AZ-801Preview

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy Azure Migrate to an on-premises network.

You have an on-premises physical server named Server1 that runs Windows Server and has the following configurations:

• Operating system disk: 600 GB
• Data disk: 3 TB
• NIC Teaming: Enabled
• Mobility service: Installed
• Windows Defender Firewall: Enabled
• Microsoft Defender Antivirus: Enabled

You need to ensure that you can use Azure Migrate to migrate Server1.

Solution: You disable Windows Defender Firewall on Server1.

Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy Azure Migrate to an on-premises network.

You have an on-premises physical server named Server1 that runs Windows Server and has the following configurations:

• Operating system disk: 600 GB
• Data disk: 3 TB
• NIC Teaming: Enabled
• Mobility service: Installed
• Windows Defender Firewall: Enabled
• Microsoft Defender Antivirus: Enabled

You need to ensure that you can use Azure Migrate to migrate Server1.

Solution: You shrink the data disk on Server1.

Does this meet the goal?

Your network contains an Active Directory Domain Services (AD DS) forest.

You need to deploy a Storage Spaces Direct converged infrastructure. The solution must meet the following requirements:

• Use an Ethernet fabric.
• Eliminate the need for Data Center Bridging (DCB).

Which Remote Direct Memory Access (RDMA) networking technology should you implement?

Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains two virtual machines named VM1 and VM2 that run Windows Server.

You plan to implement a failover cluster named Cluster1 that will use VM1 and VM2 as nodes.

You need to ensure that Cluster1 can use floating IP addresses.

Which two components should you deploy? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an Azure subscription.

You plan to deploy a virtual machine named VM1 to the East US Azure region and use Azure Site Recovery between availability zones.

You need to configure the disks on VM1 and the virtual network. The solution must meet the following requirements:

• Maximize the availability of VM1.
• Maintain the private IP address of VM1 during failover and failback operations.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server. All the servers are on the same network and have network connectivity.

On Server1, Windows Defender Firewall has a connection security rule that has the following settings:

• Rule Type: Server-to-server
• Endpoint 1: Any IP address
• Endpoint 2: Any IP address
• Requirements: Require authentication for inbound connections and request authentication for outbound connections
• Authentication Method: Computer (Kerberos V5)
• Profile: Domain, Private, Public
• Name: Rule1

Server2 has no connection security rules.

On Server3, Windows Defender Firewall has a connection security rule that has the following settings:

• Rule Type: Server-to-server
• Endpoint 1: Any IP address
• Endpoint 2: Any IP address
• Requirements: Request authentication for inbound and outbound connections
• Authentication Method: Computer (Kerberos V5)
• Profile: Domain, Private, Public
• Name: Rule1

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

DRAG DROP

You have an on-premises IIS web server that hosts a web app named App1.

You plan to migrate App1 to a container and run the container in Azure.

You need to perform the following tasks:

• Export App1 to a ZIP file.
• Create a container image based on App1.

The solution must minimize administrative effort.

Which tool should you use for each task? To answer, drag the appropriate tools to the correct tasks. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a failover cluster named Cluster1 that hosts an application named App1.

The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)

The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)

Server1 shuts down unexpectedly.

You need to ensure that when you start Server1, App1 continues to run on Server2.

Solution: From the General settings, you increase the priority of Server2 in the Preferred Owners list.

Does this meet the goal?

You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains the resources shown in the following table.

Sub1 has Microsoft Defender for Servers enabled. You are assigned the Contributor role for Sub1.

You need to implement just-in-time (JIT) VM access for VM1.

What should you do first?

DRAG DROP

You have an Azure virtual machine named VM1 that runs Windows Server.

The operating system on VM1 fails to start due to a disk error.

You need to resolve the error.

Which four commands should you run in sequence in Azure Cloud Shell? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

HOTSPOT

You have a failover cluster named Cluster1 that contains four Windows Server nodes named Node1, Node2, Node3, and Node4.

You need to deploy a Storage Spaces Direct virtual disk to Cluster1.

You add the following disks to each node:

• Three 512-GB NVMe disks
• Three 3-TB HDD disks
• Three 1-TB SSD disks

On Cluster1, you enable Storage Spaces Direct and add the new disks.

What is the total amount of disk space available for the Storage Spaces Direct virtual disk, and which operations are cached for the SSD and HDD disks? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an Azure virtual machine named VM1 that runs Windows Server.

You need to perform the following tasks on VM1:

• Configure Windows Defender Firewall to allow Remote Desktop connections,
• Configure where to store the logs of the virtual machine console.

Which two settings should you use? To answer, select the settings in the answer area.

NOTE: Each correct selection is worth one point,

Your network contains an Active Directory Domain Services (AD DS) forest. The forest functional level is Windows Server 2012 R2. The forest contains the domains shown in the following table.

You create a user named Admin1.

You need to ensure that Admin1 can add a new domain controller that runs Windows Server 2022 to the east.contoso.com domain. The solution must follow the principle of least privilege.

To which groups should you add Admin1?

HOTSPOT

Your on-premises datacenter contains physical servers and Hyper-V virtual machines.

You have an Azure subscription.

You plan to use Azure Migrate to perform the following tasks:

• Migrate the physical servers to Azure virtual machines.
• Migrate the Hyper-V virtual machines to Azure.

What should you use for each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains 10 servers that run Windows Server.

You have an Azure subscription. The subscription contains 10 virtual machines that run Windows Server.

You need to install the Azure Monitor Agent on the Azure virtual machines and the on-premises servers.

What should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an on-premises Active Directory Domain Services (AD DS) domain that contains the resources shown in the following table.

The domain contains the domain controllers shown in the following table.

You configure a site link between Site1 and Site2 and set the replication interval to 20 minutes.

At 10:00 AM, connectivity between Site1 and Site2 fails.

Administrators perform the actions shown in the following table.

At 10:30 AM, connectivity between Site1 and Site2 is restored.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

HOTSPOT -

You have a Windows Server failover cluster named Cluster1 that has a cloud witness and the nodes shown in the following table.

Cluster1 has the roles shown in the following table.

Cluster1 has the following configuration.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an on-premises server named Server1 that runs Windows Server.

You have an Azure subscription.

You plan to back up the files and folders on Server1 by using the Microsoft Azure Recovery Services (MARS) agent.

You need to identify to which location the backups can be written and the maximum number of scheduled backups that can be performed per day.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure virtual machine named VM1 that runs Windows Server.

The operating system on VM1 fails to fully initialize its network stack, and you cannot establish a network connection.

You need to establish an interactive shell session.

What should you use?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an on-premises server named Server1 that runs Windows Server.

You have a Microsoft Sentinel instance.

You add the Windows Firewall data connector in Microsoft Sentinel.

You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.

Solution: You install the Log Analytics agent on Server1.

Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an on-premises server named Server1 that runs Windows Server.

You have a Microsoft Sentinel instance.

You add the Windows Firewall data connector in Microsoft Sentinel.

You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.

Solution: You onboard Server1 to Microsoft Defender for Endpoint.

Does this meet the goal?

HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains an organizational unit (OU) named OU1. OU1 contains servers that run sensitive workloads.

You plan to add connection security rules that meet the following requirements:

• The servers in OU1 must only accept connections from domain-joined
• The servers in OU1 must only be able to communicate with domain-joined

You create a Group Policy Object (GPO) named GPO1 and link GPO1 to contoso.com.

You need to configure a connection security rule in GPO1 by using Windows Defender Firewall with Advanced Security.

How should you configure the rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an on-premises server named Server1 that runs Windows Server.

You have a Microsoft Sentinel instance.

You add the Windows Firewall data connector in Microsoft Sentinel.

You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.

Solution: You install the Azure Connected Machine agent on Server1.

Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From Virus & threat protection, you configure Controlled folder access.
Does this meet the goal?