FREE AZ 800: Administering Windows Server Hybrid MCQ Questions and Answers

Question 1

An Active Directory Domain Services (AD DS) domain with the name contoso.com is present on your network.
You must determine which server is the domain's PDC emulator.
Solution: You can execute the netdom.exe query fsmo from a command prompt.
Is the objective being met?

Accepted Answer

Yes

Answer

The `netdom.exe query fsmo` command is the standard and correct method to identify the Flexible Single Master Operations (FSMO) role holders in an Active Directory domain, including the Primary Domain Controller (PDC) emulator. Executing this command from a command prompt will display the server holding each FSMO role, thereby successfully meeting the objective of determining the PDC emulator.

Question 2

In Azure AD, you intend to deploy a self-service password reset (SSPR).
You must make sure that users who reset their passwords using SSPR can access the AD DS domain's new password resources.
What ought you to do?

Accepted Answer

Run the Microsoft Azure Active Directory Connect wizard and select Password writeback.

Answer

To ensure that passwords reset in Azure AD using Self-Service Password Reset (SSPR) are synchronized back to the on-premises AD DS domain, the 'Password writeback' feature in Azure AD Connect must be enabled. This feature allows password changes made in the cloud to be written back to the on-premises directory. This ensures consistency and allows users to access on-premises resources with their new password.

Question 3

The domain contoso.com belongs to your Azure Active Directory Domain Services (Azure AD DS) account.
An administrator must be given access to manage Group Policy Objects (GPOs). The least privilege principle must be applied to the solution.
Which group should the administrator be added to?

Accepted Answer

AAD DC Administrators

Answer

In Azure AD Domain Services (Azure AD DS), the `AAD DC Administrators` group is specifically designed to delegate administrative privileges for managing the managed domain, including Group Policy Objects (GPOs). Adding an administrator to this group provides the necessary permissions to manage GPOs while adhering to the principle of least privilege, as it's tailored for AD DS administration rather than broader enterprise roles.

Question 4

An Active Directory Domain Services (AD DS) domain exists on your network. 20 domain controllers, 100 member servers, and 100 client computers are also part of the network.
Group Policy preferences are contained in a Group Policy Object (GPO) called GPO1 that you have.
You want to connect the domain to GPO1.
The preference in GPO1 must ONLY apply to domain member servers and NOT to domain controllers or client computers. Each computer must be affected by all other Group Policy settings in GPO1. The answer must require the least amount of administration.
Which kind of item-level targeting ought to be employed?

Accepted Answer

Operating System

Answer

To apply a Group Policy Preference (GPP) only to domain member servers and exclude domain controllers and client computers, item-level targeting based on the 'Operating System' is the most efficient method. You can configure the GPP to apply only if the operating system is a server OS (e.g., Windows Server 2016 or later), thereby automatically excluding client OS and domain controllers without complex filtering.

Question 5

A multi-site Active Directory Domain Services (AD DS) forest exists on your network. Both automatically generated connections and manually set site links are used to connect each Active Directory site.
The convergence time for Active Directory changes needs to be kept to a minimum.
What ought you to do?

Accepted Answer

For each site link, modify the replication schedule.

Answer

To minimize the convergence time for Active Directory changes, it is essential to ensure that replication occurs more frequently between sites. Modifying the replication schedule for each site link allows you to define how often replication takes place. Increasing the frequency of replication will directly reduce the time it takes for changes to propagate throughout the Active Directory forest.

AZ-800 - Microsoft Azure Networking Solutions Practice Test

AZ-800 - Microsoft Azure Networking Solutions Practice Test

FREE AZ 800: Administering Windows Server Hybrid MCQ Questions and Answers