AZ-800 無料問題集「Microsoft Administering Windows Server Hybrid Core Infrastructure」
You have a server named Server1 that runs Windows Server and contains three volumes named C, D, and E.
Files are stored on Server1 as shown in the following table.
For volume D, Data Deduplication is enabled and set to General purpose file server.
You perform the following actions:
* Move File1 to volume D.
* Copy File2 to volume D and name the copy File4.
* Move File3 to volume E
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Files are stored on Server1 as shown in the following table.
For volume D, Data Deduplication is enabled and set to General purpose file server.
You perform the following actions:
* Move File1 to volume D.
* Copy File2 to volume D and name the copy File4.
* Move File3 to volume E
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
正解:
Explanation:
Your on-premises network contains a server named Server1 and uses an IP address space of 192.168.10.0/24.
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 uses an IP address space of 192.168.10.0/24.
You need to migrate Server1 to Subnet1. You must use Azure Extended Network to maintain the existing IP address of Server1.
What is the minimum number of virtual machines that you should deploy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 uses an IP address space of 192.168.10.0/24.
You need to migrate Server1 to Subnet1. You must use Azure Extended Network to maintain the existing IP address of Server1.
What is the minimum number of virtual machines that you should deploy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
正解:
Explanation:
You have an Azure subscription that contains the virtual networks shown in the following table.
You deploy a virtual machine named VM1 that runs Windows Server. VM1 is connected to Subnet11.
You plan to add an additional network interface named NIC1 to VM1.
To which subnets can NIC1 be attached?
You deploy a virtual machine named VM1 that runs Windows Server. VM1 is connected to Subnet11.
You plan to add an additional network interface named NIC1 to VM1.
To which subnets can NIC1 be attached?
正解:B
解答を投票する
You have an Azure virtual machine named VM1 that runs Windows Server.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1.
What should you do?
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1.
What should you do?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your on-premises network contains an Active Directory domain named contoso.com. You have an Azure AD tenant. You plan to sync contoso.com with the Azure AD tenant by using Azure AD Connect cloud sync. You need to create an account that will be used by Azure AD Connect cloud sync. Which type of account should you create?
正解:B
解答を投票する
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains two domains named contoso.com and east.contoso.com. Contoso.com contains two users named CONTOSO
\User1 and EAST\User2.
You need to ensure that the users can perform the following tasks:
* User1 must deploy an additional domain controller to eastcontoso.com.
* User2 must deploy a new domain controller that will host a domain named west.contoso.com.
The solution must follow the principle of least privilege.
To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
\User1 and EAST\User2.
You need to ensure that the users can perform the following tasks:
* User1 must deploy an additional domain controller to eastcontoso.com.
* User2 must deploy a new domain controller that will host a domain named west.contoso.com.
The solution must follow the principle of least privilege.
To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Task 1
You need to prevent domain users from saving executable files in a share named \\SRVl\Data. The users must be able to save other files to the share.
You need to prevent domain users from saving executable files in a share named \\SRVl\Data. The users must be able to save other files to the share.
正解:
See the solution of this Task below.
Explanation:
One possible solution to prevent domain users from saving executable files in a share named \SRVl\Data is to use file screening on the file server. File screening allows you to block certain files from being saved based on their file name extension. Here are the steps to configure file screening:
* On the file server, open File Server Resource Manager from the Administrative Tools menu.
* In the left pane, expand File Screening Management and click on File Groups.
* Right-click on File Groups and select Create File Group.
* In the File Group Properties dialog box, enter a name for the file group, such as Executable Files.
* In the Files to include box, enter the file name extensions that you want to block, such as .exe, .bat, .
cmd, .com, .msi, .scr. You can use wildcards to specify multiple extensions, such as *.exe.
* Click OK to create the file group.
* In the left pane, click on File Screen Templates.
* Right-click on File Screen Templates and select Create File Screen Template.
* In the File Screen Template Properties dialog box, enter a name for the template, such as Block Executable Files.
* On the Settings tab, select the option Active screening: Do not allow users to save unauthorized files.
* On the File Groups tab, check the box next to the file group that you created, such as Executable Files.
* On the Notification tab, you can configure how to notify users and administrators when a file screening event occurs, such as sending an email, logging an event, or running a command or script. You can also customize the message that users see when they try to save a blocked file.
* Click OK to create the file screen template.
* In the left pane, click on File Screens.
* Right-click on File Screens and select Create File Screen.
* In the Create File Screen dialog box, enter the path of the folder that you want to apply the file screening to, such as \SRVl\Data.
* Select the option Derive properties from this file screen template (recommended) and choose the template that you created, such as Block Executable Files.
* Click Create to create the file screen.
Now, domain users will not be able to save executable files in the share named \SRVl\Data. They will be able to save other files to the share.
Explanation:
One possible solution to prevent domain users from saving executable files in a share named \SRVl\Data is to use file screening on the file server. File screening allows you to block certain files from being saved based on their file name extension. Here are the steps to configure file screening:
* On the file server, open File Server Resource Manager from the Administrative Tools menu.
* In the left pane, expand File Screening Management and click on File Groups.
* Right-click on File Groups and select Create File Group.
* In the File Group Properties dialog box, enter a name for the file group, such as Executable Files.
* In the Files to include box, enter the file name extensions that you want to block, such as .exe, .bat, .
cmd, .com, .msi, .scr. You can use wildcards to specify multiple extensions, such as *.exe.
* Click OK to create the file group.
* In the left pane, click on File Screen Templates.
* Right-click on File Screen Templates and select Create File Screen Template.
* In the File Screen Template Properties dialog box, enter a name for the template, such as Block Executable Files.
* On the Settings tab, select the option Active screening: Do not allow users to save unauthorized files.
* On the File Groups tab, check the box next to the file group that you created, such as Executable Files.
* On the Notification tab, you can configure how to notify users and administrators when a file screening event occurs, such as sending an email, logging an event, or running a command or script. You can also customize the message that users see when they try to save a blocked file.
* Click OK to create the file screen template.
* In the left pane, click on File Screens.
* Right-click on File Screens and select Create File Screen.
* In the Create File Screen dialog box, enter the path of the folder that you want to apply the file screening to, such as \SRVl\Data.
* Select the option Derive properties from this file screen template (recommended) and choose the template that you created, such as Block Executable Files.
* Click Create to create the file screen.
Now, domain users will not be able to save executable files in the share named \SRVl\Data. They will be able to save other files to the share.
You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.
A user named Admin1 is a member of the local Administrators group on Server1 and Server2.
You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.
You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.
What should you do first?
A user named Admin1 is a member of the local Administrators group on Server1 and Server2.
You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.
You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.
What should you do first?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with Azure AD by using Azure AD Connect.
You enable password protection for contoso.com.
You need to prevent users from including the word Contoso as part of their password.
What should you use?
You enable password protection for contoso.com.
You need to prevent users from including the word Contoso as part of their password.
What should you use?
正解:C
解答を投票する
You have 10 on-premises servers that run Windows Server.
You plan to use Azure Network Adapter to connect the servers to the resources in Azure.
Which prerequisites do you require on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to use Azure Network Adapter to connect the servers to the resources in Azure.
Which prerequisites do you require on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/use-azure-network- adapter
Task 1
You need to ensure that DC2 is the schema master for contoso.com.
You need to ensure that DC2 is the schema master for contoso.com.
正解:
See the solution of this Task below.
Explanation:
Step-by-Step Guide: Seizing/Transferring the Schema Master Role to DC2
# Step 1: Log in to DC2
* Use an account that is a member of the Schema Admins, Enterprise Admins, and Domain Admins groups.
# Step 2: Register the Schema Snap-in
The Schema snap-in is not loaded by default.
* Open Command Prompt as Administrator.
* Type the following command to register the schema management DLL:
powershell
Copy
regsvr32 schmmgmt.dll
# Step 3: Open MMC (Microsoft Management Console)
* Press Windows + R, type mmc, and hit Enter.
* In MMC, go to File > Add/Remove Snap-in.
* Select Active Directory Schema, then click Add > OK.
# Step 4: Connect to DC2
* In the Active Directory Schema console, right-click Active Directory Schema and select Change Active Directory Domain Controller.
* In the dialog box, select DC2 and click OK.
* This will connect the console to DC2.
# Step 5: Transfer the Schema Master Role
* Right-click Active Directory Schema again and select Operations Master.
* In the Change Schema Master dialog box, confirm that DC2 is shown as the target.
* Click the Change button to transfer the Schema Master role to DC2.
* Click Yes when prompted to confirm the transfer.
# Step 6: Verify the Transfer
* In the same dialog box, ensure that DC2 is now listed as the Schema Master.
* Optionally, run the following command in PowerShell to verify:
netdom query fsmo
The Schema Master should now be DC2.
Explanation:
Step-by-Step Guide: Seizing/Transferring the Schema Master Role to DC2
# Step 1: Log in to DC2
* Use an account that is a member of the Schema Admins, Enterprise Admins, and Domain Admins groups.
# Step 2: Register the Schema Snap-in
The Schema snap-in is not loaded by default.
* Open Command Prompt as Administrator.
* Type the following command to register the schema management DLL:
powershell
Copy
regsvr32 schmmgmt.dll
# Step 3: Open MMC (Microsoft Management Console)
* Press Windows + R, type mmc, and hit Enter.
* In MMC, go to File > Add/Remove Snap-in.
* Select Active Directory Schema, then click Add > OK.
# Step 4: Connect to DC2
* In the Active Directory Schema console, right-click Active Directory Schema and select Change Active Directory Domain Controller.
* In the dialog box, select DC2 and click OK.
* This will connect the console to DC2.
# Step 5: Transfer the Schema Master Role
* Right-click Active Directory Schema again and select Operations Master.
* In the Change Schema Master dialog box, confirm that DC2 is shown as the target.
* Click the Change button to transfer the Schema Master role to DC2.
* Click Yes when prompted to confirm the transfer.
# Step 6: Verify the Transfer
* In the same dialog box, ensure that DC2 is now listed as the Schema Master.
* Optionally, run the following command in PowerShell to verify:
netdom query fsmo
The Schema Master should now be DC2.
You have an on-premises server named Server1 that runs Windows Server and has internet connectivity.
You have an Azure subscription.
You need to monitor Server1 by using Azure Monitor.
Which resources should you create in the subscription, and what should you install on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You need to monitor Server1 by using Azure Monitor.
Which resources should you create in the subscription, and what should you install on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor
You have an Azure subscription that contains the virtual machines shown in the following table.
You plan to implement Azure Automanage for Windows Server.
You need to identify the operating system prerequisites.
Which virtual machines support Hotpatch, and which virtual machines support SMB over QUIC? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to implement Azure Automanage for Windows Server.
You need to identify the operating system prerequisites.
Which virtual machines support Hotpatch, and which virtual machines support SMB over QUIC? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
