• Home
  • Articles
  • 2026 Updated Verified AZ-800 dumps Q&As - Pass Guarantee or Full Refund [Q129-Q153]

2026 Updated Verified AZ-800 dumps Q&As - Pass Guarantee or Full Refund [Q129-Q153]

Share

2026 Updated Verified AZ-800 dumps Q&As - Pass Guarantee or Full Refund

AZ-800 PDF Questions and Testing Engine With 262 Questions


Earning the Microsoft AZ-800 certification demonstrates to potential employers that an individual has the skills necessary to manage and maintain a hybrid infrastructure. It also helps IT professionals stand out in a competitive job market and provides them with a deeper understanding of Microsoft's server technologies. Overall, the AZ-800 exam is a valuable certification for IT professionals who want to enhance their skills and advance their careers in managing Windows Server Hybrid Core Infrastructure.


The Microsoft AZ-800 exam covers a range of topics, including deploying and managing Windows Server, implementing and managing storage solutions, configuring and managing networking, managing virtual machines and containers, and monitoring and troubleshooting hybrid environments. It also covers security and compliance considerations, including implementing identity and access management and implementing threat protection solutions. Successful completion of AZ-800 exam demonstrates that the candidate has the skills and knowledge required to manage and administer Windows Server and hybrid environments effectively.

 

NEW QUESTION # 129
You have five tile servers that run Windows Server.
You need to block users from uploading video files that have the .mov extension to shared folders on the file servers. All other types of files must be allowed. The solution must minimize administrative effort.
What should you create?

  • A. a Dynamic Access Control central access rule
  • B. a Dynamic Access Control central access policy
  • C. a data loss prevention (DLP) policy
  • D. a file screen

Answer: D

Explanation:
In the Administering Windows Server Hybrid Core Infrastructure materials for file services, Microsoft emphasizes using File Server Resource Manager (FSRM) to control which file types users can store on shares.
FSRM provides File Screening Management that "controls the types of files that users can save" on a path by matching file groups (extensions) and applying either active screening (block) or passive screening (allow but report). The guides further note that you can "create file screen templates to standardize settings and apply them to multiple folders or servers," minimizing repeated administration across many file servers.
To meet the requirement "block users from uploading video files that have the .mov extension... All other types of files must be allowed," you create a File Screen with Active screening on the shared folders (or their parent paths) using a File Group that contains *.mov. This directly prevents writes of the specified extension while permitting other files.
By contrast, Dynamic Access Control (DAC) central access policies/rules govern authorization based on claims and resource properties, not file extensions. A DLP policy targets Microsoft 365 workloads and sensitive information types rather than enforcing extension-based blocking on Windows Server SMB shares.
Therefore, the least-effort and purpose-built solution is an FSRM file screen.


NEW QUESTION # 130
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organizational unit (OU) that contains the client computers in the new branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: B


NEW QUESTION # 131
You need to implement an availability solution for DHCP that meets the networking requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. On each DHCP scope, configure DHCP failover.
  • B. On DHCP1. create a scope that contains 25 percent of the IP addresses from Scope2.
  • C. DHCP2. configure a scope that contains 25 percent of the IP addresses from Scope 1 .
  • D. On each DHCP server, install the Failover Clustering feature and add the DHCP cluster role.
  • E. On the router in each office, configure a DHCP relay.

Answer: A,D

Explanation:
Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831385(v=ws.11)


NEW QUESTION # 132
SIMULATION
You need to ensure that you can manage SRV1 remotely by using PowerShell.
To complete this task, sign in to the required computer or computers.

Answer:

Explanation:
Configure remote Management in Server Manager
To enable Server Manager remote management by using the Windows interface Step 1: On the computer that you want to manage remotely, open Server Manager, if it is not already open. On the Windows taskbar, click Server Manager. On the start screen, click the Server Manager tile.
Step 2: In the Properties area of the Local Servers page, click the hyperlinked value for the remote management property.
Step 3: Do one of the following, and then click OK.
To let this computer be managed remotely by using Server Manager or Windows PowerShell, select Enable remote management of this server from other computers.
(To prevent this computer from being managed remotely by using Server Manager (or Windows PowerShell if it is installed), clear the Enable remote management of this server from other computers check box.) Reference:
https://learn.microsoft.com/en-us/windows-server/administration/server-manager/configure- remote-management-in-server-manager


NEW QUESTION # 133
SIMULATION
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
To complete this task, sign in the required computer or computers.

Answer:

Explanation:
Step 1: Open Group Policy Management by navigating to the Start menu > Windows Administrative Tools, then select Group Policy Management.

Step 2: Right-click Group Policy Objects, then select New to create a new GPO.

Step 3: Enter a name [here GPO1] for the new GPO that you can identify what it is for easily, then click OK.
Step 4: Select the GPO from Group Policy Objects list, then in the Security Filtering section, Add and Remove users, groups, and computers that the GPO should apply to. [Here add group MemberServers] Step 5: Close the GPO Editor when you are done.
Now, the GPO is created.
Reference:
https://support.globalsign.com/aeg/aeg-how-create-and-link-gpo-active-directory


NEW QUESTION # 134
You need to meet technical requirements for HyperV1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 135
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Each forest contains a single domain. The domains contain the servers shown in the following table.

You need to configure resources based constrained delegation so that the users In contoso.com can use Windows Admin Center on Server) to connect to Server? How should you complete the command? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-adcomputer?view=windowsserver2022-ps


NEW QUESTION # 136
Case Study 1 - Fabrikam, Inc
Overview
Fabrikam, Inc is a manufacturing company that has a main office in New York and a branch office in Seattle.
Existing Environment
On-premises Servers
The on-premises network contains servers that run Windows Server as shown in the following table.

DC1 hosts all the operation master roles.
WEB1 and WEB2 run an Internet Information Services (IIS) web app named Webapp1.
On-premises Network
The New York and Seattle offices are connected by using redundant WAN links.
The client computers in each office get IP addresses from their local DHCP server.
DHCP1 contains a scope named Scope1 that has addresses for the New York office, DHCP2 contains a scope named Scope2 that has addresses for the Seattle office.
Identity Infrastructure
The network contains a single on-premises Active Directory Domain Services (AD DS) domain named corp.falbrikam.com. Currently, all the service accounts use individual domain user accounts.
All domain controllers have the DNS Server role installed and host a copy of the Active Directory integrated DNS zone of corp.fabrikam.com.
The corp.fabrikam.com AD DS domain syncs with an Azure Active Directory (Azure AD) tenant.
Group Policy Objects (GPOs)
The corp.fabrikam.com domain contains the organizational units (OUs) and custom Group Policy Objects (GPOs) shown in the following table.

Requirements
Planned Changes
Fabrikam identifies the following planned changes:
Create a single Azure subscription named Sub1 that will contain a single Azure virtual network named Vnet1.
Replace the WAN links between the Seattle and New York offices by using Azure Virtual WAN and FxpressRoute. Both on premises offices will be connected to Vnet1 by using ExpressRoute.
Create three Azure file shares named newyorkhiles, seattlefiles, and companyfiles.
Create a domain controller named dc3.corp.fabrikam.com in Vnet1.
Deploy an Azure Virtual Desktop host pool to Vnet1. The Azure Virtual Desktop session hosts will be hybrid Azure AD-joined.
License all servers for Microsoft Defender for servers.
Use Azure Policy to enforce configuration management policies on the servers in Azure and on- premises.
Networking Requirements
Fabrikam identifies the following networking requirements:
Implement Virtual WAN and ensure that all the network traffic between the sites uses Virtual WAN. All communications must occur over ExpressRoute.
If a DHCP server fails, ensure that the client computers can continue to receive their dynamic IP address and renew their existing lease.
Ensure that the resources in Vnet1 can resolve the names of the on-premises servers in the corp.fabrikam.com domain.
Security Requirements
Fabrikam identifies the following security requirements:
Apply GPO4 to the Azure Virtual Desktop session hosts. Ensure that Azure Virtual Desktop user sessions lock after being idle for 10 minutes. Users must be able to control the lockout time manually from their client computer.
Ensure that server administrators request approval before they can establish a Remote Desktop connection to an Azure virtual machine. If the request is approved, the connection must be established within two hours.
Prevent user passwords from containing all or part of words that are based on the company name, such as Fab, f@br1kAm or fabr!|.
Ensure that all instances of Webapp1 use the same service account. The password of the service account must change automatically every 30 days.
Prevent domain controllers from directly contacting hosts on the internet.
File Sharing Requirements
You need to configure the synchronization of Azure files to meet the following requirements:
Ensure that seattlefiles syncs to FS2.
Ensure that newyorkfiles syncs to FS1.
Ensure that companyfiles syncs to both FS1 and FS2.
Question
Hotspot Question
You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
The network requirements state: "All communications must occur over ExpressRoute." That means you need to create the conditions for that kind of connection: an ExpressRoute gateway and an ExpressRoute circuit connection.
https://docs.microsoft.com/en-us/learn/modules/implement-hybrid-network-infrastructure/5- implement-azure-expressroute


NEW QUESTION # 137
You have on-premises servers that run Windows Server as shown in the following table.

You have an Azure subscription that contains a virtual machine named VMV You need to ensure that you can manage all the servers by using Azure Arc. The solution must minimize administrative effort.
On which servers should you install the Azure Connected Machine agent?

  • A. VM2only
  • B. VM1 and VM2 only
  • C. Server1 and VM2 only
  • D. VM1 only
  • E. Server1 only
  • F. Server1, VM1, and VM2

Answer: C


NEW QUESTION # 138
You have an on-premises server named Server1 that runs Windows Server.
You have an Azure virtual network that contains an Azure virtual network gateway.
You need to connect only Server1 to the Azure virtual network.
What should you use?

  • A. an ExpressRoute circuit
  • B. Azure Network Adapter
  • C. a Site-to-SiteVPN
  • D. Azure Extended Network

Answer: B

Explanation:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/use- azure-network-adapter


NEW QUESTION # 139
SIMULATION
Task 5
You need to ensure that a DHCP scope named scope! on SRV1 can service client requests.

Answer:

Explanation:
See the solution of this Task below
Explanation:
One possible solution to ensure that a DHCP scope named scope1 on SRV1 can service client requests is to activate the scope on the DHCP server. A scope must be activated before it can assign IP addresses to DHCP clients. To activate a DHCP scope on SRV1, perform the following steps:
On SRV1, open DNS Manager from the Administrative Tools menu or by typing dnsmgmt.msc in the Run box.
In the left pane, expand your DHCP server and click on IPv4.
In the right pane, right-click on the scope that you want to activate, such as scope1, and select Activate.
Wait for the scope to be activated. You can verify the activation status by checking the icon next to the scope name. A green arrow indicates that the scope is active, while a red arrow indicates that the scope is inactive.
Now, the DHCP scope named scope1 on SRV1 can service client requests and lease IP addresses to DHCP clients. You can test the DHCP service by using the ipconfig /renew command on a DHCP client computer that is connected to the same subnet as the scope.


NEW QUESTION # 140
SIMULATION
You need to ensure that the Azure file share named share1 can sync to on-premises servers.
The required source files are located in a folder named \\dc1.contoso.com\install.
You do NOT need to specify the on-premises servers at this time.
To complete this task, sign in the required computer or computers.

Answer:

Explanation:


NEW QUESTION # 141
You have an Active Directory Domain Services (AD DS) domain that contains the domain controllers shown in the following table.

The domain contains an app named App1 that uses a custom application partition to store configuration data.
You decommission App1.
When you attempt to remove the custom application partition, the process fails.
Which domain controller is unavailable?

  • A. DC3
  • B. DC2
  • C. DC4
  • D. DC1

Answer: A


NEW QUESTION # 142
Your on-premises network has an IP address range of 10.0.0.0/23.
You have an Azure virtual network named VNet1 that contains a virtual machine named VM1 VNet1 has an IP address range of 10.0.1.0/24.
You need to deploy a Site-to-Site (S2S) VPN to connect the on-premises network to VNet1.
What should you do first?

  • A. Configure VNet1 to use the IP address range of 10.0.2.0/24.
  • B. Configure VNet1 to use an IP address range of 10.0.1.128/25.
  • C. Deploy Azure Extended Network.
  • D. Deploy Azure Bastion to VNet1.

Answer: A

Explanation:
For Site-to-Site VPNs, the exam guide states that "the on-premises address spaces and the Azure virtual network address spaces must not overlap." Overlapping prefixes prevent route advertisement and creation of connections. Your on-premises network uses 10.0.0.0/23, which spans 10.0.0.0-10.0.1.255. The current VNet1 space is 10.0.1.0/24, which sits inside the on-premises supernet and therefore overlaps. The guidance instructs: "Before configuring gateways and connections, ensure VNet address ranges are unique and non- overlapping with any local networks." Options like deploying Bastion or Azure Extended Network don't change IP topology and won't resolve the overlap. Subnetting VNet1 to 10.0.1.128/25 also still overlaps the
10.0.0.0/23 range. The correct first step is to change VNet1's address space to a non-overlapping range, such as 10.0.2.0/24, and then proceed to deploy the virtual network gateway and the S2S connection. This aligns with the required prerequisite in the study material that unique address spaces are mandatory for successful S2S VPN routing.


NEW QUESTION # 143
You plan to deploy a containerized application that requires .NET Core.
You need to create a container image for the application. The image must be as small as possible.
Which base image should you use?

  • A. Windows
  • B. Server Cote
  • C. Windows Server
  • D. Nano Server

Answer: D

Explanation:
When building Windows container images, the base image determines both compatibility and image size. The hybrid core curriculum emphasizes that Nano Server is the smallest Windows base image, intended for headless, app-only workloads such as .NET (/.NET Core) applications. .NET Core's modular, self-contained approach enables it to run on Nano Server images designed for Windows containers, yielding significantly smaller images and faster pull/start times than Server Core or Windows Server (Full) bases. Server Core includes additional components (GUI-less but still broad OS surface) and is used when you need APIs or frameworks not present in Nano. "Windows" or "Windows Server (Full)" are not container base images for modern Windows containers and would produce unnecessarily large layers. To meet the requirement "the image must be as small as possible" for a .NET Core app, the guidance is to select Nano Server as the base (for matching architecture and Windows version), then layer the .NET runtime or self-contained app on top.
This choice aligns with best practices for minimizing footprint, improving density, and reducing network transfer during CI/CD.


NEW QUESTION # 144
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant
You have several Windows 10 devices that are Azure AD hybrid-joined.
You need to ensure that when users sign in to the devices, they can use Windows Hello for Business.
Which optional feature should you select in Azure AD Connect?

  • A. Directory extension attribute sync
  • B. Azure AD app and attribute filtering
  • C. Password writeback
  • D. Group writeback
  • E. Device writeback

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs


NEW QUESTION # 145
You have a file server named Server1 that runs Windows Server and contains the volumes shown in the following table.

On which volumes can you use BitLocker Drive Encryption (BitLocker) and disk quotas? To answer select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://docs.microsoft.com/en-us/windows-server/storage/refs/refs-overview


NEW QUESTION # 146
You have an on-premises server named Server1 that runs Windows Server and has internet connectivity.
You have an Azure subscription.
You need to monitor Server1 by using Azure Monitor.
Which resources should you create in the subscription, and what should you install on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor


NEW QUESTION # 147
You have a Windows Server container host named Server 1 and a container image named Image1.
You need to start a container from image1. The solution must run the container on a Hyper-V virtual machine.
Which parameter should you specify when you run the docker run command?

  • A. --expose
  • B. --entrypoint
  • C. --isolation
  • D. --privileged
  • E. --runtime

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/hyperv-container


NEW QUESTION # 148
You need to configure Azure File Sync to meet the file sharing requirements. What should you do? To answer, select the appropriate options in the answer are a. NOTE Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 149
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.

You need to configure DC3 to be the authoritative time server for the domain.
Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 150
Your network contains an Active Directory domain named contoso.com. The domain contains group managed service accounts (gMSAs). You have a server named Server1 that runs Windows Server and is in a workgroup. Server! hosts Windows containers.
You need to ensure that the Windows containers can authenticate to contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation:


NEW QUESTION # 151
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning the deployment of DNS to a new network.
You have three internal DNS servers as shown in the following table.

The contoso.local zone contains zone delegations for east.contoso.local and west.contoso.local. All the DNS servers use root hints.
You need to ensure that all the DNS servers can resolve the names of all the internal namespaces and internet hosts.
Solution: You configure Server2 and Server3 to forward DNS requests to 10.0.1.10.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 152
Your network contains two VLANs for client computers and one VLAN for a datacenter Each VLAN is assigned an IPv4 subnet Currently, all the client computers use static IP addresses.
You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 153
......

Exam Engine for AZ-800 Exam Free Demo & 365 Day Updates: https://troytec.validtorrent.com/AZ-800-valid-exam-torrent.html

Related Articles

more
Microsoft AZ-800 Certification Practice Exam

Copyright © 2026 ValidTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy