Microsoft (AZ-800) Exam Dumps 2022
Microsoft (AZ-800) Exam Dumps 2022
Visit Official SkillCertPro Website :-
For a full set of 280+ questions. Go to
https://skillcertpro.com/product/microsoft-az-800-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
Fill in the blank to complete the sentence.
For ________ authentication, the Application Proxy connectors utilize KCD (Kerberos Constrained Delegation) to authenticate the users to the Kerberos application.
A. Header-based authentication
B. Forms- or password-based authentication
C. SAML authentication
D. Integrated Windows Authentication (IWA)
Answer: D
Explanation:
For IWA(Integrated Windows Authentication), the Application Proxy connectors utilize Kerberos Constrained Delegation to authenticate users to the Kerberos application.
Option A is incorrect. This sign-on method utilizes a third-party authentication service known as PingAccess and is utilized when the headers are used by the applications for authentication.
Option B is incorrect. In this authentication method, the users sign on to the app with a username and password for the 1st time they access it.
Option C is incorrect. This type of authentication is supported for apps that utilize either SAML 2.0 or WS-Federation protocols.
Option D is correct. For IWA, the Application Proxy connectors utilize KCD to authenticate users to the Kerberos application.
Reference:
To know more about using Azure AD Application Proxy to publish on-premises apps for remote users, please visit the below-given link:
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy
Question 2:
You’ve recently joined an organization as an administrator and your manager has asked you to deploy Azure file shares on HDD based hardware. Which of the following storage accounts would you use to deploy Azure file shares on standard/hard disk-based (HDD-based) hardware?
A. FileStorage storage accounts
B. General purpose version 2 (GPv2) storage accounts
C. BlockBlobStorage accounts
D. BlobStorage storage accounts
Answer: B
Explanation:
General purpose version 2 (GPv2) storage accounts allow you to deploy Azure file shares on standard/hard disk-based (HDD-based) hardware. Additionally, GPv2 storage accounts can also store other storage resources like blob containers, tables or queues.
Option A is incorrect. FileStorage storage accounts allow the users to deploy Azure file shares on premium/solid-state disk-based (SSD-based) hardware.
Option B is correct. General purpose version 2 (GPv2) storage accounts allow you to deploy Azure file shares on standard/hard disk-based (HDD-based) hardware.
Option C is incorrect. BlockBlobStorage accounts cant contain Azure file shares.
Option D is incorrect. BlobStorage storage accounts cant contain Azure file shares.
Reference:
To know more about Planning for an Azure File Sync deployment, please visit the below-given link:
Question 3:
Cross-tenant object replication is by default allowed for a storage account. But you want to prevent replication across tenants. Which of the following properties would you set to false to disallow cross-tenant object replication for your storage accounts?
A. AllowCrossTenantReplication property
B. AllowCrossTenantObjectsReplication property
C. AllowReplication Property
D. AllowTenantReplication Property
Answer: A
Explanation:
For preventing object replication across Azure AD tenants, AllowCrossTenantReplication property for the storage account should be set to false. If a storage account doesn‘t currently participate in any cross-tenant object replication policy, then setting the AllowCrossTenantReplication property to false will prevent future configuration of cross-tenant object replication policies with this storage account as the destination or source.
Option A is correct. It is the AllowCrossTenantReplication property that should be set to false to disallow cross-tenant object replication for your storage accounts.
Option B is incorrect. AllowCrossTenantObjectsReplication is not a valid property to set.
Option C is incorrect. AllowReplication Property is not the right property to be set to false.
Option D is incorrect. AllowTenantReplication is not a valid property.
References:
To know more about object replication for block blobs, please visit the below-given link:
https://docs.microsoft.com/en-us/azure/storage/blobs/object-replication-configure
Question 4:
You have been hired as the networking administrator in Whizlabs company. There is one user account that is required to be moved very often between the Sales & Marketing groups. But you notice that the changes aren‘t working. Which of the following Flexible Single Master Operation (FSMO) roles might be responsible?
A. Infrastructure Master Role
B. Domain Naming Master Role
C. Schema Master Role
D. RID Role
Answer: A
Explanation:
The Infrastructure Master role should be held by a Domain Controller that isnt a Global Catalog server (GC). If the IM role runs on a GC server it will halt updating object information because it doesnt have any references to objects that it doesnt hold.
Additionally, the Infrastructure master doesnt make changes often.
Option A is correct. As Infrastructure Master Role doesn‘t make changes often, it might be responsible for the said issue in the scenario.
Option B is incorrect. Domain Naming Master Role cant be responsible for the said issue.
Option C is incorrect. Infrastructure Master role, not Schema Master Role might be the possible reason.
Option D is incorrect. RID role is not the right answer.
References:
To know more about various FSMO Roles, please visit the below-given links:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles
Question 5:
You are chairing a team session where you are discussing with your team members important points to be considered while deploying AD domain controllers in Azure. In between, will you suggest your team members to shut down an AD domain controller VM through the Azure portal?
A. Yes
B. No
Answer: B
Explanation:
It is always advised not to use Azure portal to turn off the AD domain controller virtual machine. However, you can use the guest operating system to turn off and start again. If you use the Azure portal to turn off the AD domain controller virtual machine, it will delicate the Azure VM, which will reset both VM invocationID and GenerationID of the Active Directory repository.
It further results in discarding the Azure Directory Domain Services RID (Relative Identifier) pool. It also non-authorize the sysvol folder. You may even need to reconfigure the whole domain controller.
Reference:
To know more about deploying AD DS in an Azure virtual network, please visit the below-given link:
For a full set of 280+ questions. Go to
https://skillcertpro.com/product/microsoft-az-800-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
Which of the following cmdlet would you use in PowerShell to domain-join a VM without connecting to it and manually configuring the connection?
A. Set-AzVmAdDomainConfig
B. Set-AzVmAdDomainExtension
C. Set-AzVmConnectDomainExtension
D. Set-AzVmAdDomainManualConfig
Answer: B
Explanation:
To domain-join a VM without connecting to it and manually configuring the connection, you can utilize the Set-AzVmAdDomainExtension Azure PowerShell cmdlet.
Option A is incorrect. Set-AzVmAdDomainConfig is not a valid cmdlet for the said purpose.
Option B is correct. Set-AzVmAdDomainExtension is used to domain-join a VM without connecting to it and manually configuring the connection.
Option C is incorrect. Set-AzVmConnectDomainExtension is not the right cmdlet.
Option D is incorrect. Set-AzVmAdDomainManualConfig cant be used to domain-join a VM without connecting to it and manually configuring the connection.
Reference:
To know more about joining a Windows Server VM to an Azure AD Domain Services managed domain, please visit the below-given link:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm
Question 7:
Your company network is made up of 2 on-premises AD forests named powlene.com and marico.com. Forest powlene.com has 1 domain and 5 domain controllers (DCs) while marico.com consists of the domains as demonstrated in the table below.
Name Number of Domain Controllers
Marico.com 2
East.marico.com 3
West.marico.com 3
You have been tasked to synchronize users from powlene.com and marico.com to a common Azure Active Directory tenant through Azure Active Directory Connect.
How many Azure Active Directory Connect sync servers would you need (at least) to perform the task?
A. 8
B. 4
C. 3
D. 2
E. 1
Answer: E
Explanation:
You can have only 1 active Azure Active Directory Connect server synchronizing accounts to a common Azure Active Directory tenant. You can have backup Azure Active Directory Connect servers, but they must be running in staging mode.
When there are multiple forests, it must be possible to reach all the forests by a common Azure AD Connect sync server. This server needs to be linked to a specific domain. If required, the server can be placed in a secure network, so it will allow reaching all the forests.
Option A is incorrect. At a minimum, there is a need for only 1 Azure Active Directory Connect sync server.
Option B is incorrect. 1 Azure Active Directory Connect sync server would be enough to perform the task.
Option C is incorrect. At a minimum, there is a need for only 1 Azure Active Directory Connect sync server.
Option D is incorrect. You can have only 1 active Azure Active Directory Connect server synchronizing accounts to a common Azure Active Directory tenant. Also, you can have backup Azure AD Connect servers, but they must be running in staging mode.
Option E is correct. 1 Azure Active Directory Connect sync server would be enough to perform the task.
Reference:
To know more about various topologies for Azure Active Directory Connect, please visit the below-given link:
Question 8:
Which of the following tools helps the users in identifying and remediating the object synchronization errors or issues like malformed or duplicate proxyAddresses and userPrincipalName in the Active directory?
A. ADModify.NET tool
B. Repadmin.exe tool
C. Dsdiag.exe tool
D. Microsoft 365 IdFix tool
Answer: D
Explanation:
The Microsoft 365 IdFix tool allows the users to identify and remediate the common object synchronization errors including general like malformed or duplicate proxyAddresses and userPrincipalName in Active Directory. You can choose the Organizational units that you expect IdFix to check, and the common errors can be fixed within the tool itself.
Option A is incorrect. For errors like format issues, changes can be made to particular attributes object-by-object by utilizing either ADSIEdit or Advanced Mode in AD computers and users.
Option B is incorrect. Repadmin.exe tool is used for analyzing and reporting the replication.
Option C is incorrect. Dsdiag.exe tool is another tool that helps in analyzing and reporting the replication.
Option D is correct. The Microsoft 365 IdFix tool allows the users to identify and remediate the common object synchronization errors including general like malformed or duplicate proxyAddresses and userPrincipalName in Active Directory.
Reference:
To know more about Active Directory health-check tools, please visit the below-given link:
Question 9:
The IT department in Contoso is deploying a new version of MS Office in their on-premises environment. The administrator desires to configure the settings with GPOs for Office. What should they do?
A. Download and install new .adml files and then configure the desired settings in the Administrative Templates node in the appropriate GPO
B. Download and install new .admx files and then configure the desired settings in the Administrative Templates node in the appropriate GPO
C. Download and install new administrative template files and then configure the desired settings in the Administrative Templates node in the appropriate GPO
D. Copy the content of the Windows\PolicyDefinitions folder to the Central Store
Answer: C
Explanation:
Administrative templates can be used to control the environment of an operating system(OS) and the user experience. Two available sets of administrative templates are computer-related settings and user-related settings. Administrative template files offer most of the available GPO settings, which change particular registry keys.
Option A is incorrect. .adml files store only language-specific information and don‘t directly deal with GPO settings.
Option B is incorrect. The .admx files are language-neutral and don‘t directly deal with GPO settings.
Option C is correct. Downloading and installing new administrative template files and then configuring the desired settings in the Administrative Templates node in the appropriate GPO is the right solution. You must update the .admx and .adml files together.
Option D is incorrect. Although a Central Store makes managing Administrative Templates easier, administrators still need updated template files.
References:
To know more about administrative templates, please visit the below-given links:
Question 10:
You need to add some virtual machines in the VNet and in consideration of that, you want to ensure that WinRM is running on the target VM. Which of the following commands would you run on the target VM to ensure that?
A. winrm noconfig
B. winrm VMconfig
C. winrm targetVM
D. winrm quickconfig
Answer: D
Explanation:
In order to add other virtual machines in the VNet, you should ensure WinRM is running on the target VMs by running the below cmdlet in PowerShell or the command prompt upon the target VM
winrm quickconfig
Option A is incorrect. winrm noconfig is not the right command to be run.
Option B is incorrect. Running winrm VMconfig wont help in ensuring that WinRM is running on the target VM.
Option C is incorrect. winrm targetVM is not the valid command.
Option D is correct. winrm quickconfig is the right command that is used to ensure that WinRM is running on the target VMs.
Reference:
To know more about manually deploying Windows Admin Center in Azure for managing multiple servers, please visit the below-given link:
For a full set of 280+ questions. Go to
https://skillcertpro.com/product/microsoft-az-800-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.