FREE AZ 800: Administering Windows Server Hybrid Questions and Answers

Question 1

A Kerberos authentication-based application must be deployed by your firm; on-premises directory services are not necessary. Select the deployment strategy that best fits this situation.

Accepted Answer

Deploy AD DS only on an Azure VM

Answer

The requirement is for a Kerberos authentication-based application without needing on-premises directory services. Deploying Active Directory Domain Services (AD DS) on an Azure VM provides a cloud-native Active Directory environment that fully supports Kerberos authentication. This setup allows the application to authenticate within Azure, fulfilling the requirements efficiently and without any on-premises infrastructure.

Question 2

Decommissioning the member hosts from an existing server farm is the duty you have been given. You have to remove group Managed Service Account (gMSA) after removing the member host as part of the procedure. In PowerShell, which of the following cmdlets would you use?

Accepted Answer

Uninstall-ADServiceAccount

Answer

Group Managed Service Accounts (gMSAs) are a type of Active Directory service account. To remove a gMSA from a server after decommissioning, the `Uninstall-ADServiceAccount` PowerShell cmdlet is the correct tool. This cmdlet is specifically designed for managing the installation and uninstallation of AD service accounts on member servers, ensuring proper cleanup.

Question 3

You must permit users to alter Azure AD Connect Health settings, such as email notifications. Which Roles from the list below would you assign to the user? (Select the position with the fewest restrictions that best fits the circumstances and is adequate.)

Accepted Answer

Contributor

Answer

The Contributor role in Azure provides permissions to manage resources, including the ability to modify settings. To alter Azure AD Connect Health settings, such as email notifications, a user requires write access. The Contributor role grants the necessary permissions to make these changes while adhering to the principle of least privilege, as it's less permissive than the Owner role.

Question 4

A management tool included into Windows Server called Group Policy enables you to protect user and computer settings. The group policy applies Group Policy items in a particular order. From the available options below, pick the right sequence.

Accepted Answer

Local-> Site-> Domain-> Organizational Units

Answer

Group Policy Objects (GPOs) are applied in a specific, hierarchical order known as LSDOU: Local, Site, Domain, and Organizational Unit. This means that local GPOs are processed first, followed by GPOs linked to the site, then the domain, and finally, GPOs linked to organizational units. Policies applied later in this order can override those applied earlier, with OU-linked GPOs having the highest precedence for objects within that OU.

Question 5

How should a role capability file be set up to determine the precise PowerShell features that are accessible during a Just Enough Administration (JEA) session? Which settings from the options listed below should be selected?

Accepted Answer

VisibleFunctions

Answer

In Just Enough Administration (JEA), a role capability file defines what users can do within a JEA session. To precisely specify which PowerShell functions are accessible, the `VisibleFunctions` setting is used. This allows administrators to explicitly list the cmdlets, scripts, or custom functions that a JEA user is permitted to execute, ensuring fine-grained control over administrative tasks.

AZ-800 Exam Practice Test

AZ-800 Exam Practice Test

FREE AZ 800: Administering Windows Server Hybrid Questions and Answers