Microsoft Configuring Windows Server Hybrid Advanced Services: AZ-801 Sample Questions
Candidates who can configure advanced Windows Server services on-premises, in hybrid settings, and in the cloud should take the Microsoft AZ-801 test. On-premises and hybrid solutions should be implemented and managed by these professionals, who should also be able to perform tasks like security, migration, monitoring, high availability, troubleshooting, and disaster recovery. Some of the administrative tools and technologies they use include Windows Admin Center, PowerShell, Azure Arc, Azure Automation Update Management, Microsoft Defender for Identity, Azure Security Center, Azure Migrate, and Azure Monitor. The article provides a list of Microsoft Configuring Windows Server Hybrid Advanced Services: AZ-801 Sample Questions that cover core exam topics including –
- Secure Windows Server on-premises and hybrid infrastructures (25–30%)
- Implement and manage Windows Server high availability (10–15%)
- Implement disaster recovery (10–15%)
- Migrate servers and workloads (20–25%)
- Monitor and troubleshoot Windows Server environments (20–25%)
Q1)Windows Server is installed on a server you have called Server1. You must make sure that only particular apps on Server1 have access to the data in protected folders. Solution: Controlled folder access is configured under Virus & threat protection. Is the objective being met in AZ-801?
- A. Yes
- B. No
Correct Answer: A
Q2)Windows Server is installed on a server you have called Server1. You must make sure that only particular apps on Server1 have access to the data in protected folders. Tamper Protection is configured under Virus & Threat Protection. Is the objective being met in AZ-801?
- A. Yes
- B. No
Correct Answer: B
Q3)Windows Server is installed on a server you have called Server1. You must make sure that only particular apps on Server1 have access to the data in protected folders. The Exploit protection settings are configured from the App & browser control. Is the objective being met?
- A. Yes
- B. No
Correct Answer: B
Q4)You have a Windows Server virtual machine in Azure called VM1. You intend to install a fresh line-of-business application (LOB) on VM1. Make that the programme has the ability to generate child processes. What settings ought to be made on VM1 in AZ-801?
- A. Microsoft Defender Credential Guard
- B. Microsoft Defender Application Control
- C. Microsoft Defender SmartScreen
- D. Exploit protection
Correct Answer: D
Q5)You have 100 Windows Server-based Azure virtual machines. The virtual machines have Microsoft Defender for Cloud installed. If Microsoft Defender for Cloud alerts you that “Antimalware deactivated in the virtual machine,” you must shut down the virtual machine immediately. Which setting in Microsoft Defender for Cloud should you use in AZ-801?
- A. a logic app
- B. a workbook
- C. a security policy
- D. adaptive network hardening
Correct Answer: A
Q6)You have 100 on-premises servers with Azure Arc support and a Microsoft Sentinel deployment. The same resource group contains all of the Azure Arc-capable resources. The servers must be onboarded for Microsoft Sentinel. The answer must require the least amount of administration. How should servers be onboarded into Microsoft Sentinel?
- A. Azure Automation
- B. Azure Policy
- C. Azure virtual machine extensions
- D. Microsoft Defender for Cloud\
Correct Answer: B
Q7)You have an Azure Active Directory (Azure AD) tenant that is synced with an on-premises Active Directory Domain Services (AD DS) domain utilising password hash synchronisation. You are a subscriber to Microsoft 365. Every device is attached to Azure AD hybrid. Users complain that entering their password manually is required in order to access Microsoft 365 applications. The number of times users must enter their password in order to access Microsoft 365 and Azure services has to be decreased. What ought you to do?
- A. Create a Conditional Access policy in Azure AD for the Office 365 applications.
- B. Add an autodiscover record to the AD DS domain’s DNS zone.
- C. Turn on single sign-on in Azure AD Connect (SSO).
- D. Set up pass-through authentication with Azure AD Connect.
Correct Answer: C
Q8)You have a Microsoft Defender for Cloud subscription that is active. You have 50 Windows Server-based Azure virtual machines. You must make sure that Defender for Cloud is notified of any security flaws found on the virtual machines. Which extension on the virtual machines should you enable?
- A. Vulnerability assessment for machines
- B. Microsoft Dependency agent
- C. Log Analytics agent for Azure VMs
- D. Guest Configuration agent
Correct Answer: A
Q9)You have a workgroup with 10 servers running Windows Server. All network traffic between the servers must be configured on the servers to be encrypted. The answer needs to be as safe as it can be. In a connection security rule, which authentication mechanism should you configure?
- A. NTLMv2
- B. pre-shared key
- C. Kerberos V5
- D. computer certificate
Correct Answer: D
Q10)You have a Windows Server virtual machine in Azure called VM1. Using Azure Disk Encryption, you must encrypt the data on the discs attached to VM1. What is a requirement for putting Azure Disk Encryption into practise?
- A. Customer Lockbox for Microsoft Azure
- B. an Azure key vault
- C. a BitLocker recovery key
- D. data-link layer encryption in Azure
Correct Answer: B
Q11)An Active Directory Domain Services (AD DS) domain exists on your network. Windows Server is installed on two servers in the domain, Server1 and Server2. You must make sure that Server2 can be managed through the Computer Management panel. The least privilege principle must be applied to the solution. Which two Advanced Security rules in Windows Defender Firewall should be enabled on Server2? Each right response offers a piece of the answer.
- A. the COM+ Network Access (DCOM-In) rule
- B. all the rules in the Remote Event Log Management group
- C. the Windows Management Instrumentation (WMI-In) rule
- D. the COM+ Remote Administration (DCOM-In) rule
- E. the Windows Management Instrumentation (DCOM-In) rule
Correct Answer: A and B
Q12)Windows Server is installed on a server that you own. The server is set up to use a connection security rule to encrypt all incoming traffic. You must make sure that Server1 can respond to orders for unencrypted tracert sent by devices connected to the same network. From Windows Defender Firewall with Advanced Security, what should you do?
- A. From the IPsec Settings, configure IPsec defaults.
- B. Create a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.
- C. Change the Firewall state of the Private profile to Off.
- D. From the IPsec Settings, configure IPsec exemptions.
Correct Answer: D
Q13)You have VM1, a virtual computer in Azure. You switch on VM1’s Microsoft Defender SmartScreen. Make sure that the SmartScreen messages that are shown to users are recorded. What ought you to do?
- A. Run WinRM quickconfig from a command prompt, to start.
- B. Change the Advanced Audit Policy Configuration settings from the local Group Policy.
- C. In Event Viewer, switch on the Debug log feature.
- D. Modify the Virus & threat protection settings in the Windows Security app.
Correct Answer: C
Q14)The configurations of your failover cluster, Cluster1, are as follows: There are 6 nodes. Dynamic quorum is the quorum. File-sharing, dynamic witness.What is the most nodes that can fail concurrently and yet have a quorum?
- A. 1
- B. 2
- C. 3
- D. 4
- E. 5
Correct Answer: C
Q15)Utilizing Storage Spaces Direct is your business. A Storage Space Direct storage pool’s available storage must be viewed. Which should you employ?
- A. System Configuration
- B. File Server Resource Manager (FSRM)
- C. the Get-StorageFileServer cmdlet
- D. Failover Cluster Manager
Correct Answer: D
Q16)You have two Windows Server-powered Azure virtual machines. The virtual computers will be housed in a failover cluster that you intend to build. An Azure Storage account that will serve as a cloud witness for the cluster has to be configured. Resilience must be enhanced by the solution. Which redundancy setting ought to be used for the storage account?
- A. Geo-zone-redundant storage (GZRS)
- B. Locally-redundant storage (LRS)
- C. Zone-redundant storage (ZRS)
- D. Geo-redundant storage (GRS)
Correct Answer: C
Q17)A three-node failover cluster is present. Pre- and post-scripts must be executed before and after Cluster-Aware Updating (CAU). The answer must require the least amount of administration. Which should you employ?
- A. Azure Functions
- B. Run profiles
- C. Windows Server Update Services (WSUS)
- D. Scheduled tasks
Correct Answer: B
Q18)You have two Windows Server-powered servers with the names Server1 and Server2. The Hyper-V server role is installed on both servers. Three virtual machines, VM1, VM2, and VM3, are hosted by Server 1. To Server2, the virtual machines replicate. There is a hardware issue with Server1. As soon as you can, you must bring VMs 1, 2, and 3 back online. What commands should you run from Server2’s Hyper-V Manager console for each virtual machine?
- A. Start
- B. Move
- C. Unplanned Failover
- D. Planned Failover
Correct Answer: C
Q19)A multitier application is hosted by three Azure virtual machines called VM1, VM2, and VM3. You’re going to use Azure Site Recovery. You must make sure that VMs 1, 2, and 3 fail over together. What settings should you make in AZ-801?
- A. an availability zone
- B. a recovery plan
- C. an availability set
Correct Answer: B
Q20)You have a server named Server1 that is installed on your premises and is running Windows Server along with the Hyper-V server role. You have a subscription to Azure.You intend to use Azure Backup to backup Server1 to the cloud. Which two Azure Backup choices need that Microsoft Azure Backup Server (MABS) be installed? Each accurate response offers an entire resolution in AZ-801.
- A. Bare Metal Recovery
- B. Files and folders
- C. System State
- D. Hyper-V Virtual Machines
Correct Answer: A and C