Configuring Windows Server Hybrid Advanced Services

Here you have the best Microsoft AZ-801 practice exam questions

  • You have 169 total questions to study from
  • Each page has 5 questions, making a total of 34 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on October 15, 2025
  • This site is not affiliated with or endorsed by Microsoft.
Question 1 of 169
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From Virus & threat protection, you configure Controlled folder access.
Does this meet the goal?
    Correct Answer: A

    Controlled folder access in Windows Security is designed to protect folders from unauthorized changes by allowing only trusted applications to access the folders. This feature helps protect data from malicious apps and threats, such as ransomware. By configuring Controlled folder access, you can specify which applications are allowed to make changes to the data in the protected folders, meeting the goal of ensuring that only specific applications can modify the data.

Question 2 of 169
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From Virus & threat protection, you configure Tamper Protection
Does this meet the goal?
    Correct Answer: B

    Configuring Tamper Protection from Virus & threat protection is intended to prevent malicious applications from altering Microsoft Defender Antivirus settings. It does not restrict specific applications from modifying data in protected folders. To achieve the goal of allowing only specific applications to modify data in protected folders, you should configure Controlled folder access instead.

Question 3 of 169
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server.
You need to ensure that only specific applications can modify the data in protected folders on Server1.
Solution: From App & browser control, you configure the Exploit protection settings.
Does this meet the goal?
    Correct Answer: B

    Configuring Exploit protection settings from App & browser control does not specifically ensure that only certain applications can modify data in protected folders. Instead, to achieve this goal, one would configure Controlled folder access in the Virus & threat protection settings. Controlled folder access helps protect files and folders from unauthorized changes by malicious applications, and it allows only trusted applications to access protected folders.

Question 4 of 169
DRAG DROP -
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.
The AD DS domain contains a domain controller named DC1. DC1 does NOT have internet access.
You need to configure password security for on-premises users. The solution must meet the following requirements:
✑ Prevent the users from using known weak passwords.
✑ Prevent the users from using the company name in passwords.
What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Exam AZ-801: Question 4 - Image 1
    Correct Answer:
    Reference:
    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy Exam AZ-801: Question 4 - Image 2
Question 5 of 169
HOTSPOT -
The Default Domain Policy Group Policy Object (GPO) is shown in the GPO exhibit. (Click the GPO tab.)
Exam AZ-801: Question 5 - Image 1
The members of a group named Service Accounts are shown in the Group exhibit. (Click the Group tab.)
Exam AZ-801: Question 5 - Image 2
An organizational unit (OU) named ServiceAccounts is shown in the OU exhibit. (Click the OU tab.)
Exam AZ-801: Question 5 - Image 3
You create a Password Settings Object (PSO) as shown in the PSO exhibit. (Click the PSO tab.)
Exam AZ-801: Question 5 - Image 4
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Exam AZ-801: Question 5 - Image 5
    Correct Answer:
    Reference:
    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements--level-100-
    #fine_grained_pswd_policy_mgmt Exam AZ-801: Question 5 - Image 6