Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. AZ-800

Microsoft AZ-800 Exam (page: 6)
Microsoft Administering Windows Server Hybrid Core Infrastructure
Updated on: 28-Jul-2025

Viewing Page 6 of 53
AZ-800 PDF 267 Questions

DRAG DROP (Drag and Drop is not supported)
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.

You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.

You need to recommend a deployment plan that meets the following requirements:
-Ensures that a user named User1 can perform the RODC installation on Server1 Ensures that you can control the AD DS replication schedule to the Server1 Ensures that Server1 is in a new site named RemoteSite1
-Uses the principle of least privilege

Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1.
We need to create a site and subnet for the remote site. The new site will be added to the Default IP Site Link so we don’t need to create a new site link. You configure the replication schedule on the site link.

Box 2.
When we pre-create an RODC account, we can specify who is allowed to attach the server to the prestaged account. This means that the User1 does not need to be added to the Domain Admins group.

Box3.
User1 can connect the RODC to the prestaged account by running the AD DS installation wizard.


Reference:

https://mehic.se/2018/01/02/how-to-install-and-configure-read-only-domain-controller-rodc-2016/



Your network contains an Active Directory Domain Services (AD DS) domain.
You have a Group Policy Object (GPO) named GPO1 that contains Group Policy preferences. You plan to link GPO1 to the domain.
You need to ensure that the preference in GPO1 apply only to domain member servers and NOT to domain controllers or client computers. All the other Group Policy settings in GPO1 must apply to all the computers. The solution must minimize administrative effort.
Which type of item level targeting should you use?

  1. Domain
  2. Operating System
  3. Security Group
  4. Environment Variable

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v=ws.11)#operating-system-targeting



DRAG DROP (Drag and Drop is not supported)
You deploy a new Active Directory Domain Services (AD DS) forest named contoso.com. The domain contains three domain controllers named DC1, DC2, and DC3.
You rename Default-First-Site-Name as Site1.
You plan to ship DC1, DC2, and DC3 to datacenters in different locations.

You need to configure replication between DC1, DC2, and DC3 to meet the following requirements:
-Each domain controller must reside in its own Active Directory site.
-The replication schedule between each site must be controlled independently.

Interruptions to replication must be minimized.
Which three actions should you perform in sequence in the Active Directory Sites and Services console? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The root domain contains the domain controllers shown in the following table.



A failure of which domain controller will prevent you from creating application partitions?

  1. DC1
  2. DC2
  3. DC3
  4. DC4
  5. DC5

Answer(s): A


Reference:

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles



Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the objects shown in the following table.



You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.

You need to ensure that all the objects can be used in Conditional Access policies.
What should you do?

  1. Select the Configure Hybrid Azure AD join option.
  2. Change the scope of Group1 and Group2 to Global.
  3. Clear the Configure device writeback option.
  4. Change the scope of Group2 to Universal.

Answer(s): A

Explanation:

Hybrid Azure AD join needs to be configured to enable Computer1 to be used in Conditional Access Policies. Synchronized users, universal groups and domain local groups can be used in Conditional Access Policies.



Viewing Page 6 of 53



Share your comments for Microsoft AZ-800 exam with other users:

Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous