AZ-800 Free Practice Test

HOTSPOT - (Topic 3)
Your network contains a two-domain on-premises Active Directory Domain Services (AD DS) forest named Contoso.com. The forest contains the domain controllers shown in the
following table.

You create an Active Directory site named Site3. Site1, Site2 and Site3 each has a dedicated site link to the Hub site.
In Site3, you install a new server named Server1.
You need to promote Server1 to an ROOC in child.contoso.com by using the install from Media (IFM) option. The solution must minimize network traffic.
What should you do? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a DNS server named Server1. Server1 hosts a DNS zone named fabrikam.com that was signed by DNSSEC.
You need to ensure that all the member servers in the domain perform DNSSEC validation for the fabrikam.com namespace.
What should you do?

1. A. On Served, run the Add-DnsServerTrustAnchor cmdlet.
2. B. On each member server, run the Add-DnsServerTrustAnchor cmdlet.
3. C. From a Group Policy Object (GPO). add a rule to the Name Resolution Policy Table (NRPT).
4. D. From a Group Policy Object (GPO). modify the Network List Manager policies.

Correct Answer: C

- (Exam Topic 3)
You have a file server named Server1 that runs Windows Server and contains the volumes shown in the following table.

On which volumes can you use BitLocker Drive Encryption (BitLocker) and disk quotas? To answer select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Solution:
Table Description automatically generated
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/refs/refs-overview

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
You have an Azure virtual machine named VM1 that runs Windows Server. You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1. What should you do?

1. A. Add the PowerShell Desired State Configuration (DSC) extension to VM1.
2. B. Configure VM1 to use a user-assigned managed identity.
3. C. Configure VM1 to use a system-assigned managed identity.
4. D. Add the Custom Script Extension to VM1.

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/guest-configuration

- (Exam Topic 3)
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure AD Connect.
The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1.
You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared
You need to create a security group that meets the following requirements:
• Can contain users from the AD DS domain
• Can be used to authorize user access to share 1 and share2 What should you do?

1. A. in the AD DS domain, create a universal security group
2. B. in the Azure AD tenant create a security group that has assigned membership
3. C. in the Azure AD Tenant create a security group that has dynamic membership.
4. D. in the Azure AD tenant create a Microsoft 365 group

Correct Answer: B