AZ-800試験無料問題集「Microsoft Administering Windows Server Hybrid Core Infrastructure 認定」
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant Group writeback is enabled in Azure AD Connect.
The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1.
You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared You need to create a security group that meets the following requirements:
* Can contain users from the AD DS domain
* Can be used to authorize user access to share 1 and share2
What should you do?
The AD DS domain contains a server named Server1 Server 1 contains a shared folder named share1.
You have an Azure Storage account named storage2 that uses Azure AD-based access control. The storage2 account contains a share named shared You need to create a security group that meets the following requirements:
* Can contain users from the AD DS domain
* Can be used to authorize user access to share 1 and share2
What should you do?
正解:C
解答を投票する
Task 9
You need to ensure that all the computers in the domain use DNSSEC to resolve names in the adatum.com zone.
You need to ensure that all the computers in the domain use DNSSEC to resolve names in the adatum.com zone.
正解:
See the solution of this Task below.
Explanation:
To ensure that all computers in the domain use DNSSEC to resolve names in the adatum.com zone, you'll need to configure both the DNS servers and the client computers. Here's how you can do it:
Step 1: Sign the adatum.com Zone First, you need to sign the adatum.com DNS zone. This can be done using the DNS Manager or PowerShell. Here's a PowerShell example:
Add-DnsServerSigningKey -ZoneName "adatum.com" -CryptoAlgorithm RsaSha256 Set-DnsServerDnsSecZoneSetting -ZoneName "adatum.com" -DenialOfExistence NSEC3 - NSEC3Parameters 1,0,10,"" This will add a signing key and configure DNSSEC for the zone with NSEC3 parameters.
Step 2: Configure DNS Servers Ensure that your DNS servers are configured to support DNSSEC. This includes setting up trust anchors for the zones that you want to validate and configuring the DNS servers to provide DNSSEC validation for DNS queries.
Step 3: Configure DNS Clients For DNSSEC validation to occur on the client side, the client computers must be configured to trust the DNS server's validation process. This typically involves configuring the client's DNS settings to point to a DNS server that supports DNSSEC.
Step 4: Validate Configuration You can validate that DNSSEC is working correctly by using tools like nslookup or dig to query DNS records and check for the presence of DNSSEC signatures in the responses.
Note: The exact steps may vary depending on your environment and the version of Windows Server you are using. Ensure that you have the appropriate administrative rights to make these changes and that you test the configuration in a controlled environment before deploying it domain-wide12.
By following these steps, you should be able to ensure that all computers in your domain use DNSSEC to resolve names in the adatum.com zone.
Explanation:
To ensure that all computers in the domain use DNSSEC to resolve names in the adatum.com zone, you'll need to configure both the DNS servers and the client computers. Here's how you can do it:
Step 1: Sign the adatum.com Zone First, you need to sign the adatum.com DNS zone. This can be done using the DNS Manager or PowerShell. Here's a PowerShell example:
Add-DnsServerSigningKey -ZoneName "adatum.com" -CryptoAlgorithm RsaSha256 Set-DnsServerDnsSecZoneSetting -ZoneName "adatum.com" -DenialOfExistence NSEC3 - NSEC3Parameters 1,0,10,"" This will add a signing key and configure DNSSEC for the zone with NSEC3 parameters.
Step 2: Configure DNS Servers Ensure that your DNS servers are configured to support DNSSEC. This includes setting up trust anchors for the zones that you want to validate and configuring the DNS servers to provide DNSSEC validation for DNS queries.
Step 3: Configure DNS Clients For DNSSEC validation to occur on the client side, the client computers must be configured to trust the DNS server's validation process. This typically involves configuring the client's DNS settings to point to a DNS server that supports DNSSEC.
Step 4: Validate Configuration You can validate that DNSSEC is working correctly by using tools like nslookup or dig to query DNS records and check for the presence of DNSSEC signatures in the responses.
Note: The exact steps may vary depending on your environment and the version of Windows Server you are using. Ensure that you have the appropriate administrative rights to make these changes and that you test the configuration in a controlled environment before deploying it domain-wide12.
By following these steps, you should be able to ensure that all computers in your domain use DNSSEC to resolve names in the adatum.com zone.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains the sites and site links shown in the following exhibit.
The sites contain the bridgehead domain controllers shown in the following table.
The IP intersite transport container is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The sites contain the bridgehead domain controllers shown in the following table.
The IP intersite transport container is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have a disaggregated cluster deployment. The deployment contains a scale-out file server (SOFS) cluster that runs Windows Server and a compute duster that has the Hyper-V role enabled.
You need to implement Storage Quality of Service (QoS). The solution must ensure that you can control the bandwidth usage between the SOFS cluster and the Hyper-V cluster.
Which cmdlet should you run on each cluster? To answer, drag the appropriate cmdlets to the correct clusters.
Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to implement Storage Quality of Service (QoS). The solution must ensure that you can control the bandwidth usage between the SOFS cluster and the Hyper-V cluster.
Which cmdlet should you run on each cluster? To answer, drag the appropriate cmdlets to the correct clusters.
Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant.
You deploy an app that adds custom attributes to the domain.
From Azure Cloud Shell, you discover that you cannot query the custom attributes of users.
You need to ensure that the custom attributes are available in Microsoft Entra ID.
Which task should you perform from Microsoft Entra Connect first?
You deploy an app that adds custom attributes to the domain.
From Azure Cloud Shell, you discover that you cannot query the custom attributes of users.
You need to ensure that the custom attributes are available in Microsoft Entra ID.
Which task should you perform from Microsoft Entra Connect first?
正解:C
解答を投票する
You have a server named Host1 that runs Windows Server 2022 and is configured as a container host. Host1 stores a container image named image1 that is based on Windows Server 2019.
You need to start a container from image1 on Host1.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to start a container from image1 on Host1.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Your network contains the segments shown in the following table.
You have servers that run Windows Server and are configured as shown in the following table.
You deploy a server named Server4 that runs Windows Server and has a static IP address of 172.16.1.1. You connect Server4 to Segment1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have servers that run Windows Server and are configured as shown in the following table.
You deploy a server named Server4 that runs Windows Server and has a static IP address of 172.16.1.1. You connect Server4 to Segment1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have a server named Server1 that has Windows Admin Center installed. The certificate used by Windows Admin Center was obtained from a certification authority (CA).
The certificate expires.
You need to replace the certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
The certificate expires.
You need to replace the certificate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
Reference:
https://www.starwindsoftware.com/blog/change-the-windows-admin-center-certificate
You have servers that have the DNS Server role installed. The servers are configured as shown in the following table.
All the client computers in the New York office use Server2 as the DNS server.
You need to configure name resolution in the New York office to meet the following requirements:
* Ensure that the client computers in New York can resolve names from contoso.com.
* Ensure that Server2 forwards all DNS queries for internet hosts to 131. 107.100.200.
The solution must NOT require modifications to Server1.
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
All the client computers in the New York office use Server2 as the DNS server.
You need to configure name resolution in the New York office to meet the following requirements:
* Ensure that the client computers in New York can resolve names from contoso.com.
* Ensure that Server2 forwards all DNS queries for internet hosts to 131. 107.100.200.
The solution must NOT require modifications to Server1.
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:A,B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server. VM1 contains a 128-GB operating system disk.
You need to increase the size of volume C on VM1 to 250 GB.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to increase the size of volume C on VM1 to 250 GB.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
The network contains the servers shown in the following table.
You plan to implement IP Address Management (IPAM).
You need to use the Group Policy based provisioning method for managed servers. The solution must support server discovery.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
The network contains the servers shown in the following table.
You plan to implement IP Address Management (IPAM).
You need to use the Group Policy based provisioning method for managed servers. The solution must support server discovery.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You plan to deploy an Azure virtual machine that will run Windows Server.
You need to ensure that an Azure Active Directory (Azure AD) user nameduserl@contoso.com can connect
10 the virtual machine by using the Azure Serial Console.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to ensure that an Azure Active Directory (Azure AD) user nameduserl@contoso.com can connect
10 the virtual machine by using the Azure Serial Console.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview
You need to ensure that data availability on SSPace1 meets the technical requirements.
What is the maximum number of physical disks that can fail on each disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What is the maximum number of physical disks that can fail on each disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains two domains named contoso.com and east.contoso.com. Contoso.com contains two users named CONTOSO
\User1 and EAST\User2.
You need to ensure that the users can perform the following tasks:
* User1 must deploy an additional domain controller to eastcontoso.com.
* User2 must deploy a new domain controller that will host a domain named west.contoso.com.
The solution must follow the principle of least privilege.
To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
\User1 and EAST\User2.
You need to ensure that the users can perform the following tasks:
* User1 must deploy an additional domain controller to eastcontoso.com.
* User2 must deploy a new domain controller that will host a domain named west.contoso.com.
The solution must follow the principle of least privilege.
To which group should you add each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with Azure AD by using Azure AD Connect.
You enable password protection for contoso.com.
You need to prevent users from including the word Contoso as part of their password.
What should you use?
You enable password protection for contoso.com.
You need to prevent users from including the word Contoso as part of their password.
What should you use?
正解:D
解答を投票する