Try 10 focused Microsoft AZ-802 questions on Monitor and Troubleshoot Windows Server, with explanations, then continue with IT Mastery.
Open the matching IT Mastery practice page for timed mocks, topic drills, progress tracking, explanations, and full practice.
Try Microsoft AZ-802 on Web View full Microsoft AZ-802 practice page
| Field | Detail |
|---|---|
| Exam route | Microsoft AZ-802 |
| Topic area | Monitor and Troubleshoot Windows Server |
| Blueprint weight | 9% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Monitor and Troubleshoot Windows Server for Microsoft AZ-802. Work through the 10 questions first, then review the explanations and return to mixed practice in IT Mastery.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 9% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original IT Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Monitor and Troubleshoot Windows Server
Users report that a Windows Server file server is slow when opening shared project files. You capture Performance Monitor counters during the slowdown.
| Counter | Average value |
|---|---|
Processor(_Total)\% Processor Time | 38% |
Memory\Available MBytes | 14,200 |
PhysicalDisk(_Total)\Avg. Disk sec/Read | 0.092 |
PhysicalDisk(_Total)\Avg. Disk Queue Length | 22 |
What is the most likely resource bottleneck?
Options:
A. Sustained disk I/O latency
B. Memory pressure
C. DNS name resolution delays
D. Processor saturation
Best answer: A
Explanation: Performance Monitor bottleneck analysis depends on correlating counters, not reading one counter in isolation. In this scenario, CPU use is moderate and available memory is high, so those resources are not the primary constraint. The disk counters show the strongest pattern: Avg. Disk sec/Read is high and Avg. Disk Queue Length is elevated, which means requests are waiting for storage to service reads. For a file server, that pattern matches users experiencing slow file opens.
The key takeaway is to match the user symptom to the resource counters that show sustained contention during the same time window.
% Processor Time is not persistently high during the reported slowdown.Topic: Monitor and Troubleshoot Windows Server
An organization uses AD DS with Microsoft Entra Connect Sync and password hash synchronization. The sync server is configured to use DC02 as its preferred domain controller. After passwords are changed on DC01, some users can still sign in to Microsoft Entra ID with their old passwords for several hours. You need the best design fit that resolves the root cause with minimal identity topology change.
Exhibit:
Microsoft Entra Connect Sync: last delta sync succeeded
Password hash sync: enabled, no export errors
repadmin /showrepl DC02:
DC01 -> DC02: Last error 1722 (RPC unavailable)
Largest delta: 7 hours
DC01 security log: password change completed
Options:
A. Repair DC01-to-DC02 AD DS replication, then run a delta sync.
B. Replace Microsoft Entra Connect Sync with Microsoft Entra Cloud Sync.
C. Reset the affected users’ passwords directly in Microsoft Entra ID.
D. Enable password writeback in Microsoft Entra Connect Sync.
Best answer: A
Explanation: Password hash synchronization depends on Microsoft Entra Connect Sync reading current password hash data from AD DS. In this scenario, the cloud sync service is not showing export errors, but DC02 has not received changes from DC01 because AD DS replication is failing with RPC error 1722. Since the sync server is configured to use DC02, it can successfully run a delta sync while still reading stale directory data. The most relevant evidence is the repadmin failure and the large replication delta, not the successful Entra Connect delta sync status. Fix the AD DS replication path first, verify replication health, and then run or wait for a delta sync.
Topic: Monitor and Troubleshoot Windows Server
An on-premises Windows Server 2022 server is onboarded to Azure Arc and must send CPU and memory counters to the central Log Analytics workspace LAW-Ops. You must keep using Azure Monitor Agent and avoid legacy agents.
Evidence:
| Check | Result |
|---|---|
| Azure Connected Machine Agent | Connected |
| Azure Monitor Agent extension | Succeeded |
Heartbeat in LAW-Ops | Present |
Perf in LAW-Ops | No records |
| Associated DCR data sources | Windows event logs only |
Which configuration change should you make?
Options:
A. Assign Log Analytics Reader to the server identity
B. Open the VM Insights workbook for the workspace
C. Add performance counters to the associated DCR
D. Install Microsoft Monitoring Agent on the server
Best answer: C
Explanation: Azure Monitor Agent collects monitoring data only as directed by a Data Collection Rule (DCR). In this scenario, the Arc connection is healthy, the Azure Monitor Agent extension succeeded, and Heartbeat records are already arriving in LAW-Ops, which proves basic connectivity and workspace ingestion are functioning. The key evidence is that the associated DCR includes only Windows event logs, so no performance counter stream is configured to populate the Perf table. The appropriate fix is to update or replace the DCR so it includes the required Windows performance counters and sends them to LAW-Ops for the Arc-enabled server. Installing a legacy agent or changing reader permissions does not address the missing collection rule.
Perf data without collection configured.Topic: Monitor and Troubleshoot Windows Server
An organization uses Azure Update Manager to orchestrate patching for Azure Arc-enabled Windows Server 2022 machines. A new isolated on-premises subnet must keep using the corporate WSUS server as the approved update source. Updates fail only on servers in that subnet.
Evidence:
Windows Update policy: http://wsus01.contoso.com:8530
wuauserv: Running
Pending restart: No
Test-NetConnection wsus01.contoso.com -Port 8530: Failed
Internet egress: Blocked
Which remediation is the best design fit?
Options:
A. Allow subnet connectivity to WSUS on port 8530
B. Remove the WSUS Group Policy setting
C. Reinstall the Azure Connected Machine Agent
D. Restart the Windows Update service on each server
Best answer: A
Explanation: Azure Update Manager can orchestrate patching for Arc-enabled servers, but the Windows Update client still obtains updates from the configured update source. In this scenario, policy directs the servers to WSUS, the Windows Update service is running, and no restart is pending. The decisive evidence is failed connectivity to wsus01.contoso.com:8530 while internet egress is blocked. The design should preserve the approved WSUS source and restore the required network path from the isolated subnet to WSUS. Changing orchestration or removing policy does not address the observed source-connectivity failure.
wuauserv is already running and the evidence points to network reachability.Topic: Monitor and Troubleshoot Windows Server
An on-premises Windows Server 2022 server named SRV-ARC01 is onboarded to Azure Arc. You deploy Azure Monitor Agent and expect CPU and memory data in LAW-Prod, but queries for SRV-ARC01 return no performance records. What is the most likely root cause?
Azure Connected Machine Agent: Connected
Azure Monitor Agent extension: Provisioning succeeded
Outbound HTTPS to Azure Monitor: Allowed
DCR-WinPerf destination: LAW-Prod
DCR-WinPerf data sources: CPU, memory counters
DCR-WinPerf associated resources: VM-AZ01
Options:
A. The Azure Monitor Agent extension failed to install.
B. The DCR is not associated with SRV-ARC01.
C. The server cannot reach Azure Monitor endpoints.
D. The workspace is missing performance counter support.
Best answer: B
Explanation: Azure Monitor Agent collects data based on Data Collection Rules (DCRs) that are associated with the monitored resource. In this case, the Arc agent is connected, the Azure Monitor Agent extension succeeded, and outbound HTTPS is allowed, so the evidence does not point to agent installation or connectivity. The DCR also has the expected destination and performance data sources. The missing link is the DCR association: DCR-WinPerf is associated with VM-AZ01, not the Arc-enabled server SRV-ARC01. Associate the DCR with SRV-ARC01 or a scope that includes it, then validate ingestion in the Log Analytics workspace.
Topic: Monitor and Troubleshoot Windows Server
A Windows Server 2022 file server has 35% free space on volume F: today, but the help desk reports that weekly archive jobs are taking longer and generating low-space warnings before cleanup runs. You need a local, predictive analysis based on the server’s historical data. What is the best next diagnostic action?
Options:
A. Create an Azure Monitor metric alert
B. Run System Insights capacity forecasting for F:
C. Enable DFS Replication health reports
D. Run chkdsk to repair F:
Best answer: B
Explanation: System Insights is appropriate when the issue requires predictive analysis from local Windows Server data. Capacity forecasting can analyze historical volume usage and predict future storage exhaustion before the disk is currently full. In this scenario, the server still has free space, but recurring archive activity and low-space warnings suggest a trend problem rather than an immediate file system corruption issue.
The key diagnostic value is forecasting whether F: is likely to cross a capacity threshold soon, so administrators can resize, clean up, or change the archive process before an outage occurs.
Topic: Monitor and Troubleshoot Windows Server
A company runs Windows Server 2022 file servers in branch offices and manages them from a central operations team. The security policy allows Azure Arc inventory but prohibits uploading detailed performance counters to cloud analytics workspaces. Administrators need early warning when local volumes are likely to run out of space based on each server’s own historical data. Which design is the best fit?
Options:
A. Use Microsoft Defender for Cloud recommendations
B. Use Azure Update Manager assessment schedules
C. Use System Insights volume forecasting managed through Windows Admin Center
D. Use Azure Monitor VM Insights with a Log Analytics workspace
Best answer: C
Explanation: System Insights is the best fit when the issue requires predictive analysis that runs locally on Windows Server. Its built-in forecasting capabilities can analyze historical system data, such as volume usage, and predict future capacity conditions on each server. Windows Admin Center or PowerShell can be used to view and manage these capabilities, which fits a centralized administration model while respecting the constraint against sending detailed performance counters to a cloud analytics workspace.
Cloud monitoring can be valuable for centralized observability, but the deciding requirement here is local predictive forecasting from each Windows Server’s own data.
Topic: Monitor and Troubleshoot Windows Server
A Windows Server 2022 Azure VM runs an internal IIS application. Users report intermittent 503 errors during batch uploads. Azure Monitor and VM Insights show the following during each incident:
| Signal | Observation |
|---|---|
| CPU utilization | 28% average, 45% peak |
| Available memory | 9 GB free |
| Data disk latency | 180-240 ms write latency |
| Data disk utilization | 100% of provisioned IOPS |
| Dependency map | SQL connections remain established |
What is the most likely source of the issue?
Options:
A. Network connectivity loss to SQL Server
B. Memory pressure in the IIS worker process
C. CPU saturation on the VM
D. Data disk I/O throttling
Best answer: D
Explanation: The key evidence is the correlation between the user-facing 503 errors and storage metrics: write latency is very high, and the data disk is at 100% of its provisioned IOPS. VM Insights shows CPU and memory are not constrained, and the dependency map does not indicate a broken SQL connection path. For an IIS workload handling batch uploads, slow or throttled writes can delay request processing, exhaust application queues, or cause timeouts that surface as intermittent availability failures. The next investigation would focus on disk performance, disk sizing, caching, workload write patterns, or moving write-heavy data to storage with sufficient IOPS and throughput.
Topic: Monitor and Troubleshoot Windows Server
A Windows Server Azure VM will not start after a key rotation. You review the disk encryption evidence:
| Item | Evidence |
|---|---|
| VM | WS-APP01 |
| Disk protection | CMK with Disk Encryption Set des-prod |
| DES key URL | Key ws-disks, version 2a9 |
Key version 2a9 | Disabled |
| DES identity permissions | get, wrapKey, unwrapKey |
You must restore the VM quickly, keep customer-managed key encryption, and avoid guest OS changes. Which configuration change should you make?
Options:
A. Move the disk to a new Disk Encryption Set.
B. Re-enable key version 2a9 in Key Vault.
C. Grant Key Vault Reader to the VM identity.
D. Enable BitLocker again inside Windows Server.
Best answer: B
Explanation: For Azure managed disks encrypted with a customer-managed key, the disk encryption set must be able to access the exact Key Vault key version referenced by its key URL. The evidence shows the required permissions already exist for the disk encryption set identity, but the referenced key version is disabled. That prevents Azure from unwrapping the disk encryption key during VM startup. The fastest least-change fix is to re-enable the referenced key version. Guest BitLocker settings are a different encryption layer and do not fix a server-side CMK unwrap failure.
Topic: Monitor and Troubleshoot Windows Server
An on-premises Windows Server 2022 server is onboarded to Azure Arc. Installing the Azure Monitor Agent extension from the Azure portal fails, but the server still shows a recent heartbeat.
Exhibit: Diagnostic evidence
azcmagent status: Connected
Last heartbeat: 3 minutes ago
Extension: AzureMonitorWindowsAgent
Provisioning state: Failed
Activity log: RequestDisallowedByPolicy
Message: machines/extensions/write was denied by policy assignment
Policy: Allowed extensions for Azure Arc-enabled servers
Denied value: Microsoft.Azure.Monitor/AzureMonitorWindowsAgent
What is the most likely root cause?
Options:
A. The Arc machine identity failed Microsoft Entra authentication
B. The Azure Connected Machine Agent cannot reach Azure
C. An Azure Policy assignment blocks the extension type
D. The server is missing a required Windows Update setting
Best answer: C
Explanation: For Azure Arc-enabled servers, extension deployment depends on the Azure control plane authorizing the machines/extensions/write operation before the extension can be installed on the machine. The key evidence is RequestDisallowedByPolicy, the named policy assignment, and the denied extension value. The recent heartbeat and azcmagent status: Connected reduce the likelihood of a basic agent connectivity failure. Because the denial occurs at the policy layer, the next step is to review the assigned Azure Policy and either allow the Azure Monitor Agent extension or use an approved extension that meets the policy. Agent repair or OS update troubleshooting would not address a control-plane deny decision.
machines/extensions/write policy denial.Use the Microsoft AZ-802 Practice Test page for the full IT Mastery practice bank, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Try Microsoft AZ-802 on Web View Microsoft AZ-802 Practice Test
Read the Microsoft AZ-802 Cheat Sheet for compact concept review before returning to timed practice.