[Jun-2022] Exam AZ-800: New Brain Dump Professional - TestkingPDF
Free AZ-800 Exam Dumps to Improve Exam Score
NEW QUESTION 55
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.
You need to recommend a deployment plan that meets the following requirements:
Ensures that a user named User1 can perform the RODC installation on Server1
Ensures that you can control the AD DS replication schedule to the Server1
Ensures that Server1 is in a new site named RemoteSite1
Uses the principle of least privilege
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Create a site and a subnet.
2 - Pre-create an RODC account.
3 - Instruct User1 to run the Active Directory Domain Services installation Wizard on Server1.
Reference:
https://mehic.se/2018/01/02/how-to-install-and-configure-read-only-domain-controller-rodc-2016/
NEW QUESTION 56
You have a Windows Server container host named Server 1 and a container image named Image1.
You need to start a container from image1. The solution must run the container on a Hyper-V virtual machine.
Which parameter should you specify when you run the docker run command?
- A. --expose
- B. --runtime
- C. --entrypoint
- D. --isolation
- E. --privileged
Answer: B
NEW QUESTION 57
You have an Azure virtual machine named VM1 that has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11. You use the computer for server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.
What should you configure?
- A. an Azure Bastion host on the virtual network that contains VM1.
- B. a network security group 1NSG) rule that allows inbound traffic on port 443.
- C. a private endpoint on the virtual network that contains VM1.
- D. a VPN connection to the virtual network that contains VM1.
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm
NEW QUESTION 58
You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?
- A. Schema Admins
- B. Domain Admins
- C. Group Policy Creator Owners
- D. Enterprise Admins
- E. AAD DC Administrators
Answer: D
Explanation:
Reference:
https://social.technet.microsoft.com/wiki/contents/articles/20579.delegation-of-group-policy-full-administration.aspx
NEW QUESTION 59
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each forest contains a single domain. The domains contain the servers shown in the following table.
You need to configure resources based constrained delegation so that the users In contoso.com can use Windows Admin Center on Server) to connect to Server? How should you complete the command? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 60
You have a server named Server1 that hosts Windows containers. You plan to deploy an application that will have multiple containers. Each container will be You need to create a Docker network that supports the deployment of the application. Which type of network should you create?
- A. transparent
- B. I2tunnel
- C. NAT
- D. I2bridge
Answer: D
NEW QUESTION 61
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The root domain contains the domain controllers shown in the following table.
A failure of which domain controller will prevent you from creating application partitions?
- A. DC4
- B. DC2
- C. DC5
- D. DC3
- E. DC1
Answer: E
Explanation:
Reference:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles
NEW QUESTION 62
You need to meet the technical requirements for User1. The solution must use the principle of least privilege.
What should you do?
- A. Create a delegation on contoso.com.
- B. Create a delegation on 0U3.
- C. Add Usersl to the Server Operators group in contoso.com.
- D. Add Usersl to the Account Operators group in contoso.com.
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-of-account-ous-and-resource-ous
Topic 1, Contoso Ltd
AD DS Environment
The network contains an on-premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains two domains named contoso.com and canada.contoso.com. The forest contains the domain controllers shown in the following table.
All the domain controllers are global catalog servers.
Server Infrastructure
The network contains the servers shown in the following table.
A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Servei4 uses the private profile.
Server2 hosts three virtual machines named VM1. VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.
Existing Identities
The forest contains the users shown in the following table.
The forest contains the groups shown in the following table.
Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out another administrator can connect to the console session as the currently signed-in user.
Requirements
Contoso identifies the following technical requirements:
* Change the replication schedule for all site links to 30 minutes.
* Promote Server1 to a domain controller in canada.contoso.com.
* Install and authorize Server3 as a DHCP server.
* Ensure that User! can manage the membership of all the groups in Contoso\OU3.
* Ensure that you can manage Server4 from Server1 by using PowerShell removing.
* Ensure that you can run virtual machines on VM1.
* Force users to provide credentials when they connect to VM2.
* On VM3, ensure that Data Deduplication on all volumes is possible.
NEW QUESTION 63
You need to sync files from an on-premises server named Server1 to Azure by using Azure File Sync You have a cloud tiering policy that is configured for 30 percent free space and 70 days.
Volume f on Server1 is 500 GB.
A year ago. you configured E:\Oata on Server1 to sync by using Azure File Sync. The files that are visible in E:\Data are shown in the following table.
Volume E does NOT contain any other files.
Where are File1 and flle3 located? To answer, select the appropriate options In the answer area.
Answer:
Explanation:
NEW QUESTION 64
You have an Azure subscription that contains the following resources:
* An Azure Log Analytics workspace
* An Azure Automation account
* Azure Arc.
You have an on-premises server named Server1 that is onboaraed to Azure Arc
You need to manage Microsoft updates on Server! by using Azure Arc
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
- A. From the Virtual machines data source of the Log Analytics workspace, connect Server1.
- B. On Server1, install the Azure Monitor agent
- C. From the Automation account, enable Update Management for Server1.
- D. Add Microsoft Sentinel to the Log Analytics workspace
Answer: B,C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc-update-management
NEW QUESTION 65
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a file server named Server1 and three users named User1, User2, and User3.
Server1 contains a shared folder named Share1 that has the following configurations:
The share permissions for Share1 are configured as shown in the Share Permissions exhibit.
Share1 contains a file named File1.bxt. The advanced security settings for File1.txt are configured as shown in the File Permissions exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 66
You have two on-premises servers named Server1 and Servet2 that run Windows Server.
You have an Azure Storage account named storage1 that contains a file share named share'. Server1 syncs with share1 by using Azure File Sync You need to configure Server2 to sync with share1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Add a Storage Sync Service to the Azure subscription.
2 - On Server2, install the Azure File Sunc agent.
3 - Register Server2 with the Storage Sync Service.
NEW QUESTION 67
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION 68
Your network contains an on -premises Active Directory Domain Services (AD DS) domain named contoso.com The domain contains the objects shown in the following table.
You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect You need to ensure that all the objects can be used in Conditional Access policies What should you do?
- A. Select the Configure Hybrid Azure AD join option.
- B. Change the scope o' Group1 and Group2 to Global
- C. Change the scope of Group2 to Universal
- D. Clear the Configure device writeback option.
Answer: A
Explanation:
Hybrid Azure AD join needs to be configured to enable Computer1 to be used in Conditional Access Policies. Synchronized users, universal groups and domain local groups can be used in Conditional Access Policies.
NEW QUESTION 69
You need to configure remote administration to meet the security requirements. What should you use?
- A. an Azure Bastion host
- B. just in time (JIT) VM access
- C. Azure AD Privileged Identity Management (PIM)
- D. the Remote Desktop extension for Azure Cloud Services
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc
NEW QUESTION 70
You haw an Azure virtual machine named VM1 that runs Windows Server
You need to configure the management of VM1 to meet the following requirements:
* Require administrators to request access to VM1 before establishing a Remote Desktop connection.
* Limit access to VM1 from specific source IP addresses.
* Limit access to VMI to a specific management port
What should you configure?
- A. Azure Active Directory (Azure AD) Privileged identity Management (PIM)
- B. Azure Front Dock
- C. Microsoft Defender for Cloud
- D. a network security group (NSG)
Answer: D
NEW QUESTION 71
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations Master.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION 72
You need to implement a name resolution solution that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
- A. Configure a conditional forwarder on DC3.
- B. Create an Azure DNS zone named corp.fabrikam.com.
- C. Create an Azure private DNS zone named corp.fabhkam.com.
- D. Configure the DNS Servers settings for Vnet1.
- E. Create a virtual network link in the coip.fabnkam.com Azure private DNS zone.
- F. Enable autoregistration in the corp.fabnkam.com Azure private DNS zone.
- G. On DC3, install the DNS Server role.
Answer: D,G
Explanation:
Virtual machines in an Azure virtual network receive their DNS configuration from the DNS settings configured on the virtual network. You need to configure the Azure virtual network to use DC3 as the DNS server. Then all virtual machines in the virtual network will use DC3 and their DNS server.
NEW QUESTION 73
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION 74
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the VPN servers shown in the following table.
You have a server named NPS1 that has Network Policy Server (NPS) installed. NPS1 has the following RADIUS clients:
VPN1, VPN2, and VPN3 use NPS1 for RADIUS authentication. All the users in contoso.com are allowed to establish VPN connections. For each of the following statements, select Yes If the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 75
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a server named Server1 that has the DFS Namespaces role service installed. Server! hosts a domain-based Distributed File System (DFS) Namespace named Files.
The domain contains a tile server named Server2. Seiver2 contains a shared folder named Share1. Share1 contains a subfolder named Folder 1.
In the Files namespace, you create a folder named Folder! that has a target of \\Server2.contoso.com\Share1\Folder1.
You need to configure a logon script that will map drive letter M to Folder1. The solution must use the path of the DFS Namespace.
How should you complete the command to map the drive letter? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 76
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com.
in the contoso.com domain, you create two users named Admin1 and Admin2.
You need to ensure that the users can perform the following tasks:
* Admin1 can create and manage Active Directory sites.
* Admin2 can deploy domain controller to the easl.conloso.com domain.
The solution must use the principle of least privilege.
To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 77
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?
- A. Yes
- B. No
Answer: A
NEW QUESTION 78
......
Microsoft AZ-800 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
Powerful AZ-800 PDF Dumps for AZ-800 Questions: https://www.testkingpdf.com/AZ-800-testking-pdf-torrent.html
2022 Realistic AZ-800 Dumps Exam Tips Test Pdf Exam Material: https://drive.google.com/open?id=1MtFA6lRAUrLXvnLbx1ogZiIYSArCkDvq

