Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. AZ-800

Microsoft AZ-800 Exam (page: 4)
Microsoft Administering Windows Server Hybrid Core Infrastructure
Updated on: 12-Feb-2026

Viewing Page 4 of 34
AZ-800 PDF 292 Questions

HOTSPOT (Drag and Drop is not supported)
You have an Azure Active Directory Domain Services (Azure AD DS) domain. You create a new user named Admin1.

You need Admin1 to deploy custom Group Policy settings to all the computers in the domain. The solution must use the principle of least privilege.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy



DRAG DROP (Drag and Drop is not supported)
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.

You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.

You need to recommend a deployment plan that meets the following requirements:
-Ensures that a user named User1 can perform the RODC installation on Server1 Ensures that you can control the AD DS replication schedule to the Server1 Ensures that Server1 is in a new site named RemoteSite1
-Uses the principle of least privilege

Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1.
We need to create a site and subnet for the remote site. The new site will be added to the Default IP Site Link so we don’t need to create a new site link. You configure the replication schedule on the site link.

Box 2.
When we pre-create an RODC account, we can specify who is allowed to attach the server to the prestaged account. This means that the User1 does not need to be added to the Domain Admins group.

Box3.
User1 can connect the RODC to the prestaged account by running the AD DS installation wizard.


Reference:

https://mehic.se/2018/01/02/how-to-install-and-configure-read-only-domain-controller-rodc-2016/



Your network contains an Active Directory Domain Services (AD DS) domain.
You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences. You plan to link GPO1 to the domain.
You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort.
Which type of item level targeting should you use?

  1. Domain
  2. Operating System
  3. Security Group
  4. Environment Variable

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v=ws.11)#operating-system-targeting



DRAG DROP (Drag and Drop is not supported)
You deploy a new Active Directory Domain Services (AD DS) forest named contoso.com. The domain contains three domain controllers named DC1, DC2, and DC3.
You rename Default-First-Site-Name as Site1.
You plan to ship DC1, DC2, and DC3 to datacenters in different locations.

You need to configure replication between DC1, DC2, and DC3 to meet the following requirements:
-Each domain controller must reside in its own Active Directory site.
-The replication schedule between each site must be controlled independently.

Interruptions to replication must be minimized.
Which three actions should you perform in sequence in the Active Directory Sites and Services console? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The root domain contains the domain controllers shown in the following table.



A failure of which domain controller will prevent you from creating application partitions?

  1. DC1
  2. DC2
  3. DC3
  4. DC4
  5. DC5

Answer(s): A


Reference:

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles



Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the objects shown in the following table.



You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.

You need to ensure that all the objects can be used in Conditional Access policies.
What should you do?

  1. Select the Configure Hybrid Azure AD join option.
  2. Change the scope of Group1 and Group2 to Global.
  3. Clear the Configure device writeback option.
  4. Change the scope of Group2 to Universal.

Answer(s): A

Explanation:

Hybrid Azure AD join needs to be configured to enable Computer1 to be used in Conditional Access Policies. Synchronized users, universal groups and domain local groups can be used in Conditional Access Policies.



Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.

You need to minimize the convergence time for changes to Active Directory.
What should you do?

  1. For each site link, modify the replication schedule.
  2. For each site links, modify the site link costs.
  3. Create a site link bridge that contains all the site links.
  4. For each site link, modify the options attribute.

Answer(s): D

Explanation:

when you configure manual site link replication schedule is already setup to 15-minute replication cycle you can not lower more down. so only option left is to change link site option attribute for use notify setting.


Reference:

https://learn.microsoft.com/en-us/archive/blogs/canberrapfe/active-directory-replication-change-notification-you



DRAG DROP (Drag and Drop is not supported)
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.
You deploy five servers to the domain. You add the servers to a group named ITFarmHosts.

You plan to configure a Network Load Balancing (NLB) cluster named NLBCluster.contoso.com that will contain the five servers.

You need to ensure that the NLB service on the nodes of the cluster can use a group managed service account (gMSA) to authenticate.

Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key

https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts



Viewing Page 4 of 34



Share your comments for Microsoft AZ-800 exam with other users:

Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous