Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

AZ-800: Administering Windows Server Hybrid Core Infrastructure ALL SOLUTION 2025 EDITTION GUARANTEED GRADE A+

Rating
-
Sold
-
Pages
36
Grade
A+
Uploaded on
14-01-2025
Written in
2024/2025

AZ-800: Administering Windows Server Hybrid Core Infrastructure ALL SOLUTION 2025 EDITTION GUARANTEED GRADE A+ Which PowerShell command could you use to add a user? -Get-ADUser -New-ADUser -Set-ADUser New-ADUser - Use this cmdlet to create a new user account. What scope of group can be assigned permissions anywhere in an AD DS forest and can have members from anywhere in the forest? -Global -Universal -Domain local Universal - Universal groups can be granted permissions anywhere in the forest, and can contain members from anywhere in the forest. What type of trust relationship is automatically created between the domains C and Seattle.C? -A parent and child two-way transitive trust -A tree-root trust -A Shortcut trust A parent and child two-way transitive trust -When you create a child domain in a forest, a two-way transitive trust is established between the parent and child domain automatically. Which of the following is a built-in container in an AD DS domain that can hold computer accounts? -The Domain Controllers OU -The IT OU -System The Domain Controllers OU - Although the Domain Controllers OU is an OU, it is created by default and is therefore built in. What tool allows the transfer of the Infrastructure Master operations master role? -Active Directory Users and Computers -Active Directory Domains and Trusts -Active Directory Schema Active Directory Users and Computers - You can use Active Directory Users and Computers to transfer all the domain-level masters roles. Which tool can you use to trigger an AD DS schema update? -ADSI.MSC -Active Directory Schema console -Active Directory Users and Computers console ADSI.MSC - In the ADSI.MSC console, you can right-click or access the context menu on the Schema container, and then select Update Schema now. This will trigger an update. When deploying the first domain controller in a forest by running the Active Directory Domain Services Configuration Wizard, which of the following options is configured by default? -RODC -Global catalog -DNS name Global catalog -This option is selected by default for the first domain controller in a forest. What does the global catalog contain? -A copy of all objects and their attributes from all domains in an AD DS forests -A copy of all objects and some of their attributes from all domains in an AD DS forest -A copy of all objects and all their attributes from all domains in an AD DS forest A copy of all objects and some of their attributes from all domains in an AD DS forest - The global catalog contains the subset of attributes that are most likely to be useful in cross-domain searches. Which of the following operations master is a forest-level operations master? -Infrastructure -Domain naming -RID Domain naming - Domain naming master is a forest-level operations master. In the C domain, in the Marketing OU, an administrator creates a GPO called Folder Redirection. The administrator wants the policy to apply to all users in the Marketing OU, except for the Marketing managers. What should the administrator do to prevent the Folder Redirection GPO from applying to the managers, but allow all other GPOs linked to the Marketing OU to apply to the managers? -Create a WMI filter that identifies the managers' computers and use that filter to Deny the application of the GPO to the managers. -Move the marketing manager user accounts to their own child OU in Marketing, and then implement Block Inheritance on the child OU. -Create a global security group called Marketing Managers and add the marketing manager user accounts to the group. Then configure GPO security filtering to Deny the Apply Policy permission to this group. Create a global security group called Marketing Managers and add the marketing manager user accounts to the group. Then configure GPO security filtering to Deny the Apply Policy permission to this group. - You can use security filtering to allow or deny the application of a GPO to specific users or groups. In A, there are two sites: London and Windsor. A single GPO (called London settings) is linked to London and another (Windsor settings) is linked to Windsor. In addition, there are two GPOs linked to the A domain: The Default Domain GPO (which is Enforced) and a further policy: Adatum Folder Redirection (which has a link order value of 2). The Sales OU has a linked GPO called Sales Desktop settings. A user in the Sales department based in Windsor, whose user account and computer account reside in the Sales OU, is experiencing problems with settings on their computer. An administrator decides to investigate. The administrator suspects that there are conflicting settings in the various GPOs that apply to the user and their computer. Which GPO's settings take precedence? -The Default Domain GPO -The Windsor settings GPO -The Sales Desktop settings GPO The Default Domain GPO -This policy takes precedence because it is Enforced. Which of the following options contains the GPO settings? -The Group Policy container -The Group Policy template The Group Policy template - The Group Policy template contains the Group Policy settings. The IT department in Adatum is deploying a new version of Microsoft Office in their on-premises environment. The administrator wants to configure settings with GPOs for Office. What should they do? -Download and install new .adml files and then configure the desired settings in the Administrative Templates node in the appropriate GPO. -Copy the content of the WindowsPolicyDefinitions folder to the Central Store. -Download and install new administrative template files and then configure the desired settings in the Administrative Templates node in the appropriate GPO. Download and install new administrative template files and then configure the desired settings in the Administrative Templates node in the appropriate GPO. - You must update the .admx and .adml files together. Which tool can be used to create, list, and delete a custom application partition? -ntdsutil -netdom -disk part ntdsutil - You can use ntdsutil to create, list, and delete a custom application partition. What functionality does the transitivity of a two-way forest trust provide? -If you create a forest trust between Forest 1 and Forest 2 and you create a forest trust between Forest 2 and Forest 3, Forest 1 implicitly trusts Forest 3. -All domains in both trusted forests trust each other. -All users in the trusted forest can authenticate for services and access on all computers in the trusting forest. All domains in both trusted forests trust each other. - When creating a trust, you specify the root domain of each forest. However, because forest trusts are transitive for all domains in each forest, you effectively establish a trust between each pair of domains across both forests. How should a trust between an ESAE forest and a production forest be configured? -One-way with forest-wide authentication and the ESAE forest trusting the production forest -One-way with selective authentication and the production forest trusting the ESAE forest -One-way with the forest-wide authentication and the production forest trusting the ESAE forest One-way with selective authentication and the production forest trusting the ESAE forest -The ESAE forest model uses one-way trust with selective authentication and the production forest trusting the ESAE forest. Which of the following tools can be used to monitor and troubleshoot AD DS replication? -N -D -N D -D supports several tests that allow you to monitor and troubleshoot replication. Which of the following statements about Azure AD is true? -Azure AD implements the same authentication protocols as on-premises AD DS. -Azure AD is essentially on-premises AD DS in the cloud. -Azure AD users and groups are created in a flat structure. Azure AD users and groups are created in a flat structure. - Azure AD users and groups are created in a flat structure, and there are no OUs or GPOs. 2. Contoso IT staff have set up Azu Contoso IT staff have set up Azure AD Connect and are beginning to synchronize accounts. Maria in IT finds a new user account in Azure AD that has been created by the Azure AD Connect process. Which of the following accounts would Maria have found? -Maria found an account called MSOL_c778af008d92. -Marie found an account called Sync_CONTOSO- . -Maria found an account called AAD_c778af008d92. Marie found an account called . -. An account with the prefix Sync is created in Azure AD as part of the Azure AD Connect setup. Which of the following sign-in methods is NOT available for Contoso IT staff to combine with Seamless SSO? -Password Hash Synchronization. -AD FS. -Pass-through authentication. AD FS. -You can combine Seamless SSO with both Password Hash Synchronization and Pass-Through Authentication, but not AD FS. When planning to implement Azure AD DS, which of the following statements are true? -It's possible to extend the schema for the Azure AD DS domain. -Nested OUs are supported. -It's not possible to target OUs with built-in GPOs. It's not possible to target OUs with built-in GPOs. - Additionally, you cannot use WMI filters or security-group filtering. Which role from the following groups in an Azure AD DS domain can administer DNS on the managed domain, create and administer custom OUs on the managed domain, and administer computers joined to the managed domain? -AAD DC Administrators. -Enterprise Admins. -Administrators. AAD DC Administrators. - Members of the AAD DC Administrators group are granted administrator privileges on the Azure AD DS-managed domain. Which of the following tasks can Azure AD DS domain administrators perform? -Add domain controllers to the managed domain. -Configure the built-in GPO for the AADDC Computers and AADDC Users containers in the managed domain. -Connect to domain controllers for the managed domain using Remote Desktop. Configure the built-in GPO for the AADDC Computers and AADDC Users containers in the managed domain. - Administrators, that is, members of the AAD DC Administrators group, can also create and administer custom OUs on both the managed domain and administer computers joined to the managed domain. Contoso want to deploy an LDAP-aware LOB application in Azure. Which of the following deployment models best suits this scenario? -Deploy a separate AD forest that's trusted by domains in their on-premises AD forest. -Deploy AD DS only on an Azure VM. -Deploy AD DS in an on-premises infrastructure and on an Azure VM. Deploy AD DS in an on-premises infrastructure and on an Azure VM. -This scenario is common for apps that are LDAP-aware and that support Windows-integrated authentication. When planning deployment for AD domain controllers in Azure, how can an administrator at Contoso control Active Directory replication? -They must establish the appropriate trust relationships. -They must configure sites in AD DS. -Configure a static IP address for each VM. They must configure sites in AD DS. -They must configure sites in AD DS so that they can control replication traffic between the on-premises and Azure-based domain controllers. Which of the following options reduces the amount of egress traffic when deploying AD domain controllers in Azure? -Active Directory sites. -Add trust relationships. -Read-only domain controllers. Read-only domain controllers. -RODCs reduce the amount of egress traffic and the resulting Azure service charges. Because changes to directory objects are not allowed on RODCs, replication of directory objects from RODCs to other domain controllers don't occur. An administrator at Contoso must create a user account in the C domain. Which of the following group memberships enable the administrator to perform the task without exceeding the required privilege? -The administrator should sign in using an account that belongs to Enterprise Admins. -The administrator should sign in using an account that belongs to the local Administrators group. -The administrator should sign in using an account that belongs to the domain local Account Operators group. The administrator should sign in using an account that belongs to the domain local Account Operators group. - Members of the the domain local Account Operators group can add user accounts in the local domain. One of the administrators in Contoso IT wants to delegate computer management to a small team in IT support. The computers are all in the Sales department, and their accounts reside in the Sales OU. Adhering to best practice, how should the administrator proceed? -Create a group for the sales computer management team, and then create a custom task delegation for that team on the Sales OU. The custom task will be for Computer objects. -Create a group for the sales computer management team, and then create a common task delegation for that team on the Sales OU. -Create a custom task delegation for the users in the sales computer management team on the Sales OU. The custom task will be for Computer objects. Create a group for the sales computer management team, and then create a custom task delegation for that team on the Sales OU. The custom task will be for Computer objects. - This approach adheres to best practices. Which Windows 10 Enterprise feature helps to protect user credentials during the sign in process, and what is needed to enable this feature? -Windows Defender Credential Guard provides this protection. To implement Windows Defender Credential Guard, you require the Hyper-V feature, and ideally a TPM and Unified Extensible Firmware Interface (UEFI) lock. -Windows Defender Device Guard provides this protection. To implement Windows Defender Device Guard, you require the Hyper-V feature, Secure boot, and ideally a TPM and UEFI lock. -Windows Defender Credential Guard provides this protection. To implement Windows Defender Credential Guard, you require the Hyper-V feature, Secure boot, and ideally a TPM and UEFI lock. Windows Defender Credential Guard provides this protection. To implement Windows Defender Credential Guard, you require the Hyper-V feature, Secure boot, and ideally a TPM and UEFI lock. - A TPM and UEFI lock are optional, but recommended. An administrator wants to increase security by adjusting the default behavior of the UAC elevation prompt for standard users. Which of the following values in Group Policy would be appropriate to adjust to achieve this objective? -The administrator must change the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting. They must choose the option: Prompt for credentials. -The administrator must change the User Account Control: Behavior of the elevation prompt for standard users setting. They must choose the option: Automatically deny elevation requests. -The administrator must change the User Account Control: Behavior of the elevation prompt for standard users setting. They must choose the option: Prompt for credentials. The administrator must change the User Account Control: Behavior of the elevation prompt for standard users setting. They must choose the option: Automatically deny elevation requests. - This is the most secure setting for standard user accounts. An administrator creates a custom delegation using the Delegation of Control Wizard. The administrator delegates the Sales group administrative rights on computer objects in the Sales OU. Specifically, the group is granted Create selected objects in folder and Delete selected objects in folder, plus Full Control of computer objects. Later, the administrator wants to modify these delegated permissions. What must they do? -The administrator must run the Delegation of Control Wizard again, and this time, assign Deny permissions. Deny overrides Allow permissions. -The administrator must run the Delegation of Control Wizard again, and this time, choose the newly delegated permissions. -The administrator must review the security settings on the Sales OU by enabling Advanced Features in Active Directory Users and Computers. Then, they must review the advanced security settings for the OU. The administrator must review the security settings on the Sales OU by enabling Advanced Features in Active Directory Users and Computers. Then, they must review the advanced security settings for the OU. - The administrator must edit or remove the permissions created by the delegation, and then, if necessary, rerun the Delegation of Control Wizard. An administrator at Contoso is implementing a jump server configuration to improve security. They decide to virtualize the jump server and install the required administrative tools on that VM. What else should this administrator do? -The administrator should also configure a PAW. They should then move the jump server VM to this PAW. -The administrator should also configure a PAW. They should then configure MFA to connect to their jump server VM from their PAW. -The administrator doesn't need to complete any additional tasks. The administrator should also configure a PAW. They should then configure MFA to connect to their jump server VM from their PAW. -This solution provides a robust security framework for administrative tasks. Using Windows Admin Center, an administrator connects to the domain controller, SEA-DC1. The administrator wants to add a new user account to the C AD DS domain. Which of the following procedures would not work? -In Windows Admin Center, connect to SEA-DC1 and then, in the navigation pane, select Active Directory. Select Create, then select User. Enter the required details and then select Create. -In Windows Admin Center, connect to SEA-DC1 and then, in the navigation pane, select Local users & groups. Select Create, then select User. Enter the required details and then select Create. -In Windows Admin Center, connect to SEA-DC1 and then, in the navigation pane, select PowerShell. After signing in, use the New-ADUser cmdlet to create a new user. In Windows Admin Center, connect to SEA-DC1 and then, in the navigation pane, select Local users & groups. Select Create, then select User. Enter the required details and then select Create. -This is the right answer because you cannot use the Local users & groups node when connected to a domain controller. In addition, local users are not domain users. What cmdlet can be run on a remote Windows Server computer to enable PowerShell remoting? -Enable-PSRemoting. -New-PSSession. -Enter-PSSession. Enable-PSRemoting. - You use the Enable-PSRemoting cmdlet to enable Windows Remote Management firewall exceptions and enable the WinRM listener service. Which port is used by the Windows Admin Center site by default? -TCP 6516 -TCP 80 -TCP 443 TCP 6516 -This is the default port for the Windows Admin Center website. However, you can change it during installation or subsequently. An administrator has setup a standalone Windows 10 Enterprise computer in a workgroup as an administrative workstation. The administrator intends to use Windows PowerShell remoting to manage remote Windows Servers in the C domain. The administrator is unable to establish a remote Windows PowerShell connection to the domain controller SEA-DC1. Assuming that all default settings have been applied, which of the following is the reason for this failure to connect? -The administrator must enable remoting on the Windows 10 computer by running Enable-PSremoting -force. -The administrator must enable remoting on the Windows Server domain controller computer SEA-DC1 by running Enable-PSremoting -force. -The administrator must add the SEA-DC1 computer as a trusted host by using the Set-Item WSMan:localhostClientTrustedHosts -Value 'SEA-DC1.C' command. The administrator must add the SEA-DC1 computer as a trusted host by using the Set-Item WSMan:localhostClientTrustedHosts -Value 'SEA-DC1.C' command. -Because the Windows 10 computer is not part of the domain, Kerberos authentication cannot be used. Therefore the administrator must configure the target server as a trusted host. An administrator wants to reconfigure the properties of some users in the Marketing OU of the C domain. The administrator decides to use Windows PowerShell. Which of the following cmdlets would the administrator use to make changes? -Get-ADuser -Set-ADuser -New-ADuser Set-ADuser - This cmdlet is used to commit changes to the selected objects. An administrator at Contoso wants to connect to SEA-DC1 using Remote Desktop. The administrator can successfully connect to SEA-DC1 using Server Manager and also Windows Admin Center. However, when they open Remote Desktop Connection and enter the computer name and user credentials, the connection fails. What does the administrator need to do? -The administrator must use the computer SEA-DC1's IP address to connect . -On SEA-DC1, the administrator should use Sconfig and select option 7, and enable Remote Desktop. -On SEA-DC1, the administrator should use Sconfig and select option 8, and reconfigure Network Settings. On SEA-DC1, the administrator should use Sconfig and select option 7, and enable Remote Desktop. Which component in DSC is responsible for applying the desired configuration to the target computer? -Configurations -LCM -Resources LCM - The LCM is the engine that DSC uses to apply the configurations. An administrator at Contoso is using answer files to configure server settings during deployment. In which section of the answer file should the administrator define the Windows Server roles and features that should be deployed? -Components -Packages Packages - This section defines the packages that are used to distribute updates, service packs, and language packs, and also Windows roles and features. When using Windows Admin Center, when might an administrator choose to configure trusted hosts? -When the Windows Admin Center workstation is not in the same AD DS forest as the resources it manages. -When the Windows Admin Center workstation is in the same AD DS forest as the resources it CONTINUED...

Show more Read less
Institution
AZ-800: Administering Windows Server Hybrid Core I
Course
AZ-800: Administering Windows Server Hybrid Core I











Whoops! We can’t load your doc right now. Try again or contact support.

Written for

Institution
AZ-800: Administering Windows Server Hybrid Core I
Course
AZ-800: Administering Windows Server Hybrid Core I

Document information

Uploaded on
January 14, 2025
Number of pages
36
Written in
2024/2025
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$12.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
Allan100 Rasmussen College
View profile
Follow You need to be logged in order to follow users or courses
Sold
648
Member since
5 year
Number of followers
605
Documents
3226
Last sold
1 month ago

3.5

92 reviews

5
36
4
17
3
15
2
5
1
19

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions