Microsoft AZ-800 Exam Questions Instant Access

Question 1

SIMULATION

Task 5

You have an application that is copied to a folder named C:\app on SRV1. C:\app also contains also a Dockerfile for the app.

On SRV1. you need to create a container image for the application by using the Dockerfile. The container image mutt be named app1.

ASee the solution of this Task below

Answer : A

Explore

To create a container image named app1 for your application using the Dockerfile in the C:\app directory on SRV1, follow these steps:

Step 1: Open PowerShell or Command Prompt First, open PowerShell or Command Prompt on SRV1.

Step 2: Navigate to the Application Directory Change to the directory where your application and Dockerfile are located:

cd C:\app

Step 3: Build the Container Image Use the docker build command to create the container image. The -t flag tags the image with the name app1:

docker build -t app1 .

The period . at the end of the command tells Docker to use the Dockerfile in the current directory.

Step 4: Verify the Image Creation After the build process completes, verify that the image app1 has been created successfully by listing all images:

docker images

You should see app1 in the list of images.

Step 5: Use the Image Now, you can use the image app1 to run containers or push it to a container registry if needed.

By following these steps, you'll have created a Docker container image named app1 using the Dockerfile located in C:\app on SRV11. Ensure that Docker is installed on SRV1 and that you have the necessary permissions to execute these commands.

Question 2

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2022 and has the DHCP Server role. Server1 contains a single DHCP scope named Scope1.

You deploy five printers to the network.

You need to ensure that the printers are always assigned the same IP address.

Solution: You create a DHCP reservation for each printer.

Does this meet the requirement?

AYes

BNo

Answer : A

The Windows Server DHCP role supports reservations that map a client's unique identifier (commonly the MAC address) to a specific IPv4 address inside the scope. The AZ-800 study material describes reservations as the mechanism to ''ensure that a particular device always receives the same IP address from the DHCP server while still being managed by DHCP.'' When a reservation exists, the DHCP server will always offer and lease the reserved address to that client and will not allocate that address to any other client. This meets scenarios such as networked printers, appliances, or servers that require a consistent IP but where you still want centralized lease management (lease tracking, option delivery, and centralized auditing). The content further contrasts reservations with exclusions and options: exclusions remove addresses from the pool and options deliver configuration parameters, neither of which guarantees a stable assignment to a given device. Therefore, creating one DHCP reservation per printer in Scope1 precisely satisfies the requirement that the printers are always assigned the same IP address.

Question 3

Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.

You need to minimize the convergence time for changes to Active Directory.

What should you do?

AFor each site link, modify the options attribute.

BFor each site link, modify the site link costs.

CFor each site link, modify the replication schedule.

DCreate a site link bridge that contains all the site links.

Answer : A

The Active Directory replication module explains that inter-site replication defaults to scheduled polling with a 180-minute interval and does not use change notifications. The guide notes: ''To reduce replication latency (convergence time) between sites, you can enable inter-site change notifications by setting the site link options attribute. When enabled, a change at one site triggers notifications to partners across the site link, initiating replication promptly rather than waiting for the next schedule.'' Adjusting site link cost influences topology selection by the KCC but ''does not change the frequency of replication.'' Similarly, editing the replication schedule can help, but even an 'always on' schedule retains the inter-site polling behavior unless change notification is enabled; the documented fastest method is enabling change notification via the options attribute on each site link. Creating site link bridges is intended for transitivity/topology and does not directly lower latency. Therefore, to minimize convergence time, modify the options attribute on each site link to enable inter-site change notifications.

Question 4

You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.

A user named Admin1 is a member of the local Administrators group on Server1 and Server2.

You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.

You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.

What should you do first?

AFrom the Azure portal, generate a new onboarding script.

BAssign Admin1 the Azure Connected Machine Onboarding role for RG1.

CHybrid Azure AD join Server1 and Server2.

DCreate an Azure cloud-only account for Admin1.

Answer : B

In the Administering Windows Server Hybrid Core Infrastructure content for Azure Arc--enabled servers, the onboarding script (interactive or service-principal based) requires that the identity used to connect a machine has the least-privilege built-in role at the intended scope. The guide states that for scripted or portal onboarding you should ''grant the Azure RBAC role Azure Connected Machine Onboarding at the subscription or resource-group scope to the identity that will run the connect process; this role includes only the permissions necessary to register and connect the server resource.'' It also notes that no hybrid Azure AD join is required just to onboard Arc, and that local admin on the target server is sufficient for installing the Connected Machine agent. Therefore, before Admin1 runs the onboarding script for Server1 and Server2 into RG1, you must first assign Admin1 the Azure Connected Machine Onboarding role at RG1. This satisfies least privilege and enables the script to create the Microsoft.HybridCompute/machines resource entries and related artifacts while avoiding broader roles like Contributor or Owner.

Question 5

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com The domain contains three servers that run Windows Server and have the Hyper-V server rote installed. Each server has a Switch Embedded Teaming (SET) team

You need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server.

What should you use?

AServer Manager

Bthe validate-DCB cmdtet

Cthe Get-NetAdaptor cmdlet

DFailover Cluster Manager

Answer : B

In Windows Server deployments that use Hyper-V with Switch Embedded Teaming (SET) and SMB Direct (RDMA), Microsoft's guidance in Administering Windows Server Hybrid Core Infrastructure is to validate the end-to-end Data Center Bridging (DCB) and RDMA prerequisites with Validate-DCB. The DCB validation covers the exact Windows Server settings RDMA depends on: Priority-based Flow Control (PFC), Enhanced Transmission Selection (ETS), QoS policies for SMB (priority tagging), and RDMA enablement on the relevant physical adapters. The study materials emphasize that while tools such as Server Manager, Failover Cluster Manager, or basic adapter inventory (e.g., Get-NetAdapter) can show device status or general configuration, they do not verify the complete, lossless fabric requirements for RDMA over Converged Ethernet used with Hyper-V/SET.

The prescribed approach is to run Validate-DCB against the host NICs participating in the SET team to confirm:

RDMA is enabled on the interfaces used for SMB Direct.

PFC is enabled for the SMB priority.

ETS bandwidth reservations are correctly applied.

QoS policies align across adapters so SMB traffic is lossless.

The cmdlet produces pass/fail diagnostics and remediation guidance, providing a single authoritative validation for ''RDMA and all required Windows Server settings'' on each server. Accordingly, the correct choice for verifying the configuration in this scenario is Validate-DCB.

Question 6

Your network contains an on -premises Active Directory Domain Services (AD DS) domain named contoso.com The domain contains the objects shown in the following table.

You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect You need to ensure that all the objects can be used in Conditional Access policies What should you do?

AChange the scope of Group2 to Universal

BClear the Configure device writeback option.

CChange the scope o' Group1 and Group2 to Global

DSelect the Configure Hybrid Azure AD join option.

Answer : D

To ensure that all objects, specifically Computer1, can be used in Conditional Access (CA) policies, the environment must support device-based identity in the cloud. In a hybrid scenario, while user objects and security groups (like Group1 and Group2) can be synchronized through standard Azure AD Connect (Microsoft Entra Connect) synchronization cycles, computer objects require specific configuration to become 'identifiable' by Conditional Access.

According to the official study guides for the AZ-800 exam, simply syncing a computer object does not make it a 'Hybrid Azure AD joined' device. To enable Computer1 to be used as a target or a condition (e.g., 'Require Hybrid Azure AD joined device') in a CA policy, you must run the Azure AD Connect wizard and select the Configure Hybrid Azure AD join task. This process configures a Service Connection Point (SCP) in your on-premises Active Directory, which allows Windows 10/11 devices like Computer1 to discover the Azure AD tenant and complete the registration process.

Furthermore, while group scopes (Universal vs. Domain Local) are often discussed in sync scenarios, Azure AD Connect by default synchronizes security groups regardless of their scope if they are within the synchronized Organizational Units (OUs). Therefore, the critical step to satisfy the requirement for 'all objects'---especially the computer account---is enabling the Hybrid Join feature to establish a cloud-side device identity. This provides the necessary 'device signal' that Conditional Access evaluates to grant or deny access.

Question 7

You have servers that run Windows Server 2022 as shown in the following table.

Server2 contains a .NET app named App1.

You need to establish a WebSocket connection from App1 to the SQL Server instance on Server1. The solution must meet the following requirements:

* Minimize the number of network ports that must be open on the on-premises network firewall.

* Minimize administrative effort.

What should you create first?

Aan Azure Relay namespace

Ban Azure VPN gateway

Ca WFC relay connection

Da hybrid connection

Answer : A

The hybrid connectivity module details Azure Relay -- Hybrid Connections for reaching on-premises services securely without inbound firewall rules. It states: ''Hybrid Connections use WebSockets over outbound TCP 443 from both ends, enabling apps in Azure to connect to on-premises endpoints with no VPN and minimal firewall changes.'' The setup sequence is: (1) Create an Azure Relay namespace, (2) Create a Hybrid Connection inside that namespace, and **(3) install the on-premises Hybrid Connection Manager to establish the outbound listener to Azure.'' This approach meets the requirements: a WebSocket-based connection from App1 to SQL Server on Server1, minimizing open ports (only outbound 443) and administrative effort (no site-to-site VPN or complex routing). A VPN gateway would require additional configuration and more open ports; a WCF relay is a different relay type for WCF endpoints, not needed for generic TCP/WebSocket scenarios; and a hybrid connection cannot be created until a Relay namespace exists. Thus, the first object to create is an Azure Relay namespace.

Microsoft Administering Windows Server Hybrid Core Infrastructure AZ-800 Exam Questions