Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. AZ-800

Microsoft AZ-800 Exam (page: 7)
Microsoft Administering Windows Server Hybrid Core Infrastructure
Updated on: 28-Jul-2025

Viewing Page 7 of 53
AZ-800 PDF 267 Questions

Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.

You need to minimize the convergence time for changes to Active Directory.
What should you do?

  1. For each site link, modify the replication schedule.
  2. For each site links, modify the site link costs.
  3. Create a site link bridge that contains all the site links.
  4. For each site link, modify the options attribute.

Answer(s): D

Explanation:

when you configure manual site link replication schedule is already setup to 15-minute replication cycle you can not lower more down. so only option left is to change link site option attribute for use notify setting.


Reference:

https://learn.microsoft.com/en-us/archive/blogs/canberrapfe/active-directory-replication-change-notification-you



DRAG DROP (Drag and Drop is not supported)
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.
You deploy five servers to the domain. You add the servers to a group named ITFarmHosts.

You plan to configure a Network Load Balancing (NLB) cluster named NLBCluster.contoso.com that will contain the five servers.

You need to ensure that the NLB service on the nodes of the cluster can use a group managed service account (gMSA) to authenticate.

Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key

https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts



You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.

You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.

Which optional feature should you select in Azure AD Connect?

  1. Device writeback
  2. Group writebeack
  3. Azure AD app and attribute filtering
  4. Password writeback
  5. Directory extension attribute sync

Answer(s): A

Explanation:

Device writeback is an optional feature in Azure AD Connect that allows the on-premises AD DS domain to receive information about the Azure AD joined devices, including the device registration state. By enabling this feature, you can ensure that the on-premises AD DS domain has information about the Azure AD joined devices, which is required for Windows Hello for Business to function correctly. Once this information is available in the on-premises AD DS domain, you can set the appropriate policies and configure the required infrastructure to support Windows Hello for Business.


Reference:

https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide#device-registration



HOTSPOT (Drag and Drop is not supported)
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com.

In the contoso.com domain, you create two users named Admin1 and Admin2.
You need to ensure that the users can perform the following tasks:

-Admin1 can create and manage Active Directory sites.
-Admin2 can deploy domain controllers to the east.contoso.com domain.

The solution must use the principle of least privilege.

To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/ras/multisite/configure/step-2-configure-the-multisite-infrastructure



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.

You open a new branch office that contains only client computers.

You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.

Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.

Does this meet the goal?

  1. Yes
  2. No

Answer(s): B



Viewing Page 7 of 53



Share your comments for Microsoft AZ-800 exam with other users:

Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous