Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. AZ-800

Microsoft AZ-800 Exam (page: 1)
Microsoft Administering Windows Server Hybrid Core Infrastructure
Updated on: 28-Jul-2025

Viewing Page 1 of 53
AZ-800 PDF 267 Questions

Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (Testlet 1)

Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.

Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.


DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.

On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.

Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.

All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.

Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.



Requirements
Planned Changes
Fabrikam identifies the following planned changes:

-Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
-Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
-Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
-Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
-Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
-License all servers for Microsoft Defender for servers.
-Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.

Networking Requirements
Fabrikam identifies the following networking requirements:

-Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
-If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
-Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.

Security Requirements
Fabrikam identifies the following security requirements:

-Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
-Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
-Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
-Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
-Prevent domain controllers from directly contacting hosts on the internet.

File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:

-Ensure that seattlefiles syncs to FS2.
-Ensure that newyorkfiles syncs to FS1.
-Ensure that companyfiles syncs to both FS1 and FS2.

You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements.

What should you configure?

  1. loopback processing in GPO4
  2. security filtering for the link of GPO1
  3. loopback processing in GPO1
  4. the Enforced property for the link of GPO4
  5. the Enforced property for the link of GPO1
  6. security filtering for the link of GPO4

Answer(s): A




Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (Testlet 1)

Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.

Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.


DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.

On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.

Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.

All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.

Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.



Requirements
Planned Changes
Fabrikam identifies the following planned changes:

-Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
-Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
-Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
-Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
-Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
-License all servers for Microsoft Defender for servers.
-Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.

Networking Requirements
Fabrikam identifies the following networking requirements:

-Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
-If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
-Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.

Security Requirements
Fabrikam identifies the following security requirements:

-Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
-Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
-Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
-Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
-Prevent domain controllers from directly contacting hosts on the internet.

File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:

-Ensure that seattlefiles syncs to FS2.
-Ensure that newyorkfiles syncs to FS1.
-Ensure that companyfiles syncs to both FS1 and FS2.

What should you implement for the deployment of DC3?

  1. Azure Active Directory Domain Services (Azure AD DS)
  2. an Azure virtual machine
  3. an Azure AD administrative unit
  4. Azure AD Application Proxy

Answer(s): B

Explanation:

Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
In a hybrid network, you can configure Azure virtual machines as domain controllers. The domain controllers in Azure communicate with the on-premises domain controllers in the same way that on-premises domain controllers communicate with each other.




Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (Testlet 1)

Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.

Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.


DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.

On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.

Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.

All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.

Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.



Requirements
Planned Changes
Fabrikam identifies the following planned changes:

-Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
-Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
-Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
-Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
-Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
-License all servers for Microsoft Defender for servers.
-Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.

Networking Requirements
Fabrikam identifies the following networking requirements:

-Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
-If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
-Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.

Security Requirements
Fabrikam identifies the following security requirements:

-Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
-Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
-Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
-Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
-Prevent domain controllers from directly contacting hosts on the internet.

File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:

-Ensure that seattlefiles syncs to FS2.
-Ensure that newyorkfiles syncs to FS1.
-Ensure that companyfiles syncs to both FS1 and FS2.

DRAG DROP (Drag and Drop is not supported)
Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview




Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (Testlet 1)

Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.

Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.


DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.

On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.

Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.

All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.

Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.



Requirements
Planned Changes
Fabrikam identifies the following planned changes:

-Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
-Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
-Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
-Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
-Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
-License all servers for Microsoft Defender for servers.
-Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.

Networking Requirements
Fabrikam identifies the following networking requirements:

-Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
-If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
-Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.

Security Requirements
Fabrikam identifies the following security requirements:

-Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
-Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
-Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
-Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
-Prevent domain controllers from directly contacting hosts on the internet.

File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:

-Ensure that seattlefiles syncs to FS2.
-Ensure that newyorkfiles syncs to FS1.
-Ensure that companyfiles syncs to both FS1 and FS2.

DRAG DROP (Drag and Drop is not supported)
You need to meet the security requirements for passwords.
Where should you configure the components for Azure AD Password Protection? To answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-onpremises




Testlet 2

Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent labs. When you are ready to answer a question, click the question button to return to the question.

Overview
Contoso, Ltd. is a company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.

Existing Environment
AD DS Environment
The network contains an on premises Active Directory Domain Services (AD DS) forest named contoso.com.
The forest contains two domains named contoso.com and canada.contoso.com.
The forest contains the domain controllers shown in the following table.


All the domain controllers are global catalog servers.

Server infrastructure
The network contains the servers shown in the following table.


A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Server4 uses the private profile.
Server2 hosts three virtual machines named VM1, VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.



Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.


Existing Identities
The forest contains the users shown in the following table.


The forest contains the groups shown in the following table.


Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.

Requirements
Technical Requirements
Contoso identifies the following technical requirements:

-Change the replication schedule for all site links to 30 minutes.
-Promote Server1 to a domain controller in canada.contoso.com.
-Install and authorize Server3 as a DHCP server.
-Ensure that User1 can manage the membership of all the groups in Contoso\OU3.
-Ensure that you can manage Server4 from Server1 by using PowerShell remoting.
-Ensure that you can run virtual machines on VM1.
-Force users to provide credentials when they connect to VM2.
-On VM3, ensure that Data Deduplication on all volumes is possible.
-

You need to meet the technical requirements for Server1.
Which users can currently perform the required tasks?

  1. Admin3 only
  2. Admin1 and Admin3 only
  3. Admin1 only
  4. Admin1, Admin2, and Admin3

Answer(s): B



Viewing Page 1 of 53



Share your comments for Microsoft AZ-800 exam with other users:

Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous