Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-801

Microsoft AZ-801 Exam Questions
Configuring Windows Server Hybrid Advanced Services (Page 5 )

Updated On: 19-Feb-2026
Page 5 of 57
PDF with 313 Questions

HOTSPOT (Drag and Drop is not supported)

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the organizational units (OUs) shown in the following table.



In the domain, you create the Group Policy Objects (GPOs) shown in the following table.



You need to implement IPsec authentication to ensure that only authenticated computer accounts can connect to the members in the domain. The solution must minimize administrative effort.

Which GPOs should you apply to the Domain Controllers OU and the Domain Servers OU? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/configure-authentication- methods



You have 100 Azure virtual machines that run Windows Server. The virtual machines are onboarded to Microsoft Defender for Cloud.

You need to shut down a virtual machine automatically if Microsoft Defender for Cloud generates the "Antimalware disabled in the virtual machine" alert for the virtual machine.

What should you use in Microsoft Defender for Cloud?

  1. a logic app
  2. a workbook
  3. a security policy
  4. adaptive network hardening

Answer(s): A


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/managing-and-responding-alerts



You have a Microsoft Sentinel deployment and 100 Azure Arc-enabled on-premises servers. All the Azure Arc- enabled resources are in the same resource group.

You need to onboard the servers to Microsoft Sentinel. The solution must minimize administrative effort.

What should you use to onboard the servers to Microsoft Sentinel?

  1. Azure Automation
  2. Azure Policy
  3. Azure virtual machine extensions
  4. Microsoft Defender for Cloud

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/manage/hybrid/server/best-practices/arc- policies-mma



You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant by using password hash synchronization.

You have a Microsoft 365 subscription.

All devices are hybrid Azure AD-joined.

Users report that they must enter their password manually when accessing Microsoft 365 applications.

You need to reduce the number of times the users are prompted for their password when they access Microsoft 365 and Azure services.

What should you do?

  1. In Microsoft Entra ID, configure a Conditional Access policy for the Microsoft Office 365 applications.
  2. In the DNS zone of the AD DS domain, create an autodiscover record.
  3. From Microsoft Entra Connect, enable single sign-on (SSO).
  4. From Microsoft Entra Connect, configure pass-through authentication.

Answer(s): C


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start



You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have 50 Azure virtual machines that run Windows Server.

You need to ensure that any security exploits detected on the virtual machines are forwarded to Defender for Cloud.

Which extension should you enable on the virtual machines?

  1. Vulnerability assessment for machines
  2. Microsoft Dependency agent
  3. Log Analytics agent for Azure VMs
  4. Guest Configuration agent

Answer(s): A


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm






Post your Comments and Discuss Microsoft AZ-801 exam dumps with other Community members:

Join the AZ-801 Discussion