Microsoft AZ-800 Exam Actual Questions

To create a GPO named GPO1 that only applies to a group named MemberServers, you can follow these steps:

On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, openGroup Policy Managementfrom theAdministrative Toolsmenu or by typinggpmc.mscin the Run box.

In the left pane, expand your domain and right-click onGroup Policy Objects. SelectNewto create a new GPO.

In theNew GPOdialog box, enterGPO1as theNameof the new GPO and clickOK. You can also optionally select a source GPO to copy the settings from.

Right-click on the new GPO and selectEditto open theGroup Policy Management Editor. Here, you can configure the settings that you want to apply to the group under theComputer ConfigurationandUser Configurationnodes. For more information on how to edit a GPO, seeEdit a Group Policy Object.

Close theGroup Policy Management Editorand return to theGroup Policy Managementconsole. Right-click on the new GPO and selectScope. Here, you can specify the scope of management for the GPO, such as the links, security filtering, and WMI filtering.

Under theSecurity Filteringsection, click onAuthenticated Usersand then click onRemove. This will remove the default permission granted to all authenticated users and computers to apply the GPO.

Click onAddand then type the name of the group that you want to apply the GPO to, such asMemberServers. ClickOKto add the group to the security filter. You can also click onAdvancedto browse the list of groups available in the domain.

Optionally, you can also configure theWMI Filteringsection to further filter the GPO based on the Windows Management Instrumentation (WMI) queries. For more information on how to use WMI filtering, seeFilter the scope of a GPO by using WMI filters.

To link the GPO to an organizational unit (OU) or a domain, right-click on the OU or the domain in the left pane and selectLink an Existing GPO. Select the GPO that you created, such asGPO1, and clickOK. You can also change the order of preference by using theMove UpandMove Downbuttons.

Wait for the changes to replicate to other domain controllers. You can also force the update of the GPO by using thegpupdate /forcecommand on the domain controller or the client computers. For more information on how to update a GPO, seeUpdate a Group Policy Object.

Now, you have created a GPO named GPO1 that only applies to a group named MemberServers. You can verify the GPO application by using thegpresult /rcommand on a member server and checking theApplied Group Policy Objectsentry. You can also use theGroup Policy Resultswizard in theGroup Policy Managementconsole to generate a report of the GPO application for a specific computer or user. For more information on how to use the Group Policy Results wizard, seeUse the Group Policy Results Wizard.

To create a group-managed service account (gMSA) named gMSA1 and make it available on SRV1, you can follow these steps:

Step 1: Create the Key Distribution Services Root Key First, you need to create the KDS Root Key, which is required for the gMSA to function. You can do this with the following PowerShell command:

Add-KdsRootKey --EffectiveTime ((get-date).addhours(-10))

Note: The -EffectiveTime parameter is set to 10 hours in the past to ensure immediate effect.

Step 2: Create the gMSA Next, use the New-ADServiceAccount cmdlet to create the gMSA:

New-ADServiceAccount -Name gMSA1 -DNSHostName gmsa1.domain.com -PrincipalsAllowedToRetrieveManagedPassword SRV1$

Replace domain.com with your actual domain name.

Step 3: Install the gMSA on SRV1 Now, you need to install the gMSA on the server SRV1. Run the following command on SRV1:

Install-ADServiceAccount -Identity gMSA1

Step 4: Test the gMSA To ensure that the gMSA is installed correctly and ready for use, perform a test using:

Test-ADServiceAccount -Identity gMSA1

If the test returns True, the gMSA is correctly installed and ready for use on SRV1.

Step 5: Configure the Service to Use the gMSA Finally, configure the service that requires the gMSA to use gMSA1 by setting the service's logon account to domain\gMSA1$ and leave the password field blank.

This will create and make the gMSA gMSA1 available on SRV1. Ensure that you have the necessary permissions and that SRV1 is properly joined to the domain before proceeding with these steps123.

To manage SRV1 remotely using PowerShell, you'll need to set up PowerShell Remoting. Here's a step-by-step guide:

Step 1: Enable PowerShell Remoting on SRV1 On SRV1, run the following command to enable PowerShell Remoting:

Enable-PSRemoting -Force

This command configures the computer to receive PowerShell remote commands that are sent by using the WS-Management technology.

Step 2: Configure the TrustedHosts List (If Needed) If you're managing SRV1 from a computer that is not part of the same domain, you'll need to add the managing computer's name to the TrustedHosts list on SRV1:

Set-Item wsman:\localhost\Client\TrustedHosts -Value 'ManagingComputerName' -Concatenate -Force

Replace ''ManagingComputerName'' with the name of your managing computer.

Step 3: Start a Remote Session From your managing computer, start a remote session with SRV1 using the Enter-PSSession cmdlet:

Enter-PSSession -ComputerName SRV1 -Credential (Get-Credential)

This command prompts you for credentials and then starts a remote session with SRV1.

Step 4: Run Remote Commands Once the remote session is established, you can run any PowerShell command as if you were directly on SRV1. For example:

Get-Service

This command gets the status of services on SRV1.

Step 5: Exit the Remote Session When you're finished, exit the remote session:

Exit-PSSession

Note: Ensure that both the managing computer and SRV1 are properly configured to communicate over the network, and that any firewalls allow for the necessary ports (default is 5985 for HTTP and 5986 for HTTPS) to be open for WS-Management traffic12.

By following these steps, you should be able to manage SRV1 remotely using PowerShell. Make sure you have the appropriate administrative privileges to perform these actions.

To run a container on SRV1 using the mcr.microsoft.com/windows/servercore/iis image, publish port 60 on the container to port 5001 on SRV1, and ensure it runs in the background, you can follow these steps:

Step 1: Pull the IIS Image First, pull the IIS image from the Microsoft Container Registry:

docker pull mcr.microsoft.com/windows/servercore/iis

Step 2: Run the Container Next, run the container with the required port mapping and ensure it runs in the background using the -d flag:

docker run -d -p 5001:60 --name iis_container mcr.microsoft.com/windows/servercore/iis

This command will start a container named iis_container using the IIS image, map port 60 inside the container to port 5001 on SRV1, and run the container in detached mode.

Step 3: Verify the Container is Running To verify that the container is running and the port is published, use the following command:

docker ps

This will list all running containers and show the port mappings.

Step 4: Access the IIS Server You can now access the IIS server running in the container by navigating to http://<SRV1_IP>:5001 in a web browser, where <SRV1_IP> is the IP address of SRV1.

Note: Ensure that Docker is installed on SRV1 and that the port 5001 is open on the firewall to allow incoming connections1.

By following these steps, you should be able to run the IIS container on SRV1 with the specified port mapping and have it running in the background.

To run a container on SRV1 using the mcrmicrosoft.com/windows/servercofe/iis image, publish port 80 on the container to port 5001 on SRV1, and ensure it runs in the background, you can follow these steps:

Step 1: Pull the IIS Image First, pull the correct IIS image from the Microsoft Container Registry:

docker pull mcr.microsoft.com/windows/servercore/iis

Step 2: Run the Container Next, run the container with the required port mapping and ensure it runs in the background using the -d flag:

docker run -d -p 5001:80 --name iis_container mcr.microsoft.com/windows/servercore/iis

This command will start a container named iis_container using the IIS image, map port 80 inside the container to port 5001 on SRV1, and run the container in detached mode.

Step 3: Verify the Container is Running To verify that the container is running and the port is published, use the following command:

docker ps

This will list all running containers and show the port mappings.

Step 4: Access the IIS Server You can now access the IIS server running in the container by navigating to http://<SRV1_IP>:5001 in a web browser, where <SRV1_IP> is the IP address of SRV1.

Note: Ensure that Docker is installed on SRV1 and that the port 5001 is open on the firewall to allow incoming connections1.

By following these steps, you should be able to run the IIS container on SRV1 with the specified port mapping and have it running in the background. Please replace mcrmicrosoft.com/windows/servercofe/iis with the correct image name mcr.microsoft.com/windows/servercore/iis as shown in the commands above.