Microsoft AZ-800 Actual Free Exam Questions & Community Discussion
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server. You plan to manage VM1 by using a PowerShell runbook.
You need to create the runbook. What should you create first?
You need to create the runbook. What should you create first?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Task 8
You plan to delegate the management of a ONS zone named fabnkam.com located on DO to the BranchAdmins grou p. You need to ensure that you can grant permissions to the fabikam.com zone.
You plan to delegate the management of a ONS zone named fabnkam.com located on DO to the BranchAdmins grou p. You need to ensure that you can grant permissions to the fabikam.com zone.
Correct Answer:
See the solution of this Task below.
Explanation:
Objective:
Grant permissions to the BranchAdmins group to manage the fabikam.com DNS zone on DC1.
Step-by-Step Guide
# Step 1: Log in to the DNS Server
Log in to DC1 (which hosts the DNS zone fabikam.com) using an account with Domain Admin or Enterprise Admin rights.
# Step 2: Open the DNS Manager
Open DNS Manager:
Press Windows + R, type dnsmgmt.msc, and hit Ent er.
# Step 3: Locate the Zone
In the DNS Manager, expand the Forward Lookup Zones.
Locate and right-click on the zone fabikam.com.
# Step 4: Open Zone Properties
Right-click on fabikam.com and select Properties.
In the Properties window, go to the Secu rity tab.
# Step 5: Grant Permissions
In the Security tab, click Add.
Enter the name of the group:
nginx
Copy
BranchAdmins
Click Check Names to resolve the group.
Click OK.
# Step 6: Assign the Appropriate Permissions
In the Permissions window, select the BranchAdmins group.
Assign the following permissions:
Read
Write
Create All Child Objects
Delete All Child Objects
Optionally, click Advanced for more granular control if needed.
# Step 7: Apply and Close
Click Apply and OK to save the changes.
Explanation:
Objective:
Grant permissions to the BranchAdmins group to manage the fabikam.com DNS zone on DC1.
Step-by-Step Guide
# Step 1: Log in to the DNS Server
Log in to DC1 (which hosts the DNS zone fabikam.com) using an account with Domain Admin or Enterprise Admin rights.
# Step 2: Open the DNS Manager
Open DNS Manager:
Press Windows + R, type dnsmgmt.msc, and hit Ent er.
# Step 3: Locate the Zone
In the DNS Manager, expand the Forward Lookup Zones.
Locate and right-click on the zone fabikam.com.
# Step 4: Open Zone Properties
Right-click on fabikam.com and select Properties.
In the Properties window, go to the Secu rity tab.
# Step 5: Grant Permissions
In the Security tab, click Add.
Enter the name of the group:
nginx
Copy
BranchAdmins
Click Check Names to resolve the group.
Click OK.
# Step 6: Assign the Appropriate Permissions
In the Permissions window, select the BranchAdmins group.
Assign the following permissions:
Read
Write
Create All Child Objects
Delete All Child Objects
Optionally, click Advanced for more granular control if needed.
# Step 7: Apply and Close
Click Apply and OK to save the changes.
Task 7
You need to collect the recommended Windows Perf ormance Counters from SRV1 in a Log Analytics workspace.
The required tiles are stored in a shared folder named \dc\install.
You need to collect the recommended Windows Perf ormance Counters from SRV1 in a Log Analytics workspace.
The required tiles are stored in a shared folder named \dc\install.
Correct Answer:
See the solution of this Task below.
Explanation:
To collect the recommended Windows Performance Counters from SRV1 in a Log Analytics workspace, you can follow these steps:
Step 1: Access the Log Analytics Workspace Log in to the Azure portal and navigate to your Log Analytics workspace.
Step 2: Configure Performance Counters In the Log Analytics workspace, select Advanced settings and then choose Data > Windows Performance Counters1. You can add the recommended performance counters by selecting the + button. If you're using legacy agent management, you can add counters from the Legacy agents management menu2.
Step 3: Add P erformance Counters Select the counters you want to collect. You can add common counters quickly by checking the boxes next to them. For specific counters, enter the name of the counter in the format object(instance)\counter. For example, to collect the Pr ocessor Time counter for all instances of the Processor object, specify Processor(_Total)\% Processor Time.
Step 4: Set Sample Interval When adding a counter, you can set the sample interval, which is the frequency at which data is collected. The default is 10 seconds, but you can change this to a higher value if needed.
Step 5: Apply Configuration After adding the desired performance counters, select Apply at the top of the screen to save the configuration.
Step 6: Install and Configure the Agent Ensure t hat the Microsoft Monitoring Agent (MMA) is installed on SRV1. Configure the agent to report to your Log Analytics workspace by specifying the workspace ID and key during setup.
Step 7: Verify Data Collection After the agent is configured, it will start co llecting the specified performance counters. You can verify the data collection in the Log Analytics workspace by running queries against the collected data.
Note: The legacy Log Analytics agent will be deprecated by August 2024. Migrate to the Azure Monit or agent before this date to continue ingesting data3.
By following these steps, you should be able to collect the recommended Windows Performance Counters from SRV1 in your Log Analytics workspace. Ensure that you have the necessary permissions and that S RV1 has network connectivity to Azure services.
Explanation:
To collect the recommended Windows Performance Counters from SRV1 in a Log Analytics workspace, you can follow these steps:
Step 1: Access the Log Analytics Workspace Log in to the Azure portal and navigate to your Log Analytics workspace.
Step 2: Configure Performance Counters In the Log Analytics workspace, select Advanced settings and then choose Data > Windows Performance Counters1. You can add the recommended performance counters by selecting the + button. If you're using legacy agent management, you can add counters from the Legacy agents management menu2.
Step 3: Add P erformance Counters Select the counters you want to collect. You can add common counters quickly by checking the boxes next to them. For specific counters, enter the name of the counter in the format object(instance)\counter. For example, to collect the Pr ocessor Time counter for all instances of the Processor object, specify Processor(_Total)\% Processor Time.
Step 4: Set Sample Interval When adding a counter, you can set the sample interval, which is the frequency at which data is collected. The default is 10 seconds, but you can change this to a higher value if needed.
Step 5: Apply Configuration After adding the desired performance counters, select Apply at the top of the screen to save the configuration.
Step 6: Install and Configure the Agent Ensure t hat the Microsoft Monitoring Agent (MMA) is installed on SRV1. Configure the agent to report to your Log Analytics workspace by specifying the workspace ID and key during setup.
Step 7: Verify Data Collection After the agent is configured, it will start co llecting the specified performance counters. You can verify the data collection in the Log Analytics workspace by running queries against the collected data.
Note: The legacy Log Analytics agent will be deprecated by August 2024. Migrate to the Azure Monit or agent before this date to continue ingesting data3.
By following these steps, you should be able to collect the recommended Windows Performance Counters from SRV1 in your Log Analytics workspace. Ensure that you have the necessary permissions and that S RV1 has network connectivity to Azure services.
Task 5
you need to configure a Group Policy preference to ensure that users in the organizational unit (OU) named Server Admins have a shortcut to a folder named \\srvi.contoso.com\data on their desktop when they sign in to the computers in the domain.
you need to configure a Group Policy preference to ensure that users in the organizational unit (OU) named Server Admins have a shortcut to a folder named \\srvi.contoso.com\data on their desktop when they sign in to the computers in the domain.
Correct Answer:
See the solution of this Task below.
Explanation:
TASK 5
# Objective:
Configure a Group Policy Preference to create a shortcut to \\srvi.contoso.com\data on the desktop of users in the Server Admins OU.
Step-by-Step Guide: Using Group Policy Preferences to Create a Desktop Shortcut
# Step 1: Open Group Policy Management Console (GPMC)
Log in to a DC or a management computer with RSAT installed.
Open Grou p Policy Management (gpmc.msc).
# Step 2: Create a New GPO
In the GPMC console, expand the forest and the domain (e.g., contoso.com).
Right-click the OU named Server Admins and select Create a GPO in this domain, and Link it here.
Name the GPO, e.g., Desktop Shortcut for Server Admins.
# Step 3: Edit the GPO
Right-click the newly created GPO and select Edit.
This opens the Group Policy Management Editor.
# Step 4: Navigate to User Preferences
In the editor, expand:
User Configuration > Preferences > Windows Settings > Shortcuts.
# Step 5: Create the Shortcut
Right-click Shortcuts and select New > Shortcut.
In the New Shortcut Properties window:
Action: Create
Name: Data Folder
Target Type: File System Object
Location: Desktop
Target Path: \\srvi.c ontoso.com\data
Optionally, set an icon or description if you want.
# Step 6: Configure Item-Level Targeting (Optional)
If you want to limit this shortcut strictly to specific users/groups, click the Common tab.
Check Item-level targeting and configure c onditions (optional).
For this scenario, linking the GPO to the Server Admins OU is usually sufficient.
# Step 7: Close and Update
Close the editor.
In GPMC, ensure the GPO is linked to the Server Admins OU.
Force a Group Policy Update on client computers:
On a client computer:
gpupdate /force
Or wait for the next Group Policy refresh cycle.
# Step 8: Verify
Log in as a user in the Server Admins OU.
The shortcut to \\srvi.contoso.com\data should appear on the desktop.
Explanation:
TASK 5
# Objective:
Configure a Group Policy Preference to create a shortcut to \\srvi.contoso.com\data on the desktop of users in the Server Admins OU.
Step-by-Step Guide: Using Group Policy Preferences to Create a Desktop Shortcut
# Step 1: Open Group Policy Management Console (GPMC)
Log in to a DC or a management computer with RSAT installed.
Open Grou p Policy Management (gpmc.msc).
# Step 2: Create a New GPO
In the GPMC console, expand the forest and the domain (e.g., contoso.com).
Right-click the OU named Server Admins and select Create a GPO in this domain, and Link it here.
Name the GPO, e.g., Desktop Shortcut for Server Admins.
# Step 3: Edit the GPO
Right-click the newly created GPO and select Edit.
This opens the Group Policy Management Editor.
# Step 4: Navigate to User Preferences
In the editor, expand:
User Configuration > Preferences > Windows Settings > Shortcuts.
# Step 5: Create the Shortcut
Right-click Shortcuts and select New > Shortcut.
In the New Shortcut Properties window:
Action: Create
Name: Data Folder
Target Type: File System Object
Location: Desktop
Target Path: \\srvi.c ontoso.com\data
Optionally, set an icon or description if you want.
# Step 6: Configure Item-Level Targeting (Optional)
If you want to limit this shortcut strictly to specific users/groups, click the Common tab.
Check Item-level targeting and configure c onditions (optional).
For this scenario, linking the GPO to the Server Admins OU is usually sufficient.
# Step 7: Close and Update
Close the editor.
In GPMC, ensure the GPO is linked to the Server Admins OU.
Force a Group Policy Update on client computers:
On a client computer:
gpupdate /force
Or wait for the next Group Policy refresh cycle.
# Step 8: Verify
Log in as a user in the Server Admins OU.
The shortcut to \\srvi.contoso.com\data should appear on the desktop.
You need to ensure that access to storage1 for the Marketing OU users meets the technical requirements.
What should you implement?
What should you implement?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
You have an on premises Active Directory Domain Services (AD DS) domai n that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.
A user named Admin1 is a member of the local Administrators group on Server1 and Server2.
You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.
You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.
What should you do first?
A user named Admin1 is a member of the local Administrators group on Server1 and Server2.
You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.
You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.
What should you do first?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
You have a Windows Server container host named Server1.
You start the containers on Server1 as shown in the following table.
You need to validate the status of ProcessA and ProcessC.
Where can you verify that ProcessA and ProcessC are in a running state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You start the containers on Server1 as shown in the following table.
You need to validate the status of ProcessA and ProcessC.
Where can you verify that ProcessA and ProcessC are in a running state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
* ProcessA : All the containers and Server1
* ProcessB : Container3 and Server1 only
Comprehensive and Detailed Explanation with all Administering Windows Server Hybrid Core Infrastructure documents : = Understand ing the visibility of processes within Windows Server containers depends entirely on the isolation mode used: Windows Server isolation (Process isolation) or Hyper-V isolation . According to official documents for Administering Windows Server Hybrid Core In frastructure, these two modes determine how the container ' s kernel and processes interact with the host system.
* Windows Server Isolation (Process Isolation) : In this mode, containers share the same kernel as the host. Processes running inside the container are essentially standard processes on the host, albeit isolated through namespaces and resource controls. Consequently, a process running in a process- isolated container (like Container1 and Container2 in the exhibit) is visible from the host ' s Task Manag er or Get-Process command, as well as from other containers sharing the same host kernel.
Therefore, ProcessA can be verified as running from All the containers and Server1 .
* Hyper-V Isolation : This mode provides a more secure and isolated environment by ru nning each container inside its own highly optimized virtual machine (utility VM). Because each container has its own private kernel, the host cannot " see " the internal processes of the container, and containers cannot see into each other. Container3 uses Hyper-V isolation. Therefore, ProcessC is only visible to the internal operating system of Container3 and, at a management level, to Server1 (the host). It is invisible to other containers (Container1, 2, and 4) because they are separated by kernel-level boundaries. Thus, you can verify ProcessC on Container3 and Server1 only .
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator fo r the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?
You need to identify which server is the PDC emulator fo r the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server and has the following disks:
* OSdislcDisk1
o Size: 512 GiB
o Free space: 260 GiB
o Encryption: SSE with PMK
o Storage type: Standard SSD
* Data disk: Disk2
o Size: 512 GiB
o Free space: 45 GiB
o Storage type: Standard HDD
o Encryption: Platform-managed key
You are planning a maintenance strategy for VM1.
You need to identify which task can be performed on Disk2 without causing downtime to VM1.
What should you do on Disk2?
* OSdislcDisk1
o Size: 512 GiB
o Free space: 260 GiB
o Encryption: SSE with PMK
o Storage type: Standard SSD
* Data disk: Disk2
o Size: 512 GiB
o Free space: 45 GiB
o Storage type: Standard HDD
o Encryption: Platform-managed key
You are planning a maintenance strategy for VM1.
You need to identify which task can be performed on Disk2 without causing downtime to VM1.
What should you do on Disk2?
Correct Answer: C
Vote an answer
Your on-premises network contains an Active Directory domain named contoso.com and 500 servers that run Windows Server. A ll the servers are Azure Arc-enabled and joined to contoso.com.
You need to implement PowerShell Desired State Configuration (DSC) on all the servers. The solution must minimize administrative effort.
Where should you store the DSC scripts, and what should you use to apply DSC to the servers? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement PowerShell Desired State Configuration (DSC) on all the servers. The solution must minimize administrative effort.
Where should you store the DSC scripts, and what should you use to apply DSC to the servers? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
In the Administering Windows Server Hybrid Core Infrastructure materials for managing hybrid servers with Azure Arc, Microsoft describes two primary, supported ways to deliver Desired State Configuration at scale: Azur e Automation State Configuration and Azure Policy Guest Configuration . For large fleets of Arc-enabled servers, the guidance emphasizes that Guest Configuration uses DSC resources and content that is packaged and then assigned by Azure Policy , removing the need to stand up or manage a pull server. The study content explains that Guest Configuration " audits and (with remediation) configures the inside of machines using DSC resources " and that you deliver it by creating or using a policy definition that refer ences your guest configuration package , so compliance and remediation happen through policy assignment. This approach is highlighted as the lowest-overhead method for Arc servers because policy assignments can be targeted to subscriptions, resource groups, or Arc-enabled machines , providing uniform roll-out and governance with minimal administration.
The same materials note that Automation State Configuration requires onboarding nodes to an Automation account and managing configurations there , which adds ex tra setup for non-Azure VMs. In contrast, with Arc + Guest Configuration, the DSC content is stored/referenced in the Azure Policy definition and enforced by the Guest Configuration extension , enabling you to apply and remediate configurations at scale wit h Azure Policy , which best meets the requirement to minimize administrative effort across 500 Arc-enabled Windows Server machines joined to the on-premises domain.
You have a server named Server1 that has Windows Admin Center installed. The certificate used by Wind ows Admin Center was obtained from a certification authority (CA).
The certificate expires.
You need to replace the certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
The certificate expires.
You need to replace the certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation:
Obtain and install a new certificate.
Copy the certificate thumbprint.
Run Windows Admin Center Setup and select Change.
According to the official study guides for Administering Windows Server Hybrid Core Infrastructure , maintaining the security of the Windows Admin Center (WAC) gateway is a critical administrative task, especially regarding SSL/TLS certificate management. When a certifi cate used by Windows Admin Center expires or needs to be replaced, the process follows a specific sequence to ensure service continuity and secure connectivity.
First, you must obtain and install a new certificate from a trusted Certificate Authority (CA). The certificate must be installed into the local machine ' s certificate store on the server where Windows Admin Center is running. Once installed, you must copy the certificate thumbprint . The thumbprint is a unique hexadecimal string that identifies the s pecific certificate; it is required by the WAC installer to bind the gateway service to the correct cryptographic object.
Finally, you must run Windows Admin Center Setup and select Change . Unlike standard web applications managed through Internet Informat ion Services (IIS), Windows Admin Center uses its own specialized installer logic to handle port bindings and certificate associations. By selecting the " Change " option in the setup wizard (accessible via Add/Remove Programs or the original .msi file), the administrator is prompted to enter the new certificate thumbprint. The installer then updates the HTTPS listener configuration to use the new certificate. Note that " Repair " or " Remove " are incorrect as they do not allow for the reconfiguration of the cer tificate binding, and WAC does not typically use the standard IIS Manager for its core gateway service binding.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new subnet object that is associated to Site1.
Does this meet the goal?
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new subnet object that is associated to Site1.
Does this meet the goal?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
0
0
0
10