Microsoft AZ-800 Practice Test - Questions Answers, Page 14

DRAG DROP

Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. Contoso.com contains three child domains named amer.contoso.com, apac.contoso.com, and emea.contoso.com. Fabrikam.com contains a child domain named apac.fabrikam.com. A bidirectional forest trust exists between contoso.com and fabrikam.com. You need to provide users in the contoso.com forest with access to the resources in the fabrikam.com forest. The solution must meet the following requirements:

• Users in contoso.com must only be added directly to groups in the contoso.com forest.

• Permissions to access the resources in fabrikam.com must only be granted directly to groups in the fabrikam.com forest. • The number of groups must be minimized.

Which type of groups should you use to organize the users and to assign permissions? To answer, drag the appropriate group types to the correct requirements. Each group type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

HOTSPOT

Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.

The domain trust has the following configurations:

• Name: adatum.com

• Type: External

• Direction: One-way. outgoing

• Outgoing trust authentication level: Domain-wide authentication

The forests contain the network shares shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:

Each correct selection is worth one point.

HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com and the servers shown in the following table.

You need to create a folder for the Central Store to manage Group Policy template files for the entire forest. What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

HOTSPOT

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.

You need to configure DC3 to be the authoritative time server for the domain.

Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains group managed service accounts (gMSAs). You have a server named Server1 that runs Windows Server and is in a workgroup. Server! hosts Windows containers.

You need to ensure that the Windows containers can authenticate to contoso.com.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Your on-premises network contains an Active Directory domain named contoso.com. You have an Azure AD tenant. You plan to sync contoso.com with the Azure AD tenant by using Azure AD Connect cloud sync. You need to create an account that will be used by Azure AD Connect cloud sync. Which type of account should you create?

You have an Active Directory domain that contains a file server named Server1. Server1 runs

Windows Server and includes the file shares shown in the following table.

When users login to the network they receive the following network drive mappings.

• H: maps to Wserver1\users\%UserName%

• G: maps to \\server1\%Department%

You need to limit the amount of space consumed by user's on Server!. The solution must meet the following requirements:

• Prevent users using more than 5GB of space on their H: drive

• Prevent Accounts department users from using more than 10GB of space on the G: drive

• Prevent Marketing department users from using more than 15GB of space on the G: drive

• Prevent Customer Service department users from using more than 2GB of space on the G: drive

• Minimize administrative effort

What should you use?

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.

You need to ensure that if an attacker compromises the computer account of RODC1, the attacker cannot view the Employee-Number AD DS attribute. Which partition should you modify?

You have servers that run Windows Server 2022 as shown in the following table.

Server2 contains a .NET app named App1.

You need to establish a WebSocket connection from App1 to the SQL Server instance on Server!. The solution must meet the following requirements:

• Minimize the number of network ports that must be open on the on-premises network firewall.

• Minimize administrative effort.

What should you create first?