Microsoft - AZ-800: Administering Windows Server Hybrid Core Infrastructure
Sample Questions
Question: 145
Measured Skill: Implement and manage an on-premises and hybrid networking infrastructure (15-20%)
You have an on-premises server named Server1 that runs Windows Server.
You have an Azure subscription that contains a virtual network named VNet1.
You need to connect Server1 to VNet1 by using Azure Network Adapter.
What should you use?A | The Azure portal |
B | Azure AD Connect |
C | Device Manager |
D | Windows Admin Center |
Correct answer: DExplanation:
A lot of workloads running on-premises and in multi-cloud environments require connections to virtual machines (VMs) running in Microsoft Azure. To connect a server to an Azure Virtual Network, you have several options, including Site-to-Site VPN, Azure Express Route, and Point-to-Site VPN.
Windows Admin Center and Azure Network Adapter provide a one-click experience to connect the server with your virtual network using a Point-to-Site VPN connection. The process automates configuring the virtual network gateway and the on-premises VPN client.
When to use Azure Network Adapter
Azure Network Adapter Point-to-Site VPN connections are useful when you want to connect to your virtual network from a remote location, such as a branch office, store, or other location. You can also use Azure Network Adapter instead of a Site-to-Site VPN when you require only a few servers to connect to a virtual network. Azure Network Adapter connections don't require a VPN device or a public-facing IP address.
Requirements
Using Azure Network Adapter to connect to a virtual network requires the following:
- An Azure account with at least one active subscription.
- An existing virtual network.
- Internet access for the target servers that you want to connect to the Azure virtual network.
- A Windows Admin Center connection to Azure.
- The latest version of Windows Admin Center.
Reference: Use Azure Network Adapter to connect a server to an Azure Virtual Network
Question: 146
Measured Skill: Manage Windows Servers and workloads in a hybrid environment (10-15%)
Your network contains an Active Directory domain, a web app named App1, and a perimeter network. The perimeter network contains a server named Server1 that runs Windows Server.
You plan to provide external access to App1.
You need to implement the Web Application Proxy role service on Server1.
Which role should you add to Server1, and which role should you add to the network?
(To answer, drag the appropriate roles to the correct targets. Each role may be used once, more than once, or not at all. Note: Each correct selection is worth one point.)
A | Role on Server1: Active Directory Certificate Services
Role on the network: Network Policy and Access Services |
B | Role on Server1: Active Directory Certificate Services
Role on the network: Remote Access |
C | Role on Server1: Active Directory Federation Services
Role on the network: Active Directory Certificate Services |
D | Role on Server1: Network Policy and Access Services
Role on the network: Remote Access |
E | Role on Server1: Network Policy and Access Services
Role on the network: Active Directory Federation Services |
F | Role on Server1: Remote Access
Role on the network: Active Directory Federation Services |
Correct answer: FExplanation:
The Web Application Proxy role service is part of the Remote Access server role. We need to install the Web Application Proxy role service in the perimeter network on Server1 and connect the proxy service to the Active Directory Federation Services (AD FS) installed on the internal network. AD FS can then authenticate the user credentials using an Active Directory domain controller.
Reference: Install and Configure the Web Application Proxy Server
Question: 147
Measured Skill: Manage storage and file services (15-20%)
Your company has a main office and 10 branch offices that are connected by using WAN links. The network contains an Active Directory domain.
All users have laptops and regularly travel between offices.
You plan to implement BranchCache in the branch offices.
In each branch office, you install a server that runs Windows Server and the BranchCache feature. You register the servers in Active Directory.
You need to configure the laptops to use the local BranchCache server automatically. The solution must minimize administrative effort.
Which two Group Policy settings should you configure?
(To answer, select the settings in the answer area. NOTE: Each correct selection is worth one point.)
A | Turn on BranchCache |
B | Set BranchCache Distributed Cache mode |
C | Set BranchCache Hosted Cache mode |
D | Enable Automatic Hosted Cache Discovery by Service Connection Point |
E | Configure Hosted Cache Servers |
F | Configure Client BranchCache Version Support |
Correct answer: A, DExplanation:
BranchCache has two modes of operation: distributed cache mode and hosted cache mode.
When you deploy BranchCache in distributed cache mode, the content cache at a branch office is distributed among client computers.
When you deploy BranchCache in hosted cache mode, the content cache at a branch office is hosted on one or more server computers, which are called hosted cache servers.
We need to enable BranchCache on the laptops and configure the laptops to use the branch office's hosted cache server to which the laptops are currently connected. For this purpose we use the setting "Enable Automatic Hosted Cache Discovery by Service Connection Point".
Enable Automatic Hosted Cache Discovery by Service Connection Point
This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.
If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or by Group Policy.
Reference: BranchCache
Question: 148
Measured Skill: Manage storage and file services (15-20%)
You have an Azure subscription that contains the storage accounts shown in the following table.

In the East US Azure region, you create a storage sync service named Sync1.
You need to create a sync group in Sync1.
Which storage accounts can you use, and what can you specify as the cloud endpoints.
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
A | Storage accounts: storage1 only
Cloud endpoints: share1, share3, and share4 only |
B | Storage accounts: storage1 and storage3 only
Cloud endpoints: share1 and share3 only |
C | Storage accounts: storage1 and storage4 only
Cloud endpoints: cont1 and cont2 only |
D | Storage accounts: storage1, storage2, and storage3 only
Cloud endpoints: cont1, cont2, and cont4 only |
E | Storage accounts: storage1, storage2, and storage3 only
Cloud endpoints: cont1, cont2, share1, and share3 only |
F | Storage accounts: storage1, storage2, storage3, and storage4
Cloud endpoints: cont1, cont2, cont4, share1, share3, and share4 |
Correct answer: BExplanation:
A sync group defines the sync topology for a set of files. Endpoints within a sync group are kept in sync with each other. A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server endpoints. A server endpoint represents a path on a registered server. A server can have server endpoints in multiple sync groups. You can create as many sync groups as you need to appropriately describe your desired sync topology.
A cloud endpoint is a pointer to an Azure file share. All server endpoints will sync with a cloud endpoint, making the cloud endpoint the hub. The storage account for the Azure file share must be located in the same region as the Storage Sync Service. The entirety of the Azure file share will be synced, with one exception: A special folder, comparable to the hidden "System Volume Information" folder on an NTFS volume, will be provisioned. This directory is called ".SystemShareInformation". It contains important sync metadata that will not sync to other endpoints. Do not use or delete it!
Reference: Deploy Azure File Sync
Question: 149
Measured Skill: Manage virtual machines and containers (15-20%)
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server. VM1 contains a 128-GB operating system disk.
You need to increase the size of volume C on VM1 to 250 GB.
Which four actions should you perform in sequence?
(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
A | Sequence: 6, 2, 3, 4 |
B | Sequence: 6, 1, 3, 4 |
C | Sequence: 6, 4, 3, 5 |
D | Sequence: 6, 5, 4, 3 |
Correct answer: CExplanation:
When you create a new virtual machine (VM) in a resource group by deploying an image from Azure Marketplace, the default operating system (OS) disk is usually 127 GiB (some images have smaller OS disk sizes by default). You can add data disks to your VM (the amount depends on the VM SKU you selected) and we recommend installing applications and CPU-intensive workloads on data disks. You may need to expand the OS disk if you're supporting a legacy application that installs components on the OS disk or if you're migrating a physical PC or VM from on-premises that has a larger OS disk.
The following article describes how to resize a managed disk and a volume on it using the Azure portal or PowerShell.
How to expand virtual hard disks attached to a Windows virtual machine