2024年05月本日更新されたAZ-800試験問題集PDF試験エンジン無料!
こちらには最新版のAZ-800リアル試験解答!
質問 # 83
You have a server named Server1 that has Windows Admin Center installed. The certificate used by Windows Admin Center was obtained from a certification authority (CA).
The certificate expires.
You need to replace the certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
Graphical user interface, text, application Description automatically generated with medium confidence
Reference:
https://www.starwindsoftware.com/blog/change-the-windows-admin-center-certificate
質問 # 84
You need to configure remote administration to meet the security requirements. What should you use?
- A. Azure AD Privileged Identity Management (PIM)
- B. the Remote Desktop extension for Azure Cloud Services
- C. just in time (JIT) VM access
- D. an Azure Bastion host
正解:C
解説:
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc
質問 # 85
You have on-premises servers that run Windows Server as shown in the following table.
You have an Azure file share named share1 that stores two files named File2.docx and File3.docx.
You create an Azure File Sync sync group that includes the following endpoints:
share
D:\Folder1 on Server1
D:\Datal on Server2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Graphical user interface, text, application, email Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-introduction
質問 # 86
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com and the servers shown in the following table.
You need to create a folder for the Central Store to manage Group Policy template files for the entire forest.
What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 87
You have a server named Server1 that has Windows Admin Center installed. The certificate used by Windows Admin Center was obtained from a certification authority (CA).
The certificate expires.
You need to replace the certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
1 - From Internet Information Services (IIS) Manager, bind a certificate.
2 - Copy the certificate thumbprint.
3 - Rerun Windows Admin Center Setup and select Change.
Reference:
https://www.starwindsoftware.com/blog/change-the-windows-admin-center-certificate
質問 # 88
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.
The contoso.local zone contains zone delegations for east.conloso.local and west.contoso.local.
All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: On Server2 and Server3, you configure a conditional forwarder for contoso.local.
Does this meet the goal?
- A. No
- B. Yes
正解:A
質問 # 89
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.
You need to configure DC3 to be the authoritative time server for the domain.
Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 90
You have a Windows Server container host named Server1.
You start the containers on Server1 as shown in the following table.
You need to validate the status of ProcessA and ProcessC.
Where can you verify that ProcessA and ProcessC are in a running state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 91
Your company has a main office and 10 branch offices that are connected by using WAN links. The network contains an Active Directory domain.
All users have laptops and regularly travel between offices.
You plan to implement BranchCache in the branch offices.
In each branch office, you install a server that runs Windows Server and the BranchCache feature. You register the servers in Active Directory.
You need to configure the laptops to use the local BranchCache server automatically. The solution must minimize administrative effort.
Which two Group Policy settings should you configure? To answer, select the settings in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 92
Hotspot Question
You have a Group Policy Object (GPO) named GPO1 that contains user settings only.
You plan to apply GPO1 to a global security group named Group1.
You link GPO1 to the domain, and you remove all the permissions granted to the Authenticated Users group.
You need to configure permissions for GPOI to meet the following requirements:
- GPO1 must apply only to the users in Group1.
- The solution must use the principle of least privilege.
Which permissions should you grant to Group1 and the Domain Computers group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Permissions for Group1 should be "Apply group policy and Read" and for Domain Computers correct permissions are "Read only". When you choose "Read only"for Group1 GPO will not be applied for members of Group1. You shouldn't choose "Apply group policy" specific permission for Domain Computers group, because this GPO is not designed for this group, but this group have to have Read specific permission.
質問 # 93
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
The network contains the servers shown in the following table.
You plan to implement IP Address Management (IPAM).
You need to use the Group Policy based provisioning method for managed servers. The solution must support server discovery.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 94
Your company has offices in Boston and Montreal. The offices are connected by using a 10-Mbps WAN link that is often saturated The office in Boston contains the following:
* An Active Directory Domain Services (AD DS) domain controller named DC1.
* A server named Server1 that runs Windows Server and has the File Server role installed The office in Montreal contains 20 client computers that run Windows 10 Montreal does NOT have any servers.
The company plans to deploy a new line of business (LOB) application to all the client computers. The installation source files for the application are in \\Server\Apps.
正解:
解説:
Explanation
質問 # 95
You have a server named Server1 that hosts Windows containers.
You plan to deploy an application that will have multiple containers. Each container will be on the same subnet. Each container requires a separate MAC address and IP address. Each container must be able to communicate by using its IP address.
You need to create a Docker network that supports the deployment of the application.
Which type of network should you create?
- A. transparent
- B. I2bridge
- C. NAT
- D. I2tunnel
正解:A
解説:
Transparent network driver
Containers attached to a network created with the 'transparent' driver will be directly connected to the physical network through an external Hyper-V switch. IPs from the physical network can be assigned statically (requires user-specified --subnet option) or dynamically using an external DHCP server.
L2bridge network driver
Containers attached to a network created with the 'l2bridge' driver will be connected to the physical network through an external Hyper-V switch. In l2bridge, container network traffic will have the same MAC address as the host due to Layer-2 address translation (MAC re-write) operation on ingress and egress. In datacenters, this helps alleviate the stress on switches having to learn MAC addresses of sometimes short-lived containers. L2bridge networks can be configured in 2 different ways
https://docs.microsoft.com/en-us/virtualization/windowscontainers/container-networking/network- drivers-topologies
質問 # 96
You have a disaggregated cluster deployment. The deployment contains a scale-out file server (SOFS) cluster that runs Windows Server and a compute duster that has the Hyper-V role enabled.
You need to implement Storage Quality of Service (QoS). The solution must ensure that you can control the bandwidth usage between the SOFS cluster and the Hyper-V cluster.
Which cmdlet should you run on each cluster? To answer, drag the appropriate cmdlets to the correct clusters. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 97
You need to meet the technical requirements for Server4.
Which cmdlets should you run on Server1 and Server4? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://4sysops.com/wiki/enable-powershell-remoting/
質問 # 98
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a server named Server1 that has the DFS Namespaces role service installed. Server! hosts a domain-based Distributed File System (DFS) Namespace named Files.
The domain contains a tile server named Server2. Seiver2 contains a shared folder named Share1. Share1 contains a subfolder named Folder 1.
In the Files namespace, you create a folder named Folder! that has a target of \\Server2.contoso.com\Share1\Folder1.
You need to configure a logon script that will map drive letter M to Folder1. The solution must use the path of the DFS Namespace.
How should you complete the command to map the drive letter? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 99
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure AD Connect.
The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1.
You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared You need to create a security group that meets the following requirements:
* Can contain users from the AD DS domain
* Can be used to authorize user access to share 1 and share2
What should you do?
- A. in the Azure AD Tenant create a security group that has dynamic membership.
- B. in the Azure AD tenant create a security group that has assigned membership
- C. in the AD DS domain, create a universal security group
- D. in the Azure AD tenant create a Microsoft 365 group
正解:C
質問 # 100
Case Study 2 - Contoso, Ltd
Overview
Contoso, Ltd. is a company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.
Existing Environment
AD DS Environment
The network contains an on premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains two domains named contoso.com and canada.contoso.com.
The forest contains the domain controllers shown in the following table.
All the domain controllers are global catalog servers.
Server infrastructure
The network contains the servers shown in the following table.
A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Server4 uses the private profile.
Server2 hosts three virtual machines named VM1, VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.
Existing Identities
The forest contains the users shown in the following table.
The forest contains the groups shown in the following table.
Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
Change the replication schedule for all site links to 30 minutes.
Promote Server1 to a domain controller in canada.contoso.com.
Install and authorize Server3 as a DHCP server.
Ensure that User1 can manage the membership of all the groups in Contoso\OU3.
Ensure that you can manage Server4 from Server1 by using PowerShell remoting.
Ensure that you can run virtual machines on VM1.
Force users to provide credentials when they connect to VM2.
On VM3, ensure that Data Deduplication on all volumes is possible.
Question
Hotspot Question
Which groups can you add to Group3 and Group5? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Group 3 = Group 1, 2 4 and 5 only. Domain-Local groups can contain members from the "forest".
Group 5 = Group 4 only. Global groups can only contain Users, Computers and Global groups from the "same" domain.
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active- directory-security-groups
質問 # 101
You plan to deploy an Azure virtual machine that will run Windows Server.
You need to ensure that an Azure Active Directory (Azure AD) user [email protected] can connect 10 the virtual machine by using the Azure Serial Console.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview
質問 # 102
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations Master.
Does this meet the goal?
- A. No
- B. Yes
正解:A
質問 # 103
You plan w deploy an Azure virtual machine that win run Windows Server. The virtual machine will host an Active Directory Domain Services (AD DS) domain controller and a drive named f: on a new virtual disk.
You need to configure storage foe the virtual machine. The solution must meet the following requirements
* Maximize resiliency for AD DS.
* Prevent accidental data loss.
How should you configure the storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 104
You deploy a new Active Directory Domain Services (AD DS) forest named contoso.com. The domain contains three domain controllers named DC1, DC2, and DC3.
You rename Default-First-Site-Name as Site1.
You plan to ship DC1, DC2, and DC3 to datacenters in different locations.
You need to configure replication between DC1, DC2, and DC3 to meet the following requirements:
Each domain controller must reside in its own Active Directory site.
The replication schedule between each site must be controlled independently.
Interruptions to replication must be minimized.
Which three actions should you perform in sequence in the Active Directory Sites and Services console? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
1 - Create two additional sites named Site2 and Site3. Move DC2 to Site2 and DC3 to Site3.
2 - Create a connection object between DC1 and DC2.
3 - Create a connection object between DC2 and DC3.
質問 # 105
You need to ensure that VM3 meets the technical requirements.
What should you install first?
- A. File Server Resource Manager (FSRM)
- B. Enhanced Storage
- C. Windows Standards-Based Storage Management
- D. the iSNS Server service
正解:A
質問 # 106
You have an Azure subscription named sub! and 503 on-premises virtual machines that run Windows Server.
You plan to onboard the on-premises virtual machines to Azure Arc by running the Azure Arc deployment script You need to create an identity that mil be used by the script to authenticate access to sub1. The solution must use the principle of least privilege.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 107
......
材料 From:
- 2024年最新の AZ-800試験問題集で(PDFとテストエンジン)無料提供:https://www.goshiken.com/Microsoft/AZ-800-mondaishu.html
- 2024年最新のAZ-800のPDF試験問題集で無料提供:https://drive.google.com/open?id=1vgh-lpHTzq46CLTQO27tNWh2jcESdxfs
無料材料を提供しております!お客様の全試験合格を助けます!