CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-800

Free AZ-800 Exam Braindumps (page: 11)

Page 11 of 66
PDF with 258 Questions

Your network contains a Active Directory Domain Service (AD DS) forest named contoso.com. The forest root domain contains a server named server1. contoso.com. A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains. You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.com. What should you do first?

  1. Add fabrikam\Group1 to the local Users group on server1.contoso.com.
  2. Enable SID filtering for the trust.
  3. Enable Selective authentication for the trust.
  4. Change the trust to a one-way external trust.

Answer(s): C

Explanation:

Selective authentication restricts access over an external or forest trust to only those users in a trusted domain or forest who have been explicitly given authentication permissions to computer objects (resource computers) residing in the trusting domain or forest. This authentication setting must be manually enabled.
Note: When a two way Forest Trust is created between Forest A and Forest B, all domains in Forest A will trust all domains in Forest B and vice versa.
Incorrect:
Not B: When SID Filtering is enabled, all the foreign SIDs will be removed (quarantined) from user's access token while accessing any resource through Forest
Trust. The most common impact of this is, a migrated user account which is still using any resource using old SID will not be able to access that resource anymore. This is because when SID Filtering is enabled, it will block (filter) SID History through a Forest Trust.
When we create a forest Trust, SID Filtering is enabled by default. In some cases, we need to disable SID Filtering.
Not D: When a two way Forest Trust is created between Forest A and Forest B, all domains in Forest A will trust all domains in Forest B and vice versa.
If a one way Forest Trust is created, where Forest A is Trusting Domain and Forest B is Trusted Domain, then Forest B can access resources within Forest A, however Forest A cannot access resources within Forest B.


Reference:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc755321(v=ws.10)



Your network contains an Active Directory forest. The forest contains two domains named contoso.com and east.contoso.com and the servers shown in the following table.



Contoso.com contains a user named User1.
You add User1 to the built-in Backup Operators group in contoso.com.
Which servers can User1 back up?

  1. DC1 only
  2. Server1 only
  3. DC1 and DC2 only
  4. DC1 and Server1 only
  5. DC1, DC2, Server1, and Server2

Answer(s): A

Explanation:

A member of the Backup Operators group can perform backup operations for all domain controllers in the domain.

Note: Members of the Backup Operators group can back up and restore all files on a computer, regardless of the permissions that protect those files. Backup Operators also can log on to and shut down the computer. This group can't be renamed, deleted, or removed. By default, this built-in group has no members, and it can perform backup and restore operations on domain controllers.


Reference:

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups



HOTSPOT (Drag and Drop is not supported)
Your network contains an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.

You need to configure a password policy for the local user accounts on the Azure virtual machines joined to contoso.com.

What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: AAD DC Administrators group
To create a custom password policy in a managed domain, you must be signed in to a user account that's a member of the AAD DC Administrators group.

Box 2: AADDC Users organizational unit (OU)
Password policies can only be applied to groups. In the Locations dialog, expand the domain name, such as aaddscontoso.com, then select an OU, such as AADDC Users. If you have a custom OU that contains a group of users you wish to apply, select that OU.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory-domain-services/password-policy



SIMULATION
You need to create a user named Admin1 in contoso.com. Admin1 must be able to back up and restore files on SRV1. The solution must use principle of the least privilege.

To complete this task, sign in the required computer or computers.

  1. See Explanation section for answer.

Answer(s): A

Explanation:

Step 1: Sign in to the Azure portal in the User Administrator role for the organization.
Add a new user
You can create a new user using the Azure Active Directory portal.
To add a new user, follow these steps:

Step 1. Sign in to the Azure portal in the User Administrator role for the organization.

Step 2: Search for and select Azure Active Directory from any page.

Step 3: Select Users, and then select New user.



Step 4: On the User page, enter information for this user:
Name: Admin1
User name: Admin1
Groups. Optional
Groups. Optional: Backup Operator

Step 5: Copy the autogenerated password provided in the Password box. You'll need to give this password to the user to sign in for the first time.

Step 6: Select Create.
The user is created and added to your Azure AD organization.

Note:
Azure Backup provides three built-in roles to control backup management operations.
Backup Operator - This role has permissions to everything a contributor does except removing backup and managing backup policies. This role is equivalent to contributor except it can't perform destructive operations such as stop backup with delete data or remove registration of on-premises resources.
Incorrect:
Backup Contributor - This role has all permissions to create and manage backup except deleting Recovery Services vault and giving access to others. Imagine this role as admin of backup management who can do every backup management operation.

Backup Reader - This role has permissions to view all backup management operations. Imagine this role to be a monitoring person.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory
https://learn.microsoft.com/en-us/azure/backup/backup-rbac-rs-vault



Page 11 of 66



Post your Comments and Discuss Microsoft AZ-800 exam with other Community members:

Samuel commented on August 18, 2024
I successfully finished this exam. Thank you for your support.
SOUTH AFRICA
upvote

Barry Hilton commented on February 02, 2024
This looks like the exam
Anonymous
upvote

Saint Pierre commented on October 24, 2023
i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous
upvote

Saint Pierre commented on October 24, 2023
I would give 5 stars to this website as I studied for AZ-800 exam from here. It has all the relevant material available for preparation. I got 890/1000 on the test.
Anonymous
upvote

Rob commented on September 13, 2023
Great Material
UNITED STATES
upvote

Garchirs commented on August 04, 2023
Thanks for the help, this allowed me to get my az800cert
Anonymous
upvote

Nicole commented on February 08, 2023
It is very easy to make the purchase and download the files. So far all looks good. I am happy.
UNITED STATES
upvote