Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. AZ-801

Microsoft AZ-801 Exam (page: 3)
Microsoft Configuring Windows Server Hybrid Advanced Services
Updated on: 28-Jul-2025

Viewing Page 3 of 24
AZ-801 PDF 178 Questions

Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

You have 100 Azure virtual machines that run Windows Server. The virtual machines are onboarded to Microsoft Defender for Cloud.
You need to shut down a virtual machine automatically if Microsoft Defender for Cloud generates the "Antimalware disabled in the virtual machine" alert for the virtual machine.
What should you use in Microsoft Defender for Cloud?

  1. a logic app
  2. a workbook
  3. a security policy
  4. adaptive network hardening

Answer(s): A


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/managing-and-responding-alerts




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

You have a Microsoft Sentinel deployment and 100 Azure Arc-enabled on-premises servers. All the Azure Arc- enabled resources are in the same resource group.
You need to onboard the servers to Microsoft Sentinel. The solution must minimize administrative effort. What should you use to onboard the servers to Microsoft Sentinel?

  1. Azure Automation
  2. Azure Policy
  3. Azure virtual machine extensions
  4. Microsoft Defender for Cloud

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc- policies-mma




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant by using password hash synchronization.
You have a Microsoft 365 subscription. All devices are hybrid Azure AD-joined.
Users report that they must enter their password manually when accessing Microsoft 365 applications.
You need to reduce the number of times the users are prompted for their password when they access Microsoft 365 and Azure services.
What should you do?

  1. In Microsoft Entra ID, configure a Conditional Access policy for the Microsoft Office 365 applications.
  2. In the DNS zone of the AD DS domain, create an autodiscover record.
  3. From Microsoft Entra Connect, enable single sign-on (SSO).
  4. From Microsoft Entra Connect, configure pass-through authentication.

Answer(s): C


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have 50 Azure virtual machines that run Windows Server.
You need to ensure that any security exploits detected on the virtual machines are forwarded to Defender for Cloud.
Which extension should you enable on the virtual machines?

  1. Vulnerability assessment for machines
  2. Microsoft Dependency agent
  3. Log Analytics agent for Azure VMs
  4. Guest Configuration agent

Answer(s): A


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

HOTSPOT (Drag and Drop is not supported)
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains the domains shown in the following table.


You are implementing Microsoft Defender for Identity sensors.
You need to install the sensors on the minimum number of domain controllers. The solution must ensure that Defender for Identity will detect all the security risks in both the domains.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/defender-for-identity/technical-faq#deployment https://docs.microsoft.com/en-us/defender-for-identity/install-step4




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

You have 10 servers that run Windows Server in a workgroup.
You need to configure the servers to encrypt all the network traffic between the servers. The solution must be as secure as possible.
Which authentication method should you configure in a connection security rule?

  1. NTLMv2
  2. pre-shared key
  3. Kerberos V5
  4. computer certificate

Answer(s): D


Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-authentication- request-rule




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

You have an Azure virtual machine named VM1 that runs Windows Server.
You need to encrypt the contents of the disks on VM1 by using Azure Disk Encryption. What is a prerequisite for implementing Azure Disk Encryption?

  1. Customer Lockbox for Microsoft Azure
  2. an Azure key vault
  3. a BitLocker recovery key
  4. data-link layer encryption in Azure

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview




Case Study:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview:
Contoso, Ltd. is a manufacturing company that has a main office in Seattle and branch offices in Los Angeles and Montreal.

Existing Environment
Active Directory Environment
Contoso has an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with a Microsoft Entra tenant. The AD DS domain contains the domain controllers shown in the following table.


Contoso recently purchased an Azure subscription.
The functional level of the forest is Windows Server 2012. The functional level of the domain is Windows Server 2012 R2. The forest has the Active Directory Recycle Bin enabled.
The contoso.com domain contains the users shown in the following table.


The contoso.com domain has the Group Policy Objects (GPOs) shown in the following table.


The contoso.com domain has the Password Settings Objects (PSOs) shown in the following table.



Server Infrastructure
The contoso.com domain contains servers that run Windows Server 2022 as shown in the following table.


By using Windows Defender Firewall with Advanced Security, the servers have isolation connection security rules configured as shown in the following table.


Server4 has no connection security rules.
Server4 Configurations
Server4 has the effective Group Policy settings for user rights as shown in the following table.


Server4 has the disk configurations shown in the following exhibit.



Virtualization Infrastructure
The contoso.com domain has the Hyper-V failover clusters shown in the following table.



Technical Requirements
Contoso identifies the following technical requirements:
Promote a new server named DC4 that runs to Windows Server 2022 to a domain controller.
Replicate the virtual machines from Cluster2 to an Azure Recovery Services vault. Centrally manage performance alerts in Azure for all the domain controllers.
Ensure that User1 can recover objects from the Active Directory Recycle Bin. Migrate Share1 to Server2, including all the share and folder permissions.
Back up Server4 and all data to an Azure Recovery Services vault. Use Hyper-V Replica to protect the virtual machines in Cluster3.
Implement BitLocker Drive Encryption (BitLocker) on Server4. Whenever possible, use the principle of least privilege.

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains two servers named Server1 and Server2 that run Windows Server.
You need to ensure that you can manage Server2 by using the Computer Management console from Server1. The solution must use the principle of least privilege.
Which two Windows Defender Firewall with Advanced Security rules should you enable on Server2? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. the COM+ Network Access (DCOM-In) rule
  2. all the rules in the Remote Event Log Management group
  3. the Windows Management Instrumentation (WMI-In) rule
  4. the COM+ Remote Administration (DCOM-In) rule
  5. the Windows Management Instrumentation (DCOM-In) rule

Answer(s): A,B


Reference:

https://docs.microsoft.com/en-us/windows-server/administration/server-manager/configure-remote- management-in-server-manager



Viewing Page 3 of 24



Share your comments for Microsoft AZ-801 exam with other users:

Philippe 1/22/2023 10:24:00 AM

iam impressed with the quality of these dumps. they questions and answers were easy to understand and the xengine app was very helpful to use.
CANADA