AZ-801 — Configuring Windows Server Hybrid Advanced Services Study Guide

You need to configure Azure Arc-enabled servers to report compliance data to Azure Policy. Which agent must be installed on the Windows Server machines?

• A Log Analytics agent with Dependency agent
• B Azure Monitoring agent only
• C Azure Connected Machine agent ✓ Correct
• D Application Insights SDK

Your organization wants to implement Azure Update Management for patching Windows Server 2019 machines in a hybrid environment. What is the minimum configuration required?

• A Only the Connected Machine agent and Log Analytics workspace connection
• B Windows Server Update Services (WSUS) configured with Azure Automation
• C System Center Configuration Manager connected to Azure
• D Log Analytics agent, Automation account, and Update Management solution enabled in the workspace ✓ Correct

You are configuring Windows Admin Center to manage both on-premises and Azure VMs. Which of the following correctly describes the authentication model?

• A Windows Admin Center requires HTTPS and either local, domain, or smart card authentication for all connections ✓ Correct
• B Only Azure AD-joined servers can be managed through Windows Admin Center
• C All connections use local machine credentials regardless of server location
• D Azure VMs use Azure AD authentication while on-premises servers use local accounts, and delegated authentication handles the hybrid scenario

Your organization needs to implement Azure Automation State Configuration for Windows Servers. Which component is responsible for downloading and applying the DSC configuration?

• A Azure Policy Guest Configuration agent performs all configuration management
• B The Log Analytics workspace enforces configurations through remediation tasks
• C The Automation account itself applies configurations directly
• D The Local Configuration Manager (LCM) on each node pulls configurations from the pull server ✓ Correct

You need to troubleshoot Azure Arc connectivity issues on a Windows Server. Which command will show the current status of the Azure Connected Machine agent?

• A Get-AzConnectedMachine -ResourceGroup MyGroup
• B azcmagent show ✓ Correct
• C azcmagent connect --check-connectivity
• D Get-Service AzureConnectedMachineAgent

Your organization is implementing Azure File Sync to synchronize file shares between an on-premises Windows Server and Azure. What is the primary purpose of the Storage Sync Service?

• A To orchestrate synchronization between registered servers and cloud endpoints in a sync group ✓ Correct
• B To provide redundancy by automatically failover to Azure file shares
• C To encrypt all data in transit between on-premises and Azure
• D To manage backup scheduling for all synchronized files

You are configuring Azure Defender for Servers to protect Windows Server machines across your hybrid environment. Which agent provides threat detection capabilities?

• A Windows Defender Configuration Manager client
• B Azure Policy Guest Configuration agent with security assessment modules
• C Microsoft Monitoring Agent (MMA) with Azure Defender extension ✓ Correct
• D Log Analytics agent alone is sufficient for threat detection

Your organization wants to use Azure Policy Guest Configuration to audit Windows Server compliance. What happens if a machine fails a compliance check?

• A The machine is automatically remediated by the Guest Configuration agent
• B An alert is sent but no action is taken until manual review occurs
• C The machine is immediately disconnected from the network for security
• D Azure Policy generates a non-compliant status report; remediation can be automated if the policy assignment allows it ✓ Correct

You need to configure a Windows Server to send custom logs to Azure Monitor. Which solution should you use?

• A Log Analytics agent with a custom log collection rule ✓ Correct
• B Windows Admin Center cloud sync feature
• C Azure Event Hubs direct connection from the server
• D Azure Automation webhook integration

Your organization is implementing Azure Stack HCI with Windows Server 2022. What is the primary hybrid benefit of this configuration?

• A It allows unlimited scale-out without any licensing limitations
• B It extends Azure services and management to the edge with hyper-converged infrastructure managed through Azure ✓ Correct
• C It replaces the need for Azure VMs entirely by offering identical cloud capabilities
• D It provides unlimited cloud storage for on-premises virtual machines

You are configuring Windows Server Network Controller in a hybrid scenario. Which statement accurately describes its function?

• A Network Controller only manages cloud networks in Azure and cannot manage on-premises infrastructure
• B Network Controller is a guest operating system that runs on Azure VMs exclusively
• C Network Controller is a centralized management point for physical and virtual networks using a declarative model ✓ Correct
• D Network Controller replaces the need for traditional network switches

Your organization needs to implement Storage Spaces Direct (S2D) across multiple Windows Server nodes. What is a critical requirement for cluster formation?

• A All nodes must be in the same Azure region
• B All nodes must run Windows Server with the Hyper-V role installed
• C All nodes must have identical hardware configurations and be connected through low-latency, high-bandwidth networking ✓ Correct
• D A minimum of 10 nodes is required for any S2D cluster

You are implementing Azure Automation runbooks for Windows Server patching. Which runbook type is best suited for executing PowerShell scripts on hybrid servers?

• A JavaScript runbooks with cloud execution
• B Graphical runbooks
• C PowerShell runbooks deployed to Hybrid Runbook Workers ✓ Correct
• D Python runbooks with a hybrid worker

Your organization is configuring Azure Arc for servers across multiple cloud providers and on-premises locations. What is the primary advantage of this centralized approach?

• A It requires all servers to use identical operating system versions
• B It provides unified visibility, governance, and management of servers regardless of location or cloud provider ✓ Correct
• C It eliminates the need for separate management tools in each environment
• D It automatically migrates all workloads to Azure virtual machines

You need to implement Change Tracking and Inventory on Windows Servers using Azure Automation. Which changes can be tracked by default?

• A Firewall rule changes only
• B Registry changes, file modifications, and Windows service startup type changes ✓ Correct
• C Network configuration changes exclusively
• D Only software installation and removal events

Your organization is deploying Windows Server containers in an Azure Stack HCI environment. Which container orchestration platform is recommended for hybrid scenarios?

• A Kubernetes with Azure Kubernetes Service (AKS) on Azure Stack HCI for hybrid orchestration ✓ Correct
• B Docker Swarm for maximum simplicity
• C Windows Container Host service built into Windows Server only
• D Azure Service Fabric exclusively for container management

You are implementing Azure Monitor for Windows Servers and need to collect performance metrics. What is the preferred method for hybrid servers?

• A Continuous export of Windows Performance Monitor logs to Azure
• B Manual PowerShell scripts to upload metrics every hour
• C Azure Diagnostics extension exclusively for Azure VMs only
• D Azure Monitor agent (AMA) with data collection rules ✓ Correct

Your organization needs to implement Azure Site Recovery for Windows Server virtual machines in a hybrid setup. What is the primary use case?

• A To replace all on-premises servers with Azure VMs automatically
• B To enable disaster recovery by replicating VMs from on-premises or one Azure region to another location ✓ Correct
• C To provide real-time synchronization of file shares between locations
• D To provide load balancing across multiple data centers

You are configuring a Hybrid Runbook Worker on a Windows Server to execute Azure Automation runbooks locally. Which ports must be open for communication with Azure Automation?

• A Port 80 (HTTP) exclusively
• B Port 443 (HTTPS) for secure communication with Azure Automation service and agent update endpoints ✓ Correct
• C Port 5985 (WinRM) exclusively for all communications
• D Ports 8080 and 8443 for local runbook execution

Your organization is implementing Azure Automation State Configuration DSC for compliance. What does 'Pending Reboot' status indicate?

• A The DSC configuration has failed and must be reapplied
• B The configuration has been applied successfully but the node requires a reboot to complete the desired state ✓ Correct
• C The node has lost connection to the pull server
• D The DSC compilation failed on the Automation account

You need to implement Windows Server Shielded VMs in an Azure Stack HCI environment. What is the primary security benefit?

• A It provides encryption of the VM memory and enables Secure Boot, protecting against host-based and firmware attacks ✓ Correct
• B It eliminates the need for guest firewall configurations
• C It prevents any network communication from the VM
• D It automatically patches all security vulnerabilities without requiring reboots

Your organization is using Azure Migrate to assess Windows Servers for cloud readiness. Which assessment focuses on application dependency mapping?

• A Dependency analysis uses service map data to identify application tiers and interdependencies for migration planning ✓ Correct
• B Azure Migrate cannot assess application dependencies at all
• C Server assessment only provides compute sizing recommendations
• D Only Azure Advisor can provide dependency information for Windows Servers

You are configuring Windows Server Failover Clustering across multiple sites in a hybrid scenario. Which technology enables site-aware cluster placement?

• A Cluster-aware updating (CAU) automatically manages inter-site failover
• B Virtual Machine placement policy enforces specific site requirements
• C Network Load Balancing determines site-specific routing decisions
• D Cluster sites with stretch cluster configuration and appropriate replication technology enables workload placement awareness ✓ Correct

Your organization needs to implement Windows Server Update Services (WSUS) in a hybrid environment coordinated with Azure. What is the recommended approach?

• A WSUS in Azure VMs can only manage other Azure VMs, not on-premises servers
• B Azure completely replaces WSUS and all organizations must migrate immediately
• C WSUS cannot work with Azure and must use Azure Update Management or Windows Update for Business exclusively
• D WSUS can be deployed on-premises and used with Update Management for hybrid reporting and compliance tracking ✓ Correct

You are implementing Azure Backup for Windows Servers in a hybrid environment. Which backup solution is optimized for application-aware backups?

• A Windows Server Backup utility synchronized to Azure hourly
• B Azure Backup agent with file-level recovery only
• C System State backup using VSS snapshots for disaster recovery
• D Azure Backup for SQL Server and Exchange with application-aware snapshots and recovery ✓ Correct

Your organization is configuring Azure ExpressRoute for hybrid Windows Server connectivity. Which benefit is most relevant to server management traffic?

• A It eliminates the need for firewalls between on-premises and Azure
• B ExpressRoute automatically encrypts all traffic without additional configuration
• C ExpressRoute provides unlimited bandwidth with no throttling limits
• D It offers dedicated, private connectivity to Azure with consistent latency and bandwidth, improving server management performance ✓ Correct

You need to implement Azure Arc-enabled servers to manage on-premises Windows Server machines. Which agent must be installed on each server to enable Azure Arc connectivity?

• A Windows Admin Center extension
• B Azure Connected Machine Agent ✓ Correct
• C Azure Monitoring Agent
• D Azure Hybrid Use Benefit Agent

Your organization is configuring Windows Admin Center for hybrid management. You need to ensure that multiple administrators can manage different groups of servers without interfering with each other's configurations. What feature should you implement?

• A Windows Admin Center user profiles
• B Active Directory security groups only
• C Role-based access control (RBAC) with custom roles ✓ Correct
• D Server local administrator accounts

You are implementing Azure Update Manager for patching servers in a hybrid environment. Which of the following best describes the primary benefit of using Azure Update Manager over traditional WSUS?

• A It eliminates the need for network connectivity to function properly
• B It automatically restarts servers without administrator notification
• C It provides centralized patch orchestration for both Azure VMs and on-premises servers ✓ Correct
• D It only works with servers running Windows Server 2022 or later

Your organization requires encryption of data in transit when synchronizing configuration data between on-premises servers and Azure. Which protocol should you enforce at the network level?

• A Kerberos authentication without encryption
• B SMB 1.0 with signing enabled
• C HTTPS with TLS 1.2 or higher ✓ Correct
• D HTTP with basic authentication

You need to configure Azure Stack HCI for a hybrid deployment. What is the minimum number of servers required to create a stretched cluster for disaster recovery capabilities?

• A Two servers in a single site
• B Four servers across two sites with quorum ✓ Correct
• C Three servers in a single site
• D Six servers in a fully redundant configuration

You are troubleshooting Azure Arc agent connectivity issues on a Windows Server machine behind a corporate proxy. Which configuration file must you modify to enable proxy settings?

• A azcmagent.conf ✓ Correct
• B The GuestConfigurationExtension configuration
• C Windows Registry HKLM\\Software\\Azure
• D proxy.xml in the Azure folder

Your organization is implementing Azure Automanage for Windows Server machines. Which of the following services are automatically enabled by Azure Automanage Best Practices profile?

• A Virtual Machine Scale Sets and Load Balancing only
• B Microsoft Antimalware, Azure Monitor, Azure Automation, and Update Management ✓ Correct
• C Only Windows Defender and Windows Update
• D Azure DevOps integration and GitHub repositories

You need to implement Azure Policy to ensure all Windows Server machines in your hybrid environment have specific security settings enforced. Which type of policy definition would you use to audit non-compliant servers without enforcing changes?

• A Modify policy with auto-remediation
• B Disabled policy with alerts only
• C Audit policy with detection mode ✓ Correct
• D Deny policy with enforcement mode enabled

You are configuring Storage Spaces Direct (S2D) on an Azure Stack HCI cluster. Which network bandwidth requirement must you meet for 10-node cluster nodes communicating between sites?

• A Maximum 5 Gbps for cost optimization
• B Minimum 10 Gbps full-duplex connection recommended ✓ Correct
• C 1 Mbps per node is sufficient for metadata
• D Minimum 1 Gbps full-duplex connection

You need to configure Azure Hybrid Benefit for Windows Server licenses in your hybrid environment. Which of the following licensing scenarios qualifies for this benefit?

• A Software Assurance coverage on Windows Server licenses deployed in Azure VMs and on-premises ✓ Correct
• B Only Azure VM licenses purchased directly from Microsoft
• C Only on-premises Windows Server licenses with active Software Assurance
• D All Windows Server licenses regardless of Software Assurance status

Your organization is implementing a hybrid identity solution using Azure AD Connect. You need to synchronize Windows Server machine accounts for hybrid scenarios. Which synchronization option supports filtering to specific organizational units?

• A Automatic synchronization without filtering options
• B Express Settings only
• C Custom installation with OU-based filtering ✓ Correct
• D Cloud-only synchronization

You are configuring Windows Server as a guest operating system on Azure Stack HCI. Which hypervisor technology is used to run virtual machines on Azure Stack HCI?

• A Citrix XenServer
• B Hyper-V with Storage Spaces Direct ✓ Correct
• C VMware vSphere
• D Oracle VirtualBox

You need to implement Network Segmentation on Windows Server machines to meet compliance requirements. Which Windows Server feature provides microsegmentation capabilities in a hybrid environment?

• A Third-party network security appliances exclusively
• B Basic Windows Firewall rules only
• C Software-Defined Networking (SDN) with Network Security Groups ✓ Correct
• D Windows Firewall with Advanced Security (WFAS)

Your organization wants to implement Azure Arc-enabled servers with guest configuration management. What type of PowerShell DSC configurations can you deploy through Azure Arc guest configuration?

• A Manual configuration scripts only without automation
• B Only built-in Microsoft configurations
• C Custom PowerShell DSC configurations packaged and published as guest configuration policies ✓ Correct
• D Third-party configuration tools exclusively

You are implementing Azure Monitor for Windows Server machines in a hybrid environment. Which agent collects performance metrics and logs from on-premises servers?

• A Azure Diagnostic Extension
• B Event Viewer data collector
• C Windows Performance Analyzer
• D Log Analytics Agent (deprecated) or Azure Monitor Agent ✓ Correct

You need to configure Azure Site Recovery for Windows Server workloads to provide disaster recovery between on-premises and Azure. Which replication engine is used for initial full replication?

• A Azure Site Recovery Mobility Service with Agent-based replication ✓ Correct
• B Database-level replication synchronization
• C Agentless replication using network snapshots
• D Incremental block-based replication

Your organization requires implementing a managed identity for Azure Arc-enabled servers to authenticate to Azure resources without credentials. Which type of managed identity should you use?

• A System-assigned managed identity configured on the Azure Arc resource ✓ Correct
• B User-assigned managed identity only
• C Application registration with client secrets
• D Shared service account credentials

You are planning the deployment of Azure Stack HCI with cluster validation. Which critical validation step must pass before placing the cluster into production?

• A All cluster validation tests must pass without warnings or errors ✓ Correct
• B Optional validation tests can be skipped if performance is acceptable
• C Storage configuration tests only
• D Network connectivity tests only

You need to configure Windows Server Update Services (WSUS) in a hybrid environment where some servers are managed through Azure Update Manager. What is the recommended approach for update management?

• A Use WSUS exclusively for all servers in the hybrid environment
• B Use manual Windows Update only without any centralized management
• C Use Azure Update Manager for Azure VMs and on-premises servers, reducing WSUS complexity ✓ Correct
• D Run WSUS and Azure Update Manager simultaneously on all servers

Your organization is configuring failover clustering on Windows Server for high availability. Which feature allows you to configure automatic failover between cluster nodes with minimal data loss?

• A Failover clustering with Hyper-V Replica for continuous replication ✓ Correct
• B Backup and Restore operations
• C Cluster Quorum settings
• D Windows Server file sharing

You are implementing Azure Automation for Windows Server management in a hybrid environment. Which type of runbooks can execute scripts on on-premises servers through a hybrid worker?

• A Only graphical runbooks
• B PowerShell runbooks deployed on hybrid runbook workers installed on on-premises servers ✓ Correct
• C Python scripts exclusively
• D Cloud-only PowerShell runbooks

You need to implement data encryption at rest for Windows Server machines using BitLocker in a hybrid environment managed by Azure. Which Azure service provides centralized key management for BitLocker keys?

• A Local TPM storage exclusively
• B Azure Disk Encryption for VMs only
• C Azure Storage accounts with encryption
• D Azure Key Vault with BitLocker integration ✓ Correct

Your organization is implementing Azure Arc-enabled Kubernetes on Windows Server containers. Which runtime environment is supported for running Windows containers in this scenario?

• A Kubernetes with containerd and Windows container runtime ✓ Correct
• B Docker Community Edition only
• C Apache Mesos
• D Virtual machine hypervisor exclusively

You are configuring Windows Server Network Controller in a Software-Defined Networking (SDN) deployment. What is the minimum number of Network Controller nodes recommended for production deployments?

• A Three nodes for high availability and fault tolerance ✓ Correct
• B Two nodes minimum
• C Single node deployment
• D Five nodes for large-scale deployments only

You need to configure Azure Sentinel for Windows Server security monitoring in a hybrid environment. Which agent collects Windows Security events and sends them to Azure Sentinel?

• A Azure Monitor Agent or Log Analytics Agent collecting Windows security event logs ✓ Correct
• B Sysmon exclusively
• C Windows Event Forwarding only
• D Windows Defender ATP integration without Log Analytics

You need to configure Azure Arc-enabled servers to report compliance data to Azure Policy. Which agent must be installed on the on-premises Windows Server?

• A Azure Automation Hybrid Runbook Worker
• B Azure Monitor Dependent Agent
• C Azure Connected Machine Agent ✓ Correct
• D System Center Operations Manager agent

Your organization uses Azure File Sync to synchronize files between an on-premises Windows Server and Azure. A user reports that a file is not syncing. What is the most likely cause if the file exceeds 100 GB in size?

• A The cloud endpoint needs to be re-registered
• B The file is locked by another process on the server ✓ Correct
• C Azure File Sync has a 100 GB per-file size limit
• D The Storage Sync Service requires a restart

You are deploying Windows Server Update Services (WSUS) in a hybrid environment. Your organization wants to ensure that critical security updates are deployed to both on-premises and Azure-based servers. What should you configure?

• A Azure Update Management integrated with local WSUS servers
• B Windows Update for Business with group policies only
• C A single WSUS server synchronized to Microsoft Update with downstream servers in each location ✓ Correct
• D Separate WSUS servers in each location with independent synchronization to Microsoft Update

You need to implement Azure Automation to manage on-premises Windows Server resources. Which authentication method is most secure for hybrid runbooks?

• A Stored credentials in a variable
• B Run As account with managed identity
• C Azure Automation credential assets with encrypted storage ✓ Correct
• D Plaintext username and password in the runbook script

Your Windows Server is registered with Azure Arc. You want to restrict which Azure services can manage the server. What Azure feature should you use?

• A Network security groups
• B Azure role-based access control (RBAC) with custom roles ✓ Correct
• C Azure Policy with deny effects
• D On-premises Windows Firewall rules

You are configuring a hybrid disaster recovery solution using Azure Site Recovery. Your on-premises Windows Server needs to replicate to Azure. What is the primary prerequisite?

• A Configuration of local administrator accounts on all servers
• B A VPN connection with minimum 10 Mbps bandwidth
• C Azure subscription with at least 500 GB storage
• D Installation of the Mobility Service agent on the source server ✓ Correct

Your organization deploys Windows Admin Center in a hybrid environment. You need to manage both on-premises servers and Azure VMs from a single gateway. What networking requirement must be met?

• A Network connectivity must exist between the Windows Admin Center gateway and both on-premises and Azure resources ✓ Correct
• B Both on-premises and Azure environments must be in the same Azure subscription
• C Azure VMs must have public IP addresses assigned
• D All servers must be joined to the same Active Directory domain

You configure Azure Monitor for on-premises Windows Servers using the Log Analytics agent. A server stops sending heartbeat data to the workspace. What is the most likely cause?

• A The Log Analytics workspace reached its daily data cap
• B The Log Analytics agent was uninstalled
• C The server's system time is significantly out of sync with Azure time ✓ Correct
• D The network security group rules were modified incorrectly

You need to implement Azure Key Vault integration with on-premises Windows Server applications. Which component should you deploy to retrieve secrets securely?

• A Service Principal with stored credentials in application configuration
• B Managed Identity with application code changes
• C Azure Hybrid Worker extension
• D Key Vault Proxy running on a server or in a hybrid worker ✓ Correct

Your organization uses Azure Backup to protect on-premises Windows Server data. You need to recover a file that was accidentally deleted 30 days ago. What is the maximum retention period for instant restore points in the default configuration?

• A 14 days
• B 7 days ✓ Correct
• C 30 days
• D 90 days