Microsoft AZ-800: Administering Windows Server Hybrid Core Infrastructure Sample Questions
Advanced Sample Questions
What is the purpose of the Microsoft Azure Stack Hub?
- a. To provide a hybrid cloud environment
- b. To provide a multi-cloud environment
- c. To provide a public cloud environment ,
- d. To provide a private cloud environment
Answer: a. To provide a hybrid cloud environment
Explanation: Microsoft Azure Stack Hub is a hybrid cloud platform that provides a seamless experience between the public and private cloud environments. It allows organizations to run both Azure and on-premises workloads and provides the same Azure services and experiences in the data center as in the public cloud.
What is the purpose of the Microsoft Azure Stack HCI solution?
- a. To provide a hybrid cloud environment
- b. To provide a multi-cloud environment
- c. To provide a high-availability solution for virtualized workloads
- d. To provide a private cloud environment
Answer: c. To provide a high-availability solution for virtualized workloads Explanation: Microsoft Azure Stack HCI is a solution for high-availability virtualized workloads. It provides a hyper-converged infrastructure that runs Windows Server and supports the deployment of virtual machines, as well as other traditional server applications. It allows organizations to run both on-premises and cloud-based workloads, and provides a seamless experience between the two environments.
What is the purpose of the Microsoft Azure Stack Edge device?
- a. To provide edge computing capabilities
- b. To provide a multi-cloud environment
- c. To provide a high-availability solution for virtualized workloads
- d. To provide a private cloud environment
Answer: a. To provide edge computing capabilities
Explanation: Microsoft Azure Stack Edge is a device that provides edge computing capabilities. It allows organizations to run Azure services and applications at the edge of their network, providing low-latency, secure access to data and compute resources. It supports a range of use cases, including Internet of Things (IoT) applications, edge data processing, and local data storage.
What is the purpose of the Microsoft Azure Arc solution?
- a. To provide a unified management solution for multi-cloud and edge computing
- b. To provide a hybrid cloud environment
- c. To provide a high-availability solution for virtualized workloads
- d. To provide a private cloud environment
Answer: a. To provide a unified management solution for multi-cloud and edge computing
Explanation: Microsoft Azure Arc is a unified management solution for multi-cloud and edge computing. It provides a single control plane for managing resources, regardless of where they are deployed. This includes Azure resources, as well as resources running on-premises, in other cloud environments, or at the edge. It provides a consistent experience for managing, deploying, and monitoring resources, and enables organizations to take advantage of Azure services and management tools in a multi-cloud and edge environment.
What is the purpose of the Microsoft Azure Stack Development Kit (ASDK)?
- a. To provide a development environment for Azure Stack Hub
- b. To provide a multi-cloud environment
- c. To provide a high-availability solution for virtualized workloads
- d. To provide a private cloud environment
Answer: a. To provide a development environment for Azure Stack Hub
Explanation: The Microsoft Azure Stack Development Kit (ASDK) is a development environment for Azure Stack Hub. It provides a sandbox environment for testing and developing applications that run on Azure Stack Hub, allowing organizations to validate their application designs and deployment procedures before deploying to a production environment.
What is the primary role of Active Directory in a Windows Server hybrid core infrastructure?
- a. To provide authentication and authorization services
- b. To provide file and print services c
- . To provide Internet Information Services (IIS)
- d. To provide network infrastructure services
Answer: a. To provide authentication and authorization services
Explanation: Active Directory is a critical component of a Windows Server hybrid core infrastructure. Its primary role is to provide authentication and authorization services, allowing users and devices to access resources in a secure and controlled manner. It provides a central repository for user and computer accounts, and enables administrators to manage security policies and delegate administrative control to other users.
What is the role of DNS in a Windows Server hybrid core infrastructure?
- a. To provide name resolution services
- b. To provide file and print services
- c. To provide Internet Information Services (IIS)
- d. To provide network infrastructure services
Answer: a. To provide name resolution services
Explanation: DNS (Domain Name System) is a critical component of a Windows Server hybrid core infrastructure. Its primary role is to provide name resolution services, allowing devices and applications to locate resources on the network using hostnames instead of IP addresses. This makes it easier for users to access resources and enables applications to be deployed in a scalable and dynamic manner.
What is the role of DHCP in a Windows Server hybrid core infrastructure?
- a. To provide dynamic IP address assignment
- b. To provide file and print services
- c. To provide Internet Information Services (IIS)
- d. To provide network infrastructure services
Answer: a. To provide dynamic IP address assignment
Explanation: DHCP (Dynamic Host Configuration Protocol) is a critical component of a Windows Server hybrid core infrastructure. Its primary role is to provide dynamic IP address assignment, allowing devices and applications to obtain IP addresses automatically from a centralized server. This reduces the administrative burden of configuring IP addresses manually and ensures that devices have access to the network without manual intervention.
What is the role of IIS in a Windows Server hybrid core infrastructure?
- a. To provide web server services
- b. To provide file and print services
- c. To provide dynamic IP address assignment
- d. To provide network infrastructure services
Answer: a. To provide web server services
Explanation: IIS (Internet Information Services) is a component of Windows Server that provides web server services. It enables organizations to host websites, web applications, and web services, and provides a platform for delivering content and services to users over the Internet. IIS supports a range of web technologies, including ASP.NET, PHP, and Java, and enables administrators to manage and secure web-based resources.
What is the role of the Windows Server Update Services (WSUS) in a Windows Server hybrid core infrastructure?
- a. To provide software updates and patches
- b. To provide file and print services
- c. To provide dynamic IP address assignment
- d. To provide network infrastructure services
Answer: a. To provide software updates and patches
Explanation: Windows Server Update Services (WSUS) is a component of Windows Server that provides software updates and patches to client devices in the network. It allows administrators to manage and distribute updates for Windows and other Microsoft products, including Office, in a controlled and secure manner. WSUS reduces the administrative burden of updating client devices, and ensures that systems are up-to-date with the latest security patches and bug fixes.
Basic Sample Questions
Question 1. Tenants of Azure Active Directory (Azure AD) communicate with Active Directory Domain Services (AD DS) on-premises. With Azure AD, you want a self-service password reset (SSPR). In order for AD DS users to have access to the new password resources, you must ensure that users who reset their passwords with SSPR can do so.
What would you do?
- A. On-premises deployment of Azure AD Password Protection proxy service.
- B. Opening the Microsoft Azure Active Directory Connect wizard and selecting the Password writeback option.
- C. Granting the Azure AD Connect service account the Change password permission for the domain.
- D. Permit the impersonate client to access the Azure AD Connect service account after authentication.
Correct Answer: B
Question 2. You want to find the PDC for the Active Directory Domain Services (AD DS) domain contoso.com on your network.
Solution: Right-click Active Directory Domains and Trusts in the console tree and select Operation Master.
Does this accomplish the goal?
- A. Yes
- B. No
Correct Answer: B
Question 3. You have added an Active Directory Domain Services (AD DS) domain named contoso.com to your network. A group policy object (GPO) must be accessible to administrators. The solution must adhere to the principle of least privilege.
The administrator should be added to which group?
- A. AAD DC Administrators
- B. Domain Admins
- C. Schema Admins
- D. Enterprise Admins
- E. Group Policy Creator Owners
Correct Answer: D
Question 4. Azure Active Directory (Azure AD) tenants can sync with Active Directory domains on-premises. This domain consists of two servers named Server1 and Server2. Both Server1 and Server2 have a user named Admin1 who belongs to the local Administrators group.
With Azure Arc, you will manage Server1 and Server2. In Azure Arc, RG1 will be used as a resource group. Server1 and Server2 can be managed by Admin1 by configuring Azure Arc.
What will you do first?
- A. Create a new onboarding script from the Azure portal.
- B. RG1’s Azure Connected Machine Onboarding role should be assigned to Admin1.
- C. Server1 and Server2 should be joined by hybrid Azure AD.
- D. Set up an Azure cloud-only account for Admin1.
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal
Question 5. An Azure virtual machine named VM1 running Windows Server is included in your Azure subscription. To manage VM1, you must ensure that the Azure Policy guest configuration feature is available.
What will you do?
- A. Add the PowerShell Desired State Configuration (DSC) extension to VM1.
- B. Setting up VM1 to use a managed identity assigned by the user.
- C. Setting up VM1 to use a managed identity assigned by the system.
- D. Add the Custom Script Extension to VM1.
Correct Answer: C
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/guest-configuration
Question 6. You have a Windows Server container host named Server1 as well as an image named image1 as your container image.
From the image1, you should start a container. Hyper-V is ideal for running the container.
In the docker run command, how do you specify parameters?
- A. –expose
- B. –privileged
- C. –runtime
- D. –isolation
- E. –entry point
Correct Answer: E
Reference: https://docs.docker.com/language/nodejs/run-containers/
Question 7. You have a domain named contoso.com in your network, and you need to determine which server serves as its PDC emulator.
Solution: To edit the property information for Default-First-Site-Name, right-click it in the console tree.
Does this accomplish the goal?
- A. Yes
- B. No
Correct Answer: B
Question 8. An Azure Active Directory (Azure AD) is synchronized with a local Active Directory domain (AD DS). As part of your plan to implement a self-service password reset (SSPR) for Azure AD, you must ensure that the new password resources in the AD DS domain are accessible by users who reset their passwords through SSPR.
What will you do?
- A. On-premises deployment of Azure AD Password Protection proxy service.
- B. Selecting Password writeback in the Microsoft Azure Active Directory Connect wizard.
- C. Giving the Azure AD Connect service account permission to change the domain password.
- D. Giving the impersonate client the right to access the Azure AD Connect service account after authentication.
Correct Answer: B
Question 9. HOTSPOT – On an Azure Active Directory Domain Services domain, you create a user named Admin1. In the least privilege solution, all computers in the domain must be configured with custom Group Policy settings by Admin1.
What will you include in the solution?
Hot Area:
Add admin1 to the following group:
- AAD DC Administrators
- Domain Admins
- Group policy creator owners
To apply custom group policy settings, instruct admin1 to:
- Creating a new group policy object (GPO) and linking the GPO to the domain
- Modifying AADDC Computers GPO
- Modifying the default domain GPO
Correct Answer:
- Add admin1 to the following group: AAD DC Administrators
- Instruct admin1 to apply custom group policy settings by Modifying AADDC Computers GPO
Reference: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy
Question 10. DRAG-DROP –
A new Azure subscription is created. Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines are planned for deployment. Azure AD DS will be linked to the virtual machines. For the virtual machines to be deployed and joined to Azure AD DS, Active Directory Domain Services (AD DS) has to be deployed.
Arrange the three appropriate actions in the correct sequence.
Select and Place:
| Actions | Answer Area |
| Modify the settings of the Azure virtual network | |
| Install the Active Directory Domain Service role. | |
| Install Azure AD Connect | |
| Create an Azure virtual network | |
| Create an Azure AD DS instance | |
| Run the Active Directory Domain Service Installation Wizard |
Correct Answer
| Modify the settings of the Azure virtual network | Create an Azure virtual network |
| Install the Active Directory Domain Service role. | Create an Azure AD DS instance |
| Install Azure AD Connect | Run the Active Directory Domain Service Installation Wizard |
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance
Question 11. DRAG-DROP –
A single domain Active Directory Domain Services (AD DS) forest named contoso.com exists on your network. There is only one Active Directory site in the forest.
Your plan is to deploy a read-only domain controller (RODC) onto a new server named Server1 in a new data center. There is a user named User1 who belongs to the local domain.
Administrators group on Server1.
The deployment plan you recommend should meet the following requirements:
Make sure that on the Server1, User1 can perform the RODC installation
Make sure that you have the control of the AD DS replication schedule to the Server1
Make sure that Server1 exists on a new site called RemoteSite1
Implements the principle of least privilege
Arrange the three appropriate actions in the correct sequence.
Select and Place:
| Actions | Answer Area |
| Instruct User1 to run the Active Directory Domain Services Installation Wizard on Server1. | |
| Create a site and a subnet. | |
| Create a site link. | |
| Pre-Create an RODC Account. | |
| Add User1 to the Contoso\Administrators group. |
Correct Answer
| Add User1 to the Contoso\Administrators group. | |
| Create a site and a subnet. | Pre-Create an RODC Account. |
| Create a site link. | Instruct User1 to run the Active Directory Domain Services Installation Wizard on Server1. |
Reference:
Question 12. DRAG-DROP –
As part of your Active Directory Domain Services deployment strategy, you deploy a new forest called contoso.com. Three domain controllers named DC1, DC2, and DC3 exist on the domain.
Default-First-Site-Name is renamed as Site1.
Shipping the DC1, DC2, and DC3 to data centers to new locations is your plan.
DC1, DC2, and DC3 must be configured to meet the following requirements:
- Each domain controller must be located on its own Active Directory site.
- There must be independent control of the replication schedule between each site.
- Interruptions to replication must be minimized.
Arrange the three appropriate actions in the correct sequence.
Select and Place:
| Actions | Answer Area |
| Create a connection object between DC1 and DC2. | |
| Create an additional site link that contains Site1 and Site2. | |
| Create two additional sites named Site2 and Site3. Move DC2 to Site2 and DC3 to Site3. | |
| Create a connection object between DC2 and DC3. | |
| Remove Site2 from DEFAULTIPSETLINK |
Correct Answer
| Create two additional sites named Site2 and Site3. Move DC2 to Site2 and DC3 to Site3. | |
| Create an additional site link that contains Site1 and Site2. | Create a connection object between DC1 and DC2. |
| Create a connection object between DC2 and DC3. | |
| Remove Site2 from DEFAULTIPSETLINK |
Question 13. As part of your Active Directory Domain Services deployment strategy, you deploy a new forest called contoso.com. The following table shows the domain controllers in the root domain.
| Name | FSMO role |
| DC1 | Domain naming master |
| DC2 | RID master |
| DC3 | PDC emulator |
| DC4 | Schema master |
| DC5 | Infrastructure master |
Which domain controller failure will prevent you from creating application partitions?
- DC1
- DC2
- DC3
- DC4
- DC5
Correct Answer: DC1
Reference:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles
Question 14. HOTSPOT –
There are 10 on-premises servers that run Windows Server. The servers will be connected to Azure resources via Azure Network Adapter.
In both on-premises and Azure, which prerequisites do you require?
NOTE: Each correct selection awards you one point.
Hot Area:
Answer Area
To Configure the on-premises servers, use:
| Azure CLI |
| Routing and Remote Access |
| Server Manager |
| Windows Admin Center |
To connect the Azure resources and Azure Network Server Manager Adapter, use:
| Azure Bastion |
| Azure Firewall |
| An Azure virtual network gateway |
| A private endpoint |
| A public Azure Load Balancer |
Correct Answer:
To Configure the on-premises servers, use:
| Windows Admin Center |
To connect the Azure resources and Azure Network Server Manager Adapter, use:
| An Azure virtual network gateway |
Reference:
Question 15. DRAG-DROP –
Your server is named Server1 and it has Windows Admin Center installed. Windows Admin Center is using the certificate issued by a certification authority (CA). The certificate has expired and needs to be replaced.
Arrange the three appropriate actions in the correct sequence.
Select and Place:
| Actions | Answer Area |
| Copy the certificate thumbprint. | |
| From the Internet Information Services(IIS Manager, bind a certificate. | |
| Rerun Windows Admin Center Setup and select Change. | |
| Rerun Windows Admin Center Setup and select Repair. | |
| Rerun Windows Admin Center Setup and select Remove. |
Correct Answer:
| From the Internet Information Services(IIS Manager, bind a certificate. | |
| Copy the certificate thumbprint. | |
| Rerun Windows Admin Center Setup and select Change. | |
| Rerun Windows Admin Center Setup and select Repair. | |
| Rerun Windows Admin Center Setup and select Remove. |
Reference:
https://www.starwindsoftware.com/blog/change-the-windows-admin-center-certificate
Question 16. HOTSPOT –
There is a server on your network named Server1 that runs Windows Server and is connected to the Internet. You have an Azure subscription and you need to monitor Server1 by using Azure Monitor.
In the subscription, what resources should be created, and what should Server1 have installed?
NOTE: Each correct selection awards you one point.
Hot Area:
Answer Area
In the subscription, create:
| An Azure Files storage account |
| A Log Analytics workspace |
| An Azure SQL Database and a data collection rule |
| An Azure Blob Storage account and a data collection rule |
On Server1, install:
| The Azure Monitor Agent |
| The Analytics Gateway |
| The Device Health Attestation server role |
Correct Answer:
In the subscription, create:
| A Log Analytics workspace |
On Server1, install:
| The Analytics Gateway |
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/gateway
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor
Question 17. HOTSPOT –
There are two Active Directory Domain Services (AD DS) forests on your network named contoso.com and fabrikam.com. There is a two-way forest trust between the two forests. A single domain exists in each forest.
Following is a list of domains containing servers.
| Name | Domain | Description |
| Server1 | contoso.com | Hosts a Windows Admin Center gateway |
| Server2 | fabrikam.com | Hosts resources that will be managed remotely by using Windows Admin Center on Server 1 |
Configure resource-based constrained delegation so that users at contoso.com can connect to Server2 through Windows Admin Center on Server1.
How will you complete the command?
Answer Area
Set -ADComputer -Identity
| (Get-ADComputer server1.contoso.com) |
| (Get-ADComputer server2.fabrikam.com) |
| (Get-ADComputer ‘Contoso\Domain Users’) |
| (Get-ADComputer ‘Fabrikam\Domain Users’) |
-PrincipalsAllowedToDelegateToAccount
| (Get-ADComputer server1.contoso.com) |
| (Get-ADComputer server2.fabrikam.com) |
| (Get-ADComputer ‘Contoso\Domain Users’) |
| (Get-ADComputer ‘Fabrikam\Domain Users’) |
Correct Answer:
Set -AD Computer -Identity
| (Get-ADComputer server1.contoso.com) |
-PrincipalsAllowedToDelegateToAccount
| (Get-ADComputer server2.fabrikam.com) |
Reference:
Question 18. HOTSPOT –
There is a server named Server1 running Windows Server and installed with the Hyper-V server role. Hyper-V module cmdlets that help desk users can use to administer Server1 remotely need to be limited. Just Enough Administration (JEA) is configured and role capabilities and session configuration files are successfully created.
How will you complete the PowerShell command?
Answer Area
-Path.\HyperVJeaConfig
| Enter-PSSession |
| New-PSSessionConfigurationFile |
| Register-PSSessionConfiguration |
-Name ‘HyperVJeaHelpDesk’ – Force
| .ps1 |
| .psm1 |
| .psrc |
| .pssc |
Correct Answer:
Answer Area
-Path.\HyperVJeaConfig
| New-PSSessionConfigurationFile |
-Name ‘HyperVJeaHelpDesk’ – Force
| .pssc |
Reference:
Question 19. HOTSPOT
There is a Windows Server container host named Server1 having a single disk. The following table shows the containers you plan to start on Server1.
| Name | Description |
| Container1 | Container1 is a Windows container that contains a web app in development. The container must NOT share a kernel with other containers. |
| Container2 | Container2 is a Linux container that runs a web app. The container requires two static IP addresses. |
| Container3 | Container3 is a Windows container that runs a database. The container requires a static IP address. |
For each container, what isolation mode can you use?
Answer Area:
Container1:
| Hyper-V isolation only |
| Process isolation only |
| Hyper-V isolation or process isolation |
Container2:
| Hyper-V isolation only |
| Process isolation only |
| Hyper-V isolation or process isolation |
Container3:
| Hyper-V isolation only |
| Process isolation only |
| Hyper-V isolation or process isolation |
Correct Answer:
Container1:
| Hyper-V isolation only |
Container2:
| Process isolation only |
Container3:
| Hyper-V isolation or process isolation |
Reference:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/hyperv-container
