CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-800

Free AZ-800 Exam Braindumps (page: 7)

Page 6 of 66
PDF with 258 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. You need to identify which server is the PDC emulator for the domain.

Solution: From a command prompt, you run netdom.exe query fsmo. Does this meet the goal?

  1. Yes
  2. No

Answer(s): A


Reference:

https://activedirectorypro.com/how-to-check-fsmo-roles/



You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
You plan to implement self-service password reset (SSPR) in Azure AD.
You need to ensure that users that reset their passwords by using SSPR can use the new password resources in the AD DS domain.
What should you do?

  1. Deploy the Azure AD Password Protection proxy service to the on premises network.
  2. Run the Microsoft Azure Active Directory Connect wizard and select Password writeback.
  3. Grant the Change password permission for the domain to the Azure AD Connect service account.
  4. Grant the impersonate a client after authentication user right to the Azure AD Connect service account.

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback



You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.
To which group should you add the administrator?

  1. AAD DC Administrators
  2. Domain Admins
  3. Schema Admins
  4. Enterprise Admins
  5. Group Policy Creator Owners

Answer(s): A

Explanation:

Settings for user and computer objects in Azure Active Directory Domain Services (Azure AD DS) are often managed using Group Policy Objects (GPOs).

Azure AD DS includes built-in GPOs for the AADDC Users and AADDC Computers containers. You can customize these built-in GPOs to configure Group Policy as needed for your environment.

ANSWER (A): Members of the Azure AD DC administrators group have "Group Policy administration privileges in the Azure AD DS domain, and can also create custom GPOs and organizational units (OUs). "


Reference:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy



DRAG DROP (Drag and Drop is not supported)
You create a new Azure subscription.
You plan to deploy Azure Active Directory Domain Services (Azure AD DS) and Azure virtual machines. The virtual machines will be joined to Azure AD DS.

You need to deploy Active Directory Domain Services (AD DS) to ensure that the virtual machines can be deployed and joined to Azure AD DS.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance






Post your Comments and Discuss Microsoft AZ-800 exam with other Community members: