Microsoft AZ-801 Übungsprüfungen
Zuletzt aktualisiert am 25.04.2025- Prüfungscode: AZ-801
- Prüfungsname: Configuring Windows Server Hybrid Advanced Services
- Zertifizierungsanbieter: Microsoft
- Zuletzt aktualisiert am: 25.04.2025
DRAG DROP
You have a server named Server1 that runs Windows Server and has the Web Server (IIS) server role installed. Server1 hosts an ASP.NET Core web app named WebApp1 and the app’s source files.
You install Docker on Server1.
You need to ensure that you can deploy WebApp1 to an Azure App Service web app from the Azure Container Registry.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT
You have a server that runs Windows Server and has the Web Server (IIS) server role installed.
Server1 hosts a single website that has the following configurations:
✑ Is accessible by using a URL of https://www.contoso.com:8443 and has an SSL certificate that was issued by a third-party certification authority (CA) in the Microsoft Trusted Root Program
✑ Uses anonymous authentication
✑ Was developed by using PHP
You plan to use APP Service Migration Assistant to migrate the website to Azure App Service.
You need to migrate the website. The solution must minimize the number of changes made to the existing website.
What should you do manually to ensure that the website migration is successful? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server and uses Azure Disk Encryption.
You need to identify which Azure key vault stores the encryption keys for VM1. The solution must minimize administrative effort.
Which PowerShell cmdlet should you run?
- A . Get-AzKeyVaultKey
- B . Get-AiKeyVault
- C . Get-AzVMDiskEncryptionStatus
- D . Get-AzDiskEncryptionSet
HOTSPOT
You have two servers that have the Web Server (IIS) server role installed.
The servers are configured as shown in the following table.
Both servers are configured to enable website deployment by using the Web Deployment Tool.
Server1 hosts a website named Site1 that has Web Deploy Publishing configured.
You plan to migrate Site1 to Server2.
You need to perform a pull synchronization of Site1 by using the Web Deployment Agent Service.
How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Topic 1, Fabrikam inc
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you
would like to complete each case. However, there may be additional case studies and sections on this
exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. is a manufacturing company that has a main office in Chicago and a branch office in Paris.
Existing Environment
Identity Infrastructure
Fabrikam has an Active Directory Domain Services (AD DS) forest that syncs with an Azure Active Directory (Azure AD) tenant. The AD DS forest contains two domains named corp.fabrikam.com and europe.fabrikam.com.
Chicago Office On-Premises Servers
The office in Chicago contains on-premises servers that run Windows Server 2016 as shown in the following table.
All the servers in the Chicago office are in the corp.fabrikam.com domain.
All the virtual machines in the Chicago office are hosted on HV1 and HV2. HV1 and HV2 are nodes in a failover cluster named Cluster1.
WEB1 and WEB2 run an Internet Information Services (IIS) website. Internet users connect to the website by using a URL of https://www.fabrikam.com.
All the users in the Chicago office run an application that connects to a UNC path of \Fileserver1Data. Paris On-Premises Servers
The office in Paris contains a physical server named dc2.europe.fabrikam.com that runs Windows Server 2016 and is a domain controller for the europe.fabrikam.com domain. Network Infrastructure
The networks in both the Chicago and Paris offices have local internet connections. The Chicago and Paris offices are connected by using VPN connections.
The client computers in the Chicago office get IP addresses from DHCP1.
Security Risks
Fabrikam identifies the following security risks:
Some accounts connect to AD DS resources by using insecure protocols such as NTLMv1, SMB1, and unsigned LDAP.
Servers have Windows Defender Firewall enabled. Server administrators sometimes modify firewall rules
and allow risky connections.
Requirements
Security Requirements
Fabrikam identifies the following security requirements:
Prevent server administrators from configuring Windows Defender Firewalls rules.
Encrypt all the data disks on the servers by using BitLocker Drive Encryption (BitLocker).
Ensure that only authorized applications can be installed or run on the servers in the forest.
Implement Microsoft Sentinel as a reporting solution to identify all connections to the domain controllers that use insecure protocols.
On-Premises Migration Plan
Fabrikam plans to migrate all the existing servers and identifies the following migration requirements:
Move the APP1 and APP2 virtual machines in the Chicago office to a new Hyper-V failover cluster named Cluster2 that will run Windows Server 2022.
– Cluster2 will contain two new nodes named HV3 and HV4.
– All virtual machine files will be stored on a Cluster Shared Volume (CSV).
Migrate Archive1 to a new failover cluster named Cluster3 that will run Windows Server 2022.
– Cluster3 will contain two physical nodes named Node1 and Node2.
– The file shares on Cluster3 will be a failover cluster role in active-passive mode.
Migrate all users, groups, and client computers from europe.fabrikam.com to corp.fabrikam.com.
– The migration will be performed by using the Active Directory Migration Tool (ADMT).
– A computer named ADMT computer will be deployed to the corp.fabrikam.com domain to run ADMT migration procedures.
– User accounts will retain their existing password.
Migrate the data share from Fileserver1 to a new server named Fileserver2 that will run Windows Server 2022. After the migration, the data share must be accessible by using the existing UNC path.
Azure Migration Plan
Fabrikam plans to migrate some resources to Azure and identifies the following migration requirements:
Create an Azure subscription named Sub1.
Create an Azure virtual network named Vnet1.
Use ExpressRoute to connect the Paris and Chicago offices to Vnet1.
License all servers for Microsoft Defender for servers.
Migrate APP3 and APP4 to Azure.
Migrate the www.fabrikam.com website to an Azure App Service web app named WebApp1.
Decommission WEB1 and WEB2.
DHCP Migration Plan
Fabrikam plans to replace DHCP1 with a new server named DHCP2 and identifies the following migration requirements:
Ensure that DHCP2 provides the same IP addresses that are currently available from DHCP1.
Prevent DHCP1 from servicing clients once services are enabled on DHCP2.
Ensure that the existing leases and reservations are migrated.
DRAG DROP
You are planning the implementation of Cluster2 to support the on-premises migration plan.
You need to ensure that the disks on Cluster2 meet the security requirements.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT
You have an on-premises server that runs Windows Server and contains a folder named Folder1.
Folder1 contains 50 GB of files.
You have an Azure subscription that contains an Azure Files share named share1.
You need to migrate the data in Folder1 to share1.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your company uses Storage Spaces Direct.
You need to view the available storage in a Storage Space Direct storage pool.
What should you use?
- A . File Server Resource Manager (FSRM)
- B . the Get-StorageSubsystem cmdlet
- C . Disk Management
- D . Windows Admin Center
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From Virus & threat protection, you configure Tamper Protection.
Does this meet the goal?
- A . Yes
- B . No
DRAG DROP
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
The AD DS domain contains a domain controller named DC1. DC1 does NOT have internet access.
You need to configure password security for on-premises users.
The solution must meet the following requirements:
✑ Prevent the users from using known weak passwords.
✑ Prevent the users from using the company name in passwords.
What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains two virtual machines named VM1 and VM2 that run Windows Server.
You plan to implement a failover cluster named Cluster1 that will use VM1 and VM2 as nodes.
You need to ensure that Cluster1 can use floating IP addresses.
Which two components should you deploy? Each correct answer presents part-of the solution. NOTE: Each correct selection is worth one point.
- A . Network Load Balancing (NLB)
- B . the Multipoint Services role
- C . the Network Controller role
- D . the Host Guardian Service role
- E . Software Load Balancer (SLB)