Skip Navigation Links
 

Microsoft - AZ-800: Administering Windows Server Hybrid Core Infrastructure

Sample Questions

Question: 232
Measured Skill: Manage storage and file services (15-20%)

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the servers shown in the following table.



You need to create a Distributed File System (DFS) namespace that will contain the following:
  • A domain-based namespace named \\contoso.com\Public
  • A folder named Finance
Which servers can you configure as folder targets for the Finance folder?

AServer3 only
B Server2 and Server3 only
C Server1 and Server3 only
D Server1, Server2, and Server3 only
E Server1, Server2, Server3, and Server4

Correct answer: C

Explanation:

The Distributed File System (DFS) functions provide the ability to logically group shares on multiple servers and to transparently link shares into a single hierarchical namespace. DFS organizes shared resources on a network in a treelike structure.

No replication is required. The server must have at least the DFS Namespaces role service installed to host a namespace and a folder.

Reference: Distributed File System (DFS) Functions



Question: 233
Measured Skill: Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (30-35%)

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.

The domain contains the users shown in the following table.



The domain has the Group Policy Objects (GPOs) shown in the following table.



The GPOs are configured as shown in the following table.



For each of the following statements, select Yes if the statement is true, Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AWhen User1 changes their password, at least eight characters must be used for the new password: Yes
When User2 changes their password, at least 12 characters must be used for the new password: Yes
When User3 changes their password, at least 10 characters must be used for the new password: Yes
B When User1 changes their password, at least eight characters must be used for the new password: Yes
When User2 changes their password, at least 12 characters must be used for the new password: Yes
When User3 changes their password, at least 10 characters must be used for the new password: No
C When User1 changes their password, at least eight characters must be used for the new password: Yes
When User2 changes their password, at least 12 characters must be used for the new password: No
When User3 changes their password, at least 10 characters must be used for the new password: No
D When User1 changes their password, at least eight characters must be used for the new password: Yes
When User2 changes their password, at least 12 characters must be used for the new password: No
When User3 changes their password, at least 10 characters must be used for the new password: Yes
E When User1 changes their password, at least eight characters must be used for the new password: No
When User2 changes their password, at least 12 characters must be used for the new password: Yes
When User3 changes their password, at least 10 characters must be used for the new password: Yes
F When User1 changes their password, at least eight characters must be used for the new password: No
When User2 changes their password, at least 12 characters must be used for the new password: No
When User3 changes their password, at least 10 characters must be used for the new password: No

Correct answer: C

Explanation:

The Default Domain Policy password settings apply to all domain users. If password settings other than the Default Domain Policy are required for specific users or groups of users, Password Settings Objects (PSOs) can be created and assigned to these users.

The password settings configured in a GPO associated with an OU apply to the local user accounts of the computers included in the OU, but not to domain users.

Reference: Fine-Grained Password Policy



Question: 234
Measured Skill: Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (30-35%)

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the users shown in the following table.



The domain has the Group Policy Objects (GPOs) shown in the following table.



The GPOs are configured to map a drive named H as shown in the following table.



For each of the following statements, select Yes if the statement is true, Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AFor User1, \\server2\share maps to drive H: Yes
For User2, \\server1\share maps to drive H: Yes
For User3, \\server3\share maps to drive H: Yes
B For User1, \\server2\share maps to drive H: Yes
For User2, \\server1\share maps to drive H: Yes
For User3, \\server3\share maps to drive H: No
C For User1, \\server2\share maps to drive H: No
For User2, \\server1\share maps to drive H: Yes
For User3, \\server3\share maps to drive H: No
D For User1, \\server2\share maps to drive H: No
For User2, \\server1\share maps to drive H: Yes
For User3, \\server3\share maps to drive H: Yes
E For User1, \\server2\share maps to drive H: No
For User2, \\server1\share maps to drive H: No
For User3, \\server3\share maps to drive H: Yes
F For User1, \\server2\share maps to drive H: No
For User2, \\server1\share maps to drive H: No
For User3, \\server3\share maps to drive H: No

Correct answer: C

Explanation:

By default, Group Policy is inherited and cumulative, and it affects all computers and users in an Active Directory container.

GPOs are processed in the following order:

  1. The local GPO is applied.
  2. GPOs linked to sites are applied.
  3. GPOs linked to domains are applied.
  4. GPOs linked to organizational units are applied. For nested organizational units, GPOs linked to parent organizational units are applied before GPOs linked to child organizational units are applied.

The order in which GPOs are processed is significant because when policy is applied, it overwrites policy that was applied earlier.

By convention, computer-related policy settings override user-related policy settings. 

Overriding and Blocking Group Policy

To enforce the Group Policy settings in a specific GPO, you can specify the Enforce option. If you specify this option, policy settings in GPOs that are in lower-level Active Directory containers cannot override the policy. For example, if you define a GPO at the domain level, and you specify the Enforce option, the policies that the GPO contains apply to all organizational units in that domain. Lower-level organizational units will not override the policy applied at the domain level.

To block inheritance of Group Policy from parent Active Directory containers, you can specify the Block inheritance option. For example, if you specify the Block inheritance option for an organizational unit, it prevents the application of policy at that level from higher-level Active Directory containers such as a higher-level organizational unit or domain.

Be aware that the Enforce option always takes precedence over the Block inheritance option.

A local GPO cannot specify the Enforce or Block inheritance option.

References:

Group Policy Hierarchy

Overriding and Blocking Group Policy



Question: 235
Measured Skill: Implement and manage an on-premises and hybrid networking infrastructure (15-20%)

Your on-premises network has an IP address range of 10.0.0.0/23.

You have an Azure virtual network named VNet1 that contains a virtual machine named VM1.

VNet1 has an IP address range of 10.0.1.0/24.

You need to deploy a Site-to-Site (S2S) VPN to connect the on-premises network to VNet1.

What should you do first?

ADeploy Azure Bastion to VNet1.
B Deploy Azure Extended Network.
C Configure VNet1 to use the IP address range of 10.0.2.0/24.
D Configure VNet1 to use an IP address range of 10.0.1.128/25.

Correct answer: C

Explanation:

The IP address range 10.0.0.0/23 includes the addresses from 10.0.0.1 to 10.0.1.254 and overlaps with or completely contains the address range of VNet1.

As a prerequisite for creating the Site-to-Site VPN (S2S), we need to ensure that the address ranges of the on-premises network and the virtual network in Azure do not overlap. If a duplicate address range exists on both sides of the VPN connection, traffic will route in an unexpected way.

Reference: Tutorial: Create a site-to-site VPN connection in the Azure portal



Question: 236
Measured Skill: Implement and manage an on-premises and hybrid networking infrastructure (15-20%)

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains the servers shown in the following table.



On Server1, you create a DNS zone named Zone1.com as shown in the following exhibit.



To which DNS servers is Zone1.com replicated?

AServer2 only
B Server2 and Server3 only
C Server2 and Server4 only
D Server2, Server3, and Server4 only
E Server2, Server3, Server4, and Server5

Correct answer: A

Explanation:

Domain Name System (DNS) servers running on domain controllers can store their zones in Active Directory Domain Services (AD DS). In this way, it is not necessary to configure a separate DNS replication topology that uses ordinary DNS zone transfers because all zone data is replicated automatically by means of Active Directory replication. This simplifies the process of deploying DNS and provides the following advantages:

  • Multiple masters are created for DNS replication. Therefore, any domain controller in the domain running the DNS Server service can write updates to the Active Directory-integrated DNS zones for the domain name for which they are authoritative. A separate DNS zone transfer topology is not needed.

  • Secure dynamic updates are supported. Secure dynamic updates allow an administrator to control what computers update what names and prevent unauthorized computers from overwriting existing names in DNS.

Active Directory-integrated DNS in Windows Server 2008 stores zone data in application directory partitions. (There are no behavioral changes from Windows Server 2003-based DNS integration with Active Directory.) The following DNS-specific application directory partitions are created during AD DS installation:

  • A forest-wide application directory partition, called ForestDnsZones

  • Domain-wide application directory partitions for each domain in the forest, named DomainDnsZones

Only domain controllers replicate directory partitions. The zone will replicate to all DNS servers that run on a domain controller of the domain.

Reference: Active Directory-Integrated DNS Zones





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2024 by cert2brain.com