AZ-800 Practice Test Free – 50 Real Exam Questions to Boost Your Confidence
Preparing for the AZ-800 exam? Start with our AZ-800 Practice Test Free – a set of 50 high-quality, exam-style questions crafted to help you assess your knowledge and improve your chances of passing on the first try.
Taking a AZ-800 practice test free is one of the smartest ways to:
- Get familiar with the real exam format and question types
- Evaluate your strengths and spot knowledge gaps
- Gain the confidence you need to succeed on exam day
Below, you will find 50 free AZ-800 practice questions to help you prepare for the exam. These questions are designed to reflect the real exam structure and difficulty level. You can click on each Question to explore the details.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers. You plan to store a DNS zone in a custom Active Directory partition. You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers. What should you use?
A. ntdsutil.exe
B. Active Directory Sites and Services
C. Set-DnsServer
D. DNS Manager
HOTSPOT - Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains the sites and site links shown in the following exhibit.The sites contain the bridgehead domain controllers shown in the following table.
The IP intersite transport container is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure virtual machine named VM1 that runs Windows Server. You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1. What should you do?
A. Add the PowerShell Desired State Configuration (DSC) extension to VM1.
B. Configure VM1 to use a user-assigned managed identity.
C. Configure VM1 to use a system-assigned managed identity.
D. Add the Custom Script Extension to VM1.
HOTSPOT - You plan to deploy an Azure virtual machine that will run Windows Server. The virtual machine will host an Active Directory Domain Services (AD DS) domain controller and a drive named F: on a new virtual disk. You need to configure storage for the virtual machine. The solution must meet the following requirements: * Maximize resiliency for AD DS. * Prevent accidental data loss. How should you configure the storage? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - Overview - Company Information - ADatum Corporation is a manufacturing company that has a main office in Seattle and two branch offices in Los Angeles and Montreal. Fabrikam Partnership - ADatum recently partnered with 2 company named Fabrikam, Inc. Fabrikam is a manufacturing company that has a main office in Boston and a branch office in Orlando. Both companies intend to collaborate on several joint projects. Existing Environment - ADatum AD DS Environment - The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com. The forest contains two domains named adatum.com and east.adatum.com and the domain controllers shown in the following table.Fabrikam AD DS Environment - The on-premises network of Fabrikam contains an AD DS forest named fabrikam.com. The forest contains two domains named fabrikam.com and south.fabrikam.com. The fabrikam.com domain contains an organizational unit (OU) named Marketing. Server Infrastructure - The adatum.com domain contains the servers shown in the following table.
HyperV1 contains the virtual machines shown in the following table.
All the virtual machines on HyperV1 have only the default management tools installed. SSPace1 contains the Storage Spaces virtual disks shown in the following table.
Azure Resources - ADatum has an Azure subscription that contains an Azure AD tenant. Azure AD Connect is configured to sync the adatum.com forest with Azure AD. The subscription contains the virtual networks shown in the following table.
The subscription contains the Azure Private DNS zones shown in the following table.
The subscription contains the virtual machines shown in the following table.
All the servers are in a workgroup. The subscription contains a storage account named storage1 that has a file share named share1. Requirements - Planned Changes - ADatum plans to implement the following changes: • Sync Data1 to share1. • Configure an Azure runbook named Task1. • Enable Azure AD users to sign in to Server1. • Create an Azure DNS Private Resolver that has the following configurations: • Name: Private1 • Region: West US • Virtual network: VNet1 • Inbound endpoint: SubnetB • Enable users in the adatum.com domain to access the resources in the south.fabrikam.com domain. Technical Requirements - ADatum identifies the following technical requirements: • The data on SSPace1 must be available always. • DC2 must become the schema master if DC1 fails. • VM3 must be configured to enable per-folder quotas. • Trusts must allow access to only the required resources. • The users in the Marketing OU must have access to storage1. • Azure Automanage must be used on all supported Azure virtual machines. • A direct SSH session must be used to manage all the supported virtual machines on HyperV1. You need to ensure that data availability on SSPace1 meets the technical requirements. What is the maximum number of physical disks that can fail on each disk? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the offices shown in the following table.You need to deploy a Network Policy Server (NPS) named NPS1 to enforce network access policies for all remote connections. What is the minimum number of RADIUS clients that you should add to NPS1?
A. 1
B. 3
C. 8
D. 180
E. 188
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three domains. Each domain contains 10 domain controllers. You plan to store a DNS zone in a custom Active Directory partition. You need to create the Active Directory partition for the zone. The partition must replicate to only four of the domain controllers. What should you use?
A. dnscmd.exe
B. Active Directory Sites and Services
C. Set-DnsServer
D. New-ADObject
HOTSPOT - Your on-premises network contains a single-domain Active Directory Domain Services (AD DS) forest. You have an Azure AD tenant named contoso.com. The AD DS forest syncs with the Azure AD tenant by using Azure AD Connect. You need to ensure that users in the forest that have a custom attribute of NoSync are excluded from synchronization. How should you configure the Azure AD Connect cloudFiltered attribute, and which tool should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have servers that have the DNS Server role installed. The servers are configured as shown in the following table.All the client computers in the New York office use Server2 as the DNS server. You need to configure name resolution in the New York office to meet the following requirements: ✑ Ensure that the client computers in New York can resolve names from contoso.com. ✑ Ensure that Server2 forwards all DNS queries for internet hosts to 131. 107.100.200. The solution must NOT require modifications to Server1. Which two components should you configure on Server2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. a forwarder
B. a conditional forwarder
C. a delegation
D. a secondary zone
E. a reverse lookup zone
SIMULATION - You need to make the shares named Marketing and Sales from SRV1 available on the network by using the following UNC paths: • contoso.comdocumentsmarketing • contoso.comdocumentssales To complete this task, sign in to the required computer or computers.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK. You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1. Solution: You create a new subnet object that is associated to Site1. Does this meet the goal?
A. Yes
B. No
You have a server named Server1 that runs Windows Server. You plan to host applications in Windows containers. You need to configure Server1 to run containers. What should you install?
A. Windows Admin Center
B. Docker
C. the Windows Subsystem for Linux
D. Hyper-V
HOTSPOT - Which groups can you add to Group3 and Group5? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. You need to identify which server is the PDC emulator for the domain. Solution: From Active Directory Users and Computers, you right-click contoso.com in the console tree, and then select Operations Master. Does this meet the goal?
A. Yes
B. No
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 10 servers that run Windows Server. The servers have static IP addresses. You plan to use DHCP to assign IP addresses to the servers. You need to ensure that each server always receives the same IP address. Which type of identifier should you use to create a DHCP reservation for each server?
A. NetBIOS name
B. MAC address
C. fully qualified domain name (FQDN)
D. universally unique identifier (UUID)
You plan to deploy a containerized application that requires .NET Core. You need to create a container image for the application. The image must be as small as possible. Which base image should you use?
A. Windows Server
B. Nano Server
C. Windows
D. Server Core
You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server. You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3, but access to the resource is denied. You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort. What should you do?
A. Configure Kerberos constrained delegation.
B. Configure Just Enough Administration (JEA).
C. Configure selective authentication for the domain.
D. Disable the Enforce user logon restrictions policy setting for the domain.
Your network contains an Active Directory domain named contoso.com. The domain contains the computers shown in the following table.On Server3, you create a Group Policy Object (GPO) named GPO1 and link GPO1 to contoso.com. GPO1 includes a shortcut preference named Shortcut1 that has item-level targeting configured as shown in the following exhibit.
To which computer will Shortcut1 be applied?
A. Server3 only
B. Computer1 and Server3 only
C. Server2 and Server3 only
D. Server1, Server2, and Server3 only
Your company has a main office and a branch office. The two offices are connected by using a WAN link. Each office contains a firewall that filters WAN traffic. The network in the branch office contains 10 servers that run Windows Server. All servers are administered from the main office only. You plan to manage the servers in the branch office by using a Windows Admin Center gateway. On a server in the branch office, you install the Windows Admin Center gateway by using the defaults settings. You need to configure the firewall in the branch office to allow the required inbound connection to the Windows Admin Center gateway. Which inbound TCP port should you allow?
A. 443
B. 3389
C. 5985
D. 6516
Overview - Company Information - ADatum Corporation is a manufacturing company that has a main office in Seattle and two branch offices in Los Angeles and Montreal. Fabrikam Partnership - ADatum recently partnered with 2 company named Fabrikam, Inc. Fabrikam is a manufacturing company that has a main office in Boston and a branch office in Orlando. Both companies intend to collaborate on several joint projects. Existing Environment - ADatum AD DS Environment - The on-premises network of A. Datum contains an Active Directory Domain Services (AD DS) forest named adatum.com. The forest contains two domains named adatum.com and east.adatum.com and the domain controllers shown in the following table.
A. Active Directory Federation Services (AD FS)
B. Azure AD Connect in staging mode
C. Azure AD Connect cloud sync
D. Azure AD Connect in active mode
HOTSPOT - You have a server named Server1 that runs Windows Server. Server1 has a single network interface and the Hyper-V virtual switches shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
You need to meet the technical requirements for Server1. Which users can currently perform the required tasks?
A. Admin3 only
B. Admin1 and Admin3 only
C. Admin1 only
D. Admin1, Admin2, and Admin3
HOTSPOT - Your network contains the domains shown in the following exhibit.You need to establish trust relationships as shown in the following exhibit.
Which type of trust can you use for Trust1 and Trust2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The root domain contains the domain controllers shown in the following table.A failure of which domain controller will prevent you from creating application partitions?
A. DC1
B. DC2
C. DC3
D. DC4
E. DC5
HOTSPOT - You need to meet the technical requirements for VM1. Which cmdlet should you run first? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have a server that runs Windows Server and contains a shared folder named UserData. You need to limit the amount of storage space that each user can consume in UserData. What should you use?
A. Storage Spaces
B. Work Folders
C. Distributed File System (DFS) Namespaces
D. File Server Resource Manager (FSRM)
HOTSPOT - You have a server named Server1 that runs Windows Server and has the Hyper-V server role installed. Server1 contains a virtual machine named VM1 that runs Windows Server. You need to install the Hyper-V server role on VM1. Which PowerShell command should you run first? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP - You have a server named Server1 that runs Windows Server and has the Active Directory Federation Services role installed. You plan to deploy Web Application Proxy to a server named Server2. You export the Active Directory Federation Services (AD FS) certificate from Server1. Which actions should you perform on Server2 in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have a server that runs Windows Server 2022 and has the network adapters shown in the following table.You need to configure NIC teaming for LAN2 and LAN3. The solution must support Dynamic Virtual Machine Multi-Queue (d.VMMQ). What should you use?
A. LACP teaming mode
B. Switch Embedded Teaming (SET)
C. load balancing and failover (LBFO)
D. Static teaming mode
SIMULATION - You need to ensure that a DHCP scope named scope1 on SRV1 can service client requests. To complete this task, sign in the required computer or computers.
SIMULATION - You need to ensure that SRV1 only leases IP addresses from the range of 192.168.1.190 to 192.168.1.200 to computers that have a MAC address that starts with aabb. To complete this task, sign in the required computer or computers.
HOTSPOT - Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure AD tenant. The tenant contains a group named Group1 and the users shown in the following table.Domain/OU filtering in Azure AD Connect is configured as shown in the Filtering exhibit. (Click the Filtering tab.)
You review the Azure AD Connect configurations as shown in the Configure exhibit. (Click the Configure tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT - You need to configure Azure File Sync to meet the file sharing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You need to configure the Group Policy settings to ensure that the Azure Virtual Desktop session hosts meet the security requirements. What should you configure?
A. loopback processing in GPO4
B. security filtering for the link of GPO1
C. loopback processing in GPO1
D. the Enforced property for the link of GPO4
E. the Enforced property for the link of GPO1
F. security filtering for the link of GPO4
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK. You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1. Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to the new OU. Does this meet the goal?
A. Yes
B. No
DRAG DROP - You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. You deploy a server to the domain and configure the server to run a service. You need to ensure that the service can use a group managed service account (gMSA) to authenticate. Which three PowerShell cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order. Select and Place:
HOTSPOT - You have an Active Directory Domain Services (AD DS) domain that contains the member servers shown in the following table.Server3 contains a data disk named Disk1 that has Data Deduplication installed. Disk1 contains the files shown in the following table.
Server3 fails. You need to recover the files on Disk1. Which files can you recover if you attach Disk1 to Server1, and which files can you recover if you attach Disk1 to Server2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child named east.contoso.com and the servers shown in the following table.You need to create a folder for the Central Store to manage Group Policy template files for the entire forest. What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the following resources. ✑ An Azure Log Analytics workspace ✑ An Azure Automation account ✑ Azure Arc You have an on-premises server named Server1 that is onboarded to Azure Arc. You need to manage Microsoft updates on Server1 by using Azure Arc. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. From the Automation account, enable Update Management for Server1.
B. From the Virtual machines data source of the Log Analytics workspace, connect Server1.
C. On Server1, install the Azure Monitor agent
D. Add Microsoft Sentinel to the Log Analytics workspace
HOTSPOT - You need to configure network communication between the Seattle and New York offices. The solution must meet the networking requirements. What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure virtual machine named VM1 that runs Windows Server. You need to ensure that administrators request access to VM1 before establishing a Remote Desktop connection. What should you configure?
A. Azure Front Door
B. Microsoft Defender for Cloud
C. Azure AD Privileged Identity Management (PIM)
D. a network security group (NSG)
HOTSPOT - Your company has a main office and 10 branch offices that are connected by using WAN links. The network contains an Active Directory domain. All users have laptops and regularly travel between offices. You plan to implement BranchCache in the branch offices. In each branch office, you install a server that runs Windows Server and the BranchCache feature. You register the servers in Active Directory. You need to configure the laptops to use the local BranchCache server automatically. The solution must minimize administrative effort. Which two Group Policy settings should you configure? To answer, select the settings in the answer area. NOTE: Each correct selection is worth one point.
You need to meet the technical requirements for VM3. On which volumes can you enable Data Deduplication?
A. C and D only
B. D only
C. C, D, E, and F
D. D and E only
E. D, E, and F only
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains three servers that run Windows Server and have the Hyper-V server role installed. Each server has a Switch Embedded Teaming (SET) team. You need to verify that Remote Direct Memory Access (RDMA) and all the required Windows Server settings are configured properly on each server to support an Azure Stack HCI cluster. What should you use?
A. Server Manager
B. the Get-NetAdapter cmdlet
C. Failover Cluster Manager
D. the Validate-DCB cmdlet
You have an on-premises network that is connected to an Azure virtual network by using a Site-to-Site VPN. Each network contains a subnet that has the same IP address space. The on-premises subnet contains a virtual machine. You plan to migrate the virtual machine to the Azure subnet. You need to migrate the on premises virtual machine to Azure without modifying the IP address. The solution must minim administrative effort. What should you implement before you perform the migration?
A. Azure Extended Network
B. Azure Virtual Network NAT
C. Azure Application Gateway
D. Azure virtual network peering
You need to implement a name resolution solution that meets the networking requirements. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Configure the DNS Servers settings for Vnet1.
B. On DC3, install the DNS Server role.
C. Create a virtual network link in the corp.fabrikam.com Azure private DNS zone.
D. Configure a conditional forwarder on DC3.
E. Enable autoregistration in the corp.fabrikam.com Azure private DNS zone.
F. Create an Azure private DNZ zone named corp.fabrikam.com.
G. Create an Azure DNZ zone named corp.fabrikam.com.
SIMULATION - You need to collect errors from the System event log of SRV1 to a Log Analytics workspace. The required source files are located in a folder named dc1.contoso.cominstall. To complete this task, sign in the required computer or computers.
HOTSPOT - Your network contains two VLANs for client computers and one VLAN for a datacenter. Each VLAN is assigned an IPv4 subnet. Currently, all the client computers use static IP addresses. You plan to deploy a DHCP server to the VLAN in the datacenter. You need to use the DHCP server to provide IP configurations to all the client computers. What is the minimum number of scopes and DHCP relays you should create? To answer, select the appropriate option the answer area. NOTE: Each correct selection is worth one point. Hot Area:
DRAG DROP - Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site. You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1. You need to recommend a deployment plan that meets the following requirements: • Ensures that a user named User1 can perform the RODC installation on Server1 • Ensures that Server1 is in a new site named RemoteSite1 • Uses the principle of least privilege Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
SIMULATION - You need to create a group-managed service account (gMSA) named gMSA1 and make gMSA1 available on SRV1. To complete this task, sign in to the required computer or computers.
Free Access Full AZ-800 Practice Test Free Questions
If you’re looking for more AZ-800 practice test free questions, click here to access the full AZ-800 practice test.
We regularly update this page with new practice questions, so be sure to check back frequently.
Good luck with your AZ-800 certification journey!