Skip Navigation Links
 

Microsoft - AZ-801: Configuring Windows Server Hybrid Advanced Services

Sample Questions

Question: 116
Measured Skill: Implement and manage Windows Server high availability (10-15%)

You have two Azure Virtual machines that run Windows Server.

You plan to create a failover cluster that will host the virtual machines.

You need to configure an Azure Storage account that will be used by the cluster as a cloud witness. The solution must maximize resiliency.

Which type of redundancy should you configure for the storage account?

AGeo-zone-redundant storage (GZRS)
B Geo-redundant storage (GRS)
C Zone-redundant storage (ZRS)
D Locally-redundant storage (LRS)

Correct answer: C

Explanation:

Cloud Witness is a new type of Failover Cluster quorum witness that uses Microsoft Azure as the arbitration point. It uses Azure Blob Storage to read/write a blob file which is then used as an arbitration point in case of split-brain resolution.

To configure Cloud Witness, you must have a valid Azure general purpose Storage Account which can be used to store the blob file (used for arbitration). Cloud Witness creates a well-known Container msft-cloud-witness under the Microsoft Storage Account. Cloud Witness writes a single blob file with corresponding cluster's unique ID used as the file name of the blob file under this msft-cloud-witness container. This means that you can use the same Microsoft Azure Storage Account to configure a Cloud Witness for multiple different clusters.

When you use the same Azure Storage Account for configuring Cloud Witness for multiple different clusters, a single msft-cloud-witness container gets created automatically. This container will contain one-blob file per cluster.

To create an Azure storage account

  1. Sign in to the Azure portal.
  2. On the Hub menu, select New -> Data + Storage -> Storage account.
  3. In the Create a storage account page, do the following:
    1. Enter a name for your storage account.
      Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. The storage account name must also be unique within Azure.

    2. For Account kind, select General purpose.
      You can't use a Blob storage account for a Cloud Witness.

    3. For Performance, select Standard.
      You can't use Azure Premium Storage for a Cloud Witness.

    4. For Replication, select Locally-redundant storage (LRS) or Zone-redundant storage (ZRS) as applicable.
      Failover Clustering uses the blob file as the arbitration point, which requires some consistency guarantees when reading the data. Therefore, you must select Locally-redundant storage for Replication type when the Cloud Witness is for a cluster that resides on premises, or it's a cluster in Azure which isn't deployed across different availability zones in the same region. When the cluster nodes are in the same region but different availability zone, use Zone-redundant storage as Replication type.

Reference: Deploy a Cloud Witness for a Failover Cluster



Question: 117
Measured Skill: Secure Windows Server on-premises and hybrid infrastructures (25-30%)

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the accounts shown in the following table.



The domain is configured to store BitLocker recovery keys in Active Directory.

Admin1 and Admin2 perform the following tasks:
  • Admin1 turns on BitLocker Drive Encryption (BitLocker) for volume C on Server1.
  • Admin1 moves Server1 to OU1.
  • Admin2 turns on BitLocker for removable volume E on Server2.
  • Admin2 moves removable volume E from Server2 to Server1 and unlocks the volume.
On which Active Directory object can you view each BitLocker recovery key?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth on point.)

www.cert2brain.com

AThe BitLocker recovery key for volume C: contoso.com
The BitLocker recovery key for volume E: contoso.com
B The BitLocker recovery key for volume C: contoso.com
The BitLocker recovery key for volume E: Server2
C The BitLocker recovery key for volume C: Admin1
The BitLocker recovery key for volume E: Admin2
D The BitLocker recovery key for volume C: Server2
The BitLocker recovery key for volume E: Server1
E The BitLocker recovery key for volume C: Server1
The BitLocker recovery key for volume E: Server2
F The BitLocker recovery key for volume C: Server2
The BitLocker recovery key for volume E: Server2

Correct answer: E

Explanation:

You can use Active Directory to securely store backups of BitLocker recovery keys (passwords) from client computers. It is very convenient if you have multiple users using BitLocker to encrypt their data. You can configure Group Policies in your domain so that when encrypting any drive with BitLocker, the computer will save the recovery key in its computer object account in AD (like storing a local computer administrator password generated using LAPS).

If BitLocker is enabled on a drive before Group Policy has been applied to enforce a backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied.

References:

Storing BitLocker Recovery Keys in Active Directory

BitLocker and Active Directory Domain Services (AD DS) FAQ



Question: 118
Measured Skill: Implement and manage Windows Server high availability (10-15%)

Your company uses Storage Spaces Direct (S2D).

You need to view the available storage in a Storage Space Direct storage pool.

What should you use?

AFile Server Resource Manager (FSRM)
B The Get-StorageSubsystem cmdlet
C Disk Management
D Server Manager

Correct answer: D

Explanation:

The available storage of a Storage Space Direct storage pool can be viewed in Server Manager as shown below.



Question: 119
Measured Skill: Secure Windows Server on-premises and hybrid infrastructures (25-30%)

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains servers that run Windows Server as shown in the following table.



Server1 has the connection security rules shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AServer1 can communicate with Server2 successfully: Yes
Server1 can communicate with Server3 successfully: Yes
Server3 can communicate with Server1 successfully: Yes
B Server1 can communicate with Server2 successfully: Yes
Server1 can communicate with Server3 successfully: Yes
Server3 can communicate with Server1 successfully: No
C Server1 can communicate with Server2 successfully: No
Server1 can communicate with Server3 successfully: Yes
Server3 can communicate with Server1 successfully: No
D Server1 can communicate with Server2 successfully: Yes
Server1 can communicate with Server3 successfully: No
Server3 can communicate with Server1 successfully: Yes
E Server1 can communicate with Server2 successfully: No
Server1 can communicate with Server3 successfully: No
Server3 can communicate with Server1 successfully: Yes
F Server1 can communicate with Server2 successfully: No
Server1 can communicate with Server3 successfully: No
Server3 can communicate with Server1 successfully: No

Correct answer: B

Explanation:

Connection security rules use IPsec to secure traffic while it crosses the network. You use connection security rules to specify that connections between two computers must be authenticated or encrypted. You might still have to create a firewall rule to allow network traffic protected by a connection security rule.

Rule1 affects communication with Server2. Rule2 affects communication with Server3.

The exhibit describes the authentication requirements of the two rules.



Question: 120
Measured Skill: Implement and manage Windows Server high availability (10-15%)

You need to create a Hyper-V hyper-converged cluster that stores virtual machines by using Storage Spaces Direct.

Which three actions should you perform in sequence?

(To answer, move the appropriate anions from the list of actions to the answer area and arrange them in the correct order.)

www.cert2brain.com

ASequence: 3, 5, 1
B Sequence: 4, 2, 6
C Sequence: 3, 1, 6
D Sequence: 4, 1, 6

Correct answer: D

Explanation:

As the first step, we need to configure a failover cluster. 

After creating the cluster, we use the Enable-ClusterStorageSpacesDirect PowerShell cmdlet, which will put the storage system into the Storage Spaces Direct mode and do the following automatically:

  • Create a pool: Creates a single large pool that has a name like "S2D on Cluster1".

  • Configures the Storage Spaces Direct caches: If there is more than one media (drive) type available for Storage Spaces Direct use, it enables the fastest as cache devices (read and write in most cases)

  • Tiers: Creates two tiers as default tiers. One is called "Capacity" and the other called "Performance". The cmdlet analyzes the devices and configures each tier with the mix of device types and resiliency.

As the last step, we create a volume to store the VMs on using the New-Volume cmdlet as it provides the fastest and most straightforward experience. This single cmdlet automatically creates the virtual disk, partitions and formats it, creates the volume with matching name, and adds it to cluster shared volumes – all in one easy step.

Reference: Deploy Storage Spaces Direct on Windows Server





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2022 by cert2brain.com