MCA Windows Server Hybrid Administrator Complete Study Guide with 400 Practice Test Questions: Exam AZ-800 and Exam AZ-801

By William Panek

Your 2-exams-in-1 study guide for the next-gen Windows Server 2022 certification

In MCA Windows Server Hybrid Administrator Complete Study Guide: Exam AZ-800 and Exam AZ-801, five-time Microsoft MVP and veteran IT trainer William Panek delivers a one-stop resource to help you efficiently prepare for and pass the required exams for Microsoft’s latest Windows Server certification. In the book, you’ll learn to expertly administer Windows Server workloads and services using on-premises, hybrid, and cloud technologies.

The book provides hands-on explanations of all relevant Windows Server administration tasks, from security to migration, monitoring, troubleshooting, disaster recovery, and more. You’ll also find:

• 100% coverage of the objectives of each of the exams required to access an in-demand and lucrative new certification
• The skills and tools you’ll need to succeed as a newly minted Windows Server 2022 administrator
• Complimentary access to Sybex’ superior interactive online learning environment and test bank, which offers hundreds of practice questions, flashcards, and a glossary

A practical and indispensable resource for anyone seeking to acquire the brand-new MCA Windows Server Hybrid Administrator certification, MCA Windows Server Hybrid Administrator Complete Study Guide also deserves a place in the libraries of aspiring and practicing network and system administrators looking for an actionable guide to on-premises, hybrid, and cloud Windows Server 2022 environments.

• Language: English
• Publisher: Wiley
• Release date: Jun 7, 2023
• ISBN: 9781394155484

Book preview

MCA

Microsoft® Certified Associate Windows Server® Hybrid Administrator Complete Study Guide

Exam AZ-800 and Exam AZ-801

William Panek

Wiley Logo

Copyright © 2023 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada and the United Kingdom.

ISBN: 978-1-394-15541-5

ISBN: 978-1-394-15549-1 (ebk.)

ISBN: 978-1-394-15548-4 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Microsoft and Windows Server are registered trademarks of Microsoft Corporation. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. MCA Microsoft Certified Associate Windows Server Hybrid Administrator Complete Study Guide is an independent publication and is neither affiliated with, nor authorized, sponsored, or approved by, Microsoft Corporation.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2023936821

Cover image: © Jeremy Woodhouse/Getty Images

Cover design: Wiley

This book is dedicated to the three ladies of my life: Crystal, Alexandria, and Paige.

Acknowledgments

I would like to thank my wife and best friend, Crystal. She is always the light at the end of my tunnel. I want to thank my two daughters, Alexandria and Paige, for all of their love and support during the writing of all my books. The three of them are my support system and I couldn't do any of this without them.

I want to thank my family, and especially my brothers, Rick, Gary, and Rob. They have always been there for me. I want to thank my father, Richard, who helped me become the man I am today, and my mother, Maggie, for all of her love and support.

I would like to thank all of my friends and co-workers at StormWind Studios (www.stormwindstudios.com). Thanks to all of you for everything that you do. I would not have been able to complete this book without all of your help and support.

I want to thank everyone on my Sybex team, especially my development editor, Kim Wimpsett, who helped me make this the best book possible, and Rodney Fournier, who was the technical editor and an outstanding resource on this book. It's always good to have the very best technical person backing you up. I want to thank Magesh Elangovan, who was my production editor, and Elizabeth Welch, the copyeditor.

Special thanks to my acquisitions editor, Kenyon Brown, who was the lead for the entire book. Finally, I want to thank everyone else behind the scenes who helped make this book possible. It's truly an amazing thing to have so many people work on my books to help make them the very best. I can't thank you all enough for your hard work.

About the Author

William Panek holds the following certifications: MCP, MCP+I, MCSA, MCSA+ Security and Messaging, MCSE-NT (3.51 and 4.0), MCSE (2000, 2003, 2012/2012 R2), MCSE+Security and Messaging, MCDBA, MCT, MCTS, MCITP, CCNA, CCDA, and CHFI. Will is also a five-time and current Microsoft MVP winner.

After many successful years in the computer industry, Will decided that he could better use his talents and his personality as an instructor. He began teaching for schools such as Boston University and the University of Maryland, just to name a few. He has done consulting and training for some of the biggest government and corporate companies in the world, including the United States Secret Service, Cisco, United States Air Force, and United States Army.

In 2015, Will became a Sr. Microsoft Instructor for StormWind Studios (www.stormwindstudios.com). He currently lives in New Hampshire with his wife and two daughters. Will was also a Representative in the New Hampshire House of Representatives from 2010 to 2012. In his spare time, he likes to do blacksmithing, shooting (trap and skeet), snowmobiling, playing racquetball, and riding his Harley. Will is also a commercially rated helicopter pilot.

About the Technical Editor

Rodney Fournier has worked with Microsoft technologies as a consultant for decades. He is a huge Detroit Red Wings fan and a father.

Table of Exercises

Introduction

This book was written from over 25 years of IT experience. I have taken that experience and translated it into a Windows Server book that will help you not only prepare for the Microsoft Certified Associate Windows Server Hybrid Administrator exams but also develop a clear understanding of how to install and configure Windows Server 2022 while avoiding all the possible configuration pitfalls.

Many Microsoft books just explain the Windows Server operating system, but with MCA® Microsoft Certified Associate Windows Server® Hybrid Administrator Complete Study Guide: Exam AZ-800 and Exam AZ-801, I will go a step further, providing many in-depth, step-by-step procedures to support my explanations of how the operating system performs at its best.

The exams AZ-800, Administering Windows Server Hybrid Core Infrastructure, and AZ-801, Configuring Windows Server Hybrid Advanced Services, cover Windows Server 2022. This is Microsoft's Windows Server operating system software. Windows Server 2022 is the newest version released by Microsoft.

This book takes you through all the ins and outs of Windows Server 2022, including integrating Windows Server environments with Azure services, managing Windows Server in on-premises networks, and so much more.

When all is said and done, this is a technical book for IT professionals who want to take Windows Server 2022 to the next step and get certified. With this book, you will not only learn Windows Server 2022 and hopefully pass the exams, you will also become a Windows Server expert.

The Microsoft Certification Program

Since the inception of its certification program, Microsoft has certified more than 2 million people. As the computer network industry continues to increase in both size and complexity, this number is sure to grow—and the need for proven ability will also increase. Certifications can help companies verify the skills of prospective employees and contractors.

The Microsoft certification track for Windows Server includes this certification:

Microsoft Certified: Windows Server Hybrid Administrator Associate The Microsoft Certified: Windows Server Hybrid Administrator Associate is now the highest-level certification you can achieve with Microsoft in relation to Windows Server. It requires passing exams AZ-800 and AZ-801. This book assists in your preparation for both exams.

How Do You Become Certified on Windows Server?

Attaining Microsoft certification has always been a challenge. In the past, students have been able to acquire detailed exam information—even most of the exam questions—from online brain dumps and third-party cram books or software products. For the new generation of exams, this is simply not the case.

Microsoft has taken strong steps to protect the security and integrity of its certifications. Now prospective candidates must complete a course of study that develops detailed knowledge about a wide range of topics. It supplies them with the true skills needed, derived from working with the technology being tested.

The new generations of Microsoft certification programs are heavily weighted toward hands-on skills and experience. It is recommended that candidates have troubleshooting skills acquired through hands-on experience and working knowledge.

Fortunately, if you are willing to dedicate the time and effort to learn Windows Server 2022, you can prepare yourself well for the exam by using the proper tools. By working through this book, you can successfully meet the requirements to pass the Windows Server exams.

Microsoft Certified: Windows Server Hybrid Administrator Associate Exam Requirements

Candidates for MCA certification for Windows Server must pass two exam:

AZ-800: Administering Windows Server Hybrid Core Infrastructure

AZ-801: Configuring Windows Server Hybrid Advanced Services

Microsoft provides exam objectives to give you a general overview of possible areas of coverage on the Microsoft exams. Keep in mind, however, that exam objectives are subject to change at any time without prior notice and at Microsoft's sole discretion. Please visit the Microsoft Learning website (https://learn.microsoft.com/en-us/certifications/windows-server-hybrid-administrator) for the most current listing of exam objectives.

For a more detailed description of the Microsoft certification programs, including a list of all the exams, visit the Microsoft Learning website at https://learn.microsoft.com/en-us/certifications/browse.

Types of Exam Questions

In an effort to both refine the testing process and protect the quality of its certifications, Microsoft has focused its latest certification exams on real experience and hands-on proficiency. There is a greater emphasis on your past working environments and responsibilities and less emphasis on how well you can memorize. In fact, Microsoft says that certification candidates should have hands-on experience before attempting to pass any certification exams.

Microsoft will accomplish its goal of protecting the exams’ integrity by regularly adding and removing exam questions, limiting the number of questions that any individual sees in a beta exam, limiting the number of questions delivered to an individual by using adaptive testing, and adding new exam elements.

Exam questions may be in a variety of formats. Depending on which exam you take you may see multiple-choice questions as well as select-and-place and prioritize-a-list questions. Simulations and case study–based formats are included as well. Let's take a look at the types of exam questions so that you'll be prepared for all the possibilities.

Multiple-Choice Questions

Multiple-choice questions come in two main forms. One is a straightforward question followed by several possible answers of which one or more is correct. The other type of multiple-choice question is more complex and based on a specific scenario. The scenario may focus on several areas or objectives.

Select-and-Place Questions

Select-and-place exam questions involve graphical elements that you must manipulate to successfully answer the question. For example, you might see a diagram of a computer network. A typical diagram will show computers and other components next to boxes that contain the text Place here. The labels for the boxes represent various computer roles on a network, such as a print server and a file server. Based on information given for each computer, you are asked to select each label and place it in the correct box. You need to place all of the labels correctly. No credit is given for the question if you correctly label only some of the boxes.

In another select-and-place problem, you might be asked to put a series of steps in order by dragging items from boxes on the left to boxes on the right and placing them in the correct order. One other type requires that you drag an item from the left and place it under an item in a column on the right.

For more information on the various exam question types, go to https://docs.microsoft.com/en-us/certifications/exam-duration-question-types.

Simulations

Simulations are the kinds of questions that most closely represent actual situations and test the skills you use while working with Microsoft software interfaces. These exam questions include a mock interface on which you are asked to perform certain actions according to a given scenario. The simulated interfaces look nearly identical to what you see in the actual product.

Because of the number of possible errors that can be made on simulations, be sure to consider the following recommendations from Microsoft:

Do not change any simulation settings that don't pertain to the solution directly.

When related information has not been provided, assume that the default settings are used.

Make sure that your entries are spelled correctly.

Close all the simulation application windows after completing the set of tasks in the simulation.

The best way to prepare for simulation questions is to spend time working with the graphical interface of the product on which you will be tested.

Case Study–Based Questions

These questions present a scenario with a range of requirements. Based on the information provided, you answer a series of multiple-choice and select-and-place questions. The interface for case study–based questions have a number of tabs, each of which contains information about the scenario. At present, this type of question appears only in most of the Design exams.

Tips for Taking the Windows Server Exams

Here are some general tips for achieving success on your certification exam:

Arrive early at the exam center so that you can relax and review your study materials. During this final review, you can look over tables and lists of exam-related information.

Read the questions carefully. Do not be tempted to jump to an early conclusion. Make sure that you know exactly what the question is asking.

Answer all questions. If you are unsure about a question, mark it for review and come back to it at a later time.

On simulations, do not change settings that are not directly related to the question. Also, assume default settings if the question does not specify or imply which settings are used.

For questions that you're not sure about, use a process of elimination to get rid of the obviously incorrect answers first. This improves your odds of selecting the correct answer when you need to make an educated guess.

Exam Registration

At the time this book was released, Microsoft exams are given using more than 1,000 Authorized VUE Testing Centers around the world. For the location of a testing center near you, go to VUE's website at https://home.pearsonvue.com. If you are outside the United States and Canada, contact your local VUE registration center.

Find out the number of the exam you want to take, and then register with the VUE registration center nearest to you. At this point, you will be asked for advance payment for the exam. The exams are $165 each and you must take them within one year of payment. You can schedule exams up to six weeks in advance or as late as one working day prior to the date of the exam. You can cancel or reschedule your exam if you contact the center at least two working days prior to the exam. Same-day registration is available in some locations, subject to space availability. Where same-day registration is available, you must register a minimum of two hours before test time.

When you schedule the exam, you will be provided with instructions regarding appointment and cancellation procedures, ID requirements, and information about the testing center location. In addition, you will receive a registration and payment confirmation letter from VUE.

Microsoft requires certification candidates to accept the terms of a nondisclosure agreement before taking certification exams.

Exam policies can change from time to time. We highly recommend that you check both the Microsoft and Pearson VUE sites for the most up-to-date information when you begin your preparing, when you register, and again a few days before your scheduled exam date.

Who Should Read This Book?

This book is intended for individuals who want to earn their Microsoft Certified: Windows Server Hybrid Administrator Associate certification.

Not only will this book help anyone who is looking to pass the Microsoft exams, it will also help anyone who wants to learn the real ins and outs of the Windows client operating system.

What's Inside?

Here is a glance at what's in each chapter.

Chapter 1: Introduction to Windows Server 2022 You've decided to start down the track of Windows Server 2022. In the first chapter, I explain what's new about the Windows Server 2022 features and benefits that are available and how these features can help improve your organization's network.

Chapter 2: Understanding Hyper-V This chapter talks about virtualization and how it works. We will focus most of our attention on Microsoft's version of virtualization called Hyper-V. I'll explain how to install, configure, and build virtual machines.

Chapter 3: Installing Windows Server 2022 In this chapter, I will show you how to install Windows Server 2022. I will show you how to install the Desktop (GUI) version of Server 2022 as well as the Server Core version of Server 2022.

Chapter 4: Understanding IP In this chapter, I will discuss the most important protocol used in a Microsoft Windows Server 2022 network: Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP is actually multiple protocols bundled together: Transmission Control Protocol (TCP) and the Internet Protocol (IP).

Chapter 5: Implementing DNS This chapter talks about the Domain Name System (DNS). DNS is one of the most important networking services that you can put on your network, and it's also one of the key topics that you'll need to understand if you plan to take any of the Microsoft Azure exams.

Chapter 6: Configuring DHCP and IPAM In this chapter, I will show you the different methods of setting up an IP address network. If you want systems to be able to share network resources, the computers must all talk the same type of language. This is where DHCP comes into play.

Chapter 7: Understanding Active Directory One of the most important tasks that you will complete on a network is setting up your domain. To set up your domain properly, you must know how to install and configure your domain controllers. Once you understand how to plan properly for your domain environment, you will learn how to install Active Directory, which you will accomplish by promoting a Windows Server 2022 computer to a domain controller. We will look at the difference between setting up Active Directory on a Server Core machine versus Windows Server 2022 with the Desktop Experience. I will also discuss a feature in Windows Server 2022 called a read-only domain controller (RODC), and I will show you how to install Active Directory using Windows PowerShell.

Chapter 8: Understanding Group Policies Two of the most important system administration features in Windows Server 2022 and Active Directory are Group Policy and security policy. By using Group Policy Objects (GPOs), you can quickly and easily define restrictions on common actions and then apply them at the site, domain, or organizational unit (OU) level. In this chapter, you will see how group and security policies work.

Chapter 9: Introduction to Microsoft Azure Before we actually connect the network to the cloud, it's important to understand how the cloud works and the different types of cloud setups that you can choose from. In this chapter, I will explain the different types of cloud setups and the terminology that you will need to understand so that you can build your cloud network.

Chapter 10: Understanding Azure Active Directory In this chapter, it is time for us to start diving into the world of Azure Active Directory (AD). Azure AD is a cloud-based identity and access management service. The Azure environment is controlled by the Azure Resource Manager. It can be controlled by templates, PowerShell, the Azure portal, CLI, and APIs. Azure AD controls access to resources using RBAC and conditional access.

Chapter 11: Configuring Storage This chapter explains how to set up your servers so that your network users have something to access. Before you can set up a server, you have to determine its purpose. Is it going to be a print server, a file storage server, a remote access server, or a domain controller?

Chapter 12: Building an Azure Infrastructure In this chapter, I will talk about building an Azure infrastructure. We will start by talking about a smaller type of virtual environment called a container. I will then talk about using the different Azure components that will allow you to build and secure your Azure infrastructure.

Chapter 13: Managing Data in a Hybrid Network In this chapter, I will introduce you to some of the techniques and components of high availability. I will explain how to set up high availability using network load balancing (NLB). I will talk about some of the reasons why you would choose to use NLB over using a failover cluster and which applications or servers work better with NLB. I will also show you how to use PowerShell for NLB.

Chapter 14: Hybrid Data and Servers In this chapter, I will talk about the benefits of using Microsoft Endpoint and the tools and applications that will help IT administrators manage their software and applications. I will also talk about Autopilot and how you can use Autopilot to deploy operating systems to new or repurposed machines. It is truly a zero-touch installation.

Chapter 15: Implementing Security In this chapter, you'll learn how to defend your Windows systems by using the built-in security features called Windows Security. I will show you the different ways that you can protect your system using Windows Security. I will show you how to protect your Windows client and server devices by using the Windows Defender Firewall.

Chapter 16: Understanding Monitoring In this chapter, I'll cover the tools and methods used for measuring performance and troubleshooting failures in Windows Server 2022. Before you dive into the technical details, however, you should thoroughly understand what you're trying to accomplish and how you'll meet this goal.

Chapter 17: Understanding Disaster Recovery In this chapter, I will talk about some of the ways to protect your data and your systems by using Azure. Azure has a number of tools available to help identify and remediate security issues. I will briefly discuss some of them and delve into how to identify and remediate Windows Server security issues by using Azure services such as Microsoft Sentinel and Microsoft Defender for Cloud.

What's Included with the Book

There are many helpful items intended to prepare you for the Microsoft Certified: Windows Server Hybrid Administrator Associate certification included in this book:

Assessment Test There is an assessment test at the conclusion of the introduction that can be used to quickly evaluate what you know about Windows Server 2022. This test should be taken prior to beginning your work in this book and should help you identify areas in which you are either strong or weak. Note that these questions are purposely more simplistic than the types of questions you may see on the exams.

Opening List of Objectives Most of the chapters include a list of the exam objectives that are covered in that chapter. However, a few chapters might only provide an introduction to a topic and not cover any objectives.

Helpful Exercises Throughout the book, I have included step-by-step exercises of some of the more important tasks you should be able to perform. Some of these exercises have corresponding videos that can be downloaded from the book's website. Also, later in this introduction you'll find a recommended home lab setup that will be helpful in completing these tasks.

Exam Essentials The end of each chapter also includes a listing of exam essentials. These are essentially repeats of the objectives, but remember that any objective on the exam blueprint could show up on the exam.

Chapter Review Questions Each chapter includes review questions. These are used to assess your understanding of the chapter and are taken directly from the chapter. These questions are based on the exam objectives and are similar in difficulty to items you might encounter on the actual AZ-800 and AZ-801 exams.

The Sybex Interactive Online Test Bank, flashcards, videos, and glossary can be accessed at www.wiley.com/go/sybextestprep.

Interactive Online Learning Environment and Test Bank

The interactive online learning environment that accompanies MCA Microsoft Certified Associate Windows Server Hybrid Administrator Complete Study Guide: Exam AZ-800 and Exam AZ-801 provides a test bank with study tools to help you prepare for the certification exams and increase your chances of passing the exam the very first time! The test bank includes the following elements:

Sample Tests All of the questions in this book are provided, including the assessment test, which you'll find at the end of this introduction, and the chapter tests that include the review questions at the end of each chapter. In addition, there are two practice exams. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.

Electronic Flashcards The flashcards are included for quick reference and are great tools for learning quick facts. You can even consider them additional simple practice questions, which is essentially what they are.

PDF of Glossary of Terms A glossary is included that covers the key terms used in this book.

Like all exams, the MCA certification from Microsoft is updated periodically and may eventually be retired or replaced. At some point after Microsoft is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam's online Sybex tools will be available once the exam is no longer available.

Recommended Home Lab Setup

To get the most out of this book, you will want to make sure that you complete the exercises throughout the chapters. To complete the exercises, you will need one of two setups. First, you can set up a machine with Windows 10/11 and complete the exercises using a regular Windows client machine.

The second way to set up Windows 10/11 is by using virtualization. I set up Windows 10/11 as a virtual hard disk (VHD) and I did all the exercises this way. The advantages of using virtualization are that you can always just wipe out the system and start over without losing a real server. Plus, you can set up multiple virtual servers and create a full lab environment on one machine.

I created a video for this book showing you how to set up a virtual machine and how to install Windows 10 onto that virtual machine. This video can be seen at www.youtube.com/c/williampanek.

How to Contact Sybex or the Author

Sybex strives to keep you supplied with the latest tools and information you need for your work. Please check the website at www.wiley.com/go/sybextestprep, where I'll post additional content and updates that supplement this book should the need arise.

You can contact me by going to my website at www.willpanek.com. I also have videos and test prep information at www.youtube.com/c/williampanek. I also have a Twitter account, @AuthorWillPanek.

Objective Mapping

Tables I.1 and I.2 provide a handy objective map that shows you at a glance in what chapter each objective is covered.

TABLE I.1 Exam AZ-800 Objective Map: Administering Windows Server Hybrid Core Infrastructure.

TABLE I.2 AZ-801 Objective Map: Configuring Windows Server Hybrid Advanced Services

How to Contact the Publisher

If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

To submit your possible errata, please email it to our Customer Service Team at wileysupport@wiley.com with the subject line Possible Book Errata Submission.

Assessment Test

You are speaking to a co-worker regarding using Classless Inter-Domain Routing (CIDR). Which of the following subnet masks are represented with the CIDR of /28?

255.255.255.224

255.255.255.240

255.255.255.248

255.255.255.254

You have a large number of Windows client computers. All of the computers in the network are joined to Microsoft Azure Active Directory (Azure AD). All of the computers are configured differently in terms of update settings. Some of them are configured for manual updates. You want to configure Windows Update for these machines. You must meet the following requirements:

The computers must be managed from a central location.

You must minimize traffic across the Internet.

You must keep costs to a minimum.

What Windows Update technology should you use to meet your requirements?

Microsoft Configuration Manager (MCM)

Windows Server Update Service (WSUS)

Windows Update for Business

Windows Update Management Center

You and a colleague are discussing managing volumes. What type of volume are we discussing when we say that it is a simple volume that spreads data across multiple disks?

Mirrored volume

RAID-5 volume

Spanned volume

Striped volume

A user contacts you to let you know that they cannot connect to the Internet. You examine the ipconfig results as shown here:

IPv4 Address. . . . . . . .: 10.254.254.1Subnet Mask . . . . . . .  : 255.255.255.0Default Gateway . . . . . .: 10.254.254.255

What is most likely the cause of the issue given the ipconfig results?

The subnet mask is incorrect.

The IP address is incorrect.

The default gateway is incorrect.

The subnet mask and the IP address are incorrect.

You have a Windows client machine that needs to be able to communicate with all computers on the internal network. The company decides to add 15 new segments to its IPv6 network. How should you configure the IPv6 address so that the server can communicate with all of the segments?

Configure the address as fd00::2b0:e0ff:dee9:4143/8.

Configure the address as fe80::2b0:e0ff:dee9:4143/32.

Configure the address as ff80::2b0:e0ff:dee9:4143/64.

Configure the address as fe80::2b0:e0ff:dee9:4143/64.

You are worried that your network's security may have been compromised. You want to set up a policy that will not allow hackers to be able to continuously attempt user logons using different passwords. What Local Security policy should you set to accomplish this goal?

An Account Lockout policy

An Audit policy

A Password policy

Security Options

You are troubleshooting a network connectivity problem, and you are reviewing the following results:

1    15 ms    19 ms    19 ms  10.21.80.12    12 ms    22 ms    12 ms  208.59.252.13  152 ms  216 ms  149 ms  207.172.15.384    14 ms    24 ms    37 ms  207.172.19.2225    21 ms    16 ms    25 ms  207.172.19.1036    17 ms    23 ms    30 ms  207.172.9.1267    15 ms    14 ms    15 ms  72.14.238.2328    15 ms    35 ms    18 ms  209.85.241.1489    30 ms    23 ms    44 ms  66.249.91.104

What command was used to acquire these results?

ipconfig

pathping

netstat

tracert

You have a Windows client computer that is used to test new Windows features. You want to configure this computer to receive preview builds of Windows Server 2022 as soon as they are available. In the Settings app, what should you configure from Update & Security to set this up?

Delivery Optimization

For Developers

Windows Insider Program

Windows Update

You are a system administrator for a medium-sized Active Directory network. You have a few new applications that will be deployed throughout the organization using Registry-based settings. You want to control the Registry settings by using Group Policy and create a standard set of options for these applications and allow other system administrators to modify them using the standard Active Directory tools. Which of the following can you use to meet your needs? (Choose two.)

Create administrative templates.

Implement delegation of specific objects within Active Directory.

Implement the inheritance functionality of GPOs.

Implement the No Override functionality of GPOs.

Provide administrative templates to the system administrators who are responsible for creating Group Policy for the applications.

You are a systems administrator for your corporate network. Because of the unusual growth of TCP/IP devices on your corporate network over the last year, you need to scale out your IPAM database capabilities. You are currently using a Windows Internal Database (WID) for your IPAM infrastructure, and you want to migrate your IPAM database to a Microsoft SQL Server. Which PowerShell cmdlet should you use?

Get-IpamMigrationSettings

Move-IpamDatabase

Show-IpamDatabaseConfig

Show-IpamStatistics

Your network contains two servers named Server1 and Server2 that run Windows Server 2022. Server1 is a DHCP server that is configured to have a scope named Scope1. Server2 is configured to obtain an IP address automatically. In the scope on Server1, you create a reservation named Server2_Reservation for Server2. You replace the network adapter on Server2 and you need to ensure that Server2 can obtain the same IP address as it did before the network card got replaced. What should you modify on Server1?

The Advanced settings of Server2_Reservation

The MAC address of Server2_Reservation

The Name Protection settings of Scope1

The Network Access Protection Settings of Scope1

You want to ensure that only the GPOs set at the OU level affect the Group Policy settings for objects within the OU. Which option can you use to do this (assuming that all other GPO settings are the defaults)?

The Enforced option

The Block Policy Inheritance option

The Disable option

The Deny permission

You are the administrator for your company network. The network has an Active Directory domain. The domain contains several thousand Windows client computers. You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune. You have to register all of the existing computers automatically to Azure AD and enroll the computers in Intune. What should you do while using the least amount of administrative effort?

Configure an Autodiscover address record.

Configure an Autodiscover service connection point (SCP).

Configure a Group Policy Object (GPO).

Configure a Windows Autopilot deployment profile.

You want to view your Azure AD directory settings for an Azure AD subscription. What PowerShell command should you use?

Add-AzureADDirectorySetting

Get-AzureADDirectorySetting

Set-AzureADDirectorySetting

View-AzureADDirectorySetting

You and a colleague are discussing a tool that is virtualization-based security to help isolate critical files so that only system software that is privileged can access those critical files. What is this tool called?

Windows Defender Application Control

Windows Defender Credential Guard

Windows Defender Exploit Guard

Windows Defender Firewall with Advanced Security

You and a colleague are discussing the different Intune profile types that you can create. These profiles are used to allow or prevent some features on the devices. One of the profile types includes hundreds of settings that can be configured for Microsoft Edge, OneDrive, Remote Desktop, Word, Excel, and more. What profile type is being discussed?

Administrative templates

Certificates

Custom profiles

Device restrictions

You have a user who is a member of the Sales, R&D, and HR groups. There is a folder called MyShare on the server. The current permissions of the folder are as follows:

What is this user's effective NTFS permission?

Deny

Full Control

Modify

Read

You and a colleague are discussing the wide variety of Windows client recovery techniques that Microsoft provides. One of these techniques shows a log of application and system messages, including errors, informational messages, and warnings. What is this recovery technique called?

Backup and Restore

Driver Rollback

Event Viewer

Safe Mode

Startup Repair Tool

System Restore

You and a colleague are discussing the Microsoft Defender Application Guard. You know that there are a few hardware requirements that must be met to be able to utilize this feature. What is the minimum amount of RAM that Microsoft recommends to use Application Guard?

2 GB

4 GB

8 GB

12 GB

You company is planning to migrate a web application to Azure. The web application is accessed by external users. You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to build and manage the web application. What should you include in the recommendation?

Database as a service (DaaS)

Infrastructure as a service (IaaS)

Platform as a service (PaaS)

Software as a service (SaaS)

You and a colleague are discussing the ability of Azure AD users to roam their profile data between multiple devices, allowing the user and app settings to sync between the devices regardless of where the user is located. What is this called?

Azure Readiness Roaming

Enterprise State Roaming

Mandatory User Profile

Roaming User Profile

You and a colleague are discussing a tool that allows an organization to automate the detection and remediation of identity-based risks. What is this tool called?

Azure AD User Security

Azure AD Identity Protection

Azure AD Security add-on

Azure Identity Protection

You and a colleague are discussing roles and permissions. You are using Azure AD, and you want to assign permissions to users for maintaining conditional access. What role should you assign to the users if you'd like them to be able to view, create, modify, and delete conditional access policies?

Application Administrator role

Compliance Administrator role

Conditional Access Administrator role

Conditional Admission Administrator role

Answers to Assessment Test

B. The CIDR /28 tells you that 28 1s are turned on in the subnet mask. Twenty-eight 1s equals 11111111.11111111.11111111.11110000. This would then equal 255.255.255.240.

B. Windows Update is a tool that connects to the Microsoft website or to a local update server called a Windows Server Update Services (WSUS) server. This will ensure that the Windows client operating system and other Microsoft products have the most up-to-date version. An advantage to using WSUS is that administrators can approve the updates prior to them being deployed onto the network. Another advantage is that the clients only need to download updates locally, without using Internet bandwidth. Microsoft offers WSUS for free.

C. A spanned volume is a simple volume that spans multiple disks. You can create a spanned volume from free space that exists on a minimum of 2 to a maximum of 32 physical drives. When the spanned volume is initially created in Windows Server 2022, it can be formatted with either FAT32 or NTFS. If you extend a volume that already contains data, then the partition must be formatted with NTFS.

C. The ipconfig results are showing that this is a Class A address that is being used as a Class C network. On a Class C network, you cannot use the first or last numbers in the IP range (0 and 255). The first number of any range represents the network ID. The last number of any range represents the broadcast ID (255). So, having the default gateway set as .255 is not correct. The highest number on a Class C network that can be issued to a device is 254.

A. When you look at an IPv6 address, the first sections tell you the IPv6 address space prefix. fd00:: /8 is the unique local unicast prefix, and this allows the server to communicate with all local machines within your intranet.

A. You will want to configure an Account Lockout policy. This policy is used to specify options that will prevent a user from attempting multiple failed logon attempts. If the Account Lockout Threshold value is surpassed, the account will be locked. The account can be reset based on a specified amount of time or through administrator involvement. An Account Lockout policy is a useful method of slowing down online password-guessing attacks.

D. Tracert is a diagnostic utility that determines the route to a destination by sending Internet Control Message Protocol (ICMP) echo packets to the destination. In these packets, the tracert command uses varying IP time-to-live (TTL) values. You can use tracert to find out where a packet has stopped on a network.

C. The Windows Insider Program allows you to preview builds of Windows 10 (and above) and Windows Server 2019 (and above). It allows you to try new features and provide feedback directly to Microsoft. On the Windows client computer, go to Settings ➪ Update & Security ➪ Windows Insider Program. You will need to have administrator rights to the computer.

A, E. Administrative templates are used to specify the options available for setting Group Policy. By creating new administrative templates, you can specify which options are available for the new applications. You can then distribute these templates to other system administrators in the environment.

B. The Move-IpamDatabase command allows you to move an IPAM database to a SQL server database.

B. Reservations are set up by using the machine’s network adapter's MAC address. Every network adapter has its own MAC address. So, when the network card is replaced, the new MAC address needs to be put into the current reservation.

B. The Block Policy Inheritance option prevents group policies of higher-level Active Directory objects from applying to lower-level objects as long as the Enforced option is not set.

D. Using Microsoft Intune and Windows Autopilot, you can give devices to your end users without the need to build, maintain, and apply custom operating system images. When you use Intune to manage Autopilot devices, you can manage policies, profiles, applications, and more.

B. Azure Active Directory (Azure AD) simplifies the way that you manage your applications by providing a single identity system for your cloud and on-premises apps. You can use the Get-AzureADDirectorySetting command to get the directory setting from Azure AD.

B. Windows Defender Credential Guard is a virtualization-based security tool to help isolate critical files so that only system software that is privileged can access those critical files. Once it's enabled, a Windows client machine that is part of Active Directory or Azure AD will have the system’s credentials protected by Windows Defender Credential Guard. Windows Defender Credential Guard can be enabled by using Group Policy, the Registry, or the Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard hardware readiness tool.

A. Microsoft Intune includes settings and features that allow you to enable or disable features for different devices. These settings and features are added to configuration profiles. Once you create a configuration profile, you will then use Intune to assign the profile to the devices. There is a wide variety of profile types. Administrative templates include hundreds of settings that can be configured for Microsoft Edge, OneDrive, Remote Desktop, Word, Excel, and more. These templates provide you with a simplified view of settings similar to Group Policy, and they are all cloud-based.

A. Permissions are additive among themselves. This means you get the highest level of permissions among the group membership. In this question, the user is a member of three different groups, which consist of Read, Modify, and Deny. Since the permissions are additive and the user will get the highest level of permission, the user's effective permission will be Deny. Because the user has been denied access through the HR membership, the deny permissions override the allowed permissions.

C. The Windows Event Viewer shows a log of application and system messages. It also includes errors, informational messages, and warnings. It is a handy tool for troubleshooting. Event Viewer is a useful tool for monitoring network information. You can use the logs to view any information, warnings, or alerts related to the functionality of the network. Event Viewer can display hundreds of events.

C. Microsoft Defender Application Guard uses a hardware isolation approach. This lets untrusted site navigation launch inside a container, thus safeguarding corporate networks and data. The administrator determines which sites are trusted sites, cloud resources, and internal networks. Anything that is not on the trusted sites list is considered untrusted. If a user goes to an untrusted site, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system.

C. According to Microsoft, platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.

B. Azure AD users have the ability to securely synchronize their user settings and application settings data to the cloud using Enterprise State Roaming. Enterprise State Roaming provides users with a unified experience across their Windows devices and diminishes the time required for configuring a new device. To enable Enterprise State Roaming, perform the following steps:

Sign into the Azure AD Admin Center.

Select Azure Active Directory ➢ Devices ➢ Enterprise State Roaming.

Select Users May Sync Settings And App Data Across Devices.

When you enable Enterprise State Roaming, your organization is automatically granted a free, limited-use license for Azure Rights Management protection from Azure Information Protection.

B. Azure AD Identity Protection is a tool that allows a company to achieve these three key tasks:

Automate the detection and remediation of identity-based risks.

Investigate risks using data in the portal.

Export risk detection data to third-party utilities for further analysis.

Azure AD Identity Protection identifies risks. The risk signals that can trigger remediation efforts may include requiring users to perform Azure Multifactor Authentication, requiring users to reset their password by using self-service