Microsoft AZ-800 Administering Windows Server Hybrid Core Infrastructure Online Training
Microsoft AZ-800 Online Training
The questions for AZ-800 were last updated at Dec 20,2024.
- Exam Code: AZ-800
- Exam Name: Administering Windows Server Hybrid Core Infrastructure
- Certification Provider: Microsoft
- Latest update: Dec 20,2024
Topic 2, Fabrikam inc.
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more Information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements, if the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. Is a manufacturing company that has a main office In New York and a branch office in Seattle.
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.
DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP! contains a scope named Scope1 that has addresses for the New York office.
DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Group Policy Object (GPOs)
The cwp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.
Requirements:
Fabrikam Identifies the following planned changes:
• Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
• Replace the WAN links between the Seattle and New York offices by using Azure Virtual
WAN and ExpressRoute. Both on-premises offices will be connected to Vnet1 by using ExpressRoute.
• Create three Azure file shares named newyorkfiles, seattfefiles, and companyfiles.
• Create a domain controller named dc3.corp.fabrikam,com in Vnet1.
• Deploy an Azure Virtual Desktop host pool lo Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD joined.
• License all servers for Microsoft Defender for servers.
• Use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises.
Networking Requirements
Fabrikam identifies the following security requirements:
• Apply GP04 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout lime manually from their client computer.
• Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
• Prevent user passwords from containing all or part of words that are based on the company name, such as Fab. fabrikam or fsbr! |.
• Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
• Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
• Ensure that seattlefiles syncs to FS2.
• Ensure that newyorkfiles syncs to FS1.
• Ensure that companyfiles syncs to both FS1 and FS2.
DRAG DROP
You need to meet the security requirements for passwords.
Where should you configure the components for Azure AD Password Protection? lo answer, drag the appropriate components to the correct locations. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.
You need to implement a name resolution solution that meets the networking requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point
- A . Create an Azure private DNS zone named corp.fabhkam.com.
- B . Create a virtual network link in the coip.fabnkam.c om Azure private DNS zone.
- C . Create an Azure DNS zone named corp.fabrikam.com.
- D . Configure the DNS Servers settings for Vnet1.
- E . Enable autoregistration in the corp.fabnkam.com Azure private DNS zone.
- F . On DC3, install the DNS Server role.
- G . Configure a conditional forwarder on DC3.
What should you implement for the deployment of DC3?
- A . Azure Active Directory Domain Services (Azure AD DS}
- B . Azure AD Application Proxy
- C . an Azure virtual machine
- D . an Azure AD administrative unit
HOTSPOT
You need to configure Azure File Sync to meet the file sharing requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
You need to configure remote administration to meet the security requirements.
What should you use?
- A . just in time (JIT) VM access
- B . Azure AD Privileged Identity Management (PIM)
- C . the Remote Desktop extension for Azure Cloud Services
- D . an Azure Bastion host
You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements.
What should you configure?
- A . security filtering for the link of GP04
- B . security filtering for the link of GPO1
- C . loopback processing in GPO4
- D . the Enforced property for the link of GP01
- E . loopback processing in GPO1
- F . the Enforced property for the link of GP04
You are planning the implementation Azure Arc to support the planned changes. You need to configure the environment to support configuration management policies.
What should you do?
- A . Hybrid Azure AD join all the servers.
- B . Create a hybrid runbook worker m Azure Automation.
- C . Deploy the Azure Connected Machine agent to all the servers.
- D . Deploy the Azure Monitor agent to all the servers.
DRAG DROP
Which three actions should you perform in sequence to meet the security requirements for Webapp1? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT
You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.
What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to implement an availability solution for DHCP that meets the networking requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . On DHCP1. create a scope that contains 25 percent of the IP addresses from Scope2.
- B . On the router in each office, configure a DHCP relay.
- C . DHCP2. configure a scope that contains 25 percent of the IP addresses from Scope 1 .
- D . On each DHCP server, install the Failover Clustering feature and add the DHCP cluster role.
- E . On each DHCP scope, configure DHCP failover.