AZ-800 Exam Question 26
Case Study 1 - Fabrikam, Inc
Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.
Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.
DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.
All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.
Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.
Requirements
Planned Changes
Fabrikam identifies the following planned changes:
Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
License all servers for Microsoft Defender for servers.
Use Azure Policy to enforce configuration management policies on the servers in Azure and on- premises.
Networking Requirements
Fabrikam identifies the following networking requirements:
Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.
Security Requirements
Fabrikam identifies the following security requirements:
Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
Ensure that seattlefiles syncs to FS2.
Ensure that newyorkfiles syncs to FS1.
Ensure that companyfiles syncs to both FS1 and FS2.
Question
You need to configure remote administration to meet the security requirements.
What should you use?
Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.
Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.
DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.
All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.
Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.
Requirements
Planned Changes
Fabrikam identifies the following planned changes:
Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
License all servers for Microsoft Defender for servers.
Use Azure Policy to enforce configuration management policies on the servers in Azure and on- premises.
Networking Requirements
Fabrikam identifies the following networking requirements:
Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.
Security Requirements
Fabrikam identifies the following security requirements:
Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
Ensure that seattlefiles syncs to FS2.
Ensure that newyorkfiles syncs to FS1.
Ensure that companyfiles syncs to both FS1 and FS2.
Question
You need to configure remote administration to meet the security requirements.
What should you use?
AZ-800 Exam Question 27
Drag and Drop Question
You have a server named Server1.
You plan to use Storage Spaces to expand the storage available to Server1. You attach eight physical disks to Server1. Four disks are HDDs and four are SSDs.
You need to create a volume on Server1 that will use the storage on all the new disks. The solution must provide the fastest read performance for frequently used files.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have a server named Server1.
You plan to use Storage Spaces to expand the storage available to Server1. You attach eight physical disks to Server1. Four disks are HDDs and four are SSDs.
You need to create a volume on Server1 that will use the storage on all the new disks. The solution must provide the fastest read performance for frequently used files.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
AZ-800 Exam Question 28
Case Study 2 - Contoso, Ltd
Overview
Contoso, Ltd. is a company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.
Existing Environment
AD DS Environment
The network contains an on premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains two domains named contoso.com and canada.contoso.com.
The forest contains the domain controllers shown in the following table.
All the domain controllers are global catalog servers.
Server infrastructure
The network contains the servers shown in the following table.
A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Server4 uses the private profile.
Server2 hosts three virtual machines named VM1, VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.
Existing Identities
The forest contains the users shown in the following table.
The forest contains the groups shown in the following table.
Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
Change the replication schedule for all site links to 30 minutes.
Promote Server1 to a domain controller in canada.contoso.com.
Install and authorize Server3 as a DHCP server.
Ensure that User1 can manage the membership of all the groups in Contoso\OU3.
Ensure that you can manage Server4 from Server1 by using PowerShell remoting.
Ensure that you can run virtual machines on VM1.
Force users to provide credentials when they connect to VM2.
On VM3, ensure that Data Deduplication on all volumes is possible.
Question
Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Overview
Contoso, Ltd. is a company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.
Existing Environment
AD DS Environment
The network contains an on premises Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains two domains named contoso.com and canada.contoso.com.
The forest contains the domain controllers shown in the following table.
All the domain controllers are global catalog servers.
Server infrastructure
The network contains the servers shown in the following table.
A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Server4 uses the private profile.
Server2 hosts three virtual machines named VM1, VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.
Existing Identities
The forest contains the users shown in the following table.
The forest contains the groups shown in the following table.
Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
Change the replication schedule for all site links to 30 minutes.
Promote Server1 to a domain controller in canada.contoso.com.
Install and authorize Server3 as a DHCP server.
Ensure that User1 can manage the membership of all the groups in Contoso\OU3.
Ensure that you can manage Server4 from Server1 by using PowerShell remoting.
Ensure that you can run virtual machines on VM1.
Force users to provide credentials when they connect to VM2.
On VM3, ensure that Data Deduplication on all volumes is possible.
Question
Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
AZ-800 Exam Question 29
Contoso IT staff want to ensure that internal and external clients resolve names to internal and external IP addresses respectively. What do they need to do?
AZ-800 Exam Question 30
Hotspot Question
Your network contains two VLANs for client computers and one VLAN for a datacenter. Each VLAN is assigned an IPv4 subnet. Currently, all the client computers use static IP addresses.
You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate option the answer area.
NOTE: Each correct selection is worth one point.
Your network contains two VLANs for client computers and one VLAN for a datacenter. Each VLAN is assigned an IPv4 subnet. Currently, all the client computers use static IP addresses.
You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate option the answer area.
NOTE: Each correct selection is worth one point.
