Valid AZ-801 Dumps shared by PassLeader for Helping Passing AZ-801 Exam! PassLeader now offer the newest AZ-801 VCE dumps and AZ-801 PDF dumps, the PassLeader AZ-801 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-801 dumps with VCE and PDF here: https://www.passleader.com/az-801.html (222 Q&As Dumps –> 269 Q&As Dumps –> 326 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader AZ-801 dumps from Cloud Storage: https://drive.google.com/drive/folders/1skQpg3JBZ11LWigmgheS4CD4InHV2IrT
NEW QUESTION 198
Your network contains an Active Directory Domain Services (AD DS) domain. You need to configure a ticket-granting ticket (TGT) lifetime for specific user and computer accounts. The solution must meet the following requirements:
– Minimize the impact on the other user and computer accounts in the domain.
– Minimize administrative effort.
What should you configure?
A. a dynamic access control policy
B. a password policy
C. an authentication policy and an authentication policy silo
D. a fine-grained password policy
Answer: C
Explanation:
To configure a specific TGT lifetime for selected users and computers in an Active Directory Domain Services (AD DS) domain, use the Authentication Policies and Authentication Policy Silos feature by creating an Authentication Policy, configuring its TGT lifetime, and then assigning it to an Authentication Policy Silo that contains the target user and computer accounts. This provides more granular control than the domain-wide Kerberos Policy settings in Group Policy.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts
NEW QUESTION 199
Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains five servers that run Windows Server. The network also contains two workgroup servers that run Windows Server. You need to implement a connection security rule between the member servers and the workgroup servers. Which authentication method should you use?
A. User (Kerberos V5)
B. Computer Certificate
C. Computer (Kerberos V5)
D. Computer (NTLMv2)
Answer: C
Explanation:
For connection security rules between member servers and workgroup servers in an Active Directory (AD) domain, you should use Kerberos. The workgroup server needs to be able to authenticate with the domain, and the default and preferred protocol for this in an AD environment is Kerberos, which issues tickets for secure, ticket-based authentication.
https://learn.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview
NEW QUESTION 200
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains a user named User1. You deploy a read-only domain controller (RODC) named RODC1. You need to ensure that User1 is a local administrator on RODC1. The solution must use the principle of least privilege. What should you use?
A. ntdsutil.exe
B. dsamain.exe
C. net user
D. Local Users and Groups
Answer: D
Explanation:
https://support.intermedia.com/app/articles/detail/a_id/10375/~/how-do-i-create-a-local-administrator
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/net-user
NEW QUESTION 201
You have an Azure subscription. The subscription contains a Microsoft Sentinel workspace named Workspace1 and 100 virtual machines that run Windows Server. You configure Workspace1 to collect logs from the virtual machines. You need to query the collected logs for failed logon events. Which table should you query?
A. SigninLogs
B. SecurityIncident
C. SecurityEvent
D. AuditLogs
Answer: C
Explanation:
To get Windows failed logon events (Event ID 4625) into your Microsoft Sentinel workspace, ensure you’ve configured a Azure Monitor Agent (AMA) data collection rule or a Windows Security Events data connector to send security logs to the SecurityEvent table. Verify that the Azure Arc-enabled server or Azure VM is sending data to the correct Log Analytics workspace by checking its configuration and validating the data in the SecurityEvent table using the query SecurityEvent | where EventID == 4625.
https://learn.microsoft.com/en-us/azure/azure-monitor/reference/queries/securityevent
NEW QUESTION 202
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains a domain controller named DC1. The domain uses Microsoft Entra Connect sync with a Microsoft Entra tenant and uses Microsoft Entra Password Protection to enforce a custom banned password list. You deploy a new domain controller named DC2 to the domain. You discover that the custom banned password list is applied inconsistently and often allows banned passwords to be used. You need to ensure that the custom banned password list is always enforced. What should you do on DC2?
A. Install the Microsoft Entra Password Protection DC agent.
B. Install the Microsoft Entra Password Protection proxy service.
C. Provide access to the https://login.microsoftonline.com and https://enterpriseregistration.windows.net URLS.
D. Install the Microsoft Entra provisioning agent.
E. Install the Azure Monitor Agent.
Answer: A
Explanation:
Microsoft Entra Password Protection supports incremental deployment across DCs in an AD DS domain. It’s important to understand what this really means and what the tradeoffs are. The Microsoft Entra Password Protection DC agent software can only validate passwords when it’s installed on a DC, and only for password changes that are sent to that DC. It’s not possible to control which DCs are chosen by Windows client machines for processing user password changes. To guarantee consistent behavior and universal Microsoft Entra Password Protection security enforcement, the DC agent software must be installed on all DCs in a domain.
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad-on-premises
NEW QUESTION 203
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains two Windows Server Failover Cluster (WSFC) instances named Cluster1 and Cluster2. Cluster1 hosts Hyper-V virtual machines. Cluster2 does NOT have any high availability roles configured. You need to create a Storage Spaces Direct cluster in Cluster2 that will store the virtual machine hard disk files for Cluster1. Which role should you configure for Cluster2? (To answer, select the appropriate options in the answer area.)
A. Virtual Machine
B. iSCSI Target Server
C. Hyper-V Replica Broker
D. File Server
Answer: CD
Explanation:
To use this Windows Server Failover Cluster (Cluster A) to store VM hard disk files for another cluster (Cluster B), you’ll need to add the File Server role to Cluster A and then add the Hyper-V Replica Broker role to it after installing the Hyper-V role on its nodes. Configure the File Server role on Cluster A to provide a shared network location (SMB share), then in Cluster B’s Hyper-V Manager, enable replication to Cluster A’s Hyper-V Replica Broker, using the shared location for the initial replication.
https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica
NEW QUESTION 204
You have an on-premises, two-node, hyperconverged Windows Server Failover Cluster (WSFC) named Cluster1. You have an Azure subscription. You need to configure a cloud witness for Cluster1. Which type of Azure Storage should you use?
A. file
B. queue
C. table
D. blob
Answer: D
Explanation:
Failover Clustering supports three types of Quorum Witnesses:
* Cloud Witness – Blob storage in Azure accessible by all nodes of the cluster. It maintains clustering information in a witness.log file, but doesn’t store a copy of the cluster database.
* File Share Witness – A SMB file share that is configured on a file server running Windows Server. It maintains clustering information in a witness.log file, but doesn’t store a copy of the cluster database.
* Disk Witness – A small clustered disk that is in the Cluster Available Storage group. This disk is highly available and can failover between nodes. It contains a copy of the cluster database. A Disk Witness isn’t supported with Storage Spaces Direct.
https://learn.microsoft.com/en-us/windows-server/storage/storage-spaces/quorum
NEW QUESTION 205
You have a server named Server1 that runs Windows Server 2022 and is part of a three-node failover cluster. You need to upgrade Server1 to Windows Server 2025. The solution must minimize downtime for the cluster. What should you do first?
A. Evict Server1 from the cluster.
B. Take the cluster offline.
C. Pause Server1 and drain the workloads.
D. Update the functional level of the cluster.
Answer: C
Explanation:
For a graceful, rolling, in-place upgrade from Windows Server 2022 to Windows Server 2025 in a failover cluster, you must pause and drain the server node by placing it into maintenance mode to migrate its active clustered roles to other nodes before performing the operating system upgrade. You can perform this action using Failover Cluster Manager by right-clicking the server node and selecting Pause –> Drain Roles, or by using the Suspend-ClusterNode -Name <NodeName> -Drain PowerShell cmdlet.
https://learn.microsoft.com/en-us/windows-server/failover-clustering/cluster-operating-system-rolling-upgrade
NEW QUESTION 206
You have a failover cluster named Cluster1 that contains two Windows Server nodes named Server1 and Server2. Cluster1 hosts highly available Hyper-V virtual machines. You have a member server named Server3 that runs Windows Server. You need to implement Cluster-Aware Updating (CUA) on Cluster1 and configure Server3 to manage CUA. The solution must minimize administrative effort. What should you install on Server3?
A. the Host Guardian Service server role
B. Windows Admin Center
C. the Failover Cluster Automation Server feature
D. the Windows Server Update Services server role
Answer: D
Explanation:
To manage Hyper-V failover cluster updates, you can install the Windows Server Update Services (WSUS) server role on a server and configure Cluster-Aware Updating (CAU) to use it as a management point. You will first need to install the Failover Clustering feature and its tools, then install the WSUS server role, and finally configure CAU in its self-updating mode to coordinate the process of patching the cluster nodes and Hyper-V virtual machines with minimal downtime.
https://learn.microsoft.com/en-us/windows-server/failover-clustering/cluster-aware-updating
NEW QUESTION 207
Your network contains an Active Directory Domain Services (AD DS) domain. You need to deploy a Storage Spaces Direct cluster that has nested resiliency. What is the minimum number of nodes you can deploy to the cluster?
A. 2
B. 4
C. 12
D. 16
E. 32
Answer: A
Explanation:
A Storage Spaces Direct (S2D) cluster with nested resiliency requires exactly two server nodes and is supported on Windows Server 2019 or later, and Azure Stack HCI, version 22H2 or later. This configuration allows for the management of two data copies (or “nested”) within the two nodes for data redundancy, but you cannot add a third node to such a cluster. Nested resiliency is a capability of Storage Spaces Direct in Azure Local and Windows Server. It enables a two-server cluster to withstand multiple hardware failures at the same time without loss of storage availability, so users, apps, and virtual machines continue to run without disruption.
https://learn.microsoft.com/en-us/windows-server/storage/storage-spaces/nested-resiliency
NEW QUESTION 208
You have an on-premises virtual machine named VM1 that runs Windows Server. You have an Azure subscription. You plan to use an Azure Site Recovery replication policy to replicate VM1 to Azure. You need to ensure that changes on VM1 are replicated as often as possible. To what should you set the Copy frequency setting for the policy?
A. 15 Seconds
B. 30 Seconds
C. 1 Minute
D. 5 Minutes
Answer: B
Explanation:
30 seconds is the smallest available setting. For on-premises Windows Server VMs being replicated to Azure with Azure Site Recovery, the Copy frequency should be set to 5 minutes or 30 seconds. These options provide improved performance and recovery point objectives, though the exact choice depends on the VM’s data change rate and the user’s tolerance for potential data loss during a disaster. A 15-minute setting is being phased out in favor of these faster options.
https://www.microsoftpressstore.com/articles/article.aspx?p=3172428&seqNum=4
NEW QUESTION 209
You have two servers named Server1 and Server2 that run Windows Server and have the Hyper-V role installed. You plan to deploy Hyper-V Replica between Server1 and Server2. The deployment will use certificate based authentication. You need to configure the prerequisites for the Hyper-V Replica deployment. Which two actions should you perform on each server? (Each correct answer presents part of the solution. Choose two.)
A. Create a self-signed certificate.
B. Enable the Hyper-V Replica HTTP Listener (TCP-In) firewall rule.
C. Enable the Hyper-V Replica HTTPS Listener (TCP-In) firewall rule.
D. Install a trusted user certificate.
E. Install a trusted computer certificate.
Answer: CE
Explanation:
https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica
NEW QUESTION 210
You have an Azure virtual machine named VM1 that runs Windows Server. You configure Azure Site Recovery replication for VM1. You need to perform a test failover on VM1. What should you use from the VM1 blade in the Azure portal?
A. Availability + scaling.
B. Backup.
C. Disaster recovery.
D. Windows Admin Center.
E. Automanage.
Answer: C
Explanation:
In the Azure portal, you execute a test failover for Azure Site Recovery by navigating to your Recovery Services Vault, then to the Site Recovery section, and finally selecting either the Recovery Plans blade to test a plan, or the Replicated Items blade to test a single virtual machine (VM).
https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill
NEW QUESTION 211
You have two servers named Host1 and Host2 that run Windows Server and have the Hyper-V server role installed. Host2 is configured as a replica server. Host1 contains a virtual machine named VM1. You plan to use Hyper-V Replica to replicate VM1 to Host2. You need to ensure that you can restore a replica of VM1 to a specific state from the past eight hours. What should you do?
A. From the Hyper-V Settings of Host2, configure NUMA spanning.
B. From the Enable Replication wizard, configure recovery points.
C. From the Properties of VM1, enable automatic checkpoints.
D. From the Enable Replication wizard, modify the replication frequency.
Answer: B
Explanation:
To restore a Hyper-V Replica VM to a specific state from the past eight hours, you configure additional recovery points during the Enable Replication wizard. The default only saves the latest recovery point, but specifying more recovery points allows you to select an earlier point in time during a failover event, providing recovery to a specific past state.
https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica
NEW QUESTION 212
Your network contains an Active Directory Domains Services (AD DS) domain that has a Windows Server 2016 forest functional level. The domain contains domain controller named DC1. You are troubleshooting SYSVOL replication issues on DC1. You need to stop the service responsible for SYSVOL replication. Which service should you stop?
A. Background Intelligent Transfer Service
B. File Replication
C. DFS Replication
D. DS Role Server
Answer: C
Explanation:
SYSVOL replication is managed by either the File Replication Service (FRS) on older Windows Server versions (Server 2003 and earlier) or the Distributed File System Replication (DFS-R) service on Windows Server 2008 and newer, particularly for domains with a Windows Server 2008 functional level or later.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization
NEW QUESTION 213
HotSpot
Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains the Hyper-V hosts shown in the following table:
Server1 has the Authorization and storage settings shown in the Server1 exhibit:
Server2 has the Authorization and storage settings shown in the Server2 exhibit:
Server3 has the Authorization and storage settings shown in the Server3 exhibit:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Box 1: No. Server2 does not allow any server to replicate virtual machines to it.
Box 2: No. Server3 only allows replication from Server1. Server1 only contains VM1.
Box 3: No. Server2 does not allow any server to replicate virtual machines to it.
https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/best-practices-analyzer/a-replica-server-must-be-configured-to-accept-replication-requests
NEW QUESTION 214
HotSpot
You have a server that runs Windows Server. You need to enable the following security features:
– Core isolation.
– Force randomization form images (Mandatory ASLR).
Which Windows Security tile should you use to enable each feature? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
Box 1: Device Security. To enable Core isolation (Memory Integrity) in Windows Server, open the Windows Security app and navigate to Device Security –> Core Isolation Details. Toggle Memory Integrity to the On position and restart your computer for the change to take effect. Ensure your system firmware supports virtualization (UEFI mode is required) and that there are no incompatible drivers causing conflicts.
Box 2: App & browser control. To force Address Space Layout Randomization (ASLR) for all executables on Windows Server, navigate to Windows Security –> App & browser control –> Exploit protection settings, and then set “Force randomization for images (Mandatory ASLR)” to “On by default”. This setting applies system-wide but may cause compatibility issues with older applications that don’t fully support ASLR.
https://learn.microsoft.com/en-us/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity
https://learn.microsoft.com/en-us/defender-endpoint/customize-exploit-protection
NEW QUESTION 215
HotSpot
You have 50 on-premises servers that run Windows Server. You have an Azure subscription that contains a Recovery Services vault named Vault1. You plan to back up the on-premises servers to Vault1 by using Microsoft Azure Backup Server (MABS). You need to configure prerequisites to support MABS. The solution must minimize costs. What should you do for Vault1, and what should you deploy on-premises? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
Box 1: Select the storage replication type. Change it from the default to minimize the cost.
Box 2: Microsoft Azure Recovery Services Agent (MARS agent). The Microsoft Azure Recovery Services Agent (MARS agent) is a lightweight tool installed on Windows servers and Azure virtual machines that enables backups of files, folders, and system state directly to an Azure Recovery Services vault. It provides a way to protect data from on-premises servers, on-premises virtual machines, and some data on Azure VMs, allowing users to schedule backups, set retention policies, and restore data to the original machine or another server.
https://learn.microsoft.com/en-us/azure/backup/backup-azure-microsoft-azure-backup
https://learn.microsoft.com/en-us/azure/backup/backup-azure-about-mars
NEW QUESTION 216
Drag and Drop
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Windows Server. You need to encrypt the disks connected to VM1 by using Azure Disk Encryption. The solution must use a key encryption key (KEK). Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Explanation:
To secure a Windows VM disk with Azure Disk Encryption using a KEK, first, create or select an Azure Key Vault. Then, create a Key Encryption Key (KEK) within that Key Vault, ensuring it’s an RSA key. Finally, enable Azure Disk Encryption on the VM, specifying the Key Vault and the KEK to use for protecting the encryption keys, which will also trigger the installation of the ADE VM extension to manage the encryption process.
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview
https://learn.microsoft.com/en-us/powershell/module/az.keyvault/add-azkeyvaultkey
https://learn.microsoft.com/en-us/powershell/module/az.compute/set-azvmdiskencryptionextension
NEW QUESTION 217
Drag and Drop
You have a Storage Spaces Direct cluster in a hyper-converged deployment. The cluster contains three nodes that run Windows Server 2022. The cluster hosts 20 Hyper-V virtual machines. You need to upgrade the servers to Windows Server 2025. The solution must meet the following requirements:
– Minimize downtime of the virtual machines.
– Minimize administrative effort.
Which four actions should you perform on each node in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/system-center/vmm/hyper-v-rolling-upgrade
https://learn.microsoft.com/en-us/windows-server/failover-clustering/cluster-operating-system-rolling-upgrade
NEW QUESTION 218
Drag and Drop
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains two domain controllers named Server1 and Server2 and an organizational unit (OU) named OU. The domain is backed up once daily. You need to perform an authoritative restore of OU1. Which four actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc732211(v=ws.11)
NEW QUESTION 219
……
Get the newest PassLeader AZ-801 VCE dumps here: https://www.passleader.com/az-801.html (222 Q&As Dumps –> 269 Q&As Dumps –> 326 Q&As Dumps)
And, DOWNLOAD the newest PassLeader AZ-801 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1skQpg3JBZ11LWigmgheS4CD4InHV2IrT