AZ-800 Exam Question 46
You have a server that runs Windows Server and has the DHCP Server role installed.
The server has a scope named Scope! that has the following configurations:
- Address range: 192.168.0.2 to 192.168.1.255
- Mask: 255.255.254.0
- Router: 192.168.0.1
- Lease duration: 3 days
- DNS server 172.16.0.254
You have 50 Microsoft Teams Phone devices from the same vendor. All the devices have MAC addresses within the same range.
You need to ensure that all the Teams Phone devices that receive a lease from Scope1 have IP addresses in the range of 192.168.1.100 to 192.168.1.200.
The solution must NOT affect other DHCP clients that receive IP configurations from Scope1.
What should you create?
The server has a scope named Scope! that has the following configurations:
- Address range: 192.168.0.2 to 192.168.1.255
- Mask: 255.255.254.0
- Router: 192.168.0.1
- Lease duration: 3 days
- DNS server 172.16.0.254
You have 50 Microsoft Teams Phone devices from the same vendor. All the devices have MAC addresses within the same range.
You need to ensure that all the Teams Phone devices that receive a lease from Scope1 have IP addresses in the range of 192.168.1.100 to 192.168.1.200.
The solution must NOT affect other DHCP clients that receive IP configurations from Scope1.
What should you create?
AZ-800 Exam Question 47
Case Study 1 - Fabrikam, Inc
Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.
Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.
DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.
All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.
Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.
Requirements
Planned Changes
Fabrikam identifies the following planned changes:
Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
License all servers for Microsoft Defender for servers.
Use Azure Policy to enforce configuration management policies on the servers in Azure and on- premises.
Networking Requirements
Fabrikam identifies the following networking requirements:
Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.
Security Requirements
Fabrikam identifies the following security requirements:
Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
Ensure that seattlefiles syncs to FS2.
Ensure that newyorkfiles syncs to FS1.
Ensure that companyfiles syncs to both FS1 and FS2.
Question
What should you implement for the deployment of DC3?
Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.
Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.
DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.
All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.
Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.
Requirements
Planned Changes
Fabrikam identifies the following planned changes:
Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
License all servers for Microsoft Defender for servers.
Use Azure Policy to enforce configuration management policies on the servers in Azure and on- premises.
Networking Requirements
Fabrikam identifies the following networking requirements:
Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.
Security Requirements
Fabrikam identifies the following security requirements:
Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
Ensure that seattlefiles syncs to FS2.
Ensure that newyorkfiles syncs to FS1.
Ensure that companyfiles syncs to both FS1 and FS2.
Question
What should you implement for the deployment of DC3?
AZ-800 Exam Question 48
Hotspot Question
You have a Windows Server container host named Server1 and an Azure subscription.
You deploy an Azure container registry named Registry1 to the subscription.
On Server1, you create a container image named image1.
You need to store image1 in Registry1.
Which command should you run on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Windows Server container host named Server1 and an Azure subscription.
You deploy an Azure container registry named Registry1 to the subscription.
On Server1, you create a container image named image1.
You need to store image1 in Registry1.
Which command should you run on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-800 Exam Question 49
Hotspot Question
You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed.
You need to limit which Hyper-V module cmdlets helpdesk users can use when administering Server1 remotely.
You configure Just Enough Administration (JEA) and successfully build the role capabilities and session configuration files.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed.
You need to limit which Hyper-V module cmdlets helpdesk users can use when administering Server1 remotely.
You configure Just Enough Administration (JEA) and successfully build the role capabilities and session configuration files.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-800 Exam Question 50
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?