Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. AZ-801

Microsoft AZ-801 Exam (page: 2)
Microsoft Configuring Windows Server Hybrid Advanced Services
Updated on: 28-Jul-2025

Viewing Page 2 of 24
AZ-801 PDF 178 Questions

Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

HOTSPOT (Drag and Drop is not supported)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1. Solution: From App & browser control, you configure the Exploit protection settings.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/customize-controlled-folders? view=o365-worldwide




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

HOTSPOT (Drag and Drop is not supported)
With which servers can Server1 and Server3 communicate? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Secure Windows Server on-premises and hybrid infrastructures Question Set 3




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

DRAG DROP (Drag and Drop is not supported)
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant.
The AD DS domain contains a domain controller named DC1. DC1 does NOT have internet access.
You need to configure password security for on-premises users. The solution must meet the following requirements:
Prevent the users from using known weak passwords.
Prevent the users from using the company name in passwords.
What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises- deploy




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

HOTSPOT (Drag and Drop is not supported)
The Default Domain Policy Group Policy Object (GPO) is shown in the GPO exhibit. (Click the GPO tab.)


The members of a group named Service Accounts are shown in the Group exhibit. (Click the Group tab.)


An organizational unit (OU) named ServiceAccounts is shown in the OU exhibit. (Click the OU tab.)


You create a Password Settings Object (PSO) as shown in the PSO exhibit. (Click the PSO tab.)


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active- directory-administrative-center-enhancements--level-100-#fine_grained_pswd_policy_mgmt




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

DRAG DROP (Drag and Drop is not supported)
Your network contains an Active Directory Domain Services (AD DS) domain. You need to implement a solution that meets the following requirements:
Ensures that the members of the Domain Admins group are allowed to sign in only to domain controllers Ensures that the lifetime of Kerberos Ticket Granting Ticket (TGT) for the members of the Domain Admins group is limited to one hour
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

You have an Azure virtual machine named VM1 that runs Windows Server. You plan to deploy a new line-of-business (LOB) application to VM1.
You need to ensure that the application can create child processes.
What should you configure on VM1?

  1. Microsoft Defender Credential Guard
  2. Microsoft Defender Application Control
  3. Microsoft Defender SmartScreen
  4. Exploit protection

Answer(s): D


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/customize-exploit-protection? view=o365-worldwide




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

HOTSPOT (Drag and Drop is not supported)
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the organizational units (OUs) shown in the following table.


In the domain, you create the Group Policy Objects (GPOs) shown in the following table.


You need to implement IPsec authentication to ensure that only authenticated computer accounts can connect to the members in the domain. The solution must minimize administrative effort.
Which GPOs should you apply to the Domain Controllers OU and the Domain Servers OU? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/configure-authentication- methods



Viewing Page 2 of 24



Share your comments for Microsoft AZ-801 exam with other users:

Philippe 1/22/2023 10:24:00 AM

iam impressed with the quality of these dumps. they questions and answers were easy to understand and the xengine app was very helpful to use.
CANADA