June/2023 Latest Braindump2go AZ-800 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go AZ-800 Real Exam Questions!

QUESTION 58
You have a server that runs Windows Server and contains a shared folder named UserData.
You need to limit the amount of storage space that each user can consume in UserData.
What should you use?

A. Storage Spaces
B. Work Folders
C. Distributed File System (DFS) Namespaces
D. File Server Resource Manager (FSRM)

Answer: D
Explanation:
File Server Resource Manager includes the following features:
Quota management allows you to limit the space that is allowed for a volume or folder, and they can be automatically applied to new folders that are created on a volume. You can also define quota templates that can be applied to new volumes or folders.

QUESTION 59
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains two servers named Server1 and Server2.
Server1 contains a disk named Disk2. Disk2 contains a folder named UserData. UserData is shared to the Domain Users group. Disk2 is configured for deduplication. Server1 is protected by using Azure Backup.
Server1 fails.
You connect Disk2 to Server2.
You need to ensure that you can access all the files on Disk2 as quickly as possible.
What should you do?

A. Create a storage pool.
B. Restore files from Azure Backup.
C. Install the File Server Resource Manager server role.
D. Install the Data Deduplication server role.

Answer: D
Explanation:
Portability: A volume that is under deduplication control is an atomic unit. You can back up the volume and restore it to another server. You can rip it out of one Windows 2012 server and move it to another. Everything that is required to access your data is located on the drive. All of the deduplication settings are maintained on the volume and will be picked up by the deduplication filter when the volume is mounted. The only thing that is not retained on the volume are the schedule settings that are part of the task-scheduler engine. If you move the volume to a server that is not running the Data Deduplication feature, you will only be able to access the files that have not been deduplicated.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/introduction-to-data-deduplication-in-windows-server-2012/ba-p/424257

QUESTION 60
You have five file servers that run Windows Server.
You need to block users from uploading video files that have the .mov extension to shared folders on the file servers. All other types of files must be allowed. The solution must minimize administrative effort.
What should you create?

A. a Dynamic Access Control central access policy
B. a data loss prevention (DLP) policy
C. a Dynamic Access Control central access rule
D. a file screen

Answer: D
Explanation:
On the File Screening Management node of the File Server Resource Manager MMC snap-in, you can perform the following tasks:
Create file screens to control the types of files that users can save, and generate notifications when users attempt to save unauthorized files.
Define file screening templates that can be applied to new volumes or folders and that can be used across an organization.
Create file screening exceptions that extend the flexibility of the file screening rules.
https://docs.microsoft.com/en-us/windows-server/storage/fsrm/file-screening-management

QUESTION 61
Hotspot Question
Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a file server named Server1 and three users named User1, User2, and User3.
Server1 contains a shared folder named Share1 that has the following configurations:

The share permissions for Share1 are configured as shown in the Share Permissions exhibit.

Share1 contains a file named File1.bxt. The advanced security settings for File1.txt are configured as shown in the File Permissions exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: No
User 1 share permission in Change (domain users), NTFS = Full Control, most restrictive applies when combining permissions.
Box 2: Yes
User 2 has Read NTFS and Change (share) Read wins.
Box 3: Yes
User 3 has Write NTFS and Change (share) Write wins.

QUESTION 62
Drag and Drop Question
You have a server named Server1.
You plan to use Storage Spaces to expand the storage available to Server1. You attach eight physical disks to Server1. Four disks are HDDs and four are SSDs.
You need to create a volume on Server1 that will use the storage on all the new disks. The solution must provide the fastest read performance for frequently used files.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
https://redmondmag.com/articles/2018/07/31/storage-spaces-windows-server-2016-1.aspx
https://redmondmag.com/articles/2018/08/02/storage-spaces-windows-server-2016-2.aspx

QUESTION 63
You plan to deploy a containerized application that requires .NET Core.
You need to create a container image far the application, the image must be as small as possible.
Which base image should you use?

A. Nano Server
B. Server Cote
C. Windows Server
D. Windows

Answer: A

QUESTION 64
You have a server named Server1 that runs Windows Server. Server1 has the storage pools shown in the following table.

You plan to create a virtual disk named VDisk1 that will use storage tiers.
Which pools can you use to create VDisk1 ?

A. Pool2 and Pool3 only
B. Pool2 only
C. Pool1 only
D. Pool1, Pool2 and Pool3
E. Pool1 and Pool2 only
F. Pool1 and Pool3 only
G. Pool3 only

Answer: A
Explanation:
Storage tiering requires both standard HDDs and SSDs. We cannot use Pool1 because it does not have any SSDs.

QUESTION 65
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan deploy 100 new Azure virtual machines that will run Windows Server.
You need to ensure that each new virtual machine is joined to the AD DS domain.
What should you use?

A. Azure AD Connect
B. a Group Policy Object (GPO)
C. an Azure Resource Manager (ARM) template
D. an Azure management group

Answer: C
Explanation:
https://www.ludovicmedard.com/create-an-arm-template-of-a-virtual-machine-automatically-joined-to-a-domain/

QUESTION 66
Your network contains an on -premises Active Directory Domain Services (AD DS) domain named contoso.com.
The domain contains the objects shown in the following table.

You plan to sync contoso.com with an Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
You need to ensure that all the objects can be used in Conditional Access policies. What should you do?

A. Change the scope of Group2 to Universal
B. Clear the Configure device writeback option.
C. Change the scope of Group1 and Group2 to Global
D. Select the Configure Hybrid Azure AD join option.

Answer: D
Explanation:
Hybrid Azure AD join needs to be configured to enable Computer1 to be used in Conditional Access Policies. Synchronized users, universal groups and domain local groups can be used in Conditional Access Policies.

QUESTION 67
Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.
You need to minimize the latency for changes to Active Directory.
What should you do?

A. For each site link, modify the options attribute.
B. For each site link, modify the site link costs.
C. For each site link, modify the replication schedule.
D. Create a site link bridge that contains all the site links.

Answer: A
Explanation:
When you configure manual site link replication schedule is already setup to 15 minute replication cycle you can not lower more down. So only option left is to change link site option attribute for use notify setting.

QUESTION 68
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 10 servers that run Windows Server. The servers have static IP addresses.
You plan to use DHCP to assign IP addresses to the servers. You need to ensure that each server always receives the same IP address.
Which type of identifier should you use to create a DHCP reservation for each server?

A. universally unique identifier (UUID)
B. fully qualified domain name (FQDN)
C. NetBIOS name
D. MAC address

Answer: D

QUESTION 69
You have an on-premises server named Server1 that runs Windows Server.
You have an Azure virtual network that contains an Azure virtual network gateway.
You need to connect only Server1 to the Azure virtual network.
What should you use?

A. Azure Network Adapter
B. a Site-to-SiteVPN
C. an ExpressRoute circuit
D. Azure Extended Network

Answer: A
Explanation:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/use-azure-network-adapter

QUESTION 70
You have a server that runs Windows Server and has the DHCP Server role installed.
The server has a scope named Scope! that has the following configurations:
– Address range: 192.168.0.2 to 192.168.1.255
– Mask: 255.255.254.0
– Router: 192.168.0.1
– Lease duration: 3 days
– DNS server 172.16.0.254
You have 50 Microsoft Teams Phone devices from the same vendor. All the devices have MAC addresses within the same range.
You need to ensure that all the Teams Phone devices that receive a lease from Scope1 have IP addresses in the range of 192.168.1.100 to 192.168.1.200.
The solution must NOT affect other DHCP clients that receive IP configurations from Scope1.
What should you create?

A. a policy
B. a scope
C. a fitter
D. scope options

Answer: A

QUESTION 71
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The on-premises network is connected to Azure by using a Site-to-Site VPN.
You have the DNS zones shown in the following table.

You need to ensure that names from fabrikam.com can be resolved from the on-premises network.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Create a conditional forwarder for fabrikam.com on DC1.
B. Create a stub zone for fabrikam.comonDC1.
C. Create a secondary zone for fabrikam.com on DC1.
D. Deploy an Azure virtual machine that runs Windows Server.
Modify the DNS Servers settings for the virtual network.
E. Deploy an Azure virtual machine the runs Windows Server.
Configure the virtual machine &s a DNS forwarder.

Answer: AE
Explanation:
https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder

QUESTION 72
Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic.
The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only.
You plan to manage the servers in the branch office by using a Windows Admin Center gateway.
On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings.
You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway.
Which inbound TCP port should you allow?

A. 443
B. 3389
C. 5985
D. 6516

Answer: A
Explanation:
The default port for the Windows Admin Center Gateway Installation is Port 443 – it is recommended to use this default port.
https://www.manfredhelber.de/installing-and-configuring-windows-admin-center-for-windows-server-2022-management/

QUESTION 73
You have an Azure subscription that contains the following resources:
– An Azure Log Analytics workspace
– An Azure Automation account
– Azure Arc
You have an on-premises server named Served that is onboaraed to Azure Arc.
You need to manage Microsoft updates on Server1 by using Azure Arc.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point

A. Add Microsoft Sentinel to the Log Analytics workspace
B. On Server1, install the Azure Monitor agent
C. From the Automation account, enable Update Management for Server1.
D. From the Virtual machines data source of the Log Analytics workspace, connect Server1.

Answer: BC
Explanation:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc-update-management

QUESTION 74
You have an Azure virtual machine named VM1 Ilia! has a private IP address only.
You configure the Windows Admin Center extension on VM1.
You have an on-premises computer that runs Windows 11.
You use the computer for server management.
You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.
What should you configure?

A. an Azure Bastion host on the virtual network that contains VM1.
B. a VPN connection to the virtual network that contains VM1.
C. a network security group 1NSG) rule that allows inbound traffic on port 443.
D. a private endpoint on the virtual network that contains VM1.

Answer: B
Explanation:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm

QUESTION 75
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organizational unit (OU) that contains the client computers in the new branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?

A. Yes
B. No

Answer: B
Explanation:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller

QUESTION 76
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 77
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new subnet object that is associated to Site1.
Does this meet the goal?

A. Yes
B. No

Answer: A
Explanation:
By associating a site with one or more subnets, you assign a set of IP addresses to the site
DNS uses the site name to locate a domain controller in that site (or in the next closest site to the client). DNS then provides the IP address of the domain controller to the client for the purpose of connecting to the domain controller. For this reason, it is important to ensure that the IP address that you assign to a domain controller maps to a subnet that is associated with the site of the respective server object.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754697(v=ws.11)?redirectedfrom=MSDN

QUESTION 78
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com.
The domain contains three servers that run Windows Server and have the Hyper-V server rote installed. Each server has a Switch Embedded Teaming (SET) team.
You need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server.
What should you use?

A. Server Manager
B. the validate-DCB cmdtet
C. the Get-NetAdaptor cmdlet
D. Failover Cluster Manager

Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure-stack/hci/deploy/validate

QUESTION 79
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.
Which optional feature should you select in Azure AD Connect?

A. Device writeback
B. Group writeback
C. Password writeback
D. Directory extension attribute sync
E. Azure AD app and attribute filtering

Answer: A
Explanation:
Hybrid certificate trust deployments need the device write back feature. Authentication to the Windows Server 2016 Active Directory Federation Services needs both the user and the computer to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS from authenticating the computer and results in Windows Hello for Business certificate enrollment failures. For this reason, Windows Hello for Business deployments need device writeback, which is an Azure Active Directory premium feature.
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs

---

Resources From:

1.2023 Latest Braindump2go AZ-800 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-800.html

2.2023 Latest Braindump2go AZ-800 PDF and AZ-800 VCE Dumps Free Share:
https://drive.google.com/drive/folders/13Ds6i_jQyz63O0yjDLs2NHj46NyJC9nv?usp=sharing

3.2023 Free Braindump2go AZ-800 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AZ-800-PDF-Dumps(58-79).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!