• Home
  • Microsoft
  • AZ-800: Administering Windows Server Hybrid Core Infrastructure

Microsoft AZ-800 Exam Dumps

Get All Administering Windows Server Hybrid Core Infrastructure Exam Questions with Validated Answers

AZ-800 Pack
Vendor: Microsoft
Exam Code: AZ-800
Exam Name: Administering Windows Server Hybrid Core Infrastructure
Exam Questions: 260
Last Updated: March 1, 2026
Related Certifications: Windows Server Hybrid Administrator Associate
Exam Tags: Cloud Certifications, Microsoft Azure Certifications, Infrastructure Certifications Intermediate Windows Server AdministratorsAzure Administrators
Gurantee
  • 24/7 customer support
  • Unlimited Downloads
  • 90 Days Free Updates
  • 10,000+ Satisfied Customers
  • 100% Refund Policy
  • Instantly Available for Download after Purchase

Get Full Access to Microsoft AZ-800 questions & answers in the format that suits you best

PDF Version

$40.00
$24.00
  • 260 Actual Exam Questions
  • Compatible with all Devices
  • Printable Format
  • No Download Limits
  • 90 Days Free Updates

Discount Offer (Bundle pack)

$80.00
$48.00
  • Discount Offer
  • 260 Actual Exam Questions
  • Both PDF & Online Practice Test
  • Free 90 Days Updates
  • No Download Limits
  • No Practice Limits
  • 24/7 Customer Support

Online Practice Test

$30.00
$18.00
  • 260 Actual Exam Questions
  • Actual Exam Environment
  • 90 Days Free Updates
  • Browser Based Software
  • Compatibility:
    supported Browsers

Pass Your Microsoft AZ-800 Certification Exam Easily!

Looking for a hassle-free way to pass the Microsoft Administering Windows Server Hybrid Core Infrastructure exam? DumpsProvider provides the most reliable Dumps Questions and Answers, designed by Microsoft certified experts to help you succeed in record time. Available in both PDF and Online Practice Test formats, our study materials cover every major exam topic, making it possible for you to pass potentially within just one day!

DumpsProvider is a leading provider of high-quality exam dumps, trusted by professionals worldwide. Our Microsoft AZ-800 exam questions give you the knowledge and confidence needed to succeed on the first attempt.

Train with our Microsoft AZ-800 exam practice tests, which simulate the actual exam environment. This real-test experience helps you get familiar with the format and timing of the exam, ensuring you're 100% prepared for exam day.

Your success is our commitment! That's why DumpsProvider offers a 100% money-back guarantee. If you don’t pass the Microsoft AZ-800 exam, we’ll refund your payment within 24 hours no questions asked.
 

Why Choose DumpsProvider for Your Microsoft AZ-800 Exam Prep?

  • Verified & Up-to-Date Materials: Our Microsoft experts carefully craft every question to match the latest Microsoft exam topics.
  • Free 90-Day Updates: Stay ahead with free updates for three months to keep your questions & answers up to date.
  • 24/7 Customer Support: Get instant help via live chat or email whenever you have questions about our Microsoft AZ-800 exam dumps.

Don’t waste time with unreliable exam prep resources. Get started with DumpsProvider’s Microsoft AZ-800 exam dumps today and achieve your certification effortlessly!

Free Microsoft AZ-800 Exam Actual Questions

Question No. 1

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains a DNS server named Server1. Server1 hosts a DNS zone named fabrikam.com that was signed by DNSSEC.

You need to ensure that all the member servers in the domain perform DNSSEC validation for the fabrikam.com namespace.

What should you do?

Show Answer Hide Answer
Correct Answer: C

The hybrid core curriculum explains that DNSSEC validation by Windows clients is controlled through the Name Resolution Policy Table (NRPT), deployable via Group Policy. The NRPT lets administrators ''require DNSSEC for specific namespaces and configure how clients validate responses.'' While trust anchors (Add-DnsServerTrustAnchor) are used by DNS servers performing validation, member servers acting as DNS clients rely on NRPT rules to demand DNSSEC-validated answers from their resolvers for named namespaces (e.g., fabrikam.com). The guidance emphasizes: to ''enforce DNSSEC validation on domain-joined clients for a given suffix, create a GPO-based NRPT rule that requires DNSSEC,'' ensuring unsigned or invalid answers are rejected. Therefore, to make all member servers validate DNSSEC for fabrikam.com, deploy a GPO NRPT rule targeting that namespace. Adding trust anchors on Server1 or on each member server is unnecessary (and in the latter case, inapplicable unless they run the DNS Server role).


Question No. 2

You have a server that runs Windows Server and has the DHCP Server role installed. The server has a scope named Scope! that has the following configurations:

* Address range: 192.168.0.2 to 192.16B.1.2M . Mask 255.255.254.0

* Router: 192.168.0.1

* Lease duration: 3 days

* DNS server 172.16.0.254

You have 50 Microsoft Teams Phone devices from the same vendor. All the devices have MAC addresses within the same range.

You need to ensure that all the Teams Phone devices that receive a lease from Scope1 have IP addresses in the range of 192.168.1.100 to 192.168.1.200. The solution must NOT affect other DHCP clients that receive IP configurations from Scope1.

What should you create?

Show Answer Hide Answer
Correct Answer: A

In Windows Server DHCP, policies let you ''assign different options or even different IP address ranges to clients that meet specified conditions.'' The AZ-800 study guide explains that scope-level policies can target clients by MAC address (Client Identifier), vendor class, user class, relay agent, or other fields, and when a lease is requested, ''the DHCP server evaluates policies in order; if a client matches a policy, the server can allocate an address from the policy's configured IP range and apply policy-specific options, without affecting other clients in the scope.'' This is distinct from filters, which only allow or deny clients based on MAC and do not select an address pool; scope options merely set option values (DNS, router, etc.) and cannot constrain the lease address range; creating another scope would require a different subnet or superscope and would change allocation behavior for the entire network.

Given Scope1 (192.168.0.0/23) already serves all clients, and only the Teams Phone devices (all MACs in a common range) must receive addresses 192.168.1.100--192.168.1.200 without impacting others, the correct solution is to create a DHCP policy on Scope1 with a condition matching that MAC address range and configure the policy's IP address range to 192.168.1.100--192.168.1.200. This fulfills the requirement while leaving all other clients to receive addresses from the normal Scope1 pool.

Question No. 3

You have an Azure virtual machine named VM1 that has a private IP address only.

You configure the Windows Admin Center extension on VM1.

You have an on-premises computer that runs Windows 11. You use the computer for server management.

You need to ensure that you can use Windows Admin Center from the Azure portal to manage VM1.

What should you configure?

Show Answer Hide Answer
Correct Answer: B

According to the official documentation for Administering Windows Server Hybrid Core Infrastructure, using Windows Admin Center (WAC) within the Azure portal to manage virtual machines requires specific network pathing depending on the IP configuration of the target VM. For a virtual machine like VM1 that is configured with only a private IP address, the management traffic originates from the browser on the administrator's local computer and must be able to reach that private IP address directly.

The primary requirement for this scenario is that the management PC must have access to the virtual network (VNet) that is connected to the VM. As specified in the study guides, when managing a VM via its private IP, you must establish a hybrid connectivity solution such as a VPN connection (either Point-to-Site or Site-to-Site) or Azure ExpressRoute. This bridge allows the on-premises Windows 11 computer to route traffic into the Azure Virtual Network's private address space. Without this underlying network connectivity, the browser-based WAC gateway---which is hosted as an extension on the VM---cannot communicate with the portal interface.

While Azure Bastion (Option A) provides secure RDP and SSH access, the Windows Admin Center extension specifically requires network-level routing from the client to the private IP for its portal-integrated management features. Network Security Group (NSG) rules (Option C) are necessary to allow traffic on specific ports (like 443 for the WAC service), but they do not provide the routing necessary to cross the boundary between an on-premises network and an Azure VNet. Similarly, Private Endpoints (Option D) are intended for accessing Azure PaaS services rather than providing a management path for IaaS VMs. Therefore, configuring a VPN connection is the verified mandatory step to satisfy the connectivity requirements for WAC in this hybrid context.


Question No. 4

You are planning the implementation Azure Arc to support the planned changes. You need to configure the environment to support configuration management policies. What should you do?

Show Answer Hide Answer
Correct Answer: C

Within the hybrid governance section of Administering Windows Server Hybrid Core Infrastructure, Microsoft specifies that Azure Arc--enabled servers are the mechanism to bring on-premises and multi-cloud servers under Azure control to apply Azure Policy (Guest Configuration) and Defender for Servers. The prerequisite is installing the Azure Connected Machine agent (Azure Arc agent) on each server: ''To manage servers with Azure Policy and configuration management, install the Connected Machine agent to onboard them to Azure Arc; once connected, you can assign Azure Policy guest configuration and monitor compliance just like Azure VMs.'' Hybrid Azure AD Join is unrelated to Azure Policy assignment; the Azure Monitor agent provides telemetry but does not onboard to Arc for policy governance; a hybrid runbook worker is for Automation runbooks, not for enforcing Azure Policy. Therefore, to ''use Azure Policy to enforce configuration management policies on the servers in Azure and on-premises,'' deploy the Azure Connected Machine agent to all servers to Arc-enable them and then assign the desired policies.


Question No. 5

You have an Active Directory Domain Services (AD DS) domain. The domain contains a member server named Server1 that runs Windows Server.

You need to ensure that you can manage password policies for the domain from Serve1.

Which command should you run first on Server1?

Show Answer Hide Answer
Correct Answer: C

In Windows Server hybrid environments, domain password policy and fine-grained password policy (PSO) administration is performed with the Active Directory administration tools. The AZ-800 study domain states that to ''manage AD DS, including users, groups, OUs, Group Policy, and fine-grained password policies from a member server, you must first install the Remote Server Administration Tools (RSAT) for Active Directory.'' The RSAT AD DS package (RSAT-AD-Tools) installs Active Directory Users and Computers (ADUC), Active Directory Administrative Center (ADAC) (which includes the Password Settings container UI), and Windows PowerShell for Active Directory (the ActiveDirectory module). The guidance further clarifies: ''ADAC exposes Password Settings Objects (PSOs) and lets administrators create, link, and manage fine-grained password and lockout policies without signing in to a domain controller.'' Therefore, on Server1 the first required command is: Install-WindowsFeature RSAT-AD-Tools. Options for only PowerShell, DHCP, or WINS features do not provide ADAC/ADUC and cannot manage PSOs or domain password policies from a member server.


Get All 260 Questions & Answers Explore Other Microsoft Exam Dumps

100%

Security & Privacy

10000+

Satisfied Customers

24/7

Committed Service

100%

Money Back Guranteed