Click here to access our full set of Microsoft AZ-801 exam dumps and practice tests.
Q1. You are an administrator for a company that has numerous on-premises Windows Server 2019 servers. You need to onboard all of these servers into Microsoft Defender for Endpoint. You want to manage the security policies and view alerts for these servers from a single, centralized interface in the Azure portal. You do not use Microsoft Endpoint Configuration Manager (MECM). Which hybrid solution should you use to onboard the servers and manage them as native Azure resources?
A) Implement Azure Site Recovery (ASR) and replicate the servers to an Azure VNet.
B) Install the Microsoft Azure Recovery Services (MARS) agent on each server.
C) Onboard the servers to Azure Arc-enabled servers and deploy the MDE extension.
D) Configure Group Policy (GPO) to point the servers to an on-premises WSUS server.
Answer: C
Explanation:
Option C is the correct answer. Azure Arc-enabled servers is the Microsoft solution designed to bridge the gap between on-premises (or other cloud) servers and Azure. By onboarding an on-premises server to Azure Arc, the server becomes a first-class citizen in Azure, represented as an Azure resource. This allows you to manage it using Azure-native tools. Once the server is Arc-enabled, you can deploy various Azure extensions, including the one for Microsoft Defender for Endpoint (MDE). This approach centralizes management, policy application (via Azure Policy), and security monitoring directly within the Azure portal, which perfectly matches the requirements.
Option A is incorrect. Azure Site Recovery (ASR) is a disaster recovery (DR) service. Its purpose is to replicate VMs to Azure for business continuity, not to provide day-to-day security management or endpoint protection onboarding.
Option B is incorrect. The Microsoft Azure Recovery Services (MARS) agent is used for Azure Backup. It is designed to back up files, folders, and system state directly from an on-premises server to a Recovery Services vault in Azure. It has no function related to Microsoft Defender for Endpoint.
Option D is incorrect. While Group Policy (GPO) can be used to deploy the MDE client and configuration to on-premises, domain-joined machines, it does not satisfy the key requirement of managing the servers and their policies from the Azure portal as if they were native Azure resources. The GPO method is a purely on-premises management-plane action. Azure Arc is the correct hybrid solution.
Q2. You need to collect security event logs from your on-premises Windows Server 2022 domain controllers and send them to an Azure Sentinel workspace for threat analysis. You must use the most current, recommended Microsoft agent and configuration method. This method should provide granular control over which specific event log channels and event IDs are collected. Which components should you implement?
A) Install the legacy Log Analytics agent (MMA) and configure it from the workspace.
B) Install the Azure Monitor Agent (AMA) and configure a Data Collection Rule (DCR).
C) Install the Azure Site Recovery (ASR) mobility service on the domain controllers.
D) Configure Windows Event Forwarding (WEF) to send logs directly to Azure.
Answer: B
Explanation:
Option B is the correct answer. The Azure Monitor Agent (AMA) is the new, strategic agent from Microsoft, replacing the legacy Log Analytics agent (MMA). The key benefit of AMA is its integration with Data Collection Rules (DCRs). A DCR is an Azure-based configuration that defines what data to collect and where to send it. Using a DCR, you can specify precisely which event log channels (e.g., Security, System), which event levels (e.g., Error, Warning), and even which specific event IDs to collect. This provides the granular control requested and is the most modern method for connecting servers to Log Analytics and Sentinel.
Option A is incorrect. The Log Analytics agent (MMA), also known as the Microsoft Monitoring Agent, is the legacy agent. While it still functions, it is being deprecated in favor of AMA. It is not the “most current, recommended” method, and its configuration is less flexible than DCRs.
Option C is incorrect. The ASR mobility service is an agent used by Azure Site Recovery for disaster recovery replication. It has no capability to collect and forward event logs for monitoring or SIEM analysis.
Option D is incorrect. Windows Event Forwarding (WEF) is an on-premises technology used to forward events from multiple servers (clients) to a central on-premises server (a collector). While this is a useful pattern, it cannot send logs directly to Azure. You would still need to install an agent (like AMA) on the WEF collector to send the aggregated logs to the cloud.
Q3. Your company has a hybrid infrastructure with Windows Server 2016 VMs on-premises and Windows Server 2019 VMs in Azure. You need to implement a solution that provides a single-pane-of-glass view for security posture management. The solution must assess all servers against security benchmarks, identify misconfigurations (like insecure OS settings), and provide actionable recommendations to improve the security of both on-premises and Azure-based servers. Which Azure service is designed for this purpose?
A) Microsoft Defender for Endpoint
B) Azure Sentinel
C) Microsoft Defender for Cloud
D) Windows Admin Center
Answer: C
Explanation:
Option C is the correct answer. Microsoft Defender for Cloud is the Azure-native solution for Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP). The CSPM features of Defender for Cloud are exactly what the question describes: it continuously assesses all connected resources (Azure-native VMs and on-premises servers via Azure Arc) against security standards like the Azure Security Benchmark. It then provides a “Secure Score” and a prioritized list of recommendations to fix vulnerabilities and misconfigurations.
Option A is incorrect. Microsoft Defender for Endpoint (MDE) is an Endpoint Detection and Response (EDR) solution. Its primary focus is on detecting, investigating, and responding to active threats on the endpoint (e.g., malware, file-less attacks). It does not provide the high-level posture assessment and compliance benchmarking that Defender for Cloud does.
Option B is incorrect. Azure Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. Its job is to ingest logs from many sources (like Defender, firewalls, and servers) and use analytics to find active threats and orchestrate responses. It does not perform the posture assessment of the servers themselves.
Option D is incorrect. Windows Admin Center is a server management tool. It is a modern replacement for local MMC snap-ins, allowing you to manage individual servers or clusters for day-to-day administrative tasks. It is not an enterprise-scale security posture assessment tool.
Q4. You are building a new two-node Windows Server 2022 failover cluster for a highly available file server. The two nodes are located in the same on-premises datacenter. You do not have a third server to act as a witness, nor do you have shared storage (like a SAN) to create a disk witness. You do, however, have an active Azure subscription. What is the most appropriate and cost-effective witness type to configure to ensure cluster quorum?
A) File Share Witness
B) Disk Witness
C) Cloud Witness
D) No witness is required for a two-node cluster.
Answer: C
Explanation:
Option C is the correct answer. This scenario is the primary use case for a Cloud Witness. A Cloud Witness is a type of cluster quorum witness that uses a small file in an Azure Blob Storage account as the “vote” in the quorum. It is the perfect solution for a two-node cluster where there is no third server or shared disk infrastructure available to host a traditional witness. Since the company has an Azure subscription, they can create a storage account (for a very low cost, as the blob is tiny) and configure the cluster to use it as the witness, providing the necessary quorum to prevent split-brain scenarios.
Option A is incorrect. A File Share Witness requires a file share on a third server (typically on the same network), which the prompt explicitly states is not available.
Option B is incorrect. A Disk Witness requires a small, dedicated LUN on a shared storage array (like a SAN or iSCSI target) that is visible to both cluster nodes. The prompt states this is not available.
Option D is incorrect. A two-node cluster (or any even-numbered node cluster) must have a witness. Without a witness, if the network link between the two nodes fails, both nodes would think the other has failed and would try to take ownership of the resources, leading to a “split-brain” scenario and data corruption. The witness provides the tie-breaking vote.
Q5. You need to design a new highly available storage solution for a Hyper-V cluster. The requirements state that the solution must be software-defined and must use the local, direct-attached SSDs and HDDs from each of the cluster nodes. The solution must aggregate these local drives into a single, resilient storage pool that all nodes in the cluster can access. Which Windows Server technology is built for this specific purpose?
A) Storage Replica
B) Storage Spaces Direct (S2D)
C) Azure Site Recovery
D) Dynamic Host Configuration Protocol (DHCP) Failover
Answer: B
Explanation:
Option B is the correct answer. This question provides the textbook definition of Storage Spaces Direct (S2D). S2D is a feature in Windows Server (Datacenter edition) and Azure Stack HCI that allows you to build hyper-converged, software-defined storage. It takes the local, direct-attached drives (NVMe, SSD, HDD) in each node of a failover cluster and aggregates them into a “storage pool.” It then uses this pool to create resilient volumes (using mirroring or parity) that are simultaneously accessible to all nodes in the cluster, providing Cluster Shared Volumes (CSVs) for workloads like Hyper-V.
Option A is incorrect. Storage Replica is a technology used to replicate volumes (block-level) between two different servers or clusters, typically for disaster recovery or to build a stretch cluster. It does not create the shared storage pool from local disks.
Option C is incorrect. Azure Site Recovery is an Azure service for disaster recovery, replicating entire VMs or physical servers to Azure. It is not an on-premises storage technology.
Option D is incorrect. DHCP Failover is a high-availability feature specifically for the DHCP server role, allowing two DHCP servers to share a scope. It is completely unrelated to storage.
Q6. You are planning a disaster recovery solution for a critical on-premises Hyper-V virtual machine running Windows Server 2016. You need to replicate this VM to Azure so that you can fail it over and run it as an Azure VM in the event of a datacenter-wide disaster. The solution must provide orchestration for the failover, including the ability to perform non-disruptive DR tests. Which Azure service should you use?
A) Azure Backup using the MARS agent
B) Hyper-V Replica
C) Azure Site Recovery (ASR)
D) Storage Migration Service
Answer: C
Explanation:
Option C is the correct answer. Azure Site Recovery (ASR) is the premier Azure service designed for disaster recovery and workload migration. It is built to replicate on-premises workloads (including Hyper-V VMs, VMware VMs, and physical servers) to Azure. It orchestrates the entire process, including initial replication, ongoing synchronization, and, critically, the failover process. It also allows you to perform “test failovers” into an isolated Azure network, which spins up a copy of the replicated VM in Azure for testing without disrupting the production on-premises workload.
Option A is incorrect. Azure Backup with the MARS agent is for backing up files, folders, and system state. To back up a full VM, you would use MABS or DPM, but in either case, backup is not disaster recovery. The RTO (Recovery Time Objective) of restoring from backup is hours or days, whereas ASR’s RTO is minutes.
Option B is incorrect. Hyper-V Replica is an in-box feature of Hyper-V that replicates a VM to another Hyper-V host or cluster. It cannot replicate a VM directly to Azure as an Azure-native VM. ASR is the service that provides this capability.
Option D is incorrect. The Storage Migration Service is a tool specifically designed to migrate file servers (shares, permissions, data) from an old server to a new one. It has no function related to VM replication for DR.
Q7. A company has two physical datacenters, Site A and Site B, connected by a high-speed, low-latency link. They want to build a single Windows Server 2019 failover cluster that spans both sites for high availability. If Site A fails, they want their Hyper-V VMs to automatically failover and start in Site B with no data loss. What on-premises Windows Server technology is required to replicate the cluster storage volumes between the two sites with zero data loss?
A) Storage Replica (in synchronous mode)
B) Azure Site Recovery (ASR)
C) Hyper-V Replica
D) Storage Spaces Direct (S2D)
Answer: A
Explanation:
Option A is the correct answer. This scenario describes a “stretch cluster,” and the key enabling technology is Storage Replica. Storage Replica provides block-level, volume-based replication. When configured in synchronous mode, it writes data to the volumes in both sites before acknowledging the write completion to the application. This ensures that both sites have an identical, real-time copy of the data, achieving a Recovery Point Objective (RPO) of zero (no data loss). This allows a failover cluster to automatically failover workloads between sites.
Option B is incorrect. Azure Site Recovery is a disaster recovery (DR) solution, not a high availability (HA) solution. It is asynchronous (meaning there is always some data loss) and failover is an orchestrated, manual, or scripted process, not the automatic, sub-second failover provided by a true cluster.
Option C is incorrect. Hyper-V Replica is also a DR technology, not HA. It replicates at the VM level, is asynchronous, and is not integrated with Cluster Shared Volumes in this way.
Option D is incorrect. Storage Spaces Direct (S2D) is a technology for creating shared storage from local disks, typically within a single cluster at a single site. While S2D can be used with Storage Replica, it is Storage Replica that provides the inter-site replication piece of the puzzle.
Q8. You need to back up files and folders from several on-premises Windows Server 2016 servers. You also need to back up the System State of a physical domain controller. You do not have a System Center Data Protection Manager (SCDPM) or Microsoft Azure Backup Server (MABS) deployment. You want to back up this data directly to an Azure Recovery Services vault. Which agent should you install on the on-premises servers?
A) The Azure Monitor Agent (AMA)
B) The Microsoft Azure Recovery Services (MARS) agent
C) The Azure Site Recovery (ASR) mobility service
D) The Log Analytics agent (MMA)
Answer: B
Explanation:
Option B is the correct answer. The Microsoft Azure Recovery Services (MARS) agent is the specific tool designed for “direct-to-cloud” backup of on-premises Windows servers. It is a lightweight agent that you install on the server, and you configure it to back up specific files, folders, and the System State. It sends these backups directly to an Azure Recovery Services vault for retention. This is distinct from MABS/DPM, which are larger, application-aware solutions that back up to local disk first (D2D2C). For simple file/folder/system state, the MARS agent is the correct choice.
Option A is incorrect. The Azure Monitor Agent (AMA) is used for collecting monitoring data (logs and performance metrics) and sending it to Log Analytics. It is not a backup agent.
Option C is incorrect. The ASR mobility service is the agent used by Azure Site Recovery to replicate the entire server for disaster recovery. It is not used for file-level backups.
Option D is incorrect. The Log Analytics agent (MMA) is the legacy monitoring agent, being replaced by AMA. Like AMA, it is for monitoring data, not for performing backups.
Q9. You are planning to migrate an old on-premises file server running Windows Server 2008 R2 to a new file server running Windows Server 2022 on an Azure VM. The migration must include all files, folders, NTFS permissions, and share settings. You also want to perform an orchestrated cutover where the identity (server name and IP) of the old server is automatically transferred to the new server to eliminate the need to reconfigure end-user clients. Which tool is designed for this entire end-to-end process?
A) Robocopy with the /MIR and /SEC switches
B) Azure Migrate: Server Migration
C) Storage Migration Service (SMS)
D) Azure Data Box
Answer: C
Explanation:
Option C is the correct answer. The Storage Migration Service (SMS), which is managed via Windows Admin Center, is the purpose-built tool for this exact scenario. It is a three-step process: 1) Inventory servers to find all file shares, permissions, and data. 2) Transfer the data (using a high-speed, multi-threaded engine) from the source (Server 2008 R2) to the destination (Server 2022 in Azure). 3) Cutover, which is the key feature. During cutover, SMS will (optionally) take the identity of the source server (its name and IP) and apply it to the destination server, after shutting down the source. This makes the migration seamless for users and applications.
Option A is incorrect. Robocopy is a robust file-copy utility that can migrate files and permissions. However, it cannot migrate share settings (like share-level permissions or smb.conf settings) and it absolutely cannot perform the identity cutover. This would be a manual, disruptive process.
Option B is incorrect. Azure Migrate: Server Migration is for “lift-and-shift” migrations of entire VMs. It is not a file-server-aware tool and cannot perform the share and identity migration.
Option D is incorrect. Azure Data Box is a device for offline transfer of very large datasets (terabytes or petabytes) to Azure. It is not an orchestrated migration tool for a live file server.
Q10. Your organization needs a comprehensive backup solution for its on-premises datacenter. You must be able to perform application-aware backups of Hyper-V VMs, SQL Server databases, and Microsoft SharePoint. The solution must provide a short-term, disk-to-disk (D2D) backup on-premises for fast restores, and then tier those backups to Azure for long-term, off-site retention. Which Microsoft product is designed for this Disk-to-Disk-to-Cloud (D2D2C) model?
A) Microsoft Azure Backup Server (MABS)
B) The MARS agent on every server
C) Azure Site Recovery
D) Windows Server Backup
Answer: A
Explanation:
Option A is the correct answer. Microsoft Azure Backup Server (MABS) is a free, downloadable server product from Microsoft that provides a complete on-premises backup solution. It is derived from System Center Data Protection Manager (DPM). MABS is designed for application-aware backups of workloads like Hyper-V, VMware, SQL Server, SharePoint, and Exchange. It performs a “Disk-to-Disk” (D2D) backup to a local storage pool for fast, short-term restores. It then integrates with an Azure Recovery Services vault to send its own local backups to the cloud for “Disk-to-Disk-to-Cloud” (D2D2C) long-term retention.
Option B is incorrect. The MARS agent is a file-level agent. It cannot perform application-aware backups of SQL, SharePoint, or Hyper-V.
Option C is incorrect. Azure Site Recovery is a disaster recovery (replication) service, not a backup service. It doesn’t provide the point-in-time, long-term retention of a backup solution.
Option D is incorrect. Windows Server Backup is a basic, in-box backup utility for a single server. It is not an enterprise-scale, application-aware, centralized solution that can integrate with Azure for D2D2C.
Q11. You are planning a large-scale migration of 500 on-premises VMware virtual machines to Azure. Before you begin the migration, your primary goals are to discover all VMs, map their network dependencies, assess their readiness for Azure, and get performance-based (e.g., CPU, memory, disk) cost estimates for running them in Azure. Which tool within the Azure Migrate hub is designed for this discovery and assessment?
A) Azure Migrate: Server Migration
B) Azure Migrate: Server Assessment
C) Azure Site Recovery
D) Azure Cost Management and Billing
Answer: B
Explanation:
Option B is the correct answer. The Azure Migrate hub is a collection of tools, and the Server Assessment tool is the one designed for this exact purpose. You deploy a lightweight on-premises appliance (the Azure Migrate appliance) in your VMware environment. This appliance discovers all VMs, gathers performance metadata over time, and (optionally) can perform agentless dependency mapping to see which servers talk to each other. This data is sent to the Azure Migrate project, which then provides detailed reports on Azure readiness, suggested VM sizing (right-sizing), and detailed monthly cost estimates.
Option A is incorrect. The Server Migration tool is the next step. After assessment, you use this tool (which often uses ASR technology) to replicate the VMs and perform the actual migration.
Option C is incorrect. While ASR can be used for migration, it is primarily a replication engine. It does not provide the rich, performance-based assessment, dependency mapping, and cost estimation that the Azure Migrate: Server Assessment tool does.
Option D is incorrect. Azure Cost Management is used to analyze and optimize the costs of existing resources that are already running in Azure. It does not assess on-premises workloads for migration.
Q12. An administrator needs to perform day-to-day management tasks on a newly installed Windows Server 2022 server that is running the “Server Core” installation (no GUI). The administrator wants a modern, browser-based, graphical interface to manage the server’s firewall, view event logs, manage certificates, and configure local users and groups. The server is on the corporate network but not yet connected to Azure. Which management tool is the recommended, modern solution for this?
A) System Center Operations Manager (SCOM)
B) Remote Desktop Protocol (RDP)
C) Windows Admin Center (WAC)
D) Azure Portal
Answer: C
Explanation:
Option C is the correct answer. Windows Admin Center (WAC) is the modern, browser-based management tool that provides a graphical interface for managing Windows Servers. It is the recommended solution for managing “headless” Server Core installations, as it provides a rich GUI for tasks that were traditionally done via command line (PowerShell, sconfig) or remote MMC snap-ins. It consolidates all the common administrative tools (Event Viewer, Certificate Manager, Firewall, etc.) into one web interface.
Option A is incorrect. SCOM is an enterprise monitoring and alerting platform. It is not a hands-on, real-time management tool for configuring a single server.
Option B is incorrect. You cannot RDP into a Server Core installation and get a graphical desktop, because there isn’t one. RDP would only connect you to a command prompt.
Option D is incorrect. The Azure Portal can only manage on-premises servers if they have been onboarded via Azure Arc. The prompt states the server is not yet connected to Azure. WAC is the correct on-premises tool.
Q13. You are using Azure Update Management to patch both your Azure VMs and your on-premises Windows Servers. Your on-premises servers are configured as hybrid workers and are reporting to a Log Analytics workspace. You need to create a patching schedule that automatically installs all “Critical” and “Security” updates on all on-premises servers, but only on the third Saturday of every month at 2:00 AM. Where would you configure this schedule?
A) In a Data Collection Rule (DCR) in Azure Monitor.
B) In a Group Policy Object (GPO) linked to the servers’ OU.
C) In the Azure Automation account, under Update Management.
D) In Windows Admin Center, using the Updates extension.
Answer: C
Explanation:
Option C is the correct answer. The Azure Update Management solution (part of Azure Automation) is the service that orchestrates hybrid patching. A core feature of this service is the ability to create “Update Deployments.” An Update Deployment defines the “what” (which update classifications, e.g., Critical, Security, or specific KBs), the “who” (which machines, e.g., a dynamic group of on-prem servers), and the “when.” The scheduling capabilities are very flexible, allowing for one-time or recurring schedules, such as the “third Saturday of the month at 2:00 AM,” as requested.
Option A is incorrect. Data Collection Rules (DCRs) are used to define what monitoring data (logs, counters) to collect from the Azure Monitor Agent. They do not schedule or deploy software updates.
Option B is incorrect. A GPO could be used to configure on-premises WSUS settings, but it is not how you configure the cloud-based Azure Update Management solution. The schedule for Azure Update Management is controlled from Azure, not from Active Directory.
Option D is incorrect. Windows Admin Center can manage updates for a single server or a cluster in real-time, but it is not the enterprise-scale, scheduled-deployment solution for a fleet of servers integrated with Azure.
Q14. Your on-premises Windows Servers are all connected to a Log Analytics workspace via the Azure Monitor Agent (AMA). You need to write a query to find all security events from the last 24 hours where the EventID is 4625 (an account failed to log on) and the AccountName is “Administrator”. Which query language would you use in the Log Analytics query editor?
A) Transact-SQL (T-SQL)
B) PowerShell
C) SQL (Structured Query Language)
D) Kusto Query Language (KQL)
Answer: D
Explanation:
Option D is the correct answer. All data ingested into an Azure Log Analytics workspace (as well as Azure Data Explorer) is queried using the Kusto Query Language (KKQL). KQL is a powerful, read-only query language designed for analyzing large volumes of structured and unstructured data. A query to fulfill the request would look something like this: SecurityEvent | where TimeGenerated > ago(1d) | where EventID == 4625 and AccountName == “Administrator”.
Option A and Option C are incorrect. While KQL has some similarities to SQL, it is a different language with its own syntax, operators, and functions. You cannot use T-SQL or standard SQL to query Log Analytics.
Option B is incorrect. PowerShell is a command-line shell and scripting language. You can use PowerShell (specifically, the Invoke-AzOperationalInsightsQuery cmdlet) to execute a KQL query, but the query itself must be written in KQL.
Q15. You are deploying a new, three-node Storage Spaces Direct (S2D) cluster running on Azure Stack HCI. You want to provision a new volume that can tolerate the failure of two nodes simultaneously and still remain online. Which resiliency type should you select for this volume?
A) Three-way mirror
B) Mirror-accelerated parity
C) Nested two-way mirror
D) Nested mirror-accelerated parity
Answer: A
Explanation:
Option A is the correct answer. In a Storage Spaces Direct cluster, a three-way mirror maintains three copies of the data, with each copy on a different node (in a 3+ node cluster). This allows the volume to remain online and fully operational even if two nodes (and thus, two copies of the data) fail simultaneously. The volume can still serve reads and writes from the single remaining copy. This is the standard resiliency level for “fault-tolerant” workloads.
Option B, mirror-accelerated parity, is a good option for capacity (it’s more space-efficient), but standard parity is not as performant for writes and a simple three-way mirror is the most straightforward way to meet the two-node failure requirement.
Option C and Option D (Nested Resiliency) are new features in Azure Stack HCI (and Server 2022) specifically designed for two-node clusters. They provide fault tolerance within a server (mirroring across drives) and between servers. However, in a three-node cluster, a standard three-way mirror (Option A) is the correct and simpler configuration to achieve two-node fault tolerance.
Q16. A company wants to connect its on-premises System Center Operations Manager (SCOM) 2019 deployment to an Azure Log Analytics workspace. The goal is to forward all alerts generated by SCOM to Azure Monitor and also to collect specific performance data from SCOM-managed agents and send it to Log Analytics. What is the official method to achieve this integration?
A) Install the Azure Monitor Agent (AMA) on all the SCOM management servers.
B) Decommission SCOM and replace it entirely with Azure Monitor.
C) Configure the SCOM Management Group to connect to the Log Analytics workspace.
D) Manually configure alerts in SCOM to run a script that calls the Azure Monitor API.
Answer: C
Explanation:
Option C is the correct answer. SCOM has a built-in, first-party integration with Azure Log Analytics. From the SCOM Operations Console (Administration pane), you can directly configure a connection to your Azure subscription and Log Analytics workspace. Once this connection is established, you can select which SCOM-generated alerts to forward to Azure. You can also select which SCOM-managed agent computers you want to collect data from and send to Log Analytics, effectively using SCOM as the “gateway” for your on-premises agents.
Option A is incorrect. Installing the AMA on the SCOM management server would only monitor that server. It would not integrate the SCOM platform (its alerts and managed agents) with Log Analytics.
Option B is a valid strategy, but it’s not the answer to the integration question. SCOM and Azure Monitor can coexist, and this integration is the hybrid path Microsoft provides.
Option D is a highly complex, manual, and unsupported method. The built-in connector (Option C) is the simple, official, and supported solution.
Q17. You are managing a hybrid environment using Windows Admin Center (WAC). You want to leverage WAC to manage your Azure VMs. What is the first step you must take to enable Windows Admin Center to connect to and manage your virtual machines running in Azure?
A) Configure the Windows Admin Center gateway as a hybrid worker for Azure Automation.
B) Install the Azure Monitor Agent on the Windows Admin Center gateway.
C) Register the Windows Admin Center gateway with Azure.
D) Ensure all Azure VMs have public IP addresses and open WinRM ports.
Answer: C
Explanation:
Option C is the correct answer. To make Windows Admin Center “Azure-aware” and enable it to manage Azure resources (like Azure VMs), you must first register your WAC gateway with your Azure tenant. This is a one-time process in the WAC settings that creates an Azure AD application registration. This registration allows WAC to authenticate to your subscription. Once registered, WAC can discover your Azure VMs and you can connect to them (over a private connection or a public IP) just as you would an on-premises server.
Option A is incorrect. A hybrid worker is for Azure Automation runbooks and has no bearing on WAC’s ability to manage Azure VMs.
Option B is incorrect. The Azure Monitor Agent is for collecting monitoring data. It is not part of the WAC management plane.
Option D is a bad security practice and not the required first step. WAC can manage Azure VMs over their private IP (if you have a VPN/ExpressRoute) or can create a secure tunnel. The first step is always registering the gateway.
Q18. A business has a critical line-of-business application running on a physical Windows Server 2012 R2. The business cannot tolerate any data loss in a disaster and requires a Recovery Point Objective (RPO) of near-zero. You need to replicate this server’s data volumes to a standby server in a secondary datacenter. Which Windows Server technology, when configured correctly, can meet this “zero data loss” requirement?
A) Hyper-V Replica
B) Azure Site Recovery with a 30-second replication frequency
C)_ Storage Replica (in synchronous mode)
D) Azure Backup with 5-minute transaction log backups
Answer: C
Explanation:
Option C is the correct answer. Storage Replica is a Windows Server technology that provides block-level replication of volumes. It can be configured in two modes: synchronous and asynchronous. For a “zero data loss” (RPO of zero) requirement, you must use synchronous replication. In this mode, an application’s write I/O is not acknowledged as “complete” until it has been written to both the source volume’s log and the destination volume’s log. This guarantees that in the event of a source-site failure, the destination has an exact, up-to-the-millisecond copy of the data.
Option A is incorrect. Hyper-V Replica is for virtual machines (the prompt mentions a physical server). Also, it is asynchronous, with a minimum RPO of 30 seconds.
Option B is incorrect. Azure Site Recovery is an asynchronous replication technology. Even at its lowest frequency, there will always be some data loss (seconds to minutes), so it cannot meet a “near-zero” RPO.
Option D is incorrect. Azure Backup is a backup solution, not a replication solution. Its RPO would be 5 minutes, which is far from zero.
Q19. Your company has a multi-cluster warehouse environment using Windows Server 2019. You are investigating performance issues and want to enable storage QoS (Quality of Service) to set maximum IOPS and/or bandwidth limits on specific, “noisy” Hyper-V virtual machines. Which technology allows you to set these policies at the storage level?
A) Storage Quality of Service (QoS)
B) Windows Defender Application Control (WDAC)
C) Azure Policy for guest configuration
D) Network QoS (d-QoS)
Answer: A
Explanation:
Option A is the correct answer. Storage Quality of Service (QoS) is a feature built into Windows Server (specifically for Hyper-V and the Scale-Out File Server) that allows you to set maximum and minimum IOPS/bandwidth limits (policies) on virtual hard disks. This is crucial in multi-tenant or large environments to prevent a single “noisy neighbor” VM from consuming all available storage I/O, ensuring fair performance for all other workloads. These policies can be managed via PowerShell or WAC.
Option B is incorrect. Windows Defender Application Control (WDAC) is a security feature used to control which applications and scripts are allowed to run on a server (application whitelisting). It has nothing to do with storage performance.
Option C is incorrect. Azure Policy for guest configuration is an Azure service (using Azure Arc) to audit and configure OS-level settings inside a machine. While it could check if a setting is on, it is not the underlying technology that provides Storage QoS.
Option D is incorrect. Network QoS is a similar concept but applies to network traffic (e.g., prioritizing SMB traffic over HTTP traffic). It does not control disk I/O.
Q20. You are deploying a new, two-node Azure Stack HCI cluster. This cluster will be used for a remote office and must be resilient to both a node failure and a single drive failure on the remaining node. You want to provision a volume that can survive a server failure and a disk failure simultaneously. Which resiliency type is specifically designed for this scenario in a two-node cluster?
A) Three-way mirror
B) Nested two-way mirror
C) Storage Replica
D) Simple (no resiliency)
Answer: B
Explanation:
Option B is the correct answer. Nested resiliency is a feature introduced in Windows Server 2019 and enhanced in Azure Stack HCI specifically for two-node hyper-converged clusters. A normal two-way mirror in a two-node cluster can survive a single node failure or a single disk failure, but not both. If a node fails, the entire volume is running on the single remaining node, which is now a single point of failure. Nested two-way mirror solves this by creating a two-way mirror within each server (across its local disks) and then creating another two-way mirror between the two servers. This provides four copies of the data and allows the volume to stay online and protected even if one server fails and a disk on the other, surviving server also fails.
Option A is incorrect. A three-way mirror requires a minimum of three nodes to provide data on three different fault domains. It cannot be implemented on a two-node cluster.
Option C is incorrect. Storage Replica is for replicating data between two separate clusters or servers, typically in different sites for DR. It is not the resiliency type within a single S2D/Azure Stack HCI cluster.
Option D is incorrect. A simple volume provides no resiliency and would result in data loss on any node or disk failure.
