Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

Manage Windows Servers and workloads in a hybrid environment Microsoft Quiz Answers

Get Manage Windows Servers and workloads in a hybrid environment Microsoft Quiz Answers

Learn how to administer Windows Server securely using the appropriate management tools. Streamline administration of Windows Server with Just Enough Administration (JEA). You’ll also learn how to implement hybrid technologies in Windows Server management.

This learning path helps prepare you for Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure.

Prerequisites:

  • Windows Server 2012 or Windows Server 2016
  • Basic security best practices
  • Windows client operating systems such as Windows 10
  • Working with command line tools
  • Basic experience with implementing and managing IaaS services in Microsoft Azure

Enroll on Microsoft

Module 1: Perform Windows Server secure administration

Understand the principle of least privilege, know when to use privileged access workstations, and be able to identify built-in privileged accounts.

Learning objectives:

After completing this module, you’ll be able to:

  • Explain least privilege administrative models.
  • Implement delegated privilege.
  • Describe privileged access workstations.
  • Describe jump servers.

Prerequisites:

To get the best learning experience from this module, you should have knowledge and experience of:

  • Windows Server 2012 or Windows Server 2016.
  • Basic security best practices.
  • Windows client operating systems such as Windows 10.
  • Working with command-line tools.

This module is part of these learning paths:

Quiz 1: Define least privilege administration

Q1. An administrator at Contoso must create a user account in the Contoso.com domain. Which of the following group memberships enable the administrator to perform the task without exceeding the required privilege?

  • The administrator should sign in using an account that belongs to Enterprise Admins.
  • The administrator should sign in using an account that belongs to the local Administrators group.
  • The administrator should sign in using an account that belongs to the domain local Account Operators group.

Quiz 2: Implement delegated privileges

Q1. One of the administrators in Contoso IT wants to delegate computer management to a small team in IT support. The computers are all in the Sales department, and their accounts reside in the Sales OU. Adhering to best practice, how should the administrator proceed?

  • Create a group for the sales computer management team, and then create a custom task delegation for that team on the Sales OU. The custom task will be for Computer objects.
  • Create a group for the sales computer management team, and then create a common task delegation for that team on the Sales OU.
  • Create a custom task delegation for the users in the sales computer management team on the Sales OU. The custom task will be for Computer objects.

Quiz 3: Use privileged access workstations

Q1. Which Windows 10 Enterprise feature helps to protect user credentials during the sign in process, and what is needed to enable this feature?

  • Windows Defender Credential Guard provides this protection. To implement Windows Defender Credential Guard, you require the Hyper-V feature, and ideally a TPM and Unified Extensible Firmware Interface (UEFI) lock.
  • Windows Defender Device Guard provides this protection. To implement Windows Defender Device Guard, you require the Hyper-V feature, Secure boot, and ideally a TPM and UEFI lock.
  • Windows Defender Credential Guard provides this protection. To implement Windows Defender Credential Guard, you require the Hyper-V feature, Secure boot, and ideally a TPM and UEFI lock.

Quiz 4: Knowledge check

Q1. An administrator wants to increase security by adjusting the default behavior of the UAC elevation prompt for standard users. Which of the following values in Group Policy would be appropriate to adjust to achieve this objective?

  • The administrator must change the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting. They must choose the option: Prompt for credentials.
  • The administrator must change the User Account Control: Behavior of the elevation prompt for standard users setting. They must choose the option: Automatically deny elevation requests.
  • The administrator must change the User Account Control: Behavior of the elevation prompt for standard users setting. They must choose the option: Prompt for credentials.

Q2. An administrator creates a custom delegation using the Delegation of Control Wizard. The administrator delegates the Sales group administrative rights on computer objects in the Sales OU. Specifically, the group is granted Create selected objects in folder and Delete selected objects in folder, plus Full Control of computer objects. Later, the administrator wants to modify these delegated permissions. What must they do?

  • The administrator must run the Delegation of Control Wizard again, and this time, assign Deny permissions. Deny overrides Allow permissions.
  • The administrator must run the Delegation of Control Wizard again, and this time, choose the newly delegated permissions.
  • The administrator must review the security settings on the Sales OU by enabling Advanced Features in Active Directory Users and Computers. Then, they must review the advanced security settings for the OU.

Q3. An administrator at Contoso is implementing a jump server configuration to improve security. They decide to virtualize the jump server and install the required administrative tools on that VM. What else should this administrator do?

  • The administrator should also configure a PAW. They should then move the jump server VM to this PAW.
  • The administrator should also configure a PAW. They should then configure MFA to connect to their jump server VM from their PAW.
  • The administrator doesn’t need to complete any additional tasks.

Module 2: Describe Windows Server administration tools

Select the most appropriate Windows Server administration tool for a given situation and learn how to use that tool.

Learning objectives:

After completing this module, you’ll be able to:

  • Describe Windows Admin Center.
  • Describe how to use Remote Server Administration Tools (RSAT) to manage servers.
  • Describe Server Manager.
  • Describe how to use Windows PowerShell to manage servers.
  • Explain how to use Windows PowerShell to remotely administer a server.

Prerequisites:

To get the best learning experience from this module, you should have knowledge and experience of:

  • Windows Server.
  • Basic security best practices.
  • Windows client operating systems such as Windows 10.
  • Working with command-line tools.

This module is part of these learning paths:

Quiz 1: Explore Windows Admin Center

Q1. Using Windows Admin Center, an administrator connects to the domain controller, SEA-DC1. The administrator wants to add a new user account to the Contoso.com AD DS domain. Which of the following procedures would not work?

  • In Windows Admin Center, connect to SEA-DC1 and then, in the navigation pane, select Active Directory. Select Create, then select User. Enter the required details and then select Create.
  • In Windows Admin Center, connect to SEA-DC1 and then, in the navigation pane, select Local users & groups. Select Create, then select User. Enter the required details and then select Create.
  • In Windows Admin Center, connect to SEA-DC1 and then, in the navigation pane, select PowerShell. After signing in, use the New-ADUser cmdlet to create a new user.

Quiz 2: Use Windows PowerShell to remotely administer a server

Q1. What cmdlet can be run on a remote Windows Server computer to enable PowerShell remoting?

  • Enable-PSRemoting.
  • New-PSSession.
  • Enter-PSSession.

Quiz 3: Knowledge check

Q1. Which port is used by the Windows Admin Center site by default?

  • TCP 6516
  • TCP 80
  • TCP 443

Q2. An administrator has setup a standalone Windows 10 Enterprise computer in a workgroup as an administrative workstation. The administrator intends to use Windows PowerShell remoting to manage remote Windows Servers in the Contoso.com domain. The administrator is unable to establish a remote Windows PowerShell connection to the domain controller SEA-DC1. Assuming that all default settings have been applied, which of the following is the reason for this failure to connect?

  • The administrator must enable remoting on the Windows 10 computer by running Enable-PSremoting -force.
  • The administrator must enable remoting on the Windows Server domain controller computer SEA-DC1 by running Enable-PSremoting -force.
  • The administrator must add the SEA-DC1 computer as a trusted host by using the Set-Item WSMan:localhost\Client\TrustedHosts -Value 'SEA-DC1.Contoso.com' command.

Q3. An administrator wants to reconfigure the properties of some users in the Marketing OU of the Contoso.com domain. The administrator decides to use Windows PowerShell. Which of the following cmdlets would the administrator use to make changes?

  • Get-ADuser
  • Set-ADuser
  • New-ADuser

Module 3: Perform post-installation configuration of Windows Server

Learn to perform post-installation configuration of Windows Server by using several methods and tools.

Learning objectives:

After completing this module, you’ll be able to:

  • Explain post-installation configuration and describe the available post-installation configuration tools.
  • Use Sconfig to configure Windows Server.
  • Describe Desired State Configuration (DSC) and explain how to use it to configure Windows Server.
  • Use Windows Admin Center to perform post-installation configuration.
  • Implement answer files to complete the configuration.

Prerequisites:

To get the best learning experience from this module, you should have knowledge and experience of:

  • Windows Server.
  • Working with command-line tools.

This module is part of these learning paths:

Quiz 1: Configure Server Core using Sconfig

Q1. An administrator at Contoso wants to connect to SEA-DC1 using Remote Desktop. The administrator can successfully connect to SEA-DC1 using Server Manager and also Windows Admin Center. However, when they open Remote Desktop Connection and enter the computer name and user credentials, the connection fails. What does the administrator need to do?

  • The administrator must use the computer SEA-DC1’s IP address to connect .
  • On SEA-DC1, the administrator should use Sconfig and select option 7, and enable Remote Desktop.
  • On SEA-DC1, the administrator should use Sconfig and select option 8, and reconfigure Network Settings.

Quiz 2: Knowledge check

Q1. Which component in DSC is responsible for applying the desired configuration to the target computer?

  • Configurations
  • LCM
  • Resources

Q2. An administrator at Contoso is using answer files to configure server settings during deployment. In which section of the answer file should the administrator define the Windows Server roles and features that should be deployed?

  • Components
  • Packages

Q3. When using Windows Admin Center, when might an administrator choose to configure trusted hosts?

  • When the Windows Admin Center workstation is not in the same AD DS forest as the resources it manages.
  • When the Windows Admin Center workstation is in the same AD DS forest as the resources it manages.
  • In all circumstances, the administrator must configure trusted hosts.

Module 4: Administer and manage Windows Server IaaS Virtual Machine remotely

You’ll be able to use suitable tools and techniques to manage Windows IaaS VMs remotely. You’ll also be able to restrict administrative connections to those VMs.

Learning objectives:

After completing this module, you’ll be able to:

  • Select appropriate remote administration tools.
  • Secure management connections to Windows Azure IaaS VMs with Azure Bastion.
  • Configure JIT VM access.

Prerequisites:

In order to get the best learning experience from this module, you should have knowledge and experience of:

  • Windows Server workloads in on-premises scenarios
  • Common Windows Server management tools
  • Core Microsoft compute, storage, networking, and virtualization technologies
  • On-premises resiliency Windows Server-based compute and storage technologies
  • Implementing and managing IaaS services in Azure
  • Azure Active Directory (Azure AD)
  • Security-related technologies (firewalls, encryption, multi-factor authentication)
  • Windows PowerShell scripting
  • Automation and monitoring

This module is part of these learning paths:

Quiz 1: Knowledge check

Q1. Which of the following protocols enable an administrator to manage their IaaS VMs and are secured by Azure Bastion?

  • RDP
  • TLS
  • SSL

Q2. Which of the following statements about implementing Azure Bastion is true?

  • An administrator must install the bastion host in its own VNet. VMs must be in a separate VNet
  • An administrator must configure an NSG for the bastion host.
  • An administrator must connect Azure Bastion to a subnet with the name AzureBastionSubnet.

Q3. Which of the following statements about JIT access in Azure is correct?

  • JIT is enabled on VMs by default providing those VMs are protected by Azure Bastion.
  • It’s necessary to manually add commonly used management ports to the JIT VM access configuration in order to properly configure JIT.
  • You can enable JIT access for a VM when you attempt to connect to the VM from the VM’s Connect blade.

Module 5: Manage hybrid workloads with Azure Arc

You will learn to describe Azure Arc, implement Azure Arc with on-premises server instances, deploy Azure policies with Azure Arc, and use role-based access control (RBAC) to restrict access to Log Analytics data.

Learning objectives:

After completing this module, you will be able to:

  • Describe Azure Arc.
  • Explain how to onboard on-premises Windows Server instances in Azure Arc.
  • Connect hybrid machines to Azure from the Azure portal.
  • Use Azure Arc to manage devices.
  • Restrict access using RBAC.

Prerequisites:

In order to get the best learning experience from this module, it’s important that you have knowledge and experience of the following:

  • Managing Windows Server operating systems and Windows Server workloads in on-premises scenarios, including AD DS, Domain Name System (DNS), the Distributed File System (DFS), Microsoft Hyper-V, and file and storage services.
  • Common Windows Server management tools.
  • Core Microsoft compute, storage, networking, and virtualization technologies.
  • On-premises resiliency Windows Server-based compute and storage technologies.
  • Implementing and managing IaaS services in Azure.
  • Azure Active Directory (Azure AD).
  • Security-related technologies (firewalls, encryption, multi-factor authentication).
  • Windows PowerShell scripting.
  • Automation and monitoring.

This module is part of these learning paths:

Quiz 1: Connect hybrid machines to Azure from the Azure portal

Q1. In the video, at time index 2:05, what does the script do in the Azure onboarding process?

  • At that point, the script is onboarding the VM.
  • At that point, the script is downloading the required agent on the VM.
  • At that point, the script is installing the required agent on the VM.

Quiz 2: Knowledge check

Q1. Channa in IT support at Contoso has been tasked with running a script on an Azure Arc–managed VM hosted in an on-premises datacenter in the London office. Which of the following represents the best solution for this requirement?

  • Channa should onboard the machine to Azure Arc and then use a policy to configure the script.
  • Channa should onboard the machine to Azure Arc and then use a CustomScriptExtension VM extension to download and execute the script.
  • Channa should onboard the machine to Azure Arc and then Update management and execute the script.

Q2. In the demonstration video, at time index 3:25, the administrator selects an account to sign in with. What are the minimum permissions this account needs?

  • The account must be a member of the Azure Connected Machine Resource Administrator role.
  • The account must be a member of the Azure Connected Machine Onboarding role.
  • The account must be a member of the Global Administrator role.

Module 6: Just Enough Administration in Windows Server

Streamline administration of Windows Server environments with Just Enough Administration (JEA). Limit privileged operations to a set of specified PowerShell cmdlets, parameters and variables, and limit which users can connect to JEA endpoints.

Learning objectives:

After completing this module, you will be able to:

  • Explain the concept of Just Enough Administration (JEA)
  • Define role group capabilities and session configurations for a JEA session
  • Create and connect to a JEA endpoint

Prerequisites:

  • Familiarity with PowerShell commands and syntax
  • Experience using PowerShell to administer Windows Server
  • Ability to create and edit PowerShell scripts
  • Ability to enable remote management and connect to a remote system

This module is part of these learning paths:

Quiz 1: Describe how JEA endpoints work to limit access to a PowerShell session

Q1. Which of the following PowerShell cmdlets can be used to determine which built in JEA endpoints are available on a Windows Server computer?

  • Register-PSSessionConfiguration
  • Get-PSSessionConfiguration
  • Set-PSSessionConfiguration

Quiz 2: Knowledge check

Q1. Which of the following settings should be configured in a role capability file to specify the exact PowerShell cmdlets that are available in a JEA session?

  • VisibleProviders
  • VisibleCmdlets
  • VisibleFunctions

Q2. Which of the following settings should be configured in a session configuration file to ensure that a special account with local administrative credentials is used during a JEA session instead of the connecting users account?

  • SessionType
  • RunAsVirtualAccount
  • RunAsVirtualAccountGroup

Q3. In addition to the name of the remote computer being connected to, which of the following must be specified when connecting to a JEA endpoint using remote PowerShell?

  • Endpoint configuration name
  • Session configuration file name
  • Role capability file name
Conclusion:

I hope this Manage Windows Servers and workloads in a hybrid environment Microsoft Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *