Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-801

Microsoft AZ-801 Exam Questions
Configuring Windows Server Hybrid Advanced Services (Page 10 )

Updated On: 25-Apr-2026
Page 10 of 57
PDF with 313 Questions

You have an on-premises server named Server1 that runs Windows Server.

You have an Azure subscription.

You need to onboard Server1 to Microsoft Defender for Cloud.

What should you install on Server1?

  1. the Azure File Sync agent
  2. the Microsoft Entra provisioning agent
  3. the Device Health Attestation role
  4. the Azure Connected Machine agent

Answer(s): D

Explanation:

To onboard an on-premises server like Server1 to Microsoft Defender for Cloud, you need to install the Azure Connected Machine agent. This agent connects on-premises or other cloud servers to Azure services, enabling you to monitor and secure the server using Azure features like Microsoft Defender for Cloud.



You have a management group named MG1 that contains an Azure subscription named Sub1. Sub1 contains the resources shown in the following table.



You need to enable Microsoft Defender for Servers.

From the Azure portal, on which two resources can you enable Defender for Servers? Each correct answer presents a complete solution.

Note: Each correct selection is worth one point.

  1. RG1
  2. Workspace1
  3. Sub1
  4. MG1
  5. VNet1
  6. VM1

Answer(s): B,C



HOTSPOT (Drag and Drop is not supported)

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains an organizational unit (OU) named OU1 and a user named User1.

You plan to deploy a Hyper-V failover cluster named Cluster1.

You need to prestage the account for Cluster1 and ensure that User1 can deploy Cluster1. The solution must follow the principle of least privilege.

Which action should you perform, and which permissions should you grant to User1 for Cluster1? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Action: Create a new computer account named Cluster1.
When deploying a failover cluster, a computer account is needed for the cluster itself. Creating a new computer account named Cluster1 is the appropriate step.

Permissions: Full control.
User1 needs Full control over the computer account for Cluster1 to ensure they can create and manage the cluster.



HOTSPOT (Drag and Drop is not supported)

You have an Active Directory Domain Services (AD DS) domain that contains 1,000 users.

The domain has the following password requirements:

The minimum password length must be 12 characters.
Passwords must expire in 90 days.
Passwords must be complex.

You need to ensure that the members of a security team have passwords that meet the following requirements:

The minimum password length must be 16 characters.
Passwords must expire in 60 days.
Passwords must be complex.

The solution must minimize the impact on users who are NOT members of the security team.

What should you do? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:





Box 1: Fine Grained Password Policies
Implement

Configure fine grained password policies for Active Directory Domain Services Fine Grained Password Policies provide you with a way to define different password and account lockout policies for different sets of users in a domain. You can use fine grained password policies to specify multiple password policies within a single domain. You can also apply different restrictions for password and account lockout policies to different sets of users in a domain. For example, you can apply stricter settings to privileged accounts and less strict settings to the accounts of other users.

Fine-grained password policies apply only to global security groups and user objects. By default, only members of the Domain Admins group can set fine grained password policies. However, you can also delegate the ability to set these policies to other users.

Box 2: Active Directory Administrative Center
By using

Create a fine grained password policy

Here's how to create a fine grained password policy using ADAC:

-> 1. Open Active Directory Administrative Center, either from the Tools menu of the Server Manager console or by running an elevated PowerShell session and typing dsac.exe.

2. If the appropriate target domain isn't selected, choose Manage, choose Add Navigation Nodes, and select the appropriate target domain in the Add Navigation Nodes dialog box and then choose OK.

3. In the ADAC navigation pane, open the System container, and then choose Password Settings Container.

4. In the Tasks pane, choose New, and then choose Password Settings.

5. Fill in or edit fields inside the property page to create a new Password Settings object. The Name and Precedence fields are required.

6. Under Directly Applies To, choose Add, type the name of the group to which the fine grained password policy, and then choose OK.

7. Choose OK to submit the creation.


Reference:

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/fine-grained-password-policies



You have 500 on-premises servers that run Windows Server.

You have an Azure subscription that contains a Log Analytics workspace named Workspace1.

You plan to use VM insights in Azure Monitor to monitor the on-premises servers.

You need to onboard the servers to Azure Arc by using the template script. The solution must meet the following requirements:

Follow the principle of least privilege.
Minimize administrative effort.

What should you do first?

  1. Create a group managed service account (gMSA).
  2. Generate a Log Analytics key.
  3. Create a Microsoft Entra service principal.
  4. Download the Log Analytics workspace I

Answer(s): C

Explanation:

Connect hybrid machines to Azure at scale
You can enable Azure Arc-enabled servers for multiple Windows or Linux machines in your environment with several flexible options depending on your requirements. Using the template script we provide, you can automate every step of the installation, including establishing the connection to Azure Arc.
One method to connect the machines to Azure Arc-enabled servers is to use a Microsoft Entra service principal. This service principal method can be used instead of your privileged identity to interactively connect the machine. This service principal is a special limited management identity that has only the minimum permission necessary to connect machines to Azure using the azcmagent command. This method is safer than using a higher privileged account like a Tenant Administrator and follows our access control security best practices. The service principal is used only during onboarding; it is not used for any other purpose.


Reference:

https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal



Viewing page 10 of 57
Viewing questions 46 - 50 out of 313 questions
Share your experience with other


AZ-801 Exam Discussions & Posts

What the AZ-801 Exam Tests and How to Pass It

The AZ-801: Configuring Windows Server Hybrid Advanced Services exam is designed for IT professionals who are responsible for managing and maintaining Windows Server workloads in hybrid environments. This certification validates the technical skills required to secure, monitor, and troubleshoot Windows Server infrastructures, as well as the ability to implement high availability and disaster recovery solutions. Organizations hiring for roles such as Windows Server Administrator, Hybrid Cloud Administrator, or Infrastructure Engineer prioritize this certification because it demonstrates a candidate's proficiency in bridging on-premises server environments with Microsoft Azure services. By passing this exam, professionals prove they can handle complex migration scenarios and maintain operational continuity across diverse, modern IT landscapes.

What the AZ-801 Exam Covers

The exam evaluates your ability to manage critical infrastructure components, starting with the foundational requirement to secure Windows Server on-premises and hybrid infrastructures against modern threats. Candidates must demonstrate proficiency in implementing and managing Windows Server high availability, which involves configuring failover clustering and storage replication to ensure service uptime. Furthermore, the exam tests your knowledge of disaster recovery strategies, requiring you to plan for and execute recovery operations effectively. You will also be assessed on your capability to migrate servers and workloads, a task that demands a deep understanding of both legacy on-premises configurations and cloud-native migration tools. Finally, the ability to monitor and troubleshoot Windows Server environments is essential, as you must be able to identify performance bottlenecks and resolve connectivity issues using native Microsoft tools, all of which are covered extensively in our practice questions.

Among these domains, implementing and managing Windows Server high availability often proves to be the most technically demanding area for many candidates. This section requires more than just theoretical knowledge; it necessitates a practical understanding of how quorum configurations, cluster networking, and storage spaces direct interact within a production environment. You must be able to troubleshoot complex cluster failures and understand the nuances of implementing disaster recovery solutions that span across hybrid boundaries. Success in this area relies on your ability to synthesize information about network latency, storage throughput, and service dependencies, making it a critical focus for your exam preparation.

Are These Real AZ-801 Exam Questions?

Our platform provides practice questions that are sourced and verified by the community, ensuring they reflect the types of challenges you will encounter on the actual Microsoft certification exam. Because our content is community-verified, it is shaped by IT professionals and recent test-takers who have sat for the exam and understand the specific technical hurdles involved. If you've been searching for AZ-801 exam dumps or braindump files, our community-verified practice questions offer something more valuable, each question is verified and explained by IT professionals who recently passed the exam. We do not provide leaked or confidential content; instead, our questions reflect what appears on the real exam because they are sourced from the community's collective experience and understanding of the official exam objectives.

The community verification process is a collaborative effort where users actively participate in refining the accuracy of the study material. When a user encounters a question, they can discuss the answer choices, flag potentially incorrect information, and provide context based on their own recent exam experience. This peer-review mechanism ensures that the explanations remain current and technically accurate, which is vital for a certification exam that covers evolving hybrid technologies. By engaging with these discussions, you gain insights into the logic behind the correct answers, which is far more effective than simply memorizing patterns.

How to Prepare for the AZ-801 Exam

Effective exam preparation for the AZ-801 requires a balanced approach that combines hands-on experience with rigorous study of official Microsoft documentation. You should prioritize setting up a sandbox environment where you can practice configuring failover clusters, testing disaster recovery scenarios, and performing workload migrations to Azure. Understanding the underlying concepts is far more important than rote memorization, as the exam is designed to test your ability to apply knowledge to specific, scenario-based problems. Every practice question includes a free AI Tutor explanation that breaks down the reasoning behind the correct answer, so you understand the concept, not just the answer. Building a consistent study schedule that allocates time for both reading technical documentation and working through practice questions will help you retain complex information more effectively.

A common mistake candidates make is relying solely on theoretical study without ever touching the actual Windows Server or Azure interfaces. This approach often leads to failure because the AZ-801 exam frequently presents scenario-based questions that require you to identify the most efficient solution among several technically viable options. Another pitfall is poor time management during the exam, which can be mitigated by using our practice questions to simulate the pressure of a timed environment. By focusing on understanding the "why" behind each configuration step, you will be better equipped to handle the nuanced questions that appear on the actual Microsoft certification exam.

What to Expect on Exam Day

On the day of your exam, you should be prepared for a variety of question formats designed to test your practical application of Windows Server hybrid services. Microsoft certification exams typically include multiple-choice questions, scenario-based questions that require you to select the best solution for a given infrastructure problem, and potentially drag-and-drop or interactive elements. The exam is administered through a secure testing environment, often via Pearson VUE, where you will be monitored to ensure the integrity of the testing process. You will have a set amount of time to complete the exam, so it is important to pace yourself carefully, especially when encountering complex scenarios that require detailed analysis. Familiarizing yourself with the interface and the types of questions beforehand will help reduce anxiety and allow you to focus entirely on demonstrating your technical expertise.

Who Should Use These AZ-801 Practice Questions

These practice questions are intended for IT professionals who have experience managing Windows Server environments and are looking to validate their skills in hybrid cloud management. Typically, candidates for this certification exam have at least a few years of experience in server administration, networking, and virtualization, and are now seeking to formalize their expertise in Microsoft's hybrid ecosystem. Whether you are an administrator looking to advance your career or an engineer tasked with modernizing your organization's infrastructure, this exam preparation will help you identify knowledge gaps. Passing the AZ-801 is a significant milestone that demonstrates your ability to handle the advanced, real-world challenges of modern hybrid IT operations.

To get the most out of these practice questions, treat each one as a learning opportunity rather than a simple test of your current knowledge. Do not just read the answer; engage with the AI Tutor explanation to understand the underlying logic, and read the community discussions to see how other professionals approach the same problem. If you get a question wrong, flag it and revisit it later to ensure you have mastered the concept. Browse the questions above and use the community discussions and AI Tutor to build real exam confidence.

Updated on: 27 April, 2026

AI Tutor AI Tutor 👋 I’m here to help!