Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. AZ-800

Microsoft AZ-800 Exam (page: 5)
Microsoft Administering Windows Server Hybrid Core Infrastructure
Updated on: 28-Jul-2025

Viewing Page 5 of 53
AZ-800 PDF 267 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. You need to identify which server is the PDC emulator for the domain.

Solution: From a command prompt, you run netdom.exe query fsmo. Does this meet the goal?

  1. Yes
  2. No

Answer(s): A


Reference:

https://activedirectorypro.com/how-to-check-fsmo-roles/



You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan to implement self-service password reset (SSPR) in Azure AD.
You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.
What should you do?

  1. Deploy the Azure AD Password Protection proxy service to the on premises network.
  2. Run the Microsoft Azure Active Directory Connect wizard and select Password writeback.
  3. Grant the Change password permission for the domain to the Azure AD Connect service account.
  4. Grant the impersonate a client after authentication user right to the Azure AD Connect service account.

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback



You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?

  1. AAD DC Administrators
  2. Domain Admins
  3. Schema Admins
  4. Enterprise Admins
  5. Group Policy Creator Owners

Answer(s): A

Explanation:

Settings for user and computer objects in Azure Active Directory Domain Services (Azure AD DS) are often managed using Group Policy Objects (GPOs).

Azure AD DS includes built-in GPOs for the AADDC Users and AADDC Computers containers. You can customize these built-in GPOs to configure Group Policy as needed for your environment.

ANSWER (A): Members of the Azure AD DC administrators group have "Group Policy administration privileges in the Azure AD DS domain, and can also create custom GPOs and organizational units (OUs). "


Reference:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy



DRAG DROP (Drag and Drop is not supported)
You create a new Azure subscription.
You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines. The virtual machines will be joined to Azure AD DS.

You need to deploy Active Directory Domain Services (AD DS) to ensure that the virtual machines can be deployed and joined to Azure AD DS.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance



HOTSPOT (Drag and Drop is not supported)
You have an Azure Active Directory Domain Services (Azure AD DS) domain. You create a new user named Admin1.

You need Admin1 to deploy custom Group Policy settings to all the computers in the domain. The solution must use the principle of least privilege.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy



Viewing Page 5 of 53



Share your comments for Microsoft AZ-800 exam with other users:

Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous