Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AZ-801Free trial

By microsoft

Verified

25Q per page

Question 26

HOTSPOT

Your network contains an on-premises Active Directory Domain Services (AD DS) domain.

The domain contains the servers shown in the following table.

Server1 has the connection security rule as shown in the Server exhibit. (Click the Server1 tab.)

Server2 has the connection security rule as shown in the Server2 exhibit. (Click the Server2 tab.)

Server1 has the inbound firewall rules as shown in the Server1 inbound rules exhibit. (Click the Server1 inbound rules tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

—

Question 27

You have an on-premises server named Server1 that runs Windows Server.

You have an Azure subscription.

You need to onboard Server1 to Microsoft Defender for Cloud.

What should you install on Server1?

A: the Azure File Sync agent
B: the Microsoft Entra provisioning agent D. the Azure Connected Machine agent
C: the Device Health Attestation role

—

Question 28

You have a management group named MG1 that contains an Azure subscription named Sub1. Sub1 contains the resources shown in the following table.

You need to enable Microsoft Defender for Servers.

From the Azure portal, on which two resources can you enable Defender for Servers? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A: RG1
B: Workspace1
C: Sub1
D: MG1
E: VNet1
F: VM1

—

Question 29

HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains an organizational unit (OU) named OU1 and a user named User1.

You plan to deploy a Hyper-V failover cluster named Cluster1.

You need to prestage the account for Cluster1 and ensure that User1 can deploy Cluster1. The solution must follow the principle of least privilege.

Which action should you perform, and which permissions should you grant to User1 for Cluster1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

—

Question 30

DRAG DROP -
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
The AD DS domain contains a domain controller named DC1. DC1 does NOT have internet access.
You need to configure password security for on-premises users. The solution must meet the following requirements:
✑ Prevent the users from using known weak passwords.
✑ Prevent the users from using the company name in passwords.
What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

—

Question 31

HOTSPOT -
The Default Domain Policy Group Policy Object (GPO) is shown in the GPO exhibit. (Click the GPO tab.)

The members of a group named Service Accounts are shown in the Group exhibit. (Click the Group tab.)

An organizational unit (OU) named ServiceAccounts is shown in the OU exhibit. (Click the OU tab.)

You create a Password Settings Object (PSO) as shown in the PSO exhibit. (Click the PSO tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 32

DRAG DROP -
Your network contains an Active Directory Domain Services (AD DS) domain.
You need to implement a solution that meets the following requirements:
✑ Ensures that the members of the Domain Admins group are allowed to sign in only to domain controllers
✑ Ensures that the lifetime of Kerberos Ticket Granting Ticket (TGT) for the members of the Domain Admins group is limited to one hour
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

—

Question 33

You have an Azure virtual machine named VM1 that runs Windows Server.
You plan to deploy a new line-of-business (LOB) application to VM1.
You need to ensure that the application can create child processes.
What should you configure on VM1?

A: Microsoft Defender Credential Guard
B: Microsoft Defender Application Control
C: Microsoft Defender SmartScreen
D: Exploit protection

—

Question 34

HOTSPOT -
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the organizational units (OUs) shown in the following table.

In the domain, you create the Group Policy Objects (GPOs) shown in the following table.

You need to implement IPsec authentication to ensure that only authenticated computer accounts can connect to the members in the domain. The solution must minimize administrative effort.
Which GPOs should you apply to the Domain Controllers OU and the Domain Servers OU? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

$Image 3$

—

That’s the end of your free questions

You’ve reached the preview limit for AZ-801

Consider upgrading to gain full access!

Page 2 of 7 • Questions 26-50 of 168

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!