Microsoft - AZ-800: Administering Windows Server Hybrid Core Infrastructure
Sample Questions
Question: 161
Measured Skill: Implement and manage an on-premises and hybrid networking infrastructure (15-20%)
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains a user named User1 and the servers shown in the following table.
You need to ensure that User1 can manage only Scope1 and Scope3.
What should you do?| A | Add User1 to the DHCP Administrators group on Server1 and Server2. |
| B | Implement IP Address Management (IPAM). |
| C | Add User1 to the DHCP Administrators domain local group. |
| D | Implement Windows Admin Center and add connections to Server1 and Server2. |
Correct answer: BExplanation:
We should configure role based access control in IPAM.
Role based access control is comprised of roles, access scopes, and access policies:
Roles: A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy. Several built-in roles are provided, but you can also create customized roles to meet your business requirements.
Access scopes: An access scope determines the objects that a user has access to. You can use access scopes to define administrative domains in IPAM. For example, you might create access scopes based on geographical location. By default, IPAM includes an access scope of Global. All other access scopes are subsets of the Global access scope. Users or groups that are assigned to the Global access scope have access to all objects in IPAM that are permitted by their assigned role.
Access policies: An access policy combines a role with an access scope to assign permission to a user or group. For example, you might define an access policy for user1 with a role of IP Block Admin and an access scope of Global\Asia. Therefore, user1 will have permission to edit and delete IP address blocks that are associated to the Asia access scope. This user will not have permission to edit or delete any other IP address blocks in IPAM.
Reference: Access Control
Question: 162
Measured Skill: Manage storage and file services (15-20%)
You have a server named Server1 that runs Windows Server and contains two drives named C and D. Server1 hosts multiple file shares.
You enable Data Deduplication on drive D and select the General purpose file server workload.
You need to minimize the space consumed by files that were recently modified or deleted.
What should you do?| A | Run the Set-DedupVolume cmdlet and configure the Scrubbing job. |
| B | Run the Set-DedupSchedule cmdlet and configure a GarbageCollection job. |
| C | Run the Set-DedupVolume cmdlet and configure the InputOutputScale settings. |
| D | Run the Set-DedupSchedule cmdlet and configure the Optimization job. |
Correct answer: BExplanation:
Data Deduplication uses a post-processing strategy to optimize and maintain a volume's space efficiency.
Reference: Understanding Data Deduplication
Question: 163
Measured Skill: Manage storage and file services (15-20%)
You have an Active Directory domain that contains a file server named Server1. Server1 runs Windows Server and includes the file shares shown in the following table.
When users login to the network they receive the following network drive mappings.
- H: maps to \\server1\users\%UserName%
- G: maps to \\server1\%Department%
You need to limit the amount of space consumed by user’s on Server1. The solution must meet the following requirements:
- Prevent users using more than 5GB of space on their H: drive.
- Prevent Accounts department users from using more than 10GB of space on the G: drive.
- Prevent Marketing department users from using more than 15GB of space on the G: drive.
- Prevent Customer Service department users from using more than 2GB of space on the G: drive.
- Minimize administrative effort.
What should you use?| A | File Server Resource Manager (FSRM) quotas |
| B | Storage tiering |
| C | NTFS Disk quotas |
| D | Group Policy Preferences |
Correct answer: AExplanation:
File Server Resource Manager (FSRM) is a role service in Windows Server that enables you to manage and classify data stored on file servers. You can use FSRM to automatically classify files, perform tasks based on these classifications, set quotas on folders, and create reports monitoring storage usage.
On the Quota Management node of the File Server Resource Manager Microsoft® Management Console (MMC) snap-in, you can perform the following tasks:
- Create quotas to limit the space allowed for a volume or folder, and generate notifications when the quota limits are approached or exceeded.
- Generate auto apply quotas that apply to all existing subfolders in a volume or folder and to any subfolders that are created in the future.
- Define quota templates that can be easily applied to new volumes or folders and then used across an organization.
For example, you can:
- Place a 200 megabyte (MB) limit on users' personal server folders, with an email notification sent to you and the user when 180 MB of storage has been exceeded.
- Set a flexible 500 MB quota on a group's shared folder. When this storage limit is reached, all users in the group are notified by e-mail that the storage quota has been temporarily extended to 520 MB so that they can delete unnecessary files and comply with the preset 500 MB quota policy.
- Receive a notification when a temporary folder reaches 2 gigabytes (GB) of usage, yet not limit that folder's quota because it is necessary for a service running on your server.
References:
File Server Resource Manager (FSRM) overview
Quota Management
Question: 164
Measured Skill: Manage virtual machines and containers (15-20%)
You have a server named Server1 that has the Hyper-V server role installed. Server1 hosts the virtual machines shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
(NOTE: Each correct selection is worth one point.)
| A | Only VM1 supports production checkpoints.
Only VM1 can be hibernated. |
| B | Only VM1 supports production checkpoints.
Only VM1 and VM2 can be hibernated. |
| C | Only VM1 and VM2 support production checkpoints.
Only VM1 can be hibernated. |
| D | Only VM1 and VM2 support production checkpoints.
VM1, VM2, and VM3 can be hibernated. |
| E | VM1, VM2, and VM3 support production checkpoints.
Only VM1 and VM2 can be hibernated. |
| F | VM1, VM2, and VM3 support production checkpoints.
VM1, VM2, and VM3 can be hibernated. |
Correct answer: EExplanation:
The following table shows the minimum virtual machine configuration version required to use some Hyper-V features.
Reference: Upgrade virtual machine version in Hyper-V on Windows or Windows Server
Question: 165
Measured Skill: Manage virtual machines and containers (15-20%)
You have a Windows Server container host named Server1.
You start the containers on Server1 as shown in the following table.
You need to validate the status of ProcessA and ProcessC.
Where can you verify that ProcessA and ProcessC are in a running state?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | ProcessA: Container1 only
ProcessB: Container3 only |
| B | ProcessA: Container1 and Container2 only
ProcessB: Container3 and Server1 only |
| C | ProcessA: Container1 and Container2 only
ProcessB: Container3 and Container4 only |
| D | ProcessA: Container1 and Server1 only
ProcessB: All the containers and Server1 |
| E | ProcessA: Container1, Container2, and Server1 only
ProcessB: Container3, Container4, and Server1 only |
| F | ProcessA: All the containers and Server1
ProcessB: Container3 and Server1 only |
Correct answer: FExplanation:
Windows containers offer two distinct modes of runtime isolation: process and Hyper-V isolation. Containers running under both isolation modes are created, managed, and function identically. They also produce and consume the same container images. The difference between the isolation modes is to what degree of isolation is created between the container, the host operating system, and all of the other containers running on that host.
Process Isolation
With process isolation, multiple container instances run concurrently on a given host with isolation provided through namespace, resource control, and other process isolation technologies. When running in this mode, containers share the same kernel with the host as well as each other. This is approximately the same as how Linux containers run.
Process isolation allows to display the running processes of a container using the docker top command on the container host or the Get-Process cmdlet on the container host or on any other running container.
Hyper-V isolation
This isolation mode offers enhanced security and broader compatibility between host and container versions. With Hyper-V isolation, multiple container instances run concurrently on a host; however, each container runs inside of a highly optimized virtual machine and effectively gets its own kernel. The presence of the virtual machine provides hardware-level isolation between each container as well as the container host.
Hyper-V isolation allows to display the running processes of a container using the docker top command on the container host.
Reference: Isolation Modes