Microsoft Administering Windows Server Hybrid Core Infrastructure AZ-800 Exam Questions

Answer : D

In the Administering Windows Server Hybrid Core Infrastructure content for File Services, Microsoft describes File Server Resource Manager (FSRM) as the feature used to control the types of files that users can store on file servers. The guide explains that a file screen ''prevents users from saving unauthorized file types on a volume or in a folder by applying a file group (such as Audio and Video) or custom file name patterns (for example, *.mp4).'' It further clarifies that file screening ''does not affect access permissions to other files and folders and allows permitted file types to be stored without restriction.'' By contrast, NTFS permissions govern access (read/write/modify) and ''cannot filter by file extension,'' and NTFS quotas and File Management Tasks address capacity and automated tasks, not content blocking. Therefore, to stop users from storing .MP4 while allowing all other files, you create a File Screen on the path to Share1 and block either the built-in Audio and Video file group or a custom pattern *.mp4. This aligns precisely with the exam guide's directive that FSRM File Screening is the supported and intended method to restrict file types on Windows file shares while leaving other file operations unaffected.

Answer : D

To ensure that all objects, specifically Computer1, can be used in Conditional Access (CA) policies, the environment must support device-based identity in the cloud. In a hybrid scenario, while user objects and security groups (like Group1 and Group2) can be synchronized through standard Azure AD Connect (Microsoft Entra Connect) synchronization cycles, computer objects require specific configuration to become 'identifiable' by Conditional Access.

According to the official study guides for the AZ-800 exam, simply syncing a computer object does not make it a 'Hybrid Azure AD joined' device. To enable Computer1 to be used as a target or a condition (e.g., 'Require Hybrid Azure AD joined device') in a CA policy, you must run the Azure AD Connect wizard and select the Configure Hybrid Azure AD join task. This process configures a Service Connection Point (SCP) in your on-premises Active Directory, which allows Windows 10/11 devices like Computer1 to discover the Azure AD tenant and complete the registration process.

Furthermore, while group scopes (Universal vs. Domain Local) are often discussed in sync scenarios, Azure AD Connect by default synchronizes security groups regardless of their scope if they are within the synchronized Organizational Units (OUs). Therefore, the critical step to satisfy the requirement for 'all objects'---especially the computer account---is enabling the Hybrid Join feature to establish a cloud-side device identity. This provides the necessary 'device signal' that Conditional Access evaluates to grant or deny access.

Answer : B

The AZ-800 materials emphasize Windows Admin Center (WAC) as the unified, browser-based management tool for Windows Server features including Storage Replica. The guidance explains two common installation modes: desktop mode (install WAC on a management workstation) and gateway mode (install on a management server). In either case, WAC remotely manages target servers (Server1/Server2) over WinRM/PowerShell---WAC does not need to be installed on the source or destination file servers to configure replication partnerships, volumes, or test failover. Best practice in the study content is to install WAC on a management computer and add the servers as managed nodes, then use the Storage Replica tool in WAC to create a partnership, select source/target volumes, and monitor replication health. Installing WAC on a domain controller is discouraged, and installing it directly on the file servers is unnecessary. Consequently, to configure Storage Replica between Server1 and Server2, you should install Windows Admin Center on the client management computer (CLIENT1) and use it to manage and configure the replication on both servers remotely.

Answer : B

In Azure, a single network interface (NIC) can have multiple IP configurations, but all IP configurations on a NIC must belong to the same subnet. The Administering Windows Server Hybrid Core Infrastructure guidance on Azure IaaS networking states that to place a VM on more than one subnet at the same time, you must attach additional NICs, with each NIC connected to the target subnet. Relevant guidance includes: ''Each IP configuration assigned to a network interface is allocated from the subnet to which that NIC is attached; a NIC cannot span subnets.'' and ''To connect a VM to multiple subnets, add one or more additional network interfaces and attach each to the required subnet, subject to the VM size and OS limits for NIC count.''

Applying this to Server1: Nic1 is already attached to Vnet1/Subnet1 with IP 10.1.1.1/24. You cannot connect Nic1 simultaneously to Vnet1/Subnet2 by adding or modifying IP configurations because that would violate the same-subnet-per-NIC rule. Moving Nic1 to Subnet2 would disconnect it from Subnet1, which does not meet the requirement of connecting to an additional subnet. Therefore, the correct action is to add a second NIC to Server1 and attach it to Vnet1/Subnet2, ensuring the VM size supports multiple NICs.

Answer : A

The Windows Server DHCP role supports reservations that map a client's unique identifier (commonly the MAC address) to a specific IPv4 address inside the scope. The AZ-800 study material describes reservations as the mechanism to ''ensure that a particular device always receives the same IP address from the DHCP server while still being managed by DHCP.'' When a reservation exists, the DHCP server will always offer and lease the reserved address to that client and will not allocate that address to any other client. This meets scenarios such as networked printers, appliances, or servers that require a consistent IP but where you still want centralized lease management (lease tracking, option delivery, and centralized auditing). The content further contrasts reservations with exclusions and options: exclusions remove addresses from the pool and options deliver configuration parameters, neither of which guarantees a stable assignment to a given device. Therefore, creating one DHCP reservation per printer in Scope1 precisely satisfies the requirement that the printers are always assigned the same IP address.

Answer : B

In the Windows Server Data Deduplication guidance used for Administering Windows Server Hybrid Core Infrastructure, the jobs are defined as follows: *''Optimization processes eligible files and chunks them for deduplication; Garbage Collection *reclaims disk space by removing unreferenced chunks that remain after files are modified or deleted; Scrubbing validates data integrity and repairs corrupt chunks when possible.'' The objective in this scenario is to minimize space consumed by files that were recently modified or deleted. That is precisely what the Garbage Collection job is designed to do. The study content also notes: ''Use Set-DedupSchedule to create or tune Optimization, GarbageCollection, and Scrubbing schedules for a volume. GarbageCollection runs to purge orphaned chunks and free capacity.'' In contrast, the Optimization job would only deduplicate eligible files and won't reclaim space already orphaned by changes/deletions, and Scrubbing focuses on integrity, not capacity recovery. Settings such as InputOutputScale (on Set-DedupVolume) tune performance/IO behavior and don't target space recovery from modified/deleted data. Therefore, to achieve the stated goal on drive D:, configure a GarbageCollection schedule with Set-DedupSchedule.

Answer : A

The AZ-800 materials discuss options for migrating on-premises workloads to Azure when IP address preservation is required and subnet overlaps exist across a Site-to-Site VPN. The guidance explains that Azure Extended Network allows you to ''stretch an on-premises subnet into Azure so a VM can retain its original IP address after migration'' and that it is specifically intended to ''avoid renumbering during lift-and-shift scenarios where overlapping address space or application dependencies prevent changing IPs.'' In contrast, services like VNet peering or Application Gateway do not solve overlapping address space or IP preservation for a VM, and NAT in a VNet translates traffic but does not allow the VM to keep its original IP address. The hybrid curriculum highlights that Extended Network ''minimizes administrative effort by maintaining existing addressing and DNS records during migration,'' which matches the requirement to migrate the on-premises VM to Azure without modifying the IP address and with minimal changes to the environment. Therefore, implementing Azure Extended Network before the migration is the correct and least-effort solution.