AZ-800 無料問題集「Microsoft Administering Windows Server Hybrid Core Infrastructure」
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com and the servers shown in the following table.
You need to create a folder for the Central Store to manage Group Policy template files for the entire forest.
What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to create a folder for the Central Store to manage Group Policy template files for the entire forest.
What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.
com The domain contains three servers that run Windows Server and have the Hyper-V server rote installed.
Each server has a Switch Embedded Teaming (SET) team
You need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server.
What should you use?
com The domain contains three servers that run Windows Server and have the Hyper-V server rote installed.
Each server has a Switch Embedded Teaming (SET) team
You need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server.
What should you use?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have a server named Server 1 that runs Windows Server and has the Hyper-V server role installed.
Server1 hosts a virtual machine named VM1. Server1 has an NV Me storage device that is assigned to VM1 by using Discrete Device Assignment.
You need to make the device available to the host.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Server1 hosts a virtual machine named VM1. Server1 has an NV Me storage device that is assigned to VM1 by using Discrete Device Assignment.
You need to make the device available to the host.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
Task 6
You need to use Azure File Sync 10 replicate the contents of C:\app on SRV1 to an Azure file share named sharel1.
The required source files are located in a folder named \\dc1.contoso.com\install.
You need to use Azure File Sync 10 replicate the contents of C:\app on SRV1 to an Azure file share named sharel1.
The required source files are located in a folder named \\dc1.contoso.com\install.
正解:
See the solution of this Task below.
Explanation:
To use Azure File Sync to replicate the contents of C:\app on SRV1 to an Azure file share named sharel1, with the source files located in \\dc1.contoso.com\install, follow these steps:
Step 1: Prepare Windows Server for Azure File Sync Ensure that SRV1 meets the prerequisites for Azure File Sync, such as having a supported version of Windows Server and PowerShell 5.1 or later1.
Step 2: Deploy the Storage Sync Service In the Azure portal, deploy the Storage Sync Service in the same region as your Azure file share1.
Step 3: Create an Azure File Share Create an Azure file share named sharel1 in your storage account1.
Step 4: Install the Azure File Sync Agent Download and install the Azure File Sync agent on SRV11.
Step 5: Register SRV1 with the Storage Sync Service After installing the agent, register SRV1 with the Storage Sync Service using the Azure portal1.
Step 6: Create a Sync Group and Server Endpoint In the Azure portal, go to your Storage Sync Service and create a new sync group. Add a server endpoint with the path C:\app on SRV12.
Step 7: Configure Cloud Endpoint Add the Azure file share sharel1 as the cloud endpoint to the sync group2.
Step 8: Initiate the Sync Process The initial sync will start automatically after the cloud endpoint and server endpoint are added to the sync group. Ensure that the Azure File Sync agent is running on SRV11.
Step 9: Monitor the Sync Status Monitor the sync status in the Azure portal to ensure that the files are being replicated correctly from C:\app on SRV1 to the Azure file share sharel11.
Note: Make sure that the network connectivity between SRV1 and the Azure file share is established and that the necessary ports are open. Also, verify that the SMB security settings allow for the required SMB protocol version and authentication methods1.
By following these steps, you should be able to replicate the contents of C:\app on SRV1 to the Azure file share sharel1 using Azure File Sync. Ensure that you have the necessary permissions to perform these actions and that SRV1 is properly configured to communicate with Azure services.
Explanation:
To use Azure File Sync to replicate the contents of C:\app on SRV1 to an Azure file share named sharel1, with the source files located in \\dc1.contoso.com\install, follow these steps:
Step 1: Prepare Windows Server for Azure File Sync Ensure that SRV1 meets the prerequisites for Azure File Sync, such as having a supported version of Windows Server and PowerShell 5.1 or later1.
Step 2: Deploy the Storage Sync Service In the Azure portal, deploy the Storage Sync Service in the same region as your Azure file share1.
Step 3: Create an Azure File Share Create an Azure file share named sharel1 in your storage account1.
Step 4: Install the Azure File Sync Agent Download and install the Azure File Sync agent on SRV11.
Step 5: Register SRV1 with the Storage Sync Service After installing the agent, register SRV1 with the Storage Sync Service using the Azure portal1.
Step 6: Create a Sync Group and Server Endpoint In the Azure portal, go to your Storage Sync Service and create a new sync group. Add a server endpoint with the path C:\app on SRV12.
Step 7: Configure Cloud Endpoint Add the Azure file share sharel1 as the cloud endpoint to the sync group2.
Step 8: Initiate the Sync Process The initial sync will start automatically after the cloud endpoint and server endpoint are added to the sync group. Ensure that the Azure File Sync agent is running on SRV11.
Step 9: Monitor the Sync Status Monitor the sync status in the Azure portal to ensure that the files are being replicated correctly from C:\app on SRV1 to the Azure file share sharel11.
Note: Make sure that the network connectivity between SRV1 and the Azure file share is established and that the necessary ports are open. Also, verify that the SMB security settings allow for the required SMB protocol version and authentication methods1.
By following these steps, you should be able to replicate the contents of C:\app on SRV1 to the Azure file share sharel1 using Azure File Sync. Ensure that you have the necessary permissions to perform these actions and that SRV1 is properly configured to communicate with Azure services.
Which groups can you add lo Group3 and Groups? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
正解:
Explanation:
Your network contains an Azure AD Domain Services domain named contoso.com.
You need to configure a password policy for the local user accounts on the Azure virtual machines joined to contoso.com.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure a password policy for the local user accounts on the Azure virtual machines joined to contoso.com.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Task 12
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
正解:
See the solution of this Task below.
Explanation:
To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:
* On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open Group Policy Management from the Administrative Tools menu or by typing gpmc.
msc in the Run box.
* In the left pane, expand your domain and right-click on Group Policy Objects. Select New to create a new GPO.
* In the New GPO dialog box, enter GPO1 as the Name of the new GPO and click OK. You can also optionally select a source GPO to copy the settings from.
* Right-click on the new GPO and select Edit to open the Group Policy Management Editor. Here, you can configure the settings that you want to apply to the group under the Computer Configuration and User Configuration nodes. For more information on how to edit a GPO, see Edit a Group Policy Object.
* Close the Group Policy Management Editor and return to the Group Policy Management console. Right- click on the new GPO and select Scope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.
* Under the Security Filtering section, click on Authenticated Users and then click on Remove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.
* Click on Add and then type the name of the group that you want to apply the GPO to, such as MemberServers. Click OK to add the group to the security filter. You can also click on Advanced to browse the list of groups available in the domain.
* Optionally, you can also configure the WMI Filtering section to further filter the GPO based on the Windows Management Instrumentation (WMI) queries. For more information on how to use WMI filtering, see Filter the scope of a GPO by using WMI filters.
* To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and select Link an Existing GPO. Select the GPO that you created, such as GPO1, and click OK. You can also change the order of preference by using the Move Up and Move Down buttons.
* Wait for the changes to replicate to other domain controllers. You can also force the update of the GPO by using the gpupdate /force command on the domain controller or the client computers. For more information on how to update a GPO, see Update a Group Policy Object.
Now, you have created a GPO named GPO1 that only applies to a group named MemberServers. You can verify the GPO application by using the gpresult /r command on a member server and checking the Applied Group Policy Objects entry. You can also use the Group Policy Results wizard in the Group Policy Management console to generate a report of the GPO application for a specific computer or user. For more information on how to use the Group Policy Results wizard, see Use the Group Policy Results Wizard.
Explanation:
To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:
* On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open Group Policy Management from the Administrative Tools menu or by typing gpmc.
msc in the Run box.
* In the left pane, expand your domain and right-click on Group Policy Objects. Select New to create a new GPO.
* In the New GPO dialog box, enter GPO1 as the Name of the new GPO and click OK. You can also optionally select a source GPO to copy the settings from.
* Right-click on the new GPO and select Edit to open the Group Policy Management Editor. Here, you can configure the settings that you want to apply to the group under the Computer Configuration and User Configuration nodes. For more information on how to edit a GPO, see Edit a Group Policy Object.
* Close the Group Policy Management Editor and return to the Group Policy Management console. Right- click on the new GPO and select Scope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.
* Under the Security Filtering section, click on Authenticated Users and then click on Remove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.
* Click on Add and then type the name of the group that you want to apply the GPO to, such as MemberServers. Click OK to add the group to the security filter. You can also click on Advanced to browse the list of groups available in the domain.
* Optionally, you can also configure the WMI Filtering section to further filter the GPO based on the Windows Management Instrumentation (WMI) queries. For more information on how to use WMI filtering, see Filter the scope of a GPO by using WMI filters.
* To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and select Link an Existing GPO. Select the GPO that you created, such as GPO1, and click OK. You can also change the order of preference by using the Move Up and Move Down buttons.
* Wait for the changes to replicate to other domain controllers. You can also force the update of the GPO by using the gpupdate /force command on the domain controller or the client computers. For more information on how to update a GPO, see Update a Group Policy Object.
Now, you have created a GPO named GPO1 that only applies to a group named MemberServers. You can verify the GPO application by using the gpresult /r command on a member server and checking the Applied Group Policy Objects entry. You can also use the Group Policy Results wizard in the Group Policy Management console to generate a report of the GPO application for a specific computer or user. For more information on how to use the Group Policy Results wizard, see Use the Group Policy Results Wizard.
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and east.contoso.com and the servers shown in the following table.
Contoso.com contains a user named User1.
You add User1 to the built-in Backup Operators group in contoso.com.
Which servers can User1 back up?
Contoso.com contains a user named User1.
You add User1 to the built-in Backup Operators group in contoso.com.
Which servers can User1 back up?
正解:C
解答を投票する
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations Master.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Domains and Trusts, you right-click Active Directory Domains and Trusts in the console tree, and then select Operations Master.
Does this meet the goal?
正解:B
解答を投票する
Which groups can you add to Group3 and Group5? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory- security-groups
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?
正解:B
解答を投票する
You plan w deploy an Azure virtual machine that win run Windows Server. The virtual machine will host an Active Directory Domain Services (AD DS) domain controller and a drive named f: on a new virtual disk.
You need to configure storage foe the virtual machine. The solution must meet the following requirements
* Maximize resiliency for AD DS.
* Prevent accidental data loss.
How should you configure the storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure storage foe the virtual machine. The solution must meet the following requirements
* Maximize resiliency for AD DS.
* Prevent accidental data loss.
How should you configure the storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have a Windows Server 2022 container host named Host1 and a container registry that contains the container images shown in the following table.
You need to run the containers on Host1
Which isolation mode can you use for each image? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to run the containers on Host1
Which isolation mode can you use for each image? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have a Group Policy Object (GPO) named GPO1 that contains user settings only.
You plan to apply GPO1 to a global security group named Group1.
You link GP01 to the domain, and you remove all the permissions granted to the Authenticated Users group.
You need to configure permissions for GP01 to meet the following requirements.
* GPO1 must apply only to the users in Group 1.
* The solution must use the principle of least privilege
You plan to apply GPO1 to a global security group named Group1.
You link GP01 to the domain, and you remove all the permissions granted to the Authenticated Users group.
You need to configure permissions for GP01 to meet the following requirements.
* GPO1 must apply only to the users in Group 1.
* The solution must use the principle of least privilege
正解:
Explanation:
You have five tile servers that run Windows Server.
You need to block users from uploading video files that have the .mov extension to shared folders on the file servers. All other types of files must be allowed. The solution must minimize administrative effort.
What should you create?
You need to block users from uploading video files that have the .mov extension to shared folders on the file servers. All other types of files must be allowed. The solution must minimize administrative effort.
What should you create?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You create a new Azure subscription.
You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines.
You need to ensure that the virtual machines can join Azure AD DS.
Which three actions should perform in sequence? To answer, move the appropriate actions from the list of action of the answer area and arrange them in the correct order.
You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines.
You need to ensure that the virtual machines can join Azure AD DS.
Which three actions should perform in sequence? To answer, move the appropriate actions from the list of action of the answer area and arrange them in the correct order.
正解:
Explanation:
