AZ-801

AZ-801 Configuring Windows Server Hybrid Advanced Services exam is a hot Microsoft certification exam, Exam4Training offers you the latest free online AZ-801 dumps to practice. You can get online training in the following questions, all these questions are verified by Microsoft experts. If this exam changed, we will share new update questions.

Home » Microsoft » AZ-801
Certification Provider: Microsoft
Exam Name: Configuring Windows Server Hybrid Advanced Services
Exam Code: AZ-801
Official Exam Time: 120 mins
Number of questions in the Official Exam: 40-60 Q&As
Latest update time in our database: September 27,2023
AZ-801 Official Exam Topics:
  • Topic1 : Configure SmartScreen
  • Topic2 : Secure a hybrid Active Directory infrastructure / Manage account security on an RODC
  • Topic3 : Manage AD built-in administrative groups / Manage Windows Defender Firewall
  • Topic4 : Implement domain isolation / Secure Windows Server storage
  • Topic5 : Configure storage for failover clustering / Configure a floating IP address for the cluster
  • Topic6 : Implement and manage Storage Spaces Direct / Upgrade a Storage Spaces Direct node
  • Topic7 : Manage backups in Azure Recovery Services vault / Configure Site Recovery for Azure VMs
  • Topic8 : Protect virtual machines by using Hyper-V replicas / Configure VM replication
  • Topic9 : Migrate on-premises servers to Azure / Migrate workloads from previous versions to Windows Server 2022
  • Topic10 : Migrate IIS workloads to Azure / Monitor Windows Server by using Windows Server tools and Azure services
  • Topic11 : Monitor by using System Insights / Monitor Azure VMs by using Azure diagnostics extension
  • Topic12 : Troubleshoot booting failures / Troubleshoot VM connection issues
  • Topic13 : Restore objects from AD recycle bin /

What should you use to onboard the servers to Microsoft Sentinel?

Leave a comment

You have a Microsoft Sentinel deployment and 100 Azure Arc-enabled on-premises servers. All the Azure Arc enabled resources are in the same resource group.

You need to onboard the servers to Microsoft Sentinel. The solution must minimize administrative effort.

What should you use to onboard the servers to Microsoft Sentinel?
A . Azure Automation
B . Azure Policy
C . Azure virtual machine extensions
D . Microsoft Defender for Cloud

Answer: B

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arcpolicies-mma

Which type of Microsoft Sentinel data connector should you use to meet the security requirements?

Leave a comment

You are planning the deployment of Microsoft Sentinel.

Which type of Microsoft Sentinel data connector should you use to meet the security requirements?
A . Threat Intelligence – TAXII
B . Azure Active Directory
C . Microsoft Defender for Cloud
D . Microsoft Defender for Identity

Answer: D

Explanation:

Reference: https://docs.microsoft.com/en-us/defender-for-identity/cas-isp-legacy-protocols

Secure Windows Server on-premises and hybrid infrastructures

Which authentication method should you configure in a connection security rule?

Leave a comment

You have 10 servers that run Windows Server in a workgroup.

You need to configure the servers to encrypt all the network traffic between the servers. The solution must be as secure as possible.

Which authentication method should you configure in a connection security rule?
A . NTLMv2
B . pre-shared key
C . Kerberos V5
D . computer certificate

Answer: D

Explanation:

Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-authenticationrequest-rule

Which service should you use to enforce the security policy, and what should you use to manage the policy settings?

Leave a comment

HOTSPOT

You need to implement a security policy solution to authorize the applications. The solution must meet the security requirements.

Which service should you use to enforce the security policy, and what should you use to manage the policy settings? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview

What should you do?

Leave a comment

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant by using password hash synchronization. You have a Microsoft 365 subscription.

All devices are hybrid Azure AD-joined.

Users report that they must enter their password manually when accessing Microsoft 365 applications.

You need to reduce the number of times the users are prompted for their password when they access

Microsoft 365 and Azure services.

What should you do?
A . In Azure AD, configure a Conditional Access policy for the Microsoft Office 365 applications.
B . In the DNS zone of the AD DS domain, create an Autodiscover record.
C . From Azure AD Connect, enable single sign-on (SSO).
D . From Azure AD Connect, configure pass-through authentication.

Answer: C

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

Does this meet the goal?

Leave a comment

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a failover cluster named Cluster1 that hosts an application named App1.

The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)

The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)

Server1 shuts down unexpectedly.

You need to ensure that when you start Server1, App1 continues to run on Server2.

Solution: From the General settings, you move Server2 up.

Does this meet the goal?
A . Yes
B . No

Answer: B

Explanation:

Server1 and Server2 are both unticked so the order they are listed in has no effect on whether the cluster will fail back.

What should you do?

Leave a comment

DRAG DROP

You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.

The AD DS domain contains a domain controller named DC1. DC1 does NOT have internet access. You need to configure password security for on-premises users.

The solution must meet the following requirements:

Prevent the users from using known weak passwords.

Prevent the users from using the company name in passwords.

What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premisesdeploy

What is the effective minimum password length for User1 and Admin1?

Leave a comment

HOTSPOT

What is the effective minimum password length for User1 and Admin1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Box 1: 9

When multiple PSOs apply to a user, the PSO with the highest precedence (lowest precedence number)

applies which in this case is PSO1.

Box 2: 8

There are no PSOs applied to Admin1 so the password policy from the Default Domain GPO applies.

The Minimum password length setting in GPO1 would only apply to local user accounts on computers in OU1.

It does not apply to domain user accounts.

Does this meet the goal?

Leave a comment

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a failover cluster named Cluster1 that hosts an application named App1.

The General tab in App1 Properties is shown in the General exhibit. (Click the General tab.)

The Failover tab in App1 Properties is shown in the Failover exhibit. (Click the Failover tab.)

Server1 shuts down unexpectedly.

You need to ensure that when you start Server1, App1 continues to run on Server2. Solution: You increase Maximum failures in the specified period for the App1 cluster role..

Does this meet the goal?
A . Yes
B . No

Answer: B

Explanation:

The Maximum failures setting is used to determine when the cluster determines that a node is offline. It does not affect whether a cluster will fail back when a node comes online.

Which extension should you enable on the virtual machines?

Leave a comment

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have 50 Azure virtual machines that run Windows Server.

You need to ensure that any security exploits detected on the virtual machines are forwarded to Defender for Cloud.

Which extension should you enable on the virtual machines?
A . Vulnerability assessment for machines
B . Microsoft Dependency agent
C . Log Analytics agent for Azure VMs
D . Guest Configuration agent

Answer: A

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm