Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. AZ-800

Microsoft AZ-800 Exam (page: 5)
Microsoft Administering Windows Server Hybrid Core Infrastructure
Updated on: 12-Feb-2026

Viewing Page 5 of 34
AZ-800 PDF 292 Questions

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.

You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.

Which optional feature should you select in Azure AD Connect?

  1. Device writeback
  2. Group writebeack
  3. Azure AD app and attribute filtering
  4. Password writeback
  5. Directory extension attribute sync

Answer(s): A

Explanation:

Device writeback is an optional feature in Azure AD Connect that allows the on-premises AD DS domain to receive information about the Azure AD joined devices, including the device registration state. By enabling this feature, you can ensure that the on-premises AD DS domain has information about the Azure AD joined devices, which is required for Windows Hello for Business to function correctly. Once this information is available in the on-premises AD DS domain, you can set the appropriate policies and configure the required infrastructure to support Windows Hello for Business.


Reference:

https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide#device-registration



HOTSPOT (Drag and Drop is not supported)
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com.

In the contoso.com domain, you create two users named Admin1 and Admin2.
You need to ensure that the users can perform the following tasks:

-Admin1 can create and manage Active Directory sites.
-Admin2 can deploy domain controllers to the east.contoso.com domain.

The solution must use the principle of least privilege.

To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/ras/multisite/configure/step-2-configure-the-multisite-infrastructure



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.

You open a new branch office that contains only client computers.

You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.

Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): B



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.

You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.

Solution: You create a new site named Site4 and associate Site4 to DEFAULTSITELINK.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.

You open a new branch office that contains only client computers.

You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.

Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): B



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. You need to identify which server is the PDC emulator for the domain.

Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B



Your network contains a single-domain Active Directory Domain Services (AD DS) forest named conto.com. The forest contains the servers shown in the following exhibit table.



You plan to install a line-of-business (LOB) application on Server1. The application will install a custom windows services. A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key. You need to create, configure, and install the gMSA that will be used by the new application. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  1. On Server1, run the setspn command.
  2. On DC1, run the New-ADServiceAccount cmdlet.
  3. On Server1, run the Install-ADServiceAccount cmdlet.
  4. On Server1, run the Get-ADServiceAccount cmdlet.
  5. On DC1, run the Set-ADComputer cmdlet.
  6. On DC1, run the Install-ADServiceAccount cmdlet.

Answer(s): B,C



HOTSPOT (Drag and Drop is not supported)
Your network contains three Active Directory Domain Services (AD DS) forest as shown in the following exhibit.



The network contains the users shown in the following table.



The network contains the security groups shown in the following table.


For each of the following statements, select Yes if the statement is true, Otherwise, select No. NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Viewing Page 5 of 34



Share your comments for Microsoft AZ-800 exam with other users:

Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous