Microsoft - AZ-800: Administering Windows Server Hybrid Core Infrastructure
Sample Questions
Question: 282
Measured Skill: Manage storage and file services (15-20%)
You have a server named Server1 that runs Windows Server 2022.
You add two 4-TB hard drives named Disk1 and Disk2 to Server1.
You need to format the drives. The solution must meet the following requirements:
- Disk1 must support disk level quotas.
- Disk2 must support Data Deduplication.
Which type of file system should you use for each drive?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Disk1: NTFS only
Disk2: NTFS or ReFS only |
| B | Disk1: ReFS only
Disk2: NTFS, exFAT, or ReFS |
| C | Disk1: NTFS or exFAT only
Disk2: NTFS only |
| D | Disk1: NTFS or ReFS only
Disk2: ReFS only |
| E | Disk1: NTFS or ReFS only
Disk2: NTFS or ReFS only |
| F | Disk1: NTFS, exFAT, or ReFS
Disk2: NTFS or exFAT only |
Correct answer: AExplanation:
The Resilient File System (ReFS) is Microsoft's newest file system, designed to maximize data availability, scale efficiently to large data sets across diverse workloads, and provide data integrity with resiliency to corruption. It seeks to address an expanding set of storage scenarios and establish a foundation for future innovations.
ReFS introduces new features that can precisely detect corruptions and also fix those corruptions while remaining online, helping provide increased integrity and availability for your data:
- Integrity-streams - ReFS uses checksums for metadata and optionally for file data, giving ReFS the ability to reliably detect corruptions.
- Storage Spaces integration - when used with a mirror or parity space, ReFS can automatically repair detected corruptions using the alternate copy of the data provided by Storage Spaces. Repair processes are both localized to the area of corruption and performed online, requiring no volume downtime.
- Salvaging data - if a volume becomes corrupted and an alternate copy of the corrupted data doesn't exist, ReFS removes the corrupt data from the namespace. ReFS keeps the volume online while it handles most non-correctable corruptions, but there are rare cases that require ReFS to take the volume offline.
- Proactive error correction - in addition to validating data before reads and writes, ReFS introduces a data integrity scanner, known as a scrubber. This scrubber periodically scans the volume, identifying latent corruptions and proactively triggering a repair of corrupt data.
The following features are available with ReFS and NTFS:
The following features are unavailable on ReFS at this time:
Note: exFAT (Extended File Allocation Table) is a lightweight file system and mostly used on removable devices such as external hard drives or USB drives. Microsoft released exFAT in 2006 to replace FAT32. Now, exFAT is valued as a top choice for its fast read/write capabilities with external single-state drives. Although this is a Microsoft file system, exFAT is compatible with Macs and media devices, including televisions and mobile devices.
Reference: Resilient File System (ReFS) overview
Question: 283
Measured Skill: Manage Windows Servers and workloads in a hybrid environment (10-15%)
Your company decides to purchase a new application to track working hours. The application will be deployed to a virtual machine running in Azure.
You download an evaluation version of the 64-Bit installer file of the software. You plan to evaluate the application in a lab environment.
To make sure the installer file hasn't been tampered by unauthorized third parties, you want to check the file hash against the file hash provided by the vendor.
Which of the following commands should you use?| A | Compare-Object |
| B | Get-FileHash |
| C | Certutil.exe |
| D | DISM.exe |
Correct answer: BExplanation:
The Get-FileHash cmdlet computes the hash value for a file by using a specified hash algorithm. A hash value is a unique value that corresponds to the content of the file. Rather than identifying the contents of a file by its file name, extension, or other designation, a hash assigns a unique value to the contents of a file. File names and extensions can be changed without altering the content of the file, and without changing the hash value. Similarly, the file's content can be changed without changing the name or extension. However, changing even a single character in the contents of a file changes the hash value of the file.
The purpose of hash values is to provide a cryptographically-secure way to verify that the contents of a file have not been changed. While some hash algorithms, including MD5 and SHA1, are no longer considered secure against attack, the goal of a secure hash algorithm is to render it impossible to change the contents of a file -- either by accident, or by malicious or unauthorized attempt -- and maintain the same hash value. You can also use hash values to determine if two different files have exactly the same content. If the hash values of two files are identical, the contents of the files are also identical.
By default, the Get-FileHash cmdlet uses the SHA256 algorithm, although any hash algorithm that is supported by the target operating system can be used.
Example:
Get-FileHash C:\Users\user1\Downloads\Contoso8_1_ENT.iso -Algorithm SHA384 | Format-List
Algorithm : SHA384
Hash : 20AB1C2EE19FC96A7C66E33917D191A24E3CE9DAC99DB7C786ACCE31E559144FEAFC695C58E508E2EBBC9D3C96F21FA3
Path : C:\Users\user1\Downloads\Contoso8_1_ENT.iso
References: Get-FileHash
Question: 284
Measured Skill: Implement and manage an on-premises and hybrid networking infrastructure (15-20%)
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a web server named Server1 that hosts a website used by employees to download product information for distribution to customers. Employees access the website from the internal network using the URL server1.contoso.com.
You need to ensure that the employees can access the website by using the URL products.contoso.com.
How should you complete the command?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Add-DnsServerResourceRecordCName -Name "products" -HostNameAlias "server1.contoso.com" -ZoneName "contoso.com" |
| B | Add-DnsServerResourceRecordCName -Name "server1" -HostNameAlias "products.contoso.com" -ZoneName "contoso.com" |
| C | Add-DnsServerResourceRecordCName -Name "server1.contoso.com" -HostNameAlias "products" -ZoneName "contoso.com" |
| D | Add-DnsServerResourceRecordCName -Name "products.contoso.com" -HostNameAlias "server1" -ZoneName "contoso.com" |
Correct answer: AExplanation:
The Add-DnsServerResourceRecordCName cmdlet adds a canonical name (CNAME) resource record to a specified Domain Name System (DNS) zone. A CNAME record allows you to use more than one resource record to refer to a single host.
You can use CNAME records for the following scenarios.
- Host more than one kind of server on the same system. For instance, you might host an FTP server and a Web server on the same system with the names ftp.contoso.com and
www.contoso.com.
- Rename a computer with an existing host (A) resource record in the same DNS zone. You can use an CNAME resource record temporarily to allow a grace period for users and programs to switch from the old computer name to the new one.
- Resolve a generic name for a well-known server, like www, to a group of servers, such as redundant Web servers.
Example
This command adds a CNAME resource record with the alias labsrv1 to the contoso.com domain for a system named srv1 in the zone named lab.contoso.com.
Add-DnsServerResourceRecordCName -Name "labsrv1" -HostNameAlias "srv1.lab.contoso.com" -ZoneName "contoso.com"
Reference: Add-DnsServerResourceRecordCName
Question: 285
Measured Skill: Implement and manage an on-premises and hybrid networking infrastructure (15-20%)
Your network contains an Active Directory Domain Services (AD DS) domain named fabrikam.com. The domain contains a Windows server named Server2 running Windows Server 2022.
Server2 has the IP Address Management (IPAM) feature installed. IPAM has been configured using the Group Policy-based provisioning method. The GPO name prefix has been set to IP.
From Group Policy Management you rename the IPAM GPOs manually to have prefix IPAM.
You need to change the IPAM configuration settings to match the new GPO name prefix.
What would you do?| A | In Server Manager, click on the Configure server discovery link. |
| B | In Server Manager, Click on the Provision IPAM server link. |
| C | Run the PowerShell cmdlet Set-IpamConfiguration. |
| D | Run the PowerShell cmdlet Invoke-IpamGpoProvisioning. |
Correct answer: CExplanation:
IP Address Management (IPAM) is an integrated suite of tools to enable end-to-end planning, deploying, managing and monitoring of your IP address infrastructure, with a rich user experience. IPAM automatically discovers IP address infrastructure servers and Domain Name System (DNS) servers on your network and enables you to manage them from a central interface.
The Set-IpamConfiguration cmdlet modifies the IP Address Management (IPAM) server configuration. The GpoPrefix parameter of the Set-IpamConfiguration cmdlet specifies the unique Group Policy Object (GPO) prefix name that IPAM uses to create the group policy objects.
References:
IP Address Management (IPAM)
Set-IpamConfiguration
Question: 286
Measured Skill: Implement and manage an on-premises and hybrid networking infrastructure (15-20%)
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains as IP Address Management (IPAM) server named Server1.
You need to ensure that an administrator named Allan Deyoung can use IPAM to manage an IPAM DNS zone named london.contoso.com only.
What should your create first?| A | An IPAM Role |
| B | An IPAM Access Scope |
| C | An IPAM Access Policy |
| D | A reverse lookup zone |
Correct answer: BExplanation:
Access scopes are used to manage permissions to IPAM objects such as Domain Name System (DNS) servers, Dynamic Host Configuration Protocol (DHCP) scopes, IP address ranges, etc..
When you install IPAM a global scope is automatically created for you. By default, users with permissions to the global scope have access to all the items in the IPAM infrastructure. To provide more control over access permissions you can create subscopes such as a geographic location or job role.
References:
Administer IP Address Management
Set-IpamAccessScope