Microsoft AZ-800 Exam Practice Questions (P. 4)
- Full Access (256 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #16
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object
(GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object
(GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?
- AYes
- BNo
Correct Answer:
B
B
GPT-4o - Answer
The correct answer is indeed "No." Enabling the 'Try Next Closest Site' GPO setting won't achieve the goal of primarily authenticating the client computers at the new branch with the domain controllers in Site1. The setting uses an algorithm to locate a DC within the same site first, and if unavailable, the next closest site based on site-link cost. Since all sites are interconnected with the same DEFAULTIPSITELINK and no differential in site-link costs specified, this setting won't preferentially direct authentication requests to Site1. Thus, this approach doesn't ensure that Site1's domain controllers will primarily handle the authentication for the new branch.
Question #17
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new site named Site4 and associate Site4 to DEFAULTSITELINK.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create a new site named Site4 and associate Site4 to DEFAULTSITELINK.
Does this meet the goal?
- AYes
- BNo
Correct Answer:
B
B
GPT-4o - Answer
The correct approach to the scenario would indeed involve not only creating a new site named Site4 but also adjusting site link settings strategically. Simply associating Site4 with the existing DEFAULTIPSITELINK is insufficient because by default, this does not prioritize any specific site for authentication services. For the new branch office's client computers to be primarily authenticated by the domain controllers in Site1, a direct or lower-cost site link specifically favoring Site1 should be established. This ensures that authentication traffic is efficiently directed to Site1, thereby reducing latency and potential authentication delays across the network.
Question #18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1.
Does this meet the goal?
- AYes
- BNo
Correct Answer:
B
B
GPT-4o - Answer
The solution involving configuring the "Try Next Closest Site" GPO setting does not achieve the desired goal of having the client computers primarily authenticate with the domain controllers in Site1. This setting is designed to direct client computers to the next closest site when their local site's domain controller cannot be contacted. It does not influence clients in a new office to preferentially authenticate with Site1's domain controllers over others. For effective domain controller preference, adjustments in site links and associated costs, or strategic placement of subnets and site assignments, are necessary to direct authentication traffic towards Site1. This ensures that authentication requests from the new office are routed primarily towards Site1 by default.
Question #19
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.
Solution: From Active Directory Sites and Services, you right-click Default-First-Site-Name in the console tree, and then select Properties.
Does this meet the goal?
- AYes
- BNo
Correct Answer:
B
B
GPT-4o - Answer
The solution provided doesn't achieve the goal because Active Directory Sites and Services doesn't provide information about FSMO roles such as the PDC emulator. Instead, to identify the PDC emulator, use Active Directory Users and Computers, navigate to Operations Masters, and then the PDC tab to view which server holds the PDC master role. The method cited in the question is incorrect for this specific task.
Question #20
Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains the servers shown in the following exhibit table.
You plan to install a line-of-business (LOB) application on Server1. The application will install a custom Windows service.
A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key.
You need to create, configure, and install the gMSA that will be used by the new application.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
You plan to install a line-of-business (LOB) application on Server1. The application will install a custom Windows service.
A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key.
You need to create, configure, and install the gMSA that will be used by the new application.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
All Pages