B.4 Microsoft AZ-800 Certification Practice Exam

Ace your homework & exams now with Quizwiz!

Which of the following character types are allowed in a UPN? (Select two.)

! #

-

-

You are configuring a new external virtual switch in your Hyper-V host. You want the virtual machines running on the host to be able to use the physical network adapter installed in the system instead of virtual network interfaces. Click the option you would use to configure the virtual switch in this manner.

Enable single-root I/O virtualization (SR-IOV)

When installing Windows Admin Center, which inbound and outbound ports should be opened on the firewall? (Select two.)

Port 445 Inbound TCP Port 443 Outbound

You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with Windows installed. You want the computer account for each new laptop to be added to the Developers OU in Active Directory. In addition, you want each programmer to join their new laptop to the domain. What should you do?

Pre-stage the computer accounts in Active Directory. Grant the programmers the rights to join the workstation to the domain. Incorrect answer:

You manage the network with a single Active Directory domain. You have installed a read-only domain controller in your branch office. As part of the configuration, you added the Sales Users group and the Sales Computers group as members of the Allowed RODC Password Replication Group group. You get a call from a user in the branch office saying that she can't log on. You verify that her user and computer accounts are members of the correct groups. You check and find that the WAN link to the branch office is down. You need to modify the configuration so that the user can log on even when the WAN link is down. What should you do?

Prepopulate passwords on the RODC.

You need to be able to create standard Windows Server containers on a Windows Server 2016 system that is using the Desktop Experience deployment. Which of the following tasks must be completed on the server? (Select two. Each correct answer is part of the complete solution.)

Download and install the Docker engine. Install the Containers feature.

You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers. Which GPO category would you edit to make the necessary changes?

Security Options

Your Windows server has a folder named D:\SalesDept. The D: drive is formatted with FAT32. You need to allow network access to the folder as follows: Members of the Sales group should have read-only access to the content in the folder. Members of the SalesAdmin group should be able to open, edit, and add new files to the folder. No other users should have access. Members of the SalesAdmin group are also members of the Sales group. What can you do to configure the needed access while assigning as few permissions as possible?

Share the SalesDept folder. Grant the read permission to the Sales group and the change permission to the SalesAdmin group. Remove Everyone from the access control list.

Which of the following BEST describes a global catalog?

A database that contains a partial replica of every object from every domain within a forest.

Which of the following DHCP scope options assigns a static IP configuration to a device using that device's MAC address?

Reservation

Which of the following BEST describes data deduplication?

Stores data in less physical space using sub-file variable-size chunking and compression.

Which of the following volume types seeks to optimize performance by writing data across all disks in the volume simultaneously?

Striped volume

You are configuring NIC Teaming on a Windows Server system using two physical network adapters. You want to increase the availability of the system by configuring one of the adapters as a primary adapter and the other as a standby adapter. Each adapter is connected to a different network switch. Click the option under Additional properties in the NIC Teaming window that must be selected to configure this team.

Switch Independent

Which of the following protocols does DHCP use when it sends out IP configuration?

UDP

Which file type applies only to Windows applications that are purchased through the Windows Store?

.appx

You are the network manager for the westsim.private domain. The SRV1 server runs all file and print services for the network. The DNS database has an A record that maps srv1.westsim.private to the IP address of 192.168.16.10. You want to create a PTR record that maps the IP address to the hostname. Which zone should you create the record in?

16.168.192.in-addr.arpa

What is the default pool size of ports for Windows Server 2022?

2500

Which port does the relay agent use when sending DHCP information back to the client?

68

Which of the following BEST describes a flowlet?

A burst of packets that is separated in time from other bursts by a sufficient gap.

What is the key difference between a managed service account and a group-managed service account?

A managed service account can be used on only one computer in a domain.

Which of the following best describes an Active Directory site?

A physical grouping of well-connected IP subnets which are connected with high-speed links.

Drag the type of server software listed on the left to its appropriate description on the right.

A set of software features that provides a specific server function: Role A software program that adds functionality to all serer functions: Feature A specific program that adds functions to a role: Role Service

Which of the following BEST describes a multi-master model?

A system that allows updates or changes to be made at any domain controller and replicated to other domain controllers.

Your manager has asked you to install the Web Server (IIS) role on one of your Windows Server 2022 systems so it can host an internal website. Which Windows feature can you use to do this?

Add Roles and Features

You manage the network infrastructure for the westsim.com domain. All servers have recently been upgraded to Windows Server 2016, and all clients run Windows 10. All server and client computers are members of the domain. You have configured a DFS solution with a domain-based DFS root. Srv1 hosts the DFS root, and the namespace is named Sales. A single folder named Contacts in the DFS root points to the SalesSF shared folder on Srv3. You would like to provide redundancy so that the data in the Contacts shared folder will still be available, even if Srv1 goes down. You want to use Srv4 to provide the redundancy. What should you do?

Add Srv4 as a namespace server.

You are configuring a NIC team on a Windows Server system using two physical network adapters in the system. You want the new team to aggregate the throughput of both network adapters to increase performance. You want to configure the team such that all packets from the same stream are sent to the same network adapter in the team. From the drop-down list, select the load balancing mode you need to choose to implement this configuration.

Address Hash

Which of the following best describes Azure AD Connect?

An on-premises Active Directory synchronization service.

Which role or feature protects a server by encrypting the operating system volume and verifying the integrity of other startup components?

BitLocker Drive Encryption

When assigning a policy, a required field specifies the policy definition. What are the two ways to assign a policy definition? (Select two.)

Build-in policy definitions Custom policy definitions

What are the typical ways Organizational Units (OUs) are organized in Active Directory?

By physical location, organizational structure, and object type.

Which of the following Azure VM types is ideal for web servers with medium traffic?

Compute-optimized

You manage a network with a single domain named widgets.com. The network has multiple domain controllers at two locations: Chicago and Baltimore. A WAN link connects the two locations. You create two site objects and configure a site link object to connect the two sites. To reduce WAN traffic between the two sites, you would like to take advantage of the remote differential compression feature for SYSVOL replication. What should you do?

Configure all domain controllers to use DFS replication.

Which of the following BEST describers a schema partition?

Contains a definition of each object class and the attributes of the object class that can exist in an Active Directory forest.

You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the accounting, sales, and shipping departments. User and computer accounts for each department are in their respective OUs. Mary Hurd is a manager in the sales department. Mary is a member of the Managers global group. This group also has members from other organizational units. The Managers group has been given the read share permission to the Reports shared folder. Mary's user account (mhurd) has also been given the change share permission to the Reports shared folder. You need to create several new user accounts that have the same group membership and permission settings as the mhurd user account. How can you complete this configuration with the least amount of effort?

Copy the mhurd user account. Assign the new account the change share permission to the Reports shared folder.

Your organization has been using an in-house custom-developed application. The team that developed that application created a Group Policy template in the form of an ADMX file, which you have used to assign necessary rights to a group of users who use the application. Another group of users now needs to have the same rights. This group belongs to an OU to which one of your assistants has full control management rights to. When your assistant tries to use the Group Policy template to assign rights to this group, she cannot find the template in Active Directory. What must you do to give your assistant access to this Group Policy template?

Create a central store on the SYSVOL share and copy the ADMX file into it.

You are a systems administrator for WestSim Corporation. As part of a new security initiative, the IT department has developed a custom application that reports the hostname of all clients that try to access three sensitive servers in the accounting department. The application has been working for the last three months. The company expands and adds a new building with a LAN connection to the rest of the network. This building has its own subnet, 192.168.5.0. You create a scope on an existing DHCP server for this subnet. During a random check of the reporting software, you discover that the application reports the IP address but not the hostname for clients on the new subnet. Everything works as designed for hosts on other subnets. You check the DNS database and find that none of the hosts on that subnet have an associated PTR record. What should you do?

Create a primary reverse lookup zone for subnet 192.168.5.0.

You must have which of the following to create a new Active Directory trust?

Domain admin privileges

Your network consists of a single Active Directory domain. Your company has recently merged with another company. The acquired company has an Active Directory network with multiple domains. All domain controllers in both forests run Windows Server 2016. You have been given the task of recommending changes to the Active Directory structure. You want to let users in both companies access each other's resources (subject to applicable permissions), and you want to minimize administrative effort in doing so. What should you do?

Create a two-way forest trust between the two forest root domains.

You have a TCP/IP network with 50 hosts. There have been inconsistent communication problems between hosts. You run a protocol analyzer and discover that two hosts have the same IP address assigned. Which protocol can you implement on your network to help prevent problems such as this?

DHCP

Which of the following is managed by the customer for an Infrastructure as a Service (IaaS) cloud model? (Select three.)

Data Access Applications

Which of the following are the hard disks or other types of storage from which storage pools are created?

Devices

You manage a single domain named widgets.com. Recently, you noticed that there have been several unusual changes to objects in the Sales OU. You would like to use auditing to keep track of those changes. You want only to enable auditing that shows you the old and new values of the changed objects. Which directory service auditing subcategory should you enable?

Directory Service Changes

You are the network administrator for your company. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices that some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer, so he can track all users who delete his documents in the future. You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's security log, no auditing events are listed. How can you make sure an event is listed in the security log whenever one of Rodney's documents is deleted?

Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit the success of the Delete permission.

Which of the following are needed before you can create the Azure File Sync service? (Select two.)

File share Storage account

Which of the following is a setting usually made in the BIOS or UEFI that enables efficient virtualization use of the hardware environment?

Hardware-Assisted Virtualization

Which of the following identifies both the logical host and logical network addresses?

IP address

ou have a small network with a single subnet connected to the internet, as shown below. The router has been assigned the two addresses shown. You need to manually configure the workstation to connect to the network. The workstation should use RouterA as the default gateway and DNS1 as the DNS server address. From the drop-down menu options, select the appropriate parameters to configure the workstation's TCP/IP settings.

IP address 192.168.12.46 Subnet mask 255.255.255.240 Default gateway 192.168.12.34 DNS server 198.162.1.22

Which of the following BEST describes node fairness?

Identifies overloaded nodes and then redistributes virtual machines to the other nodes.

You are the administrator of the eastsim.com domain, which has two domain controllers. Your Active Directory structure has organizational units (OUs) for each company department. You have assistant administrators who help manage Active Directory objects. For each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. You edit the OU properties, but can't find the Protect object from accidental deletion setting. What should you do so you can configure this setting?

In Active Directory Users and Computers, select View > Advanced Features.

You are the network administrator for corpnet.com. The company has a main office and two branch offices named Branch1 and Branch2. The main office has two domain controllers named DC1 and DC2. The Branch1 branch office has one domain controller named DC3. There are no domain controllers at the Branch2 location. In Active Directory Sites and Services, you have created a site that corresponds to each location. You have also created IP site links between each site. You discover that users from Branch2 are being authenticated by all three domain controllers. You need to ensure that users in Branch2 are only authenticated by DC1 or DC2. Users in Branch2 should only be authenticated by DC3 if the domain controllers at the main office are unavailable. What should you do?

Increase the cost of the site link between Branch1 and Branch2.

You are working in Hyper-V Manager on a system that hosts several Windows Server 2008 R2 virtual machines. You create snapshots of these virtual machines nightly as part of your disaster recovery plan. Users are complaining that they can no longer access the virtual servers. In Hyper-V Manager, they are identified as being in a Paused-Critical state. What should you do? (Select two. Each answer is a part of the overall solution.)

Install a new physical hard disk in the hypervisor host. Move the snapshot files to the new hard disk.

You are the network administrator for Corpnet.com. You have a file server named File1 that runs Windows Server. File1 is running low on disk space. You determine that a significant percentage of the data on File1 consists of duplicate files. You would like to remove duplicate data to free up space on File1. You do not want the solution to impact the users' ability to access duplicate data. What should you do?

Install and configure the Data Deduplication Role service.

You need to use the New Share Wizard on a Windows Server 2012 R2 system to create a new share for the C:\Shares\WidgetProject folder. Users will connect to the share using Windows 7 and Windows 8 workstations. On the Select the profile for this share screen, you select the SMB Share - Advanced sharing profile. However, when you do, the Next > button remains grayed-out and you can't proceed. What should you do?

Install the File Server Resource Manager role on the server.

You're troubleshooting an IP addressing problem and issue a command to view the system's TCP/IP configuration. The command you use produces the following output:

Linux

Which report includes SQL Server, SharePoint Server, and Exchange Server?

Microsoft workload discovery report

Which of the following server roles cannot be added to a Windows Server 2016 Server Core deployment?

Network Policy and Access Services (NPAS)

You want to implement Hyper-V so you can create a lab environment that mirrors your production network for testing applications before deploying them into your production environment. You're planning on having four virtual Windows servers in this lab environment. Your lab environment will need access to the physical network and the Internet. You plan to use hardware that you already have on hand to create your first Hyper-V host system. You have an unused system with the following specifications and OS installed: A 64-bit processor with second-level address translation (SLAT) VM monitor mode extensions UEFI that supports virtualization with the following features:Hardware-assisted virtualization with Intel VTData Execution Prevention (DEP) enabled with Intel Windows Server 2016 Standard edition with the Server Core deployment Is this system a good choice for hosting the lab environment you plan to build?

No. When guest systems need network access, best practice suggests that a host should have its own network adapter and an additional network adapter for every four virtual machines.

Your network has a single domain named southsim.com. DNS data for the domain is stored on the following servers: DNS1 holds the primary zone for southsim.com. DNS2 and DNS3 hold secondary zones for southsim.com. All three DNS servers are located on domain controllers. The DNS zone for the domain is configured to allow dynamic updates. You want to allow client computers to send DNS updates to any of the three servers and allow any of the three servers to update DNS records in the zone. What should you do?

On all three servers, change the zone type of the DNS zone to Active Directory-integrated.

Which of the following BEST describes granular password policies?

Policies within a GPO that apply password policies for users and global groups.

In the data duplication process what does the filter driver component do?

Redirects read requests to the correct chunks.

You are considering implementing NIC Teaming in a virtual machine running in Hyper-V. The virtual machine is configured with 8 GB of system RAM, a 1 TB virtual hard disk file, and four virtual network adapters. You want to use all of the network adapters in the team to provide load balancing and failover. What should you do?

Reduce the number of virtual NICs in the team to two.

You need to control access to the D:\Reports folder as follows: Members of the Accounting group should be able to open and view all files, edit them, add new files, and rename and delete files. Mary needs to be able to open and view files, but should not be able to modify the files, rename files, or delete them. Mary is a member of the Accounting group. You want to assign NTFS permissions taking the least amount of actions possible and affecting existing permissions as little as possible. What should you do?

Remove Mary from the Accounting group. Assign Allow read and execute, List folder contents, Read, and Modify to the Accounting group. Assign Allow read and execute, List folder contents, and Read to Mary.

To save disk space on your Windows Server 2022 system, you decide to remove unneeded roles and features. Which Windows feature can you use to do this?

Remove Roles and Features

Mr. Yamashita needs to be able to modify the contents of the Promo share, a shared folder on one of your Windows servers. The share has been assigned the following permissions:

Remove the Training group from the share. Change the Training group's permission to allow Read. Remove Mr. Yamashita's user account from the Training group.

You are the network administrator. The network consists of a single Active Directory domain. All the servers run Windows Server 2016, and all the clients run Windows 10. Company policy requires all users in the domain to change their passwords every 30 days. An application named App1 uses a service account named App1Svc. Every 30 days, App1 fails. When the App1Svc account password is reset, the application works fine. You need to prevent App1 from failing in the future without compromising corporate security standards. What should you do?

Run the New-ADServiceAccount cmdlet.

You are using Azure Automation to run scripts with your onboarded Azure Arc network resources. What are you using to define the scripts and steps needed to complete a specific Azure Automation task?

Runbook

There are several terms used to describe Azure AD application proxy services. Which of the following terms refers to a service that provides trust to a user's browser while accessing a website or application?

SSL certificates

You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database. How can you create a policy that meets these requirements?

Select Audit Failure for the enabled audit policy.

Which of the following are options available from the Power button at the bottom left of the Start menu? (Select three.)

Sleep Restart Hibernate

You are configuring NIC Teaming on a Windows Server system using two physical network adapters. You want to aggregate the bandwidth of both network adapters to provide better throughput. Both adapters are connected to the same network switch. You decide to manually identify the links forming the team on both the switch and the server. Click the option under Additional properties in the NIC Teaming window that must be selected to configure this team.

Static Teaming

Which setting should you disable unless a specific application requires access to the plaintext password?

Store passwords using reversible encryption

Each Hybrid Runbook Worker server is assigned to a Hybrid Runbook Worker Group. Each of these groups can consist of a single worker or multiple if high availability is needed. What are the two types of workers? This worker type supports a set of hidden runbooks that uses the Update Management feature and does not work with anything else. This worker type supports user-defined runbooks that are designed to run on Windows or Linux machines that are members of Runbook Worker Groups.

System User

Which of the following best describes effective permissions?

The sum of all permissions from explicit assignment, group membership, and inheritance.

User Account Control (UAC) is a tool that generates an alert when a task or operation needs administrative privileges. You use the UAC settings in Control Panel to configure the sensitivity of UAC. Drag the UAC notification level on the left to the appropriate description of what it does on the right.

The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed: Notify me only when apps try to make changes to my computer (do not dim the desktop) A UAC prompt and the secure desktop are displayed for 150 seconds. The user cannot perform any other actions until they respond to the prompt: Always notify The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is displayed for 150 seconds: Notify me only when apps try to make changes to my computer If logged on as a standard user, all actions requiring privilege elevation are automatically denied: Never notify

Which of the following is true when using group managed service accounts?

There are no domain or forest functional level requirements for using group managed service accounts.

Which of the following is true about forest trusts?

They are also called interforest trusts.

There are two restricted group properties that an administrator can define - members and members of. Which of the following is true about the members of property?

This policy ensures that the restricted group is a member of the defined groups but does not remove the restricted group from other groups.

When configuring a DNS private resolver in Azure, what are the two subnets used for? (Select two.)

To act as the outbound endpoint with the on-premises DNS server. To act as the inbound endpoint with the on-premises DNS server.

You have been hired as a consultant for a small business using Windows Server. Over the past week, the system has become unstable. You check the System Stability chart in Reliability Monitor and find the following information for the stability index each day: Monday = 9.19Tuesday = 5.2Wednesday = 6.4Thursday = 8.7Friday = 7.5 You want to look at information for the day that indicates the least stability. Which day would you look at first?

Tuesday

You want to view, but not modify, the Windows installation and data files in a VHD file. What should you do?

Use Disk Management to attach the VHD file as read-only.

Which of the following methods are used to deploy DSC using Azure Policy? (Select two.)

Virtual machines using a VM extension. Arc-enabled servers using PowerShell to deploy the DSC.

Which of the following is true regarding the load balance DHCP failover mode?

When a client requests an IP configuration, a hash is generated using the client's MAC address.

Which of the following host operating systems can be used as the host of a Server Core Windows Server container? (Select two.)

Windows Server 2016 Server Core Windows Server 2016 Desktop Experience

Which TCP/IP utility gives you the following output?

ipconfig


Related study sets

Final exam -Dimensions of Nursing Ch 12, 13, 14, 15, 16,17, 18, 21, 22, 23, 24, 27

View Set

Econ 2020 final practice questions

View Set

Homeostasis & Cell Transport Study Island

View Set

Principles of Management (Ch 6, 7, 8, 9) (only thorugh 6.2 for now)

View Set