All Braindump2go PDF Dumps and VCE Dumps

Braindump2go Latest and Hottest Dumps with PDF and VCE are free Shared Here!

AZ-801 Exam DumpsAZ-801 Exam QuestionsAZ-801 PDF DumpsAZ-801 VCE DumpsMicrosoft

[2025-November-New]Braindump2go AZ-801 Exam Questions Free[Q136-Q156]

admin

2025/November Latest Braindump2go AZ-801 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go AZ-801 Real Exam Questions!

QUESTION 136
Hotspot Question
You have a generation 1 Azure virtual machine named VM1 that runs Windows Server and is joined to an Active Directory domain.
You plan to enable BitLocker Drive Encryption (Bit-Locker) on volume C of VM1.
You need to ensure that the BitLocker recovery key for VM1 is stored in Active Directory.
Which two Group Policy settings should you configure first? To answer, select the settings in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

QUESTION 137
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server._(:з」∠)_488
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From App & browser control, you configure Reputation-based protection.
Does this meet the goal?

A. Yes
B. No

Answer: B
Explanation:
Need to be used Controlled Folder Access.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/customize-controlled-folders?view=o365-worldwide#allow-specific-apps-to-make-changes-to-controlled-folders

QUESTION 138
Hotspot Question
You have three Hyper-V hosts named Server1, Server2, and Server3 that run Windows Server, Server1 hosts a virtual machine named VM1.
You enable Hyper-V Replica to replicate VM1 to Server2 and set the replication frequency to 30 seconds.
You need to extend the replication and create a second replica of VM1.
On which Hyper-V hosts should you configure the replication, and what is the minimum replication frequency you can use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: Server2 only
Extended (chained) replication: This lets you replicate a virtual machine from a primary host to a secondary host, and then replicate the secondary host to a third host. Note that you can’t replicate from the primary host directly to the second and the third.
Box 2: 5 minutes
In Configure Replication frequency screen, note that Extend Replication only supports 5 minute and 15-minute Replication frequency. Also note that replication frequency of extend replication should be at least equal to or greater than primary replication relationship.
Reference:
https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica
https://learn.microsoft.com/en-us/virtualization/community/team-blog/2013/20131209-hyper-v-replica-extend-replication

QUESTION 139
Hotspot Question
You have the servers shown in the following table.

You plan to migrate file shares from Server1 to Server2.
You need to deploy the Storage Migration Service and the Storage Migration Service extension.
On which server should you install each component? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
https://learn.microsoft.com/en-us/windows-server/storage/storage-migration-service/overview#requirements

QUESTION 140
Drag and Drop Question
You have an Azure subscription that contains an Azure key vault named Vault1.
You plan to deploy a virtual machine named VM1 that will run Windows Server.
You need to enable encryption at host for VM1. The solution must use customer-managed keys.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell

QUESTION 141
Your company uses Storage Spaces Direct.
You need to view the available storage in a Storage Space Direct storage pool.
What should you use?

A. the Get-StorageSubsystem cmdlet
B. File Server Resource Manager (FSRM)
C. Disk Management
D. Failover Cluster Manager

Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure-stack/hci/concepts/storage-spaces-direct-overview#manage-and-monitor

QUESTION 142
Your network contains an Active Directory Domain Services (AD DS) forest.
You need to deploy a Storage Spaces Direct converged infrastructure. The solution must meet the following requirements:
– Use an Ethernet fabric.
– Eliminate the need for Data Center Bridging (DCB).
Which Remote Direct Memory Access (RDMA) networking technology should you implement?

A. InfiniBand
B. RoCEv2
C. iWARP
D. RoCEv1

Answer: C
Explanation:
DCB is required for RDMA over Converged Ethernet (RoCE) networks, and is optional (but recommended) for Internet Wide Area RDMA Protocol (iWARP) networks.
https://learn.microsoft.com/en-us/azure-stack/hci/manage/validate-qos

QUESTION 143
Your company uses Storage Spaces Direct.
You need to view the available storage in a Storage Space Direct storage pool.
What should you use?

A. Disk Management
B. System Configuration
C. the Get-StorageFileServer cmdlet
D. Windows Admin Center

Answer: D

QUESTION 144
Hotspot Question
You have an Azure subscription.
You plan to deploy a virtual machine named VM1 to the East US Azure region and use Azure Site Recovery between availability zones.
You need to configure the disks on VM1 and the virtual network. The solution must meet the following requirements:
– Maximize the availability of VM1.
– Maintain the private IP address of VM1 during failover and failback operations.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: Zone redundant Storage (ZRS) Premium SSD
ZRS for managed disks is only supported with Premium SSD and Standard SSD managed disks. ZRS for managed disks isn’t supported with Premium SSD v2 managed disks.
ZRS replicates your Azure managed disk synchronously across three Azure availability zones in the selected region. Each availability zone is a separate physical location with independent power, cooling, and networking.
Box 2: Two virtual networks and two subnets
Maintain the private IP address of VM1 during failover and failback operations.
During failover, you might want to keep the IP addressing in the target region identical to the source region:
Reference:
https://azure.microsoft.com/en-us/updates/asr-zrs-managed-disks/
https://learn.microsoft.com/en-us/azure/virtual-machines/disks-deploy-zrs
https://learn.microsoft.com/en-us/azure/site-recovery/site-recovery-retain-ip-azure-vm-failover

QUESTION 145
Hotspot Question
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server. All the servers are on the same network and have network connectivity.
On Server1, Windows Defender Firewall has a connection security rule that has the following settings:
– Rule Type: Server-to-server
– Endpoint 1: Any IP address
– Endpoint 2: Any IP address
– Requirements: Require authentication for inbound connections and request authentication for outbound connections
– Authentication Method: Computer (Kerberos V5)
– Profile: Domain, Private, Public
– Name: Rule1
Server2 has no connection security rules.
On Server3, Windows Defender Firewall has a connection security rule that has the following settings:
– Rule Type: Server-to-server
– Endpoint 1: Any IP address
– Endpoint 2: Any IP address
– Requirements: Request authentication for inbound and outbound connections
– Authentication Method: Computer (Kerberos V5)
– Profile: Domain, Private, Public
– Name: Rule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

QUESTION 146
Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains two virtual machines named VM1 and VM2 that run Windows Server.
You plan to implement a failover cluster named Cluster1 that will use VM1 and VM2 as nodes.
You need to ensure that Cluster1 can use floating IP addresses.
Which two components should you deploy? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Network Load Balancing (NLB)
B. the MultiPoint Services role
C. the Network Controller role
D. the Host Guardian Service role
E. Software Load Balancer (SLB)

Answer: CE
Explanation:
https://learn.microsoft.com/en-us/windows-server/networking/sdn/manage/guest-clustering#example-load-balancer-configuration

QUESTION 147
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises server named Server1 that runs Windows Server.
You have a Microsoft Sentinel instance.
You add the Windows Firewall data connector in Microsoft Sentinel.
You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.
Solution: You install the Log Analytics agent on Server1.
Does this meet the goal?

A. Yes
B. No

Answer: A

QUESTION 148
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises server named Server1 that runs Windows Server.
You have a Microsoft Sentinel instance.
You add the Windows Firewall data connector in Microsoft Sentinel.
You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.
Solution: You onboard Server1 to Microsoft Defender for Endpoint.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 149
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises server named Server1 that runs Windows Server.
You have a Microsoft Sentinel instance.
You add the Windows Firewall data connector in Microsoft Sentinel.
You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.
Solution: You install the Microsoft Integration Runtime on Server1.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 150
You have an Azure virtual machine named VM1 that runs Windows Server.
The operating system on VM1 fails to fully initialize its network stack, and you cannot establish a network connection.
You need to establish an interactive shell session.
What should you use?

A. Azure Bastion
B. Serial console
C. just-in-time (JIT) VM access

Answer: B

QUESTION 151
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises server named Server1 that runs Windows Server.
You have a Microsoft Sentinel instance.
You add the Windows Firewall data connector in Microsoft Sentinel.
You need to ensure that Microsoft Sentinel can collect Windows Firewall logs from Server1.
Solution: You install the Azure Connected Machine agent on Server1.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 152
Your network contains an Active Directory Domain Services (AD DS) forest. The forest functional level is Windows Server 2012 R2. The forest contains the domains shown in the following table.

You create a user named Admin1.
You need to ensure that Admin1 can add a new domain controller that runs Windows Server 2022 to the east.contoso.com domain. The solution must follow the principle of least privilege.
To which groups should you add Admin1?

A. EAST\Domain Admins only
B. CONTOSO\Enterprise Admins only
C. CONTOSO\Schema Admins and EAST\Domain Admins
D. CONTOSO\Enterprise Admins and CONTOSO\Schema Admins

Answer: A
Explanation:
A WS2022 DC can be installed in a FL 2008 and above without have to prepare de forest. Also is not required to runadprep. And, in this case the minimum to install a 2022DC in a 2012R2 FL would be Domain Admin of the respective domain, so East/Domain Admin.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers

QUESTION 153
You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains the resources shown in the following table.

Sub1 has Microsoft Defender for Servers enabled. You are assigned the Contributor role for Sub1.
You need to implement just-in-time (JIT) VM access for VM1.
What should you do first?

A. Create a network security group (NSG).
B. Enable enhanced security in Microsoft Defender for Cloud.
C. Request the Owner role for Sub1.
D. Create an application security group.

Answer: A
Explanation:
JIT requires an NSG to be configured or a Firewall configuration (or both).
https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage

QUESTION 154
Hotspot Question
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains an organizational unit (OU) named OU1. OU1 contains servers that run sensitive workloads.
You plan to add connection security rules that meet the following requirements:
– The servers in OU1 must only accept connections from domain-joined
– The servers in OU1 must only be able to communicate with domain-joined
You create a Group Policy Object (GPO) named GPO1 and link GPO1 to contoso.com.
You need to configure a connection security rule in GPO1 by using Windows Defender Firewall with Advanced Security.
How should you configure the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Rule type: Isolation
Isolation rules are used to enforce authentication for network traffic. (Authentication exemption rules are used to specify traffic that should be exempt from the authentication requirements. And Tunnel rules are used to secure traffic between endpoints , typically used for VPN)
Requirements: Require authentication for inbound and outbound connections
This is being stressed in this certification, the difference between required and requested.
Authentication Method: Computer (Kerberos V5)
This will ensure that only domain-joined computers (which use Kerberos for authentication) can communicate with the servers.

QUESTION 155
Hotspot Question
You have an on-premises Active Directory Domain Services (AD DS) domain that contains the resources shown in the following table.

The domain contains the domain controllers shown in the following table.

You configure a site link between Site1 and Site2 and set the replication interval to 20 minutes.
At 10:00 AM, connectivity between Site1 and Site2 fails.
Administrators perform the actions shown in the following table.

At 10:30 AM, connectivity between Site1 and Site2 is restored.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: No
User1 is removed from Group1 at 10.07.
This change will be replicated before 11.30 AM.
Box 2: No
At 10.11: Change the phone of User2 to 222-222.
At 10.12: Change the phone of User2 to 333-333.
At 10.25: Change the phone of User2 to 444-444.
The last change will be replicated before 11.30 AM.
Box 3: Yes
At 10.05: Move User3 to OU1.
At 10.20. Delete OU1.
User3 will be deleted when OU1 is deleted.

QUESTION 156
Hotspot Question
You have a Windows Server failover cluster named Cluster1 that has a cloud witness and the nodes shown in the following table.

Cluster1 has the roles shown in the following table.

Cluster1 has the following configuration.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: Yes
We see: Site1 {Node1, Node2} and Site1 {Node3, Node4}
Yes, Node3 and Node4 are in the same site.
Note: Use Get-ClusterFaultDomain to see the current fault domain topology. This lists all nodes in the cluster, plus any chassis, racks, or sites you have created.
Box 2: No
No, Node2 and Node3 are in different sites.
Box 3: Yes
Note: A failover cluster is a group of independent computers that work together to increase the availability and scalability of clustered roles (formerly called clustered applications and services). The clustered servers (called nodes) are connected by physical cables and by software. If one or more of the cluster nodes fail, other nodes begin to provide service (a process known as failover). In addition, the clustered roles are proactively monitored to verify that they are working properly. If they are not working, they are restarted or moved to another node.
Reference:
https://learn.microsoft.com/en-us/windows-server/failover-clustering/fault-domains

Resources From:

1.2025 Latest Braindump2go AZ-801 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-801.html

2.2025 Latest Braindump2go AZ-801 PDF and AZ-801 VCE Dumps Free Share:
https://drive.google.com/drive/folders/15Sj3aX7fY3gKvLuf_U3ZtIIar43AWvdR?usp=sharing

3.2025 Free Braindump2go AZ-801 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AZ-801-VCE-Dumps(136-156).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!