Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-801

Microsoft AZ-801 Exam Questions
Configuring Windows Server Hybrid Advanced Services (Page 6 )

Updated On: 19-Feb-2026
Page 6 of 57
PDF with 313 Questions

HOTSPOT (Drag and Drop is not supported)

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains the domains shown in the following table.



You are implementing Microsoft Defender for Identity sensors.

You need to install the sensors on the minimum number of domain controllers. The solution must ensure that Defender for Identity will detect all the security risks in both the domains.

What should you identify? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/defender-for-identity/technical-faq#deployment https://docs.microsoft.com/en-us/defender-for-identity/install-step4



You have 10 servers that run Windows Server in a workgroup.

You need to configure the servers to encrypt all the network traffic between the servers. The solution must be as secure as possible.

Which authentication method should you configure in a connection security rule?

  1. NTLMv2
  2. pre-shared key
  3. Kerberos V5
  4. computer certificate

Answer(s): D


Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-authentication- request-rule



You have an Azure virtual machine named VM1 that runs Windows Server.

You need to encrypt the contents of the disks on VM1 by using Azure Disk Encryption.

What is a prerequisite for implementing Azure Disk Encryption?

  1. Customer Lockbox for Microsoft Azure
  2. an Azure key vault
  3. a BitLocker recovery key
  4. data-link layer encryption in Azure

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview



Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains two servers named Server1 and Server2 that run Windows Server.

You need to ensure that you can manage Server2 by using the Computer Management console from Server1.
The solution must use the principle of least privilege.

Which two Windows Defender Firewall with Advanced Security rules should you enable on Server2? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. the COM+ Network Access (DCOM-In) rule
  2. all the rules in the Remote Event Log Management group
  3. the Windows Management Instrumentation (WMI-In) rule
  4. the COM+ Remote Administration (DCOM-In) rule
  5. the Windows Management Instrumentation (DCOM-In) rule

Answer(s): A,B


Reference:

https://docs.microsoft.com/en-us/windows-server/administration/server-manager/configure-remote- management-in-server-manager



You have a server that runs Windows Server. The server is configured to encrypt all incoming traffic by using a connection security rule.

You need to ensure that Server1 can respond to the unencrypted tracert commands initiated from computers on the same network.

What should you do from Windows Defender Firewall with Advanced Security?

  1. From the IPsec Settings, configure IPsec defaults.
  2. Create a new custom outbound rule that allows ICMPv4 protocol connections for all profiles.
  3. Change the Firewall state of the Private profile to Off.
  4. From the IPsec Settings, configure IPsec exemptions.

Answer(s): D






Post your Comments and Discuss Microsoft AZ-801 exam dumps with other Community members:

Join the AZ-801 Discussion