These free AZ-800 exam questions and answers provided here cover the important concepts of the AZ-800 certification exam. Our detailed explanations for these sample questions helps you to learn the exam objectives faster.
AZ-800: Administering Windows Server Hybrid Core Infrastructure exam tests your knowledge and understanding on the performing of various technical tasks including the: A. RID Master Role Correct
Answer: A Explanation When a Domain controller creates a security principal object like a group or a user, it attaches a unique SID (Security ID) to the object. The SID contains: Option A is
correct. RID Master Role is responsible for the uniqueness of Active directory objects in every domain. Reference: To know more about Active Directory FSMO roles in Windows, please visit the below-given link:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles A. Yes Correct Answer: B Explanation Active Directory Recycle Bin can’t be used to revert changes to existing objects. For such cases, you need to use the traditional approaches of backing up and restoring AD DS. Reference: To know more
about how to Maintain AD DS domain controllers, please visit the below-given link: https://docs.microsoft.com/en-us/learn/modules/manage-active-directory-domain-services-flexible-single-master-operation-roles/3-maintain-domain-controllers A. A Parent and Child trust Correct Answer: C Explanation When a new AD DS tree is created in an existing AD DS forest, it automatically creates a new tree-root trust. Option A is incorrect. When a new AD DS domain is added to an existing AD DS tree, it
creates new parent and child trusts. Reference: To know more about AD DS forests and domains, please visit the below-given link:
https://docs.microsoft.com/en-us/learn/modules/introduction-to-ad-ds/4-define-forests-domains A. Matchutil.exe command Correct Answer: B
Explanation certutil.exe command, built into the Windows operating system, can be used to compare a downloaded file with the hash file that has been provided by the vendor. Option A is incorrect. Matchutil.exe is not a valid command. Reference: To know more about ESAE forests, please visit the below-given link:
https://docs.microsoft.com/en-us/learn/modules/manage-advanced-features-of-ad-ds/3-implement-esae-forests A. Group Policies Correct Answer: E Explanation The following attributes or objects are not synchronized
from an on-premises AD DS environment to Azure AD DS or Azure AD: Option A
is incorrect. Not only group policies, but all the given attributes or objects are not synchronized. Reference:
To know more about synchronization, please visit the below-given link: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization A. Sydney setting GPO Correct Answer: B Explanation The Default Domain Policy GPO is associated with the domain, and it applies to Authenticated Users. Because of not having any WMI filters, it affects all the computers and users in the domain. In the above case, Default Domain GPO takes precedence because it is Enforced. Option A is incorrect. Sydney setting GPO won’t take precedence as it
is likely to be superseded by more specific GPOs on the domain and OU. Reference: To know more about group policy order, please visit the below-given link: https://4sysops.com/archives/understanding-group-policy-order/ Domain : Manage Windows Servers and Workloads in a Hybrid EnvironmentQ7 : You have been tasked to reconfigure the properties of some users in the Sales organization unit of the fabrikam.com domain. Which of the following cmdlets would you use in PowerShell to make the changes?A. New-ADuser Correct Answer: B Explanation Set-ADUser is used to make changes to the data associated with a resource, such as a user or a file property. Therefore, in the given scenario, being the administrator you need to use Set-ADuser PowerShell cmdlet to reconfigure the properties of some users in the Sales organization unit of the fabrikam.com domain. Option A is incorrect. New-ADuser cmdlet is used to create a new user in AD DS. Reference: To know more about Set-ADUser cmdlet, please visit the below-given link: https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-aduser Domain: Manage Virtual Machines and ContainersQuestion 8 : You decide to create a Virtual Machine using New-AzVM cmdlet. Which of the following parameters would you use to specify the name of the availability set where it should be created?A.
-AvailabilitySetName Correct Answer: A Explanation Virtual machines must be created within the availability set to ensure they are correctly distributed across the hardware. An existing virtual machine can’t be added to an availability set after it has been created. When you create a virtual machine with New-AzVM cmdlet, you should use the -AvailabilitySetName parameter for specifying the name of the availability set. Option A is correct. -AvailabilitySetName is the right parameter to
specify the name of the availability set. Reference: To know more about creating and deploying virtual machines in an availability set, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets Domain : Manage Virtual Machines and ContainersQ9 : While creating a new container image on Windows Admin Center, which of the following options would you use to create a new container image using the IIS base image?A. Use an existing Dockerfile Correct Answer: D Explanation IIS web application/static web application folder option is used for creating a new container image utilizing the IIS base image. The content of the folder is copied to the container image to include it as a website. It adds no framework. Option A is incorrect. It allows the users to rebuild a new container image depending upon an existing Dockerfile. Reference: To know more about creating new container images on Windows Admin Center, please visit the below-given link: https://docs.microsoft.com/en-us/virtualization/windowscontainers/wac-tooling/wac-images Domain : Manage Virtual Machines and ContainersQ10 : You are an administrator and you need to create and manage AD DS Partitions. You have to use a command-line tool to perform the required tasks. Which of the following tools can help you?A. Dcdiag.exe Correct Answer: C Explanation AD DS partitions can be created and managed by using the NtdsUtil.exe command-line tool. This tool also allows the users to perform various other AD DS related management tasks, such as:
Option A is incorrect. Dcdiag.exe is the tool used to monitor and troubleshoot
replication. Reference: To know more about naming contexts and Application partitions, please visit the below-given link: https://www.oreilly.com/library/view/active-directory-5th/9781449361211/ch04.html Domain : Implement and Manage an On-premises and Hybrid Networking InfrastructureQ11 : While creating a zone on a DNS server, it is essential to identify whether it is a primary zone or a secondary zone. Which of the following statements is false about a primary or a secondary zone?A. It is possible to create, delete or edit resource records in a primary zone. Correct Answer: B Explanation While creating a zone on a DNS server, you need to identify whether it is a primary zone or a secondary zone. If you want to create, delete or edit the resource records, you need to use the primary zone. As a secondary zone is a read-only copy of a primary zone, resource records can’t be managed in a secondary zone. Option A is incorrect. It is true that you can
create, delete or edit resource records in a primary zone. Reference: To know more about primary and secondary DNS, please visit the below-given link: https://www.cloudflare.com/en-ca/learning/dns/glossary/primary-secondary-dns/ Domain : Implement and Manage an On-premises and Hybrid Networking InfrastructureQ12 : You need to create CNAME alias resource records for a specific app running on a server. Which of the following cmdlet can you use to create the required resource records in Windows PowerShell?A. Add-DnsServerResourceRecordA Correct Answer: C Explanation Resource records can be created by using DNS manager, Windows PowerShell, or Windows Admin Center. Here are some Windows PowerShell cmdlets that can be used to create DNS resource records. Option A is incorrect. Add-DnsServerResourceRecordA cmdlet is used to create a host(A) resource record. Reference: To know more about installing and configuring the DNS role, please visit the below-given link: https://docs.microsoft.com/en-us/learn/modules/implement-windows-server-dns/4-install-configure-dns-role Domain : Implement and Manage an On-premises and Hybrid Networking InfrastructureQuestion 13 : Your network consists of an AD domain named fabrikam.com. This domain has a server known as Server2 running Windows Server 2016. |
Name | Number of Domain Controllers |
Marico.com | 2 |
East.marico.com | 3 |
West.marico.com | 3 |
You have been tasked to synchronize users from powlene.com and marico.com to a common Azure Active Directory tenant through Azure Active Directory Connect.
How many Azure Active Directory Connect sync servers would you need (at least) to perform the task?
A. 8
B. 4
C. 3
D. 2
E.
1
Correct Answer: E
Explanation
You can have only 1 active Azure Active Directory Connect server synchronizing accounts to a common Azure Active Directory tenant. You can have backup Azure Active Directory Connect servers, but they must be running in staging mode.
When there are multiple forests, it must be possible to reach all the forests by a common Azure AD Connect sync server. This server needs to be linked to a specific domain. If required, the server can be placed in a secure network, so it will allow reaching all the forests.
Option A is incorrect. At a minimum, there is a need for only 1 Azure Active Directory Connect sync server.
Option B is incorrect. 1 Azure Active Directory Connect sync server would be enough to perform the task.
Option C is incorrect. At a minimum, there is a need for only 1 Azure Active Directory Connect
sync server.
Option D is incorrect. You can have only 1 active Azure Active Directory Connect server synchronizing accounts to a common Azure Active Directory tenant. Also, you can have backup Azure AD Connect servers, but they must be running in staging mode.
Option E is correct. 1 Azure Active Directory Connect sync server would be enough to perform the task.
Reference: To know more about various topologies for Azure Active Directory Connect, please visit the below-given link: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests-single-azure-ad-tenant
Domain : Deploy and Manage Active Directory Domain Services (AD DS) in On-premises and Cloud Environments
Q20 : Which of the following tools helps the users in identifying and remediating the object synchronization errors or issues like malformed or duplicate proxyAddresses and userPrincipalName in the Active directory?
A. ADModify.NET tool
B. Repadmin.exe tool
C. Dsdiag.exe tool
D.
Microsoft 365 IdFix tool
Correct Answer: D
Explanation
The Microsoft 365 IdFix tool allows the users to identify and remediate the common object synchronization errors including general like malformed or duplicate proxyAddresses and userPrincipalName in Active Directory. You can choose the Organizational units that you expect IdFix to check, and the common errors can be fixed within the tool itself.
Option
A is incorrect. For errors like format issues, changes can be made to particular attributes object-by-object by utilizing either ADSIEdit or Advanced Mode in AD computers and users.
Option B is incorrect. Repadmin.exe tool is used for analyzing and reporting the replication.
Option C is incorrect. Dsdiag.exe tool is another tool that helps in analyzing and reporting the replication.
Option D is correct.
The Microsoft 365 IdFix tool allows the users to identify and remediate the common object synchronization errors including general like malformed or duplicate proxyAddresses and userPrincipalName in Active Directory.
Reference: To know more about Active Directory health-check tools, please visit the below-given link: https://docs.microsoft.com/en-us/learn/modules/implement-hybrid-identity-windows-server/04-prepare-premises-active-directory-synchronization
Domain : Deploy and Manage Active Directory Domain Services (AD DS) in On-premises and Cloud Environments
Q21 : The IT department in Contoso is deploying a new version of MS Office in their on-premises environment. The administrator desires to configure the settings with GPOs for Office. What should they do?
A. Download and install new .adml files and then configure the desired settings in the Administrative Templates node in the appropriate GPO.
B. Download
and install new .admx files and then configure the desired settings in the Administrative Templates node in the appropriate GPO.
C. Download and install new administrative template files and then configure the desired settings in the Administrative Templates node in the appropriate GPO.
D. Copy the content of the Windows\PolicyDefinitions folder to the Central Store.
Correct Answer: C
Explanation
Administrative templates can be used to control the environment of an operating system(OS) and the user experience. Two available sets of administrative templates are computer-related settings and user-related settings. Administrative template files offer most of the available GPO settings, which change particular registry keys.
Option A is incorrect. .adml files store only language-specific information and don’t directly deal
with GPO settings.
Option B is incorrect. The .admx files are language-neutral and don’t directly deal with GPO settings.
Option C is correct. Downloading and installing new administrative template files and then configuring the desired settings in the Administrative Templates node in the appropriate GPO is the right solution. You must update the .admx and .adml files together.
Option D is incorrect. Although a Central Store
makes managing Administrative Templates easier, administrators still need updated template files.
References: To know more about administrative templates, please visit the below-given links: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789186(v=ws.11), https://docs.microsoft.com/en-us/learn/modules/implement-group-policy-objects/7-define-administrative-templates?
Domain : Manage Windows Servers and Workloads in a Hybrid Environment
Q22 : You need to add some virtual machines in the VNet and in consideration of that, you want to ensure that WinRM is running on the target VM. Which of the following commands would you run on the target VM to ensure that?
A. winrm noconfig
B. winrm VMconfig
C. winrm targetVM
D. winrm quickconfig
Correct Answer: D
Explanation
In order to add other virtual machines in the VNet, you should ensure WinRM is running on the target VMs by running the below cmdlet in PowerShell or the command prompt upon the target VM
winrm quickconfig
Option A is incorrect. winrm noconfig is not the right command to be run.
Option B is incorrect. Running winrm VMconfig won’t help in ensuring that WinRM is running on the target VM.
Option C is incorrect. winrm
targetVM is not the valid command.
Option D is correct. winrm quickconfig is the right command that is used to ensure that WinRM is running on the target VMs.
Reference: To know more about manually deploying Windows Admin Center in Azure for managing multiple servers, please visit the below-given link: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/deploy-wac-in-azure?WT.mc_id=ravikirans
Domain : Manage Windows Servers and Workloads in a Hybrid Environment
Q23 : In a demonstration video, at time point 4:15, the administrator selects an account to sign in with. What are the minimum permissions that are needed by this account?
A. The account must be a member of the Azure Connected Machine Resource Administrator role.
B. The account must be a member of the Global Administrator role.
C. The account must be a member of the Azure Connected Machine Onboarding role.
D. None of these
Correct Answer: C
Explanation
At time point 4:15, The script first downloads the agent, then installs it, and then onboards the device into Azure Arc. To onboard the device or machine, the account must be a part of the Azure Connected Machine Onboarding role.
Option A is incorrect. The account only requires being a part of the Azure Connected Machine Onboarding role.
Option B is incorrect. The account
doesn’t require being a part of the Global Administrator role.
Option C is correct. For the given scenario, the account must be a part of the Azure Connected Machine Onboarding role.
Option D is incorrect. The account only should be a part of the Azure Connected Machine Onboarding role.
Reference: To know more about onboarding Windows Server Instances, please visit the below-given link: https://docs.microsoft.com/en-us/learn/modules/manage-hybrid-workloads-azure-arc/3-onboard-windows-server-instances
Domain : Manage Windows Servers and Workloads in a Hybrid Environment
Q24 : Which of the following PowerShell cmdlet can you use to create JEA endpoints on a single computer?
A. Register-PSSessionConfiguration
B. Set-PSSessionConfiguration
C. Get-PSSessionConfiguration
D. Create-PSSessionJEApoints
Correct Answer: A
Explanation
On a single machine, JEA endpoints can be created by using the Register-PSSessionConfiguration PowerShell cmdlet. When you want to use this cmdlet, you need to specify an endpoint name and a session configuration file placed on the local machine.
Option A is correct. Register-PSSessionConfiguration command is used to create JEA endpoints on a single machine.
Option B is incorrect. Set-PSSessionConfiguration cmdlet is used to modify the properties of a registered session configuration.
Option C is incorrect. Get-PSSessionConfiguration cmdlet is used to view existing JEA endpoints.
Option D is incorrect. Create-PSSessionJEApoints is not a valid PowerShell cmdlet.
Reference: To know more about JEA configurations, please visit the below-given link: https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/register-jea?view=powershell-7.2
Domain : Manage Virtual Machines and Containers
Q25 : Which of the following schedulers provide a fair share and preemptive round-robin scheduling approach for guest virtual processors in Windows Server 2016 Hyper-V?
A. Classic Scheduler
B. Core Scheduler
C. Root Scheduler
D. None of these
Correct Answer: A
Explanation
The classic scheduler is the default for all versions of the Windows Hyper-V hypervisor since its commencement that also includes Windows Server 2016 Hyper-V. This scheduler provides a fair share and preemptive round-robin scheduling approach for guest virtual processors.
Option A is correct. The classic scheduler provides a fair share and preemptive round-robin scheduling approach for guest virtual processors.
Option B is incorrect. The core scheduler provides a strong security boundary for guest workload isolation and decreased performance variability for workloads inside virtual machines running upon an SMT-enabled
virtualization host.
Option C is incorrect. The root scheduler meets the unique requirements inherent in supporting a utility partition to offer strong workload isolation, as utilized with WDAG(Windows Defender Application Guard).
Option D is incorrect. A classic scheduler is the right type of scheduler.
Reference: To know more about Managing Hyper-V hypervisor scheduler types, please visit the below-given link: https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/manage-hyper-v-scheduler-types
Summary
These AZ-800 exam questions must have helped you to get a quick assessment of the exam. For more such questions and content on the AZ-800: Administering Windows Server Hybrid Core Infrastructure, go through our detailed AZ-800 practice tests that not only contain elaborate explanations for all the concepts covered, but will also help you pass the certification in the first attempt.
- About the Author
- More from Author