Try 10 focused Microsoft AZ-802 questions on Manage Storage and File Services, with explanations, then continue with IT Mastery.
Open the matching IT Mastery practice page for timed mocks, topic drills, progress tracking, explanations, and full practice.
Try Microsoft AZ-802 on Web View full Microsoft AZ-802 practice page
| Field | Detail |
|---|---|
| Exam route | Microsoft AZ-802 |
| Topic area | Manage Storage and File Services |
| Blueprint weight | 9% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Manage Storage and File Services for Microsoft AZ-802. Work through the 10 questions first, then review the explanations and return to mixed practice in IT Mastery.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 9% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original IT Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Manage Storage and File Services
A company uses Azure File Sync to sync a branch file server with an Azure file share. After a new server endpoint is added, users report that some files are not appearing at the branch. Administrators need a single monitoring view that can distinguish sync activity, cloud endpoint health, server endpoint health, and Azure File Sync agent issues. Which design best fits this requirement?
Options:
A. Check Event Viewer only on the branch server
B. Review only Azure file share capacity metrics
C. Review Storage Sync Service health in the Azure portal
D. Use Microsoft Defender for Cloud recommendations
Best answer: C
Explanation: Azure File Sync health should be monitored from the Storage Sync Service because that service owns the sync topology. Its health views let administrators inspect sync groups, cloud endpoints, server endpoints, registered servers, and agent-related status from one Azure-centered location. This directly supports troubleshooting whether the issue is with the Azure file share endpoint, a specific server endpoint, sync processing, or the Azure File Sync agent on a registered Windows Server. Local logs can help with deeper troubleshooting, but they do not provide the complete service-level view required in the scenario.
Topic: Manage Storage and File Services
A Windows Server file server uses File Server Resource Manager (FSRM) to block .pst files under a departmental share. Users report they can still save .pst files in one project folder.
Exhibit: FSRM configuration summary
| Path | FSRM object | Mode / setting |
|---|---|---|
D:\Shares\Dept | File screen | Active, blocks *.pst |
D:\Shares\Dept\Legal | File screen exception | Allows *.pst |
FSRM service | Service state | Running |
What is the most likely root cause?
Options:
A. The file screen is configured in passive mode
B. The child exception overrides the parent screen
C. NTFS permissions bypass FSRM screening
D. The FSRM service is not running
Best answer: B
Explanation: FSRM file screens can be applied at a parent folder and inherited by subfolders, but a file screen exception creates an explicit exception for a child path. In this case, the parent folder has an active screen that blocks *.pst, and the FSRM service is running, so the blocking rule is available. The key diagnostic clue is the file screen exception on D:\Shares\Dept\Legal that allows *.pst. That exception explains why the governance rule works generally but not in that folder. To enforce the requirement there, remove or modify the exception, or apply a more appropriate screen at that path.
Topic: Manage Storage and File Services
A company migrated a finance share to a Windows Server 2022 file server that is managed through Azure Arc. Finance users connect over a site-to-site VPN by using \\files.contoso.com\Finance. They can open files but cannot create new files. The goal is to restore write access without broadening access beyond the Finance groups.
Evidence:
| Check | Result |
|---|---|
| Name resolution | files.contoso.com resolves to FS1 |
| TCP 445 | Succeeds from client subnets |
| SMB share ACL | Domain Users: Read, FileAdmins: Full Control |
| NTFS ACL | Finance_RW: Modify, inherited to subfolders |
| User membership | Affected users are in Finance_RW |
Options:
A. Grant Domain Users Full Control on the share.
B. Disable NTFS inheritance on the finance folder.
C. Grant Finance_RW Change on the SMB share.
D. Change the DNS record for files.contoso.com.
Best answer: C
Explanation: SMB access is controlled by the most restrictive combination of share permissions and NTFS permissions. The evidence shows that name resolution and TCP 445 connectivity are working, and the NTFS ACL already grants Finance_RW Modify with inheritance to child folders. The blocking layer is the SMB share ACL because Domain Users has only Read and the write group has no Change permission at the share level.
Adding Finance_RW Change to the share aligns the share ACL with the NTFS design and keeps access group-based. Broad share permissions or per-user NTFS changes are unnecessary and weaken the least-privilege design.
Topic: Manage Storage and File Services
A Windows Server administrator is configuring Storage Replica for block-level replication from SRV1 in SiteA to SRV2 in SiteB. The partnership creation fails after validation.
Validation summary:
| Item | Source SRV1 | Destination SRV2 |
|---|---|---|
| Data volume | 2,048 GB | 2,000 GB |
| Log volume | 32 GB | 32 GB |
| File system | NTFS | NTFS |
| Network test | Passed | Passed |
What is the most likely root cause?
Options:
A. The network path is blocking SMB traffic.
B. The log volumes must match the data volumes.
C. The destination data volume is too small.
D. The data volumes must use ReFS.
Best answer: C
Explanation: Storage Replica performs block-level replication, so the destination data volume must be prepared to receive all replicated blocks from the source. In this scenario, the network test passed, the file system is supported, and the log volumes are present and equal in size. The decisive validation clue is that the destination data volume is 2,000 GB while the source data volume is 2,048 GB. The administrator should expand or recreate the destination data volume so it is at least as large as the source before creating the replication partnership.
The key takeaway is that Storage Replica volume sizing is validated before replication starts; a healthy network cannot compensate for an undersized destination data volume.
Topic: Manage Storage and File Services
A company uses a DFS Namespace with DFS Replication to host departmental shares on Windows Server file servers in three offices. The company wants to modernize the file service by using Azure as the cloud-backed copy, keep local low-latency access in each office, preserve NTFS permissions, and minimize user-facing path changes. Which design is the best fit?
Options:
A. Map all users directly to a single Azure file share
B. Move the data to Azure Blob Storage and replace DFS paths
C. Deploy Azure File Sync and keep DFS Namespace referrals to synced servers
D. Deploy DFS Replication to Azure IaaS file servers
Best answer: C
Explanation: Azure File Sync is the best modernization path when DFS-based file data still needs Windows Server file-service behavior at branch or office locations. You create an Azure file share as the cloud endpoint, install the Azure File Sync agent on the file servers, and add server endpoints for the local share paths. DFS Replication can then be retired for that data set after migration, while DFS Namespace can continue to provide familiar paths and referrals to the local synced servers. This keeps NTFS ACLs and SMB access patterns while adding a cloud-backed authoritative copy and optional cloud tiering. A direct Azure file share can work for some users, but it does not provide the same local cache design for each office.
Topic: Manage Storage and File Services
A Windows Server file server hosts \\FS1\Departments, which contains subfolders for HR, Legal, and Research. Members of ResearchUsers should access only the Research folder and should not see other department names. A test Research user can open Research, sees HR and Legal in the share root, and receives Access Denied when opening them. What is the most likely root cause?
Options:
A. The share lacks Offline Files configuration
B. SMB encryption is disabled on the share
C. Access-based enumeration is not enabled on the share
D. The client is using an unsupported SMB dialect
Best answer: C
Explanation: Access-based enumeration controls whether users can see files and folders for which they do not have access. In this scenario, NTFS permissions are already preventing the Research user from opening HR and Legal, but the folder names are still visible at the share root. That symptom points to enumeration exposure, not failed authorization. Enabling access-based enumeration on the SMB share, together with correct NTFS ACLs on each department folder, supports the intended access while hiding unrelated data from users who lack permissions. SMB encryption and SMB dialect issues affect transport security or connectivity, not selective folder visibility.
Topic: Manage Storage and File Services
A company stores departmental data in an Azure file share. A branch office has a Windows Server 2022 file server that must provide local SMB access to the same namespace, cache only frequently used files locally, and keep at least 15% free space on the data volume. Which configuration should you use?
Options:
A. Use DFS Replication between the file server and the Azure file share.
B. Add a server endpoint without enabling cloud tiering.
C. Add a server endpoint and enable cloud tiering with 15% volume free space.
D. Map the Azure file share directly on each client by using SMB.
Best answer: C
Explanation: Azure File Sync uses a Storage Sync Service, a sync group, a cloud endpoint for the Azure file share, and one or more server endpoints for Windows Server paths. To make a branch file server provide local SMB access while avoiding full local storage consumption, enable cloud tiering on the server endpoint. Cloud tiering keeps the full namespace visible on the server but recalls file content on demand and tiers cold content to Azure Files. The volume free space policy, such as 15%, tells Azure File Sync how much free space to preserve on the local volume. Direct SMB access to Azure Files does not create a local cache, and DFS Replication is not the mechanism for syncing with Azure Files.
Topic: Manage Storage and File Services
A company hosts departmental file shares on an on-premises Windows Server. Remote users on unmanaged networks need secure SMB access from Windows 11 devices without deploying a traditional VPN or exposing TCP 445 to the internet. The server can be upgraded or replaced if needed, and users must keep using existing AD DS-based share and NTFS permissions. Which design best fits these requirements?
Options:
A. Expose SMB over TCP 445 and require SMB encryption.
B. Deploy SMB over QUIC with a trusted TLS certificate and UDP 443 access.
C. Publish the file server through Microsoft Entra Application Proxy.
D. Require a point-to-site VPN before mapping the shares.
Best answer: B
Explanation: SMB over QUIC is the best fit when users need SMB file access over untrusted networks without a traditional VPN. It carries SMB traffic inside a QUIC transport secured with TLS 1.3, typically using UDP 443, and it does not require exposing TCP 445 to the internet. Because the workload remains SMB, existing share permissions, NTFS permissions, and AD DS-based access control can continue to apply. The server must support SMB over QUIC and use a certificate trusted by clients. The key distinction is that SMB over QUIC changes the secure transport path, not the file authorization model.
Topic: Manage Storage and File Services
You are configuring storage for a standalone Windows Server 2022 file server with four identical local SSDs. The workload performs frequent small writes. The storage must tolerate one physical disk failure, keep write latency low, and use Windows Server software-defined resiliency rather than hardware RAID. Which configuration should you use?
Options:
A. A storage pool with a two-way mirror virtual disk
B. Storage Replica between two local volumes
C. A storage pool with a parity virtual disk
D. A storage pool with a simple virtual disk
Best answer: A
Explanation: Storage Spaces provides software-defined storage by grouping physical disks into a storage pool and creating virtual disks with a resiliency type. For a standalone file server that must tolerate one disk failure and support frequent small writes, a two-way mirror is the best fit. It stores copies of data across disks, so the volume can remain available after a single disk fails, and mirror layouts typically provide lower write latency than parity for random-write workloads. Simple spaces do not provide resiliency, while parity is better suited to capacity-efficient, read-heavy or sequential workloads. Storage Replica protects data by replicating volumes between locations or servers; it is not the local disk resiliency mechanism requested here.
Topic: Manage Storage and File Services
A Windows Server file share \\FS1\Departments must allow all employees to browse the share root, but users should see only the department folders they can access. A user in GG-Marketing can see the Payroll folder but receives “Access is denied” when opening it.
Exhibit: Current configuration
| Setting | Value |
|---|---|
| Share permissions | Authenticated Users: Read |
| Folder enumeration mode | Unrestricted |
| Root NTFS permissions | Authenticated Users: List folder |
| Payroll NTFS permissions | GG-Payroll: Modify |
Options:
A. The share permission is too restrictive
B. The root NTFS permission blocks traversal
C. The Payroll NTFS permission is missing inheritance
D. Access-based enumeration is disabled
Best answer: D
Explanation: Access-based enumeration controls whether users can see files and folders in a share when they do not have permission to access those items. In this scenario, the user can browse the share root, so the root list permission is working as intended. The access-denied message on Payroll shows NTFS is correctly preventing access to that folder. The mismatch is visibility: FolderEnumerationMode is set to Unrestricted, so Windows displays the folder even to users without NTFS access. Setting the share to access-based enumeration would hide folders such as Payroll from users outside GG-Payroll.
GG-Payroll access if the explicit folder permission grants the needed access.Use the Microsoft AZ-802 Practice Test page for the full IT Mastery practice bank, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Try Microsoft AZ-802 on Web View Microsoft AZ-802 Practice Test
Read the Microsoft AZ-802 Cheat Sheet for compact concept review before returning to timed practice.