최신 AZ-800 무료덤프 - Microsoft Administering Windows Server Hybrid Core Infrastructure
Task 9
You need to ensure that all the computers in the domain use DNSSEC to resolve names in the adatum.com zone.
You need to ensure that all the computers in the domain use DNSSEC to resolve names in the adatum.com zone.
정답:
See the solution of this Task below.
Explanation:
To ensure that all computers in the domain use DNSSEC to resolve names in the adatum.com zone, you'll need to configure both the DNS servers and the client computers. Here's how you can do it:
Step 1: Sign the adatum.com Zone First, you need to sign the adatum.com DNS zone. This can be done using the DNS Manager or PowerShell. Here's a PowerShell example:
Add-DnsServerSigningKey -ZoneName "adatum.com" -CryptoAlgorithm RsaSha256 Set-DnsServerDnsSecZoneSetting -ZoneName "adatum.com" -DenialOfExistence NSEC3 - NSEC3Parameters 1,0,10,"" This will add a signing key and configure DNSSEC for the zone with NSEC3 parameters.
Step 2: Configure DNS Servers Ensure that your DNS servers are configured to support DNSSEC. This includes setting up trust anchors for the zones that you want to validate and configuring the DNS servers to provide DNSSEC validation for DNS queries.
Step 3: Configure DNS Clients For DNSSEC validation to occur on the client side, the client computers must be configured to trust the DNS server's validation process. This typically involves configuring the client's DNS settings to point to a DNS server that supports DNSSEC.
Step 4: Validate Configuration You can validate that DNSSEC is working correctly by using tools like nslookup or dig to query DNS records and check for the presence of DNSSEC signatures in the responses.
Note: The exact steps may vary depending on your environment and the version of Windows Server you are using. Ensure that you have the appropriate administrative rights to make these changes and that you test the configuration in a controlled environment before deploying it domain-wide12.
By following these steps, you should be able to ensure that all computers in your domain use DNSSEC to resolve names in the adatum.com zone.
Explanation:
To ensure that all computers in the domain use DNSSEC to resolve names in the adatum.com zone, you'll need to configure both the DNS servers and the client computers. Here's how you can do it:
Step 1: Sign the adatum.com Zone First, you need to sign the adatum.com DNS zone. This can be done using the DNS Manager or PowerShell. Here's a PowerShell example:
Add-DnsServerSigningKey -ZoneName "adatum.com" -CryptoAlgorithm RsaSha256 Set-DnsServerDnsSecZoneSetting -ZoneName "adatum.com" -DenialOfExistence NSEC3 - NSEC3Parameters 1,0,10,"" This will add a signing key and configure DNSSEC for the zone with NSEC3 parameters.
Step 2: Configure DNS Servers Ensure that your DNS servers are configured to support DNSSEC. This includes setting up trust anchors for the zones that you want to validate and configuring the DNS servers to provide DNSSEC validation for DNS queries.
Step 3: Configure DNS Clients For DNSSEC validation to occur on the client side, the client computers must be configured to trust the DNS server's validation process. This typically involves configuring the client's DNS settings to point to a DNS server that supports DNSSEC.
Step 4: Validate Configuration You can validate that DNSSEC is working correctly by using tools like nslookup or dig to query DNS records and check for the presence of DNSSEC signatures in the responses.
Note: The exact steps may vary depending on your environment and the version of Windows Server you are using. Ensure that you have the appropriate administrative rights to make these changes and that you test the configuration in a controlled environment before deploying it domain-wide12.
By following these steps, you should be able to ensure that all computers in your domain use DNSSEC to resolve names in the adatum.com zone.
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.
com The domain contains three servers that run Windows Server and have the Hyper-V server rote installed.
Each server has a Switch Embedded Teaming (SET) team
You need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server.
What should you use?
com The domain contains three servers that run Windows Server and have the Hyper-V server rote installed.
Each server has a Switch Embedded Teaming (SET) team
You need to verity that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server.
What should you use?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Your network contains two VLANs for client computers and one VLAN for a datacenter Each VLAN is assigned an IPv4 subnet Currently, all the client computers use static IP addresses.
You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to deploy a DHCP server to the VLAN in the datacenter.
You need to use the DHCP server to provide IP configurations to all the client computers.
What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: 3
You need a DHCP scope for each of the three subnets.
Box 2: 2
The two client VLANs need a DHCP Relay Agent to forward DHCP requests to the DHCP server. The datacenter VLAN that contains the DHCP server does not require a DHCP Relay Agent.
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.
You deploy a server to the domain and configure the server to run a service.
You need to ensure that the service can use a group managed service account (gMSA) to authenticate.
Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
You deploy a server to the domain and configure the server to run a service.
You need to ensure that the service can use a group managed service account (gMSA) to authenticate.
Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
정답:
Explanation:
You have an Azure subscription that contains the storage accounts shown in the following table.
In the East US Azure region, you create a storage sync service named Synd.
You need to create a sync group in Synd.
Which storage accounts can you use, and what can you specify as the cloud endpoints? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
In the East US Azure region, you create a storage sync service named Synd.
You need to create a sync group in Synd.
Which storage accounts can you use, and what can you specify as the cloud endpoints? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Your network contains an Active Directory domain named contoso.com. The domain contains the computers shown in the following table.
On Server3, you create a Group Policy Object (GPO) named GP01 and link GPOI to contoso.com. GP01 includes a shortcut preference named Shortcut1 that has item-level targeting configured as shown in the following exhibit.
To which computer will Shortcut1 be applied?
On Server3, you create a Group Policy Object (GPO) named GP01 and link GPOI to contoso.com. GP01 includes a shortcut preference named Shortcut1 that has item-level targeting configured as shown in the following exhibit.
To which computer will Shortcut1 be applied?
정답: C
Your network contains an Active Directory Domain Services (AD DS) domain.
You plan to use Active Directory Administrative Center to create a new user named User1.
Which two attributes are required to create User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You plan to use Active Directory Administrative Center to create a new user named User1.
Which two attributes are required to create User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
정답: A,F
You have an Active Directory Domain Services (AD DS) domain. The domain contains a member server named Server1 that runs Windows Server.
You need to ensure that you can manage password policies for the domain from Serve1.
Which command should you run first on Server1?
You need to ensure that you can manage password policies for the domain from Serve1.
Which command should you run first on Server1?
정답: D
Task 12
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
You need to create a Group Policy Object (GPO) named GPO1 that only applies to a group named MemberServers.
정답:
See the solution of this Task below.
Explanation:
To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:
* On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open Group Policy Management from the Administrative Tools menu or by typing gpmc.
msc in the Run box.
* In the left pane, expand your domain and right-click on Group Policy Objects. Select New to create a new GPO.
* In the New GPO dialog box, enter GPO1 as the Name of the new GPO and click OK. You can also optionally select a source GPO to copy the settings from.
* Right-click on the new GPO and select Edit to open the Group Policy Management Editor. Here, you can configure the settings that you want to apply to the group under the Computer Configuration and User Configuration nodes. For more information on how to edit a GPO, see Edit a Group Policy Object.
* Close the Group Policy Management Editor and return to the Group Policy Management console. Right- click on the new GPO and select Scope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.
* Under the Security Filtering section, click on Authenticated Users and then click on Remove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.
* Click on Add and then type the name of the group that you want to apply the GPO to, such as MemberServers. Click OK to add the group to the security filter. You can also click on Advanced to browse the list of groups available in the domain.
* Optionally, you can also configure the WMI Filtering section to further filter the GPO based on the Windows Management Instrumentation (WMI) queries. For more information on how to use WMI filtering, see Filter the scope of a GPO by using WMI filters.
* To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and select Link an Existing GPO. Select the GPO that you created, such as GPO1, and click OK. You can also change the order of preference by using the Move Up and Move Down buttons.
* Wait for the changes to replicate to other domain controllers. You can also force the update of the GPO by using the gpupdate /force command on the domain controller or the client computers. For more information on how to update a GPO, see Update a Group Policy Object.
Now, you have created a GPO named GPO1 that only applies to a group named MemberServers. You can verify the GPO application by using the gpresult /r command on a member server and checking the Applied Group Policy Objects entry. You can also use the Group Policy Results wizard in the Group Policy Management console to generate a report of the GPO application for a specific computer or user. For more information on how to use the Group Policy Results wizard, see Use the Group Policy Results Wizard.
Explanation:
To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:
* On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open Group Policy Management from the Administrative Tools menu or by typing gpmc.
msc in the Run box.
* In the left pane, expand your domain and right-click on Group Policy Objects. Select New to create a new GPO.
* In the New GPO dialog box, enter GPO1 as the Name of the new GPO and click OK. You can also optionally select a source GPO to copy the settings from.
* Right-click on the new GPO and select Edit to open the Group Policy Management Editor. Here, you can configure the settings that you want to apply to the group under the Computer Configuration and User Configuration nodes. For more information on how to edit a GPO, see Edit a Group Policy Object.
* Close the Group Policy Management Editor and return to the Group Policy Management console. Right- click on the new GPO and select Scope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.
* Under the Security Filtering section, click on Authenticated Users and then click on Remove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.
* Click on Add and then type the name of the group that you want to apply the GPO to, such as MemberServers. Click OK to add the group to the security filter. You can also click on Advanced to browse the list of groups available in the domain.
* Optionally, you can also configure the WMI Filtering section to further filter the GPO based on the Windows Management Instrumentation (WMI) queries. For more information on how to use WMI filtering, see Filter the scope of a GPO by using WMI filters.
* To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and select Link an Existing GPO. Select the GPO that you created, such as GPO1, and click OK. You can also change the order of preference by using the Move Up and Move Down buttons.
* Wait for the changes to replicate to other domain controllers. You can also force the update of the GPO by using the gpupdate /force command on the domain controller or the client computers. For more information on how to update a GPO, see Update a Group Policy Object.
Now, you have created a GPO named GPO1 that only applies to a group named MemberServers. You can verify the GPO application by using the gpresult /r command on a member server and checking the Applied Group Policy Objects entry. You can also use the Group Policy Results wizard in the Group Policy Management console to generate a report of the GPO application for a specific computer or user. For more information on how to use the Group Policy Results wizard, see Use the Group Policy Results Wizard.
You have an Azure virtual machine named VM1 that contains the drives shown in the following table.
On VM1, you plan to install an app named App1. The data for App1 must be stored on a persistent data disk assigned to drive D.
You need assign the data disk to drive D.
What should you do on VM1 first?
On VM1, you plan to install an app named App1. The data for App1 must be stored on a persistent data disk assigned to drive D.
You need assign the data disk to drive D.
What should you do on VM1 first?
정답: D
Task 2
You need to ensure that you can manage SRV1 remotely by using PowerShell
You need to ensure that you can manage SRV1 remotely by using PowerShell
정답:
See the solution of this Task below.
Explanation:
To manage SRV1 remotely using PowerShell, you'll need to set up PowerShell Remoting. Here's a step-by- step guide:
Step 1: Enable PowerShell Remoting on SRV1 On SRV1, run the following command to enable PowerShell Remoting:
Enable-PSRemoting -Force
This command configures the computer to receive PowerShell remote commands that are sent by using the WS-Management technology.
Step 2: Configure the TrustedHosts List (If Needed) If you're managing SRV1 from a computer that is not part of the same domain, you'll need to add the managing computer's name to the TrustedHosts list on SRV1:
Set-Item wsman:\localhost\Client\TrustedHosts -Value "ManagingComputerName" -Concatenate -Force Replace "ManagingComputerName" with the name of your managing computer.
Step 3: Start a Remote Session From your managing computer, start a remote session with SRV1 using the Enter-PSSession cmdlet:
Enter-PSSession -ComputerName SRV1 -Credential (Get-Credential)
This command prompts you for credentials and then starts a remote session with SRV1.
Step 4: Run Remote Commands Once the remote session is established, you can run any PowerShell command as if you were directly on SRV1. For example:
Get-Service
This command gets the status of services on SRV1.
Step 5: Exit the Remote Session When you're finished, exit the remote session:
Exit-PSSession
Note: Ensure that both the managing computer and SRV1 are properly configured to communicate over the network, and that any firewalls allow for the necessary ports (default is 5985 for HTTP and 5986 for HTTPS) to be open for WS-Management traffic12.
By following these steps, you should be able to manage SRV1 remotely using PowerShell. Make sure you have the appropriate administrative privileges to perform these actions.
Explanation:
To manage SRV1 remotely using PowerShell, you'll need to set up PowerShell Remoting. Here's a step-by- step guide:
Step 1: Enable PowerShell Remoting on SRV1 On SRV1, run the following command to enable PowerShell Remoting:
Enable-PSRemoting -Force
This command configures the computer to receive PowerShell remote commands that are sent by using the WS-Management technology.
Step 2: Configure the TrustedHosts List (If Needed) If you're managing SRV1 from a computer that is not part of the same domain, you'll need to add the managing computer's name to the TrustedHosts list on SRV1:
Set-Item wsman:\localhost\Client\TrustedHosts -Value "ManagingComputerName" -Concatenate -Force Replace "ManagingComputerName" with the name of your managing computer.
Step 3: Start a Remote Session From your managing computer, start a remote session with SRV1 using the Enter-PSSession cmdlet:
Enter-PSSession -ComputerName SRV1 -Credential (Get-Credential)
This command prompts you for credentials and then starts a remote session with SRV1.
Step 4: Run Remote Commands Once the remote session is established, you can run any PowerShell command as if you were directly on SRV1. For example:
Get-Service
This command gets the status of services on SRV1.
Step 5: Exit the Remote Session When you're finished, exit the remote session:
Exit-PSSession
Note: Ensure that both the managing computer and SRV1 are properly configured to communicate over the network, and that any firewalls allow for the necessary ports (default is 5985 for HTTP and 5986 for HTTPS) to be open for WS-Management traffic12.
By following these steps, you should be able to manage SRV1 remotely using PowerShell. Make sure you have the appropriate administrative privileges to perform these actions.
You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed.
You need 10 limit which Hyper-V module cmdlets helpdesk users can use when administering Server 1 remotely.
You configure Just Enough Administration (JEA) and successfully build the role capabilities and session configuration files.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need 10 limit which Hyper-V module cmdlets helpdesk users can use when administering Server 1 remotely.
You configure Just Enough Administration (JEA) and successfully build the role capabilities and session configuration files.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Reference:
https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/register-jea?view=powershell-7.2