Microsoft - AZ-801: Configuring Windows Server Hybrid Advanced Services
Sample Questions
Question: 154
Measured Skill: Secure Windows Server on-premises and hybrid infrastructures (25-30%)
You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains the resources shown in the following table.
Sub1 has Microsoft Defender for Servers enabled. You are assigned the Contributor role for Sub1.
You need to implement just-in-time (JIT) VM access for VM1.
What should you do first?| A | Create a network security group (NSG). |
| B | Enable enhanced security in Microsoft Defender for Cloud. |
| C | Request the Owner role for Sub1. |
| D | Create an application security group. |
Correct answer: CExplanation:
You can use Microsoft Defender for Cloud's just-in-time (JIT) access to protect your Azure virtual machines (VMs) from unauthorized network access. Many times firewalls contain allow rules that leave your VMs vulnerable to attack. JIT lets you allow access to your VMs only when the access is needed, on the ports needed, and for the period of time needed.
Prerequisites
JIT requires Microsoft Defender for Servers Plan 2 to be enabled on the subscription.
Reader and SecurityReader roles can both view the JIT status and parameters.
If you want to create custom roles that work with JIT, you need the details from the following table:
The Contributor role at the subscription level does not have permissions in either the Microsoft.Security or Microsoft.Compute scope.
Reference: Enable just-in-time access on VMs
Question: 155
Measured Skill: Monitor and troubleshoot Windows Server environments (20-25%)
You have an on-premises Active Directory Domain Services (AD DS) domain that contains the resources shown in the following table.
The domain contains the domain controllers shown in the following table.
You configure a site link between Site1 and Site2 and set the replication interval to 20 minutes.
At 10:00 AM, connectivity between Site1 and Site2 fails.
Administrators perform the actions shown in the following table.
At 10:30 AM, connectivity between Site1 and Site2 is restored.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | At 11:30 AM, User1 and User2 are members of Group1: Yes
At 11:30 AM, the phone number of User2 is 333-333: Yes
At 11:30 AM, User3 is deleted: Yes |
| B | At 11:30 AM, User1 and User2 are members of Group1: Yes
At 11:30 AM, the phone number of User2 is 333-333: Yes
At 11:30 AM, User3 is deleted: No |
| C | At 11:30 AM, User1 and User2 are members of Group1: No
At 11:30 AM, the phone number of User2 is 333-333: Yes
At 11:30 AM, User3 is deleted: No |
| D | At 11:30 AM, User1 and User2 are members of Group1: No
At 11:30 AM, the phone number of User2 is 333-333: Yes
At 11:30 AM, User3 is deleted: Yes |
| E | At 11:30 AM, User1 and User2 are members of Group1: No
At 11:30 AM, the phone number of User2 is 333-333: No
At 11:30 AM, User3 is deleted: Yes |
| F | At 11:30 AM, User1 and User2 are members of Group1: No
At 11:30 AM, the phone number of User2 is 333-333: No
At 11:30 AM, User3 is deleted: No |
Correct answer: FExplanation:
Intersite replication between DC1 and DC2 occurs every 20 minutes. At 11:30 AM replication occured at least two times and all changes made until 10:25 AM are applied on both domain controllers.
At 11:30 AM only User2 is a member of Group1. The phone number of User2 is 444-444 and User3 is moved to the lost and found container.
Reference: Active Directory Replication Concepts
Question: 156
Measured Skill: Implement disaster recovery (10-15%)
You have an on-premises server named Server1 that runs Windows Server.
You have an Azure subscription.
You plan to back up the files and folders on Server1 by using the Microsoft Azure Recovery Services (MARS) agent.
You need to identify to which location the backups can be written and the maximum number of scheduled backups that can be performed per day.
What should you identify?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Backup location: An Azure Backup vault
Maximum number of scheduled backups per day: 72 |
| B | Backup location: An Azure Backup vault
Maximum number of scheduled backups per day: 6 |
| C | Backup location: A Recovery Services vault in Azure
Maximum number of scheduled backups per day: 3 |
| D | Backup location: A Recovery Services vault in Azure
Maximum number of scheduled backups per day: 24 |
| E | Backup location: The Cool access tier of an Azure Storage account
Maximum number of scheduled backups per day: 1 |
| F | Backup location: The Archive access tier of an Azure Storage account
Maximum number of scheduled backups per day: 72 |
Correct answer: CExplanation:
Azure Backup uses the Microsoft Azure Recovery Services (MARS) agent to back up and recover files, folders, and the volume or system state from an on-premises computer to an Azure Recovery Services vault.
You can schedule up to three daily backups per day.
Azure Backup vaults can be used to back up certain workloads hosted in Azure. Azure Backup vaults cannot be used to backup files and folders from on-premises servers or servers hosted in Azure.
References:
About the Microsoft Azure Recovery Services (MARS) agent for Azure Backup
Back up Windows Server files and folders to Azure
Backup vaults overview
Question: 157
Measured Skill: Monitor and troubleshoot Windows Server environments (20-25%)
You have an Azure virtual machine named VM1 that runs Windows Server.
The operating system on VM1 fails to start due to a disk error.
You need to resolve the error.
Which four commands should you run in sequence in Azure Cloud Shell?
(To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.)
| A | Sequence: 3, 1, 5, 2 |
| B | Sequence: 4, 3, 5, 2 |
| C | Sequence: 1, 4, 3, 5 |
| D | Sequence: 3, 1, 4, 5 |
Correct answer: BExplanation:
The VM repair command enables Azure users to self-repair non-bootable VMs by copying the source VM's OS disk and attaching it to a newly created repair VM.
First, we install the vm-repair extension by using the az extension add command. This step is optional since the extension will automatically install the first time you run an az vm repair command.
Second, we create a new repair VM and attach the source VM's copied OS disk as a data disk by running az vm repair create.
The az vm repair run command runs verified scripts from GitHub on the VM to repair issues preventing the VM from starting.
Finally, the az vm repair restore command replaces the source VM's OS disk with the data disk from the repair VM.
References:
az extension
az vm repair
Question: 158
Measured Skill: Implement and manage Windows Server high availability (10-15%)
You have a failover cluster named Cluster1 that contains four Windows Server nodes named Node1, Node2, Node3, and Node4.
You need to deploy a Storage Spaces Direct virtual disk to Cluster1.
You add the following disks to each node:
- Three 512-GB NVMe disks
- Three 3-TB HDD disks
- Three 1-TB SSD disks
On Cluster1, you enable Storage Spaces Direct and add the new disks.
What is the total amount of disk space available for the Storage Spaces Direct virtual disk, and which operations are cached for the SSD and HDD disks?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Disk space available for the Storage Spaces Direct virtual disk: 16 TB
Cache behavior of the SSD disks: Only read operations are cached.
Cache behavior of the HDD disks: Read and write operations are cached. |
| B | Disk space available for the Storage Spaces Direct virtual disk: 36 TB
Cache behavior of the SSD disks: Neither read nor write operations are cached.
Cache behavior of the HDD disks: Only write operations are cached. |
| C | Disk space available for the Storage Spaces Direct virtual disk: 40,5 TB
Cache behavior of the SSD disks: Read and write operations are cached.
Cache behavior of the HDD disks: Only write operations are cached. |
| D | Disk space available for the Storage Spaces Direct virtual disk: 48 TB
Cache behavior of the SSD disks: Only read operations are cached.
Cache behavior of the HDD disks: Read and write operations are cached. |
| E | Disk space available for the Storage Spaces Direct virtual disk: 53,5 TB
Cache behavior of the SSD disks: Read and write operations are cached.
Cache behavior of the HDD disks: Only write operations are cached. |
| F | Disk space available for the Storage Spaces Direct virtual disk: 53,5 TB
Cache behavior of the SSD disks: Neither read nor write operations are cached.
Cache behavior of the HDD disks: Neither read nor write operations are cached. |
Correct answer: DExplanation:
All three disk types (NVMe, HDD, SSD) are supported by Storage Spaces Direct.
Storage Spaces Direct features a built-in server-side cache. It is a large, persistent, real-time read and write cache. In deployments with multiple types of drives, it is configured automatically to use all drives of the "fastest" type. The remaining drives are used for capacity.
The NVMe (Non-Volatile Memory Express) drives are used as cache. The remaining HDDs and SSDs are available for virtual disks. The storage space for Virtual Disk is (3 x 3TB + 3 x 1TB) * 4 = 48 TB.
The behavior of the cache is determined automatically based on the type(s) of drives that are being cached for. When caching for flash drives (such as NVMe caching for SSDs), only writes are cached. When caching for rotating disk drives (such as SSDs caching for HDDs), both reads and writes are cached.
References:
Choose drives for Azure Stack HCI and Windows Server clusters
Understanding the storage pool cache