.contoso.com\install.
You do NOT need to configure file share synchronization at this time and you do NOT need to update the agent.
Correct Answer:
See the solution of this Task below.
Explanation:
One possible solution to register SRV1 to sync Azure file shares using the 34646045 Storage Sync Service is to use the Register-AzStorageSyncServer cmdlet from the Az.StorageSync module. This cmdlet establishes a trust relationship between the server and the Storage Sync Service, which is required for creating server endpoints and syncing files. Here are the steps to register SRV1 using the cmdlet:
On SRV1, open PowerShell as an administrator and run the following command to install the Az.StorageSync module if it is not already installed:
Install-Module -Name Az.StorageSync
Run the following com mand to import the Az.StorageSync module:
Import-Module -Name Az.StorageSync
Run the following command to sign in to your Azure account and select the subscription that contains the
34646045 Storage Sync Service:
Connect-AzAccount
Select-AzSubscription -Su bscriptionId < your-subscription-id >
Run the following command to register SRV1 with the 34646045 Storage Sync Service. You need to specify the resource group name and the Storage Sync Service name as parameters:
Register-AzStorageSyncServer -ResourceGroupN ame < your-resource-group-name > - StorageSyncServiceName 34646045 Wait for the registration to complete. You can verify the registration status by checking the Registered servers tab on the Azure portal or by running the following command:
Get-AzStorageSyncS erver -ResourceGroupName < your-resource-group-name > -StorageSyncServiceName
34646045
Now, SRV1 is registered with the 34646045 Storage Sync Service and ready to sync Azure file shares. You can create server endpoints on SRV1 and cloud endpoints on the Azur e file shares to define the sync topology.
Explanation:
One possible solution to register SRV1 to sync Azure file shares using the 34646045 Storage Sync Service is to use the Register-AzStorageSyncServer cmdlet from the Az.StorageSync module. This cmdlet establishes a trust relationship between the server and the Storage Sync Service, which is required for creating server endpoints and syncing files. Here are the steps to register SRV1 using the cmdlet:
On SRV1, open PowerShell as an administrator and run the following command to install the Az.StorageSync module if it is not already installed:
Install-Module -Name Az.StorageSync
Run the following com mand to import the Az.StorageSync module:
Import-Module -Name Az.StorageSync
Run the following command to sign in to your Azure account and select the subscription that contains the
34646045 Storage Sync Service:
Connect-AzAccount
Select-AzSubscription -Su bscriptionId < your-subscription-id >
Run the following command to register SRV1 with the 34646045 Storage Sync Service. You need to specify the resource group name and the Storage Sync Service name as parameters:
Register-AzStorageSyncServer -ResourceGroupN ame < your-resource-group-name > - StorageSyncServiceName 34646045 Wait for the registration to complete. You can verify the registration status by checking the Registered servers tab on the Azure portal or by running the following command:
Get-AzStorageSyncS erver -ResourceGroupName < your-resource-group-name > -StorageSyncServiceName
34646045
Now, SRV1 is registered with the 34646045 Storage Sync Service and ready to sync Azure file shares. You can create server endpoints on SRV1 and cloud endpoints on the Azur e file shares to define the sync topology.
You have a server named Server1 that runs Windows Server 2019 and hosts a container named Contained.
Contained uses a Windows Server 2019 base image that was built by using a Docker file.
You upgrade Server1 to Windows Serve r 2022.
You need to ensure that Contained will run on Server1. The solution must minimize administrative effort.
What should you do?
Contained uses a Windows Server 2019 base image that was built by using a Docker file.
You upgrade Server1 to Windows Serve r 2022.
You need to ensure that Contained will run on Server1. The solution must minimize administrative effort.
What should you do?
Correct Answer: D
Vote an answer
You need to implement the planned changes for Microsoft Entra users to sign in to Server1.
Which PowerShell cmdlet should you run?
Which PowerShell cmdlet should you run?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Task 2
You plan to promote a domain controller named DC3 in a site in Seattle.
You need to ensure that DC3 only replicates with DC1 and DC2 between 8 pm and 6 AM.
You plan to promote a domain controller named DC3 in a site in Seattle.
You need to ensure that DC3 only replicates with DC1 and DC2 between 8 pm and 6 AM.
Correct Answer:
See the solution of this Task below.
Explanation:
TASK 2
# Objective: Configure DC3 to replicate with DC1 and DC2 only between 8:00 PM and 6:00 AM.
Step-by-Step Guide: Replication Scheduling for DC3
# Step 1: Promote DC3 to a Domain Controller (if not already done)
Use Server Manager or P owerShell to install the Active Directory Domain Services role and promote the server as a domain controller.
Example PowerShell command to install the AD DS role:
powershell
Copy
Install-WindowsFeature AD-Domain-Services
To promote:
powershell
Copy
Install-ADDSDomainController -DomainName " contoso.com "
# Step 2: Open Active Directory Sites and Services
Log in to DC3 or another DC with administrative tools.
Open Active Directory Sites and Services (dssite.msc).
# Step 3: Locate the Site
In the lef t pane, expand the Sites container and find the site that contains DC3.
Expand the site to find Servers.
Under Servers, select DC3.
# Step 4: Configure Replication Connection Objects
Expand DC3 and click on NTDS Settings.
In the right pane, you'll see co nnection objects to other domain controllers (these represent replication partners).
# Step 5: Adjust the Replication Schedule for Each Connection
For each connection object to DC1 and DC2:
Right-click the connection object and select Properties.
Click t he Change Schedule button.
# Step 6: Set the Replication Schedule
In the schedule window, you'll see a grid of hours.
Clear all hours except the time window of 8 PM to 6 AM (in 1-hour blocks).
Select 8 PM to 6 AM (10 hours total) for all days.
Click OK to save.
# Step 7: Verify and Document
Ensure that both connection objects (to DC1 and DC2) have the updated schedule.
Document your configuration as part of your environment's change control.
Explanation:
TASK 2
# Objective: Configure DC3 to replicate with DC1 and DC2 only between 8:00 PM and 6:00 AM.
Step-by-Step Guide: Replication Scheduling for DC3
# Step 1: Promote DC3 to a Domain Controller (if not already done)
Use Server Manager or P owerShell to install the Active Directory Domain Services role and promote the server as a domain controller.
Example PowerShell command to install the AD DS role:
powershell
Copy
Install-WindowsFeature AD-Domain-Services
To promote:
powershell
Copy
Install-ADDSDomainController -DomainName " contoso.com "
# Step 2: Open Active Directory Sites and Services
Log in to DC3 or another DC with administrative tools.
Open Active Directory Sites and Services (dssite.msc).
# Step 3: Locate the Site
In the lef t pane, expand the Sites container and find the site that contains DC3.
Expand the site to find Servers.
Under Servers, select DC3.
# Step 4: Configure Replication Connection Objects
Expand DC3 and click on NTDS Settings.
In the right pane, you'll see co nnection objects to other domain controllers (these represent replication partners).
# Step 5: Adjust the Replication Schedule for Each Connection
For each connection object to DC1 and DC2:
Right-click the connection object and select Properties.
Click t he Change Schedule button.
# Step 6: Set the Replication Schedule
In the schedule window, you'll see a grid of hours.
Clear all hours except the time window of 8 PM to 6 AM (in 1-hour blocks).
Select 8 PM to 6 AM (10 hours total) for all days.
Click OK to save.
# Step 7: Verify and Document
Ensure that both connection objects (to DC1 and DC2) have the updated schedule.
Document your configuration as part of your environment's change control.
Your network contains two VLANs for client computers and one VLAN for a datacenter Each VLAN is assigned an IPv4 subnet Currently, all the client computers use static IP addresses.
You plan t o dep loy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan t o dep loy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
* DHCP scopes: 3
* DHCP relays: 2
In a Windows Server Hybrid Core Infrastructure, managing IP address assignment across multiple physical or virtual segments requires a combination of DHCP scopes and Relay Agents. A DHCP scope is a required administrative grouping of IP addresses for computers on a specific subnet that use the DHCP service. Since the network consists of three distinct IPv4 subnets (two client VLANs and one datacenter VLAN), you must create a minimum of three scopes to ensure each subnet is managed and provided with appropriate configuration options, such as default gateways and DNS servers specific to their segment. Even if the DHCP server resides in the datacenter VLAN, the scope for that subnet allows for the management of any other devices or future clients in that segment.
Regarding the distribution of these addresses, DHCP utilizes broadcast traffic (DHCPDISCOVER), which is restricted to the local Layer 2 broadcast domain (the VLAN). To allow the DHCP server in the datacenter to receive requests from the two remote client VLANs, a DHCP Relay Agent (or IP Helper) must be configured on the gateway or a local server within those segments. The minimum number of relays required is two, corresponding to the two client VLANs that do not host the DHCP server. The datacenter VLAN does not require a relay because the DHCP server is directly connected to that broadcast domain and can listen for local requests natively. This configuration adheres to the design principles of centralized DHCP management in a segmented enterprise environment.
Task 10
You need to ensure that SRV1 only leases IP addresses from the range of 192.168.1.190 to 192.168.1.200 to computers that have a MAC address that starts with aabb.
You need to ensure that SRV1 only leases IP addresses from the range of 192.168.1.190 to 192.168.1.200 to computers that have a MAC address that starts with aabb.
Correct Answer:
See the solution of this Task below.
Explanation:
on:
Objective:
Configure the DHCP server SRV1 to lease IP addresses only to computers with MAC addresses starting with AABB in a specific range.
Step-by-Step Guide
# Step 1: Open DHCP Management Console
Log in to SRV1 with Domain Admin or DHCP Admin privileges.
Open DHCP Manager:
Press Windows + R, type dhcpmgmt.msc, and press Enter.
# Step 2: Create a New DHCP Scope
In the DHCP console, expand SRV1.
Right-click IPv4 and select New Scope.
The New Scope Wizard opens.
# Step 3: Configure the Scope
N ame:
Enter a name (e.g., MAC-Filtered Scope).
Click Next.
IP Address Range:
Start IP: 192.168.1.190
End IP: 192.168.1.200
Subnet mask: as appropriate (e.g., 255.255.255.0).
Click Next.
Add Exclusions:
None needed unless you want to reserve certain addresse s.
Click Next.
Lease Duration:
Set as needed, default is usually fine.
Click Next.
Configure DHCP Options:
You can skip or configure as needed (gateway, DNS, etc.).
Click Next.
Activate Scope:
Click Yes to activate it.
# Step 4: Configure MAC Address Filtering (Allow List)
In the DHCP console, expand the scope you created.
Right-click Filters under the scope and choose New Filter.
Enter the MAC address pattern to match devices with MAC addresses starting with AABB:
MAC Address: AABB*
Description: e.g., Allow devices starting with AABB.
Click Add.
# Step 5: Enable Allow Filters
Right-click Filters under the scope and select Enable.
Ensure that only devices matching the AABB pattern will receive leases.
# Step 6: Test and Verify
Use a test client with a MAC address starting with AABB to ensure it receives an IP address in the
192.168.1.190-192.168.1.200 range.
Use ipconfig /renew on the client, or check the DHCP leases in the Address Leases section.
Explanation:
on:
Objective:
Configure the DHCP server SRV1 to lease IP addresses only to computers with MAC addresses starting with AABB in a specific range.
Step-by-Step Guide
# Step 1: Open DHCP Management Console
Log in to SRV1 with Domain Admin or DHCP Admin privileges.
Open DHCP Manager:
Press Windows + R, type dhcpmgmt.msc, and press Enter.
# Step 2: Create a New DHCP Scope
In the DHCP console, expand SRV1.
Right-click IPv4 and select New Scope.
The New Scope Wizard opens.
# Step 3: Configure the Scope
N ame:
Enter a name (e.g., MAC-Filtered Scope).
Click Next.
IP Address Range:
Start IP: 192.168.1.190
End IP: 192.168.1.200
Subnet mask: as appropriate (e.g., 255.255.255.0).
Click Next.
Add Exclusions:
None needed unless you want to reserve certain addresse s.
Click Next.
Lease Duration:
Set as needed, default is usually fine.
Click Next.
Configure DHCP Options:
You can skip or configure as needed (gateway, DNS, etc.).
Click Next.
Activate Scope:
Click Yes to activate it.
# Step 4: Configure MAC Address Filtering (Allow List)
In the DHCP console, expand the scope you created.
Right-click Filters under the scope and choose New Filter.
Enter the MAC address pattern to match devices with MAC addresses starting with AABB:
MAC Address: AABB*
Description: e.g., Allow devices starting with AABB.
Click Add.
# Step 5: Enable Allow Filters
Right-click Filters under the scope and select Enable.
Ensure that only devices matching the AABB pattern will receive leases.
# Step 6: Test and Verify
Use a test client with a MAC address starting with AABB to ensure it receives an IP address in the
192.168.1.190-192.168.1.200 range.
Use ipconfig /renew on the client, or check the DHCP leases in the Address Leases section.
You have a Windows Server container host named Server1.
You create a Dockerfile named df1.
You need to generate a container image by using dt1.
Which command should you run?
You create a Dockerfile named df1.
You need to generate a container image by using dt1.
Which command should you run?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
You need to sync files from an on premises server named Server1 to Azure by using Azure File Sync.
You have a cloud tiering policy that is configured for 30 percent free space and 70 days.
Volume E on Server1 is 500 GB.
A year ago, you configured E:\Data on Server1 to sync by using Azure File Sync. The files that are visible in E:\Data are sho wn in the following table.
Volume E does NOT contain any other files.
Where are File1 and File3 located? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a cloud tiering policy that is configured for 30 percent free space and 70 days.
Volume E on Server1 is 500 GB.
A year ago, you configured E:\Data on Server1 to sync by using Azure File Sync. The files that are visible in E:\Data are sho wn in the following table.
Volume E does NOT contain any other files.
Where are File1 and File3 located? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
File1 : Server1 and the Azure file share
File3 : The Azure file share only
Azure File Sync cloud tiering manages local storage by bal ancing two specific policies: the Volume Free Space Policy and the Date Policy . According to the official documentation for Administering Windows Server Hybrid Core Infrastructure, the Volume Free Space policy is the primary governing factor for tiering de cisions.
* Storage Calculations : Volume E is 500 GB . With a 30 percent free space requirement, the server must maintain 150 GB of free space ($500 \times 0.30 = 150$). This means only 350 GB ($500 - 150$) of file content can be cached locally on Server1.
* Dat e Policy Application : The date policy is set to 70 days . Any file not accessed within this window is automatically tiered regardless of free space.
* File4 (Last accessed 100 days ago) is older than 70 days, so it is tiered to The Azure file share only .
* Volume Free Space Application : The remaining files (File1, File2, and File3) were all accessed within the last 70 days. Their total size is 500 GB ($200 + 100 + 200 = 500$). Since the maximum allowed local storage is 350 GB , Azure File Sync must tier addit ional files to satisfy the 30% free space requirement.
* Tiering Priority : Files are tiered based on their " coldness " (last access time). File3 (60 days ago) is significantly older than File1 (2 days) and File2 (10 days). By tiering File3, the remaining loca l data (File1 + File2) totals 300 GB , which fits within the 350 GB limit.
* Conclusion : Consequently, File1 remains cached on Server1 and the Azure file share , while File3 is tiered to The Azure file share only .
You have a server that runs Windows Server 2022 and has the network adapters shown in the following table.
You need to configure NIC learning for LAN2 and LAN3. The solution must support Dynamic Virtual Machine Multi-Queue (d.VMMQ).
What should you use?
You need to configure NIC learning for LAN2 and LAN3. The solution must support Dynamic Virtual Machine Multi-Queue (d.VMMQ).
What should you use?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
0
0
0
10