AZ-800Free trialFree trial

By microsoft
Aug, 2025

Verified

25Q per page

Question 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations
Master.
Does this meet the goal?

  • A: Yes
  • B: No

Question 2

Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The root domain contains the domain controllers shown in the following table.

Image 1

A failure of which domain controller will prevent you from creating application partitions?

  • A: DC1
  • B: DC2
  • C: DC3
  • D: DC4
  • E: DC5

Question 3

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the objects shown in the following table.

Image 1

You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
You need to ensure that all the objects can be used in Conditional Access policies.
What should you do?

  • A: Select the Configure Hybrid Azure AD join option.
  • B: Change the scope of Group1 and Group2 to Global.
  • C: Clear the Configure device writeback option.
  • D: Change the scope of Group2 to Universal.

Question 4

Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.
You need to minimize the convergence time for changes to Active Directory.
What should you do?

  • A: For each site link, modify the replication schedule.
  • B: For each site links, modify the site link costs.
  • C: Create a site link bridge that contains all the site links.
  • D: For each site link, modify the options attribute.

Question 5

DRAG DROP -
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.
You deploy five servers to the domain. You add the servers to a group named ITFarmHosts.
You plan to configure a Network Load Balancing (NLB) cluster named NLBCluster.contoso.com that will contain the five servers.
You need to ensure that the NLB service on the nodes of the cluster can use a group managed service account (gMSA) to authenticate.
Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Select and Place:

Image 1

Question 6

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.
Which optional feature should you select in Azure AD Connect?

  • A: Device writeback
  • B: Group writebeack
  • C: Azure AD app and attribute filtering
  • D: Password writeback
  • E: Directory extension attribute sync

Question 7

HOTSPOT -
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com.
In the contoso.com domain, you create two users named Admin1 and Admin2.
You need to ensure that the users can perform the following tasks:
✑ Admin1 can create and manage Active Directory sites.
✑ Admin2 can deploy domain controllers to the east.contoso.com domain.
The solution must use the principle of least privilege.
To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Image 1

Question 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object
(GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?

  • A: Yes
  • B: No

Question 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new site named Site4 and associate Site4 to DEFAULTSITELINK.
Does this meet the goal?

  • A: Yes
  • B: No

Question 10

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?

  • A: Yes
  • B: No

Question 11

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?

  • A: Yes
  • B: No

Question 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From a command prompt, you run netdom.exe query fsmo.
Does this meet the goal?

  • A: Yes
  • B: No

Question 13

Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains the servers shown in the following exhibit table.

Image 1

You plan to install a line-of-business (LOB) application on Server1. The application will install a custom Windows service.
A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key.
You need to create, configure, and install the gMSA that will be used by the new application.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point

  • A: On Server1, run the setspn command.
  • B: On DC1, run the New-ADServiceAccount cmdlet.
  • C: On Server1, run the Install-ADServiceAccount cmdlet.
  • D: On Server1, run the Get-ADServiceAccount cmdlet.
  • E: On DC1, run the Set-ADComputer cmdlet.
  • F: On DC1, run the Install-ADServiceAccount cmdlet.

Question 14

HOTSPOT -
Your network contains three Active Directory Domain Services (AD DS) forests as shown in the following exhibit.

Image 1

The network contains the users shown in the following table.

Image 2

The network contains the security groups shown in the following table.

Image 3

For each of the following statements, select Yes if the statement is true. Otherwise. select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Image 4

Question 15

Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest root domain contains a server named server1.contoso.com.
A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains.
You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.com.
What should you do first?

  • A: Add fabrikam\Group1 to the local Users group on server1.contoso.com.
  • B: Enable SID filtering for the trust.
  • C: Enable Selective authentication for the trust.
  • D: Change the trust to a one-way external trust.

Question 16

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and east.contoso.com and the servers shown in the following table.

Image 1

Contoso.com contains a user named User1.

You add User1 to the built-in Backup Operators group in contoso.com.

Which servers can User1 back up?

  • A: DC1 only
  • B: Server1 only
  • C: DC1 and DC2 only
  • D: DC1 and Server1 only
  • E: DC1, DC2, Server1, and Server2

Question 17

HOTSPOT

Your network contains an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.

You need to configure a password policy for the local user accounts on the Azure virtual machines joined to contoso.com.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Image 1

Question 18

SIMULATION

You need to create a user named Admin1 in contoso.com. Admin1 must be able to back up and restore files on SRV1. The solution must use principle of the least privilege.

To complete this task, sign in the required computer or computers.

Question 19

SIMULATION

You need to ensure that the minimum password length for members of the BranchAdmins group is 12 characters. The solution must affect only the BranchAdmins group.

To complete this task, sign in the required computer or computers.

Question 20

SIMULATION

You need to configure a Group Policy preference to ensure that users in the organizational unit (OU) named Server Admins have a shortcut to a folder named \srv1.contoso.com\data on their desktop when they sign in to the computers in the domain.

To complete this task, sign in the required computer or computers.

Question 21

SIMULATION

You plan to promote a domain controller named DC3 in a site in Seattle.

You need to ensure that DC3 only replicates with DC1 and DC2 between 8 PM and 6 AM.

To complete this task, sign in the required computer or computers.

Question 22

SIMULATION

You need to ensure that DC2 is the schema master for contoso.com.

To complete this task, sign in the required computer or computers.

Question 23

You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan to implement self-service password reset (SSPR) in Azure AD.
You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.
What should you do?

  • A: Deploy the Azure AD Password Protection proxy service to the on premises network.
  • B: Run the Microsoft Azure Active Directory Connect wizard and select Password writeback.
  • C: Grant the Change password permission for the domain to the Azure AD Connect service account.
  • D: Grant the impersonate a client after authentication user right to the Azure AD Connect service account.

Question 24

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers.

You plan to store a DNS zone in a custom Active Directory partition.

You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers.

What should you use?

  • A: Windows Admin Center
  • B: DNS Manager
  • C: Active Directory Sites and Services
  • D: ntdsutil.exe

Question 25

DRAG DROP

Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.

You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.

You need to recommend a deployment plan that meets the following requirements:

• Ensures that a user named User1 can perform the RODC installation on Server1
• Ensures that Server1 is in a new site named RemoteSite1
• Uses the principle of least privilege

Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Image 1
Page 1 of 10 • Questions 1-25 of 249
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!