Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft AZ-800 Exam

Certification Provider: Microsoft
Exam Name: Administering Windows Server Hybrid Core Infrastructure
Number of questions in our database: 202
Exam Version: Feb. 18, 2024
AZ-800 Exam Official Topics:
  • Topic 1: Configure and manage multi-site, multi-domain, and multi-forest environments/ Troubleshoot flexible single master operations (FSMO) roles
  • Topic 2: Manage authentication in on-premises and hybrid environments/ Implement and configure Distributed File System (DFS)
  • Topic 3: Manage users and groups in multi-domain and multi-forest scenarios/ Manage Windows Servers and workloads in a hybrid environment
  • Topic 4: Manage VM using PowerShell Remoting, PowerShell Direct, and HVC.exe/ Deploy Azure services using Azure Virtual Machine extensions on non-Azure machines
  • Topic 5: Manage IaaS virtual machines (VMs) in Azure that run Windows Server/ Manage Windows Server by using domain-based Group Policies
  • Topic 6: Configure File Server Resource Manager (FSRM) quotas/ Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments
  • Topic 7: Create and manage AD DS security principals/ Configure CredSSP or Kerberos delegation for second hop remoting
  • Topic 8: Manage Windows Servers and workloads by using Azure services/ Implement DSC to prevent configuration drift in IaaS machines
  • Topic 9: Implement site-to-site virtual private network (VPN)/ Integrate Windows Server DNS with Azure DNS private zones
  • Topic 10: Implement and manage an on-premises and hybrid networking infrastructure/ Implement on-premises and hybrid network connectivity
  • Topic 11: Configure and manage Windows Server file shares/ Implement high availability for virtual machines
  • Topic 12: Manage Windows Servers in a hybrid environment/ Integrate Windows Servers with Azure Security Center

Free Microsoft AZ-800 Exam Actual Questions

The questions for AZ-800 were last updated On Feb. 18, 2024

Question #1

You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server 1, Server2, and Server3 that run Windows Server.

You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3. but access to the resource is denied.

You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort. What should you do?

Reveal Solution Hide Solution
Correct Answer: A

Question #2

Task 1

You need to prevent domain users from saving executable files in a share named \\SRVl\Dat

a. The users must be able to save other files to the share.

Reveal Solution Hide Solution
Correct Answer: A

One possible solution to prevent domain users from saving executable files in a share named \SRVl\Data is to use file screening on the file server. File screening allows you to block certain files from being saved based on their file name extension. Here are the steps to configure file screening:

On the file server, openFile Server Resource Managerfrom theAdministrative Toolsmenu.

In the left pane, expandFile Screening Managementand click onFile Groups.

Right-click onFile Groupsand selectCreate File Group.

In theFile Group Propertiesdialog box, enter a name for the file group, such asExecutable Files.

In theFiles to includebox, enter the file name extensions that you want to block, such as.exe, .bat, .cmd, .com, .msi, .scr. You can use wildcards to specify multiple extensions, such as *.exe.

ClickOKto create the file group.

In the left pane, click onFile Screen Templates.

Right-click onFile Screen Templatesand selectCreate File Screen Template.

In theFile Screen Template Propertiesdialog box, enter a name for the template, such asBlock Executable Files.

On theSettingstab, select the optionActive screening: Do not allow users to save unauthorized files.

On theFile Groupstab, check the box next to the file group that you created, such asExecutable Files.

On theNotificationtab, you can configure how to notify users and administrators when a file screening event occurs, such as sending an email, logging an event, or running a command or script. You can also customize the message that users see when they try to save a blocked file.

ClickOKto create the file screen template.

In the left pane, click onFile Screens.

Right-click onFile Screensand selectCreate File Screen.

In theCreate File Screendialog box, enter the path of the folder that you want to apply the file screening to, such as\SRVl\Data.

Select the optionDerive properties from this file screen template (recommended)and choose the template that you created, such asBlock Executable Files.

ClickCreateto create the file screen.

Now, domain users will not be able to save executable files in the share named \SRVl\Data. They will be able to save other files to the share.


Question #3

You have an Azure virtual machine named VM1 that runs Windows Server.

You need to ensure that administrators request access to VM1 before establishing a Remote Desktop connection.

What should you configure?

Reveal Solution Hide Solution
Correct Answer: B

Question #4

You have an Azure virtual machine named VM1 that runs Windows Server.

You need to ensure that administrators request access to VM1 before establishing a Remote Desktop connection.

What should you configure?

Reveal Solution Hide Solution
Correct Answer: B

Question #5

Task 12

You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.

Reveal Solution Hide Solution
Correct Answer: A

To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:

On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, openGroup Policy Managementfrom theAdministrative Toolsmenu or by typinggpmc.mscin the Run box.

In the left pane, expand your domain and right-click onGroup Policy Objects. SelectNewto create a new GPO.

In theNew GPOdialog box, enterGPO1as theNameof the new GPO and clickOK. You can also optionally select a source GPO to copy the settings from.

Right-click on the new GPO and selectEditto open theGroup Policy Management Editor. Here, you can configure the settings that you want to apply to the group under theComputer ConfigurationandUser Configurationnodes. For more information on how to edit a GPO, seeEdit a Group Policy Object.

Close theGroup Policy Management Editorand return to theGroup Policy Managementconsole. Right-click on the new GPO and selectScope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.

Under theSecurity Filteringsection, click onAuthenticated Usersand then click onRemove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.

Click onAddand then type the name of the group that you want to apply the GPO to, such asMemberServers. ClickOKto add the group to the security filter. You can also click onAdvancedto browse the list of groups available in the domain.

Optionally, you can also configure theWMI Filteringsection to further filter the GPO based on the Windows Management Instrumentation (WMI) queries. For more information on how to use WMI filtering, seeFilter the scope of a GPO by using WMI filters.

To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and selectLink an Existing GPO. Select the GPO that you created, such asGPO1, and clickOK. You can also change the order of preference by using theMove UpandMove Downbuttons.

Wait for the changes to replicate to other domain controllers. You can also force the update of the GPO by using thegpupdate /forcecommand on the domain controller or the client computers. For more information on how to update a GPO, seeUpdate a Group Policy Object.

Now, you have created a GPO named GPO1 that only applies to a group named MemberServers. You can verify the GPO application by using thegpresult /rcommand on a member server and checking theApplied Group Policy Objectsentry. You can also use theGroup Policy Resultswizard in theGroup Policy Managementconsole to generate a report of the GPO application for a specific computer or user. For more information on how to use the Group Policy Results wizard, seeUse the Group Policy Results Wizard.



Unlock all AZ-800 Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss Microsoft AZ-800 Topics, Questions or Ask Anything Related

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77