Microsoft Azure Virtual Desktop (AZ-140) Practice Tests Total Questions: 246 – 4 Mock Exams
Practice Set 1
Time limit: 0
0 of 60 questions completed
Questions:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Information
Click on Start Test.
You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" AZ-140 Practice Test 1 "
0 of 60 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
AZ-140
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Answered
Review
Question 1 of 60
1. Question
HOTSPOT
You have a Windows Virtual Desktop deployment.
Many users have iOS devices that have the Remote Desktop Mobile app installed.
You need to ensure that the users can connect to the feed URL by using email discovery instead of entering the feed URL manually.
How should you configure the _msradc DNS record? To answer, select the appropriate options in the answer area.
Users have the devices shown in the following table.
From which device types can the users connect to Windows Virtual Desktop resources by using the Remote Desktop client app and the Remote Desktop web client? To answer, select the appropriate options in the answer area.
Your company has a main office and two branch offices. Each office connects directly to the internet. The router in each branch office is configured as an endpoint for the following VPNs:
· A VPN connection to the main office
· A site-to-site VPN to Azure
The routers in each branch office have the Quality of Service (QoS) rules shown in the following table.
Users in the branch office report slow responses and connection errors when they attempt to connect to Windows Virtual Desktop resources.
You need to modify the QoS rules on the branch office routers to improve Windows Virtual Desktop performance.
For which rule should you increase the bandwidth allocation?
Correct
Answer: B. Rule3
Windows Virtual Desktop traffic primarily relies on HTTP/HTTPS to communicate with Azure services. Therefore, increasing the bandwidth allocation for Rule 3, which covers HTTP/HTTPS traffic to Azure and Microsoft 365, will directly improve the performance of Windows Virtual Desktop connections.
Here’s a breakdown of why the other options are incorrect:
A. Rule2: This rule is for site-to-site VPN traffic to Azure, which is not directly related to Windows Virtual Desktop connections.
C. Rule4: This rule covers general internet traffic, which is not a significant factor in Windows Virtual Desktop performance.
D. Rule1: This rule is for VPN traffic to the main office, which might be relevant if there’s a dependency on on-premises resources, but it’s not the primary factor affecting Windows Virtual Desktop performance.
By prioritizing HTTP/HTTPS traffic to Azure, you can ensure that Windows Virtual Desktop connections have sufficient bandwidth and avoid congestion, leading to improved performance for users in the branch offices.
Incorrect
Answer: B. Rule3
Windows Virtual Desktop traffic primarily relies on HTTP/HTTPS to communicate with Azure services. Therefore, increasing the bandwidth allocation for Rule 3, which covers HTTP/HTTPS traffic to Azure and Microsoft 365, will directly improve the performance of Windows Virtual Desktop connections.
Here’s a breakdown of why the other options are incorrect:
A. Rule2: This rule is for site-to-site VPN traffic to Azure, which is not directly related to Windows Virtual Desktop connections.
C. Rule4: This rule covers general internet traffic, which is not a significant factor in Windows Virtual Desktop performance.
D. Rule1: This rule is for VPN traffic to the main office, which might be relevant if there’s a dependency on on-premises resources, but it’s not the primary factor affecting Windows Virtual Desktop performance.
By prioritizing HTTP/HTTPS traffic to Azure, you can ensure that Windows Virtual Desktop connections have sufficient bandwidth and avoid congestion, leading to improved performance for users in the branch offices.
Unattempted
Answer: B. Rule3
Windows Virtual Desktop traffic primarily relies on HTTP/HTTPS to communicate with Azure services. Therefore, increasing the bandwidth allocation for Rule 3, which covers HTTP/HTTPS traffic to Azure and Microsoft 365, will directly improve the performance of Windows Virtual Desktop connections.
Here’s a breakdown of why the other options are incorrect:
A. Rule2: This rule is for site-to-site VPN traffic to Azure, which is not directly related to Windows Virtual Desktop connections.
C. Rule4: This rule covers general internet traffic, which is not a significant factor in Windows Virtual Desktop performance.
D. Rule1: This rule is for VPN traffic to the main office, which might be relevant if there’s a dependency on on-premises resources, but it’s not the primary factor affecting Windows Virtual Desktop performance.
By prioritizing HTTP/HTTPS traffic to Azure, you can ensure that Windows Virtual Desktop connections have sufficient bandwidth and avoid congestion, leading to improved performance for users in the branch offices.
Question 8 of 60
8. Question
You plan to deploy Windows Virtual Desktop. The deployment will use existing virtual machines.
You create a Windows Virtual Desktop host pool.
You need to ensure that you can add the virtual machines to the host pool.
What should you do first?
Correct
Correct Option (What Should Be Done First)
Generate a registration key (Option B):
Explanation: This option is correct because generating a registration key is a necessary step before adding existing virtual machines to a host pool in Windows Virtual Desktop (now Azure Virtual Desktop). The registration key is used by the virtual machines to authenticate and register themselves with the host pool. Without this key, the VMs cannot join the host pool.
Incorrect Options (Not Required First Steps)
Register the Microsoft.DesktopVirtualization provider (Option A):
Explanation: While registering the Microsoft.DesktopVirtualization provider may be necessary for enabling certain functionalities in Azure Virtual Desktop, it is not specifically required as the first step in adding existing VMs to a host pool. The registration key must be generated first for VMs to register properly.
Run the Invoke-AzVMRunCommand cmdlet (Option C):
Explanation: This PowerShell cmdlet is used to run commands on Azure VMs but is not a prerequisite for adding VMs to a host pool. It may be used later for tasks such as installing agents or managing VMs, but it is not required as an initial step in the process of adding VMs to a host pool.
Create a role assignment (Option D):
Explanation: Creating role assignments pertains to managing access and permissions within Azure but does not directly relate to the process of adding existing VMs to a Windows Virtual Desktop host pool. This action is not necessary at this stage and therefore is incorrect as an initial step.
Incorrect
Correct Option (What Should Be Done First)
Generate a registration key (Option B):
Explanation: This option is correct because generating a registration key is a necessary step before adding existing virtual machines to a host pool in Windows Virtual Desktop (now Azure Virtual Desktop). The registration key is used by the virtual machines to authenticate and register themselves with the host pool. Without this key, the VMs cannot join the host pool.
Incorrect Options (Not Required First Steps)
Register the Microsoft.DesktopVirtualization provider (Option A):
Explanation: While registering the Microsoft.DesktopVirtualization provider may be necessary for enabling certain functionalities in Azure Virtual Desktop, it is not specifically required as the first step in adding existing VMs to a host pool. The registration key must be generated first for VMs to register properly.
Run the Invoke-AzVMRunCommand cmdlet (Option C):
Explanation: This PowerShell cmdlet is used to run commands on Azure VMs but is not a prerequisite for adding VMs to a host pool. It may be used later for tasks such as installing agents or managing VMs, but it is not required as an initial step in the process of adding VMs to a host pool.
Create a role assignment (Option D):
Explanation: Creating role assignments pertains to managing access and permissions within Azure but does not directly relate to the process of adding existing VMs to a Windows Virtual Desktop host pool. This action is not necessary at this stage and therefore is incorrect as an initial step.
Unattempted
Correct Option (What Should Be Done First)
Generate a registration key (Option B):
Explanation: This option is correct because generating a registration key is a necessary step before adding existing virtual machines to a host pool in Windows Virtual Desktop (now Azure Virtual Desktop). The registration key is used by the virtual machines to authenticate and register themselves with the host pool. Without this key, the VMs cannot join the host pool.
Incorrect Options (Not Required First Steps)
Register the Microsoft.DesktopVirtualization provider (Option A):
Explanation: While registering the Microsoft.DesktopVirtualization provider may be necessary for enabling certain functionalities in Azure Virtual Desktop, it is not specifically required as the first step in adding existing VMs to a host pool. The registration key must be generated first for VMs to register properly.
Run the Invoke-AzVMRunCommand cmdlet (Option C):
Explanation: This PowerShell cmdlet is used to run commands on Azure VMs but is not a prerequisite for adding VMs to a host pool. It may be used later for tasks such as installing agents or managing VMs, but it is not required as an initial step in the process of adding VMs to a host pool.
Create a role assignment (Option D):
Explanation: Creating role assignments pertains to managing access and permissions within Azure but does not directly relate to the process of adding existing VMs to a Windows Virtual Desktop host pool. This action is not necessary at this stage and therefore is incorrect as an initial step.
Question 9 of 60
9. Question
Testlet 1
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.
Contoso has a Remote Desktop infrastructure shown in the following table.
Requirements. Planned Changes
Contoso plans to implement the following changes:
· Implement FSLogix profile containers for the Paris offices.
· Deploy a Windows Virtual Desktop host pool named Pool4.
· Migrate the RDS deployment in the Seattle office to Windows Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
· Host pool type: Pooled
· Max session limit: 7
· Load balancing algorithm: Depth-first
· Images: Windows 10 Enterprise multi-session
· Virtual machine size: Standard D2s v3
· Name prefix: Pool4
· Number of VMs: 5
· Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
· Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
· For the Windows Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
· For the Windows Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
· Enable Operator2 to modify the RDP Properties of the Windows Virtual Desktop deployment in the Montreal office.
· From a server named Server1, convert the user profile clicks to the FSLogix profile containers. Ensure that the Pool1 virtual machines only run during business hours.
· Use the principle of least privilege.
QUESTION
DRAG DROP
You need to evaluate the RDS deployment in the Seattle office. The solution must meet the technical requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have a session host named Host1 that has the disk layout shown in the exhibit. (Click the Exhibit tab.)
You plan to deploy an app that must be installed on D. The app requires 500 GB of disk space.
You need to add a new data disk that will be assigned the drive letter D. The solution must maintain the current performance of Host1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You plan to deploy Windows Virtual Desktop session host virtual machines based on a preconfigured master image. The master image will be stored in a shared image.
You create a virtual machine named Image1 to use as the master image. You install applications and apply configuration changes to Image1.
You need to ensure that the new session host virtual machines created based on Image1 have unique names and security identifiers.
What should you do on Image1 before you add the image to the shared image gallery?
You need to create Azure NetApp Files storage to store FSLogix profile containers.
Which four actions should you perform in sequence after you register the NetApp Resource Provider? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10 Enterprise multi-session.
You need to prevent users from accessing the internet from Windows Virtual Desktop sessions. The session hosts must be allowed to access all the required Microsoft services.
Solution: You configure rules in the network security group (NSG) linked to the subnet of the session hosts. Does that meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10 Enterprise multi-session.
You need to prevent users from accessing the internet from Windows Virtual Desktop sessions. The session hosts must be allowed to access all the required Microsoft services.
Solution: You configure the Address space settings of the virtual network that contains the session hosts. Does that meet the goal?
Correct
Incorrect
Unattempted
Question 19 of 60
19. Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10 Enterprise multi-session.
You need to prevent users from accessing the internet from Windows Virtual Desktop sessions. The session hosts must be allowed to access all the required Microsoft services.
Solution: You modify the IP configuration of each session host. Does that meet the goal?
Correct
Incorrect
Unattempted
Question 20 of 60
20. Question
Testlet 1
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.
Contoso has a Remote Desktop infrastructure shown in the following table.
Requirements. Planned Changes
Contoso plans to implement the following changes:
· Implement FSLogix profile containers for the Paris offices.
· Deploy a Windows Virtual Desktop host pool named Pool4.
· Migrate the RDS deployment in the Seattle office to Windows Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
· Host pool type: Pooled
· Max session limit: 7
· Load balancing algorithm: Depth-first
· Images: Windows 10 Enterprise multi-session
· Virtual machine size: Standard D2s v3
· Name prefix: Pool4
· Number of VMs: 5
· Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
· Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
· For the Windows Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
· For the Windows Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
· Enable Operator2 to modify the RDP Properties of the Windows Virtual Desktop deployment in the Montreal office.
· From a server named Server1, convert the user profile clicks to the FSLogix profile containers. Ensure that the Pool1 virtual machines only run during business hours.
· Use the principle of least privilege.
QUESTION
HOTSPOT
You are planning the deployment of Pool4.
What will be the maximum number of users that can connect to Pool4, and how many session hosts are needed to support five concurrent user sessions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct
Incorrect
Unattempted
Question 21 of 60
21. Question
You have a Windows Virtual Desktop host pool named Pool1 and an Azure Storage account named Storage1. Storage1 stores FSLogix profile containers in a share folder named share1.
You create a new group named Group1. You provide Group1 with permission to sign in to Pool1.
You need to ensure that the members of Group1 can store the FSLogix profile containers in share1. The solution must use the principle of least privilege.
Which two privileges should you assign to Group1? Each correct answer presents part of the solution.
Your company has the offices shown in the following table.
The company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
Users connect to a Windows Virtual Desktop deployment named WVD1. WVD1 contains session hosts that have public IP addresses from the 52.166.253.0/24 subnet.
Contoso.com has a conditional access policy that has the following settings:
· Name: Policy1
· Assignments:
-Users and groups: User1
-Cloud apps or actions: Windows Virtual Desktop
· Access controls:
-Grant: Grant access, Require multi-factor authentication
· Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1. Solution: From an Azure AD DS-joined computer, you modify the AADDC Users GPO settings.
Does that meet the goal?
Correct
Incorrect
Unattempted
Question 26 of 60
26. Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory
Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From an Azure AD DS-joined computer, you modify the AADDC Computers GPO settings.
Does that meet the goal?
Correct
Incorrect
Unattempted
Question 27 of 60
27. Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1. Solution: From the Azure portal, you modify the Session behavior settings in the RDP Properties of Pool1. Does that meet the goal?
Correct
Incorrect
Unattempted
Question 28 of 60
28. Question
Testlet 1
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.
Contoso has a Remote Desktop infrastructure shown in the following table.
Requirements. Planned Changes
Contoso plans to implement the following changes:
· Implement FSLogix profile containers for the Paris offices.
· Deploy a Windows Virtual Desktop host pool named Pool4.
· Migrate the RDS deployment in the Seattle office to Windows Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
· Host pool type: Pooled
· Max session limit: 7
· Load balancing algorithm: Depth-first
· Images: Windows 10 Enterprise multi-session
· Virtual machine size: Standard D2s v3
· Name prefix: Pool4
· Number of VMs: 5
· Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
· Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
· For the Windows Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
· For the Windows Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
· Enable Operator2 to modify the RDP Properties of the Windows Virtual Desktop deployment in the Montreal office.
· From a server named Server1, convert the user profile clicks to the FSLogix profile containers. Ensure that the Pool1 virtual machines only run during business hours.
· Use the principle of least privilege.
QUESTION
Which role should you assign to Operator2 to meet the technical requirements?
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises Active Directory domain.
Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.
Requirements. Planned Changes
Litware plans to implement the following changes:
· Deploy Windows Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
· Implement FSLogix profile containers.
· Optimize the custom virtual machine images for the Windows Virtual Desktop session hosts.
· Use PowerShell to automate the addition of virtual machines to the Windows Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
· Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
· Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
· Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.
Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
· Enforce Azure MFA when accessing Windows Virtual Desktop apps.
· Force users to reauthenticate if their Windows Virtual Desktop session lasts more than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
· Explicitly allow traffic between the Windows Virtual Desktop session hosts and Microsoft 365.
· Explicitly allow traffic between the Windows Virtual Desktop session hosts and the Windows Virtual Desktop infrastructure.
· Use built-in groups for delegation.
· Delegate the management of app groups to CloudAdmin1, including the ability to publish app groups to users and user groups.
· Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
· Minimize administrative effort to manage network security.
· Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
· Use PowerShell to generate the token used to add the virtual machines as session hosts to a Windows Virtual Desktop host pool.
· Minimize how long it takes to provision the Windows Virtual Desktop session hosts based on the custom virtual machine images.
· Whenever possible, preinstall agents and apps in the custom virtual machine images.
QUESTION
You need to recommend an authentication solution that meets the performance requirements.
Which two actions should you include in the recommendation? Each correct answer presents part of the solution.
Which two roles should you assign to Admin1 to meet the security requirements? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct
The two roles that should be assigned to Admin1 to meet the security requirements are:
A. Desktop Virtualization Host Pool ContributorC. Desktop Virtualization Workspace Contributor
These roles provide Admin1 with the necessary permissions to manage host pools and workspaces, while limiting their access to other sensitive areas like application groups. This balanced approach ensures that Admin1 can perform their tasks effectively without compromising security.
The two roles that should be assigned to Admin1 to meet the security requirements are:
A. Desktop Virtualization Host Pool ContributorC. Desktop Virtualization Workspace Contributor
These roles provide Admin1 with the necessary permissions to manage host pools and workspaces, while limiting their access to other sensitive areas like application groups. This balanced approach ensures that Admin1 can perform their tasks effectively without compromising security.
The two roles that should be assigned to Admin1 to meet the security requirements are:
A. Desktop Virtualization Host Pool ContributorC. Desktop Virtualization Workspace Contributor
These roles provide Admin1 with the necessary permissions to manage host pools and workspaces, while limiting their access to other sensitive areas like application groups. This balanced approach ensures that Admin1 can perform their tasks effectively without compromising security.
You need AppVersion1 to appear in the Remote Desktop client as Sales Contact Application.
Which PowerShell cmdlet should you use?
Correct
The correct answer is: D. Update-AzWvdApplication
To change the display name of a RemoteApp in a WVD host pool, you should use the Update-AzWvdApplication cmdlet. This cmdlet allows you to modify various properties of a RemoteApp, including its friendly name, which is the name displayed to users in the Remote Desktop client.
Replace the placeholders with the appropriate values for your WVD environment.
By using this cmdlet, you can customize the display name of AppVersion1 to “Sales Contact Application,” ensuring a more user-friendly experience for your end users.
To change the display name of a RemoteApp in a WVD host pool, you should use the Update-AzWvdApplication cmdlet. This cmdlet allows you to modify various properties of a RemoteApp, including its friendly name, which is the name displayed to users in the Remote Desktop client.
Replace the placeholders with the appropriate values for your WVD environment.
By using this cmdlet, you can customize the display name of AppVersion1 to “Sales Contact Application,” ensuring a more user-friendly experience for your end users.
To change the display name of a RemoteApp in a WVD host pool, you should use the Update-AzWvdApplication cmdlet. This cmdlet allows you to modify various properties of a RemoteApp, including its friendly name, which is the name displayed to users in the Remote Desktop client.
Replace the placeholders with the appropriate values for your WVD environment.
By using this cmdlet, you can customize the display name of AppVersion1 to “Sales Contact Application,” ensuring a more user-friendly experience for your end users.
You network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (AzureAD) tenant. The domain contains the users shown in the following table.
You have a Windows Virtual Desktop deployment that contains the application groups shown in the following table.
You have the workspaces shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Your network contains an on-premises Active Directory domain and a Windows Virtual Desktop deployment. The computer accounts for all the session hosts are in an organizational unit (OU) named WVDHostsOU. All user accounts are in an OU named CorpUsers.
A domain administrator creates a Group Policy Object (GPO) named Policy1 that only contains user settings. The administrator links Policy1 to WVDHostsOU.
You discover that when users sign in to the session hosts, none of the settings from Policy1 are applied.
What should you configure to apply GPO settings to the users when they sign in to the session hosts?
You need to provide external users with access to the deployment. The external users have computers that run Windows 10 Pro and Windows 10 Enterprise. The users do not have the ability to install applications.
What should you recommend that the users use to connect to the deployment?
You deploy multiple Windows Virtual Desktop session hosts that have only private IP addresses.
You need to ensure that administrators can initiate an RDP session to the session hosts by using the Azure portal.
What should you implement?
Correct
C. Azure Bastion
Here’s why:
Azure Bastion provides a secure, web-based RDP and SSH access to virtual machines within an Azure virtual network. It acts as a jump box, allowing you to connect to the private IP addresses of your Windows Virtual Desktop session hosts directly from the Azure portal.
RD Connection Broker is not directly involved in providing RDP access to individual session hosts. Its primary function is to manage the assignment of users to session hosts.
Azure Application Gateway is a load balancer that can distribute traffic across multiple web applications. It’s not designed for providing RDP access to individual virtual machines.
RD Session Host is a role that runs on a virtual machine and provides the actual RDP sessions. However, it doesn’t provide a mechanism for accessing the session host directly from the Azure portal.
By implementing Azure Bastion, you can securely access your Windows Virtual Desktop session hosts with private IP addresses without exposing them to the public internet.
Incorrect
C. Azure Bastion
Here’s why:
Azure Bastion provides a secure, web-based RDP and SSH access to virtual machines within an Azure virtual network. It acts as a jump box, allowing you to connect to the private IP addresses of your Windows Virtual Desktop session hosts directly from the Azure portal.
RD Connection Broker is not directly involved in providing RDP access to individual session hosts. Its primary function is to manage the assignment of users to session hosts.
Azure Application Gateway is a load balancer that can distribute traffic across multiple web applications. It’s not designed for providing RDP access to individual virtual machines.
RD Session Host is a role that runs on a virtual machine and provides the actual RDP sessions. However, it doesn’t provide a mechanism for accessing the session host directly from the Azure portal.
By implementing Azure Bastion, you can securely access your Windows Virtual Desktop session hosts with private IP addresses without exposing them to the public internet.
Unattempted
C. Azure Bastion
Here’s why:
Azure Bastion provides a secure, web-based RDP and SSH access to virtual machines within an Azure virtual network. It acts as a jump box, allowing you to connect to the private IP addresses of your Windows Virtual Desktop session hosts directly from the Azure portal.
RD Connection Broker is not directly involved in providing RDP access to individual session hosts. Its primary function is to manage the assignment of users to session hosts.
Azure Application Gateway is a load balancer that can distribute traffic across multiple web applications. It’s not designed for providing RDP access to individual virtual machines.
RD Session Host is a role that runs on a virtual machine and provides the actual RDP sessions. However, it doesn’t provide a mechanism for accessing the session host directly from the Azure portal.
By implementing Azure Bastion, you can securely access your Windows Virtual Desktop session hosts with private IP addresses without exposing them to the public internet.
Question 41 of 60
41. Question
Testlet 1
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.
Contoso has a Remote Desktop infrastructure shown in the following table.
Requirements. Planned Changes
Contoso plans to implement the following changes:
· Implement FSLogix profile containers for the Paris offices.
· Deploy a Windows Virtual Desktop host pool named Pool4.
· Migrate the RDS deployment in the Seattle office to Windows Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
· Host pool type: Pooled
· Max session limit: 7
· Load balancing algorithm: Depth-first
· Images: Windows 10 Enterprise multi-session
· Virtual machine size: Standard D2s v3
· Name prefix: Pool4
· Number of VMs: 5
· Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
· Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
· For the Windows Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
· For the Windows Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
· Enable Operator2 to modify the RDP Properties of the Windows Virtual Desktop deployment in the Montreal office.
· From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
· Ensure that the Pool1 virtual machines only run during business hours.
· Use the principle of least privilege.
QUESTION:
You need to configure the device redirection settings. The solution must meet the technical requirements.
Where should you configure the settings?
Correct
Incorrect
Unattempted
Question 42 of 60
42. Question
Testlet 2
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises Active Directory domain.
Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.
Requirements. Planned Changes
Litware plans to implement the following changes:
· Deploy Windows Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
· Implement FSLogix profile containers.
· Optimize the custom virtual machine images for the Windows Virtual Desktop session hosts.
· Use PowerShell to automate the addition of virtual machines to the Windows Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
· Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
· Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
· Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.
Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
· Enforce Azure MFA when accessing Windows Virtual Desktop apps.
· Force users to reauthenticate if their Windows Virtual Desktop session lasts more than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
· Explicitly allow traffic between the Windows Virtual Desktop session hosts and Microsoft 365.
· Explicitly allow traffic between the Windows Virtual Desktop session hosts and the Windows Virtual Desktop infrastructure.
· Use built-in groups for delegation.
· Delegate the management of app groups to CloudAdmin1, including the ability to publish app groups to users and user groups.
· Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
· Minimize administrative effort to manage network security.
· Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
· Use PowerShell to generate the token used to add the virtual machines as session hosts to a Windows Virtual Desktop host pool.
· Minimize how long it takes to provision the Windows Virtual Desktop session hosts based on the custom virtual machine images.
· Whenever possible, preinstall agents and apps in the custom virtual machine images.
QUESTION
You need to configure the user settings of Admin1 to meet the user profile requirements.
You have a Windows Virtual Desktop host pool that runs Windows 10 Enterprise multi-session. You need to configure automatic scaling of the host pool to meet the following requirements:
· Distribute new user sessions across all running session hosts.
· Automatically start a new session host when concurrent user sessions exceed 30 users per host.
What should you include in the solution?
Correct
To achieve the desired automatic scaling and session distribution in a Windows Virtual Desktop (WVD) host pool running Windows 10 Enterprise multi-session, you should use:
An Azure Automation account and the depth-first load balancing algorithm.
Here’s why:
Azure Automation: This service allows you to create and run automation runbooks to automate various tasks, including scaling WVD host pools.
Depth-First Load Balancing: This algorithm ensures that new user sessions are distributed across all available session hosts in the pool, maximizing resource utilization and preventing overloading of individual hosts.
By combining these two elements, you can:
Monitor the number of concurrent user sessions per host: Use Azure Automation runbooks to periodically check the session count on each host.
Trigger scaling actions: When the threshold of 30 concurrent users per host is exceeded, the runbook can trigger the creation of new session hosts.
Distribute new sessions: The depth-first load balancing algorithm ensures that new user sessions are assigned to the least loaded host, optimizing resource utilization.
This approach provides a flexible and scalable solution for managing your WVD host pool and ensuring optimal user experience.
Incorrect
To achieve the desired automatic scaling and session distribution in a Windows Virtual Desktop (WVD) host pool running Windows 10 Enterprise multi-session, you should use:
An Azure Automation account and the depth-first load balancing algorithm.
Here’s why:
Azure Automation: This service allows you to create and run automation runbooks to automate various tasks, including scaling WVD host pools.
Depth-First Load Balancing: This algorithm ensures that new user sessions are distributed across all available session hosts in the pool, maximizing resource utilization and preventing overloading of individual hosts.
By combining these two elements, you can:
Monitor the number of concurrent user sessions per host: Use Azure Automation runbooks to periodically check the session count on each host.
Trigger scaling actions: When the threshold of 30 concurrent users per host is exceeded, the runbook can trigger the creation of new session hosts.
Distribute new sessions: The depth-first load balancing algorithm ensures that new user sessions are assigned to the least loaded host, optimizing resource utilization.
This approach provides a flexible and scalable solution for managing your WVD host pool and ensuring optimal user experience.
Unattempted
To achieve the desired automatic scaling and session distribution in a Windows Virtual Desktop (WVD) host pool running Windows 10 Enterprise multi-session, you should use:
An Azure Automation account and the depth-first load balancing algorithm.
Here’s why:
Azure Automation: This service allows you to create and run automation runbooks to automate various tasks, including scaling WVD host pools.
Depth-First Load Balancing: This algorithm ensures that new user sessions are distributed across all available session hosts in the pool, maximizing resource utilization and preventing overloading of individual hosts.
By combining these two elements, you can:
Monitor the number of concurrent user sessions per host: Use Azure Automation runbooks to periodically check the session count on each host.
Trigger scaling actions: When the threshold of 30 concurrent users per host is exceeded, the runbook can trigger the creation of new session hosts.
Distribute new sessions: The depth-first load balancing algorithm ensures that new user sessions are assigned to the least loaded host, optimizing resource utilization.
This approach provides a flexible and scalable solution for managing your WVD host pool and ensuring optimal user experience.
Question 44 of 60
44. Question
You have a Windows Virtual Desktop host pool named Pool1 and an Azure Automation account named account1. Pool1 is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain named contoso.com.
You plan to configure scaling for Pool1 by using Azure Automation runbooks.
You need to authorize the runbooks to manage the scaling of Pool1. The solution must minimize administrative effort.
What should you configure?
Correct
The best option to authorize the runbooks with minimal administrative effort is:
A. a managed identity in Azure Active Directory (Azure AD)
Here’s why:
Managed Identity: This is the recommended approach for authorizing Azure Automation runbooks in modern cloud deployments. It removes the need to manage separate credentials and simplifies access control.
Minimal Administrative Effort: With managed identity, Azure automatically manages the credentials for the runbooks, eliminating the need for manual configuration or credential rotation.
Security: Managed identities provide secure access to Azure resources without requiring users to store secrets in the runbooks.
Why the other options are not ideal:
B. Group Managed Service Account (gMSA) in Azure AD DS: While gMSA can be used for authentication, it’s not the most suitable option in an Azure environment. gMSAs are typically used on-premises with Active Directory domain controllers.
C. Connections shared resource in Azure Automation: This doesn’t provide the necessary authorization for runbooks to manage resources. It’s used for storing and sharing connection information between runbooks.
D. Run As account: This option is deprecated by Microsoft as of September 30, 2023. It’s recommended to migrate existing runbooks to use managed identities for improved security and manageability.
Therefore, configuring a managed identity in Azure AD is the most secure and efficient way to authorize Azure Automation runbooks for scaling your WVD host pool while minimizing administrative overhead.
The best option to authorize the runbooks with minimal administrative effort is:
A. a managed identity in Azure Active Directory (Azure AD)
Here’s why:
Managed Identity: This is the recommended approach for authorizing Azure Automation runbooks in modern cloud deployments. It removes the need to manage separate credentials and simplifies access control.
Minimal Administrative Effort: With managed identity, Azure automatically manages the credentials for the runbooks, eliminating the need for manual configuration or credential rotation.
Security: Managed identities provide secure access to Azure resources without requiring users to store secrets in the runbooks.
Why the other options are not ideal:
B. Group Managed Service Account (gMSA) in Azure AD DS: While gMSA can be used for authentication, it’s not the most suitable option in an Azure environment. gMSAs are typically used on-premises with Active Directory domain controllers.
C. Connections shared resource in Azure Automation: This doesn’t provide the necessary authorization for runbooks to manage resources. It’s used for storing and sharing connection information between runbooks.
D. Run As account: This option is deprecated by Microsoft as of September 30, 2023. It’s recommended to migrate existing runbooks to use managed identities for improved security and manageability.
Therefore, configuring a managed identity in Azure AD is the most secure and efficient way to authorize Azure Automation runbooks for scaling your WVD host pool while minimizing administrative overhead.
The best option to authorize the runbooks with minimal administrative effort is:
A. a managed identity in Azure Active Directory (Azure AD)
Here’s why:
Managed Identity: This is the recommended approach for authorizing Azure Automation runbooks in modern cloud deployments. It removes the need to manage separate credentials and simplifies access control.
Minimal Administrative Effort: With managed identity, Azure automatically manages the credentials for the runbooks, eliminating the need for manual configuration or credential rotation.
Security: Managed identities provide secure access to Azure resources without requiring users to store secrets in the runbooks.
Why the other options are not ideal:
B. Group Managed Service Account (gMSA) in Azure AD DS: While gMSA can be used for authentication, it’s not the most suitable option in an Azure environment. gMSAs are typically used on-premises with Active Directory domain controllers.
C. Connections shared resource in Azure Automation: This doesn’t provide the necessary authorization for runbooks to manage resources. It’s used for storing and sharing connection information between runbooks.
D. Run As account: This option is deprecated by Microsoft as of September 30, 2023. It’s recommended to migrate existing runbooks to use managed identities for improved security and manageability.
Therefore, configuring a managed identity in Azure AD is the most secure and efficient way to authorize Azure Automation runbooks for scaling your WVD host pool while minimizing administrative overhead.
You have a Windows Virtual Desktop host pool named Pool1. Pool1 contains session hosts that use FSLogix profile containers hosted in Azure NetApp Files volumes.
You need to back up profile files by using snapshots.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.
Contoso has a Remote Desktop infrastructure shown in the following table.
Requirements. Planned Changes
Contoso plans to implement the following changes:
· Implement FSLogix profile containers for the Paris offices.
· Deploy a Windows Virtual Desktop host pool named Pool4.
· Migrate the RDS deployment in the Seattle office to Windows Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
· Host pool type: Pooled
· Max session limit: 7
· Load balancing algorithm: Depth-first
· Images: Windows 10 Enterprise multi-session
· Virtual machine size: Standard D2s v3
· Name prefix: Pool4
· Number of VMs: 5
· Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
· Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
· For the Windows Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
· For the Windows Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
· Enable Operator2 to modify the RDP Properties of the Windows Virtual Desktop deployment in the Montreal office.
· From a server named Server1, convert the user profile clicks to the FSLogix profile containers. Ensure that the Pool1 virtual machines only run during business hours.
· Use the principle of least privilege.
QUESTION
You need to configure the virtual machines that have the Pool1 prefix. The solution must meet the technical requirements.
A company has created a personal host pool with Windows 7 VM’s to support a legacy application. FSLogix was not used for the deployment and you are tasked to come up with a disaster recovery solution. Cost is a consideration but not at the expense of a delay in business continuity. What is the best option?
Correct
Azure Site Recovery is necessary because the VM’s hold the user profile data. Site Recovery also provides the fastest option for the business continuity requirement. https://docs.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery
Incorrect
Azure Site Recovery is necessary because the VM’s hold the user profile data. Site Recovery also provides the fastest option for the business continuity requirement. https://docs.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery
Unattempted
Azure Site Recovery is necessary because the VM’s hold the user profile data. Site Recovery also provides the fastest option for the business continuity requirement. https://docs.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery
Question 50 of 60
50. Question
You add a new image to a Shared Image Gallery definition. This image is used for a large-scale WVD deployment with 100 Session Hosts. During deployment, the new session host process is slow and it times out. What step should you to take to resolve the issue?
Correct
Increase the replica count to 5 in the deployment region.
This is the most effective solution to address the slow deployment issue. By increasing the replica count, Azure can distribute the load of creating new session hosts across multiple replicas, significantly speeding up the deployment process.
Here’s why the other options are less effective:
Replicating the image to 5 or 10 different regions: While this can improve overall availability and disaster recovery, it doesn’t directly address the slow deployment issue.
Increasing the replica count to 10 in the deployment region: This can further improve deployment speed, but it might not be necessary if increasing the replica count to 5 is sufficient.
By increasing the replica count, you’re essentially creating more copies of the image in the deployment region, which allows Azure to provision new session hosts faster and more efficiently.
Increase the replica count to 5 in the deployment region.
This is the most effective solution to address the slow deployment issue. By increasing the replica count, Azure can distribute the load of creating new session hosts across multiple replicas, significantly speeding up the deployment process.
Here’s why the other options are less effective:
Replicating the image to 5 or 10 different regions: While this can improve overall availability and disaster recovery, it doesn’t directly address the slow deployment issue.
Increasing the replica count to 10 in the deployment region: This can further improve deployment speed, but it might not be necessary if increasing the replica count to 5 is sufficient.
By increasing the replica count, you’re essentially creating more copies of the image in the deployment region, which allows Azure to provision new session hosts faster and more efficiently.
Increase the replica count to 5 in the deployment region.
This is the most effective solution to address the slow deployment issue. By increasing the replica count, Azure can distribute the load of creating new session hosts across multiple replicas, significantly speeding up the deployment process.
Here’s why the other options are less effective:
Replicating the image to 5 or 10 different regions: While this can improve overall availability and disaster recovery, it doesn’t directly address the slow deployment issue.
Increasing the replica count to 10 in the deployment region: This can further improve deployment speed, but it might not be necessary if increasing the replica count to 5 is sufficient.
By increasing the replica count, you’re essentially creating more copies of the image in the deployment region, which allows Azure to provision new session hosts faster and more efficiently.
The WVD auto scale solution will dynamically add and remove session hosts from the host pool based on the number of users per CPU core or the time of day.
Correct
The Microsoft auto scale solution will dynamically start or stop existing session hosts, but will not add or remove session hosts from the host pool. https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script
Incorrect
The Microsoft auto scale solution will dynamically start or stop existing session hosts, but will not add or remove session hosts from the host pool. https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script
Unattempted
The Microsoft auto scale solution will dynamically start or stop existing session hosts, but will not add or remove session hosts from the host pool. https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script
Question 52 of 60
52. Question
You are asked to update a published remote applications friendly name. What command(s) do you run?
Correct
Use the Get-AzWvdApplication command with the -FriendlyName option to update a published remote applications friendly name https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-feed-for-virtual-desktop-users
Incorrect
Use the Get-AzWvdApplication command with the -FriendlyName option to update a published remote applications friendly name https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-feed-for-virtual-desktop-users
Unattempted
Use the Get-AzWvdApplication command with the -FriendlyName option to update a published remote applications friendly name https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-feed-for-virtual-desktop-users
Question 53 of 60
53. Question
Where can you go to identify common issues and verify WVD is following best practices?
Correct
Azure advisor can identify common issues and provide guidance on the use of best practices. https://docs.microsoft.com/en-us/azure/virtual-desktop/azure-advisor
Incorrect
Azure advisor can identify common issues and provide guidance on the use of best practices. https://docs.microsoft.com/en-us/azure/virtual-desktop/azure-advisor
Unattempted
Azure advisor can identify common issues and provide guidance on the use of best practices. https://docs.microsoft.com/en-us/azure/virtual-desktop/azure-advisor
Question 54 of 60
54. Question
You are planning for a WVD deployment. The organization has two offices, one in the USA and one in Europe. You need to identify the regions to deploy WVD in order to provide the best user experience. What steps should you take?
Correct
The correct option is to use the Windows Virtual Desktop Experience Estimator from each of the offices to find the region with the lowest Round Trip Time (RTT). A ping will not get the RTT for Windows Virtual Desktop. https://azure.microsoft.com/en-us/services/virtual-desktop/assessment/
Incorrect
The correct option is to use the Windows Virtual Desktop Experience Estimator from each of the offices to find the region with the lowest Round Trip Time (RTT). A ping will not get the RTT for Windows Virtual Desktop. https://azure.microsoft.com/en-us/services/virtual-desktop/assessment/
Unattempted
The correct option is to use the Windows Virtual Desktop Experience Estimator from each of the offices to find the region with the lowest Round Trip Time (RTT). A ping will not get the RTT for Windows Virtual Desktop. https://azure.microsoft.com/en-us/services/virtual-desktop/assessment/
Question 55 of 60
55. Question
You attempt to create a new host pool but it ends in ‘joindomain’ provisioning error. What step should you take in troubleshooting the issue?
Correct
To troubleshoot a join domain error, deploy a Windows VM on the same subnet as the WVD Session Hosts and join the computer to the domain using the same credentials used for the deployment. This removes WVD from troubleshooting and addresses the two most common causes of this error: connectivity issues to the domain controller and credential problems. https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-vm-configuration#vms-are-not-joined-to-the-domain
Incorrect
To troubleshoot a join domain error, deploy a Windows VM on the same subnet as the WVD Session Hosts and join the computer to the domain using the same credentials used for the deployment. This removes WVD from troubleshooting and addresses the two most common causes of this error: connectivity issues to the domain controller and credential problems. https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-vm-configuration#vms-are-not-joined-to-the-domain
Unattempted
To troubleshoot a join domain error, deploy a Windows VM on the same subnet as the WVD Session Hosts and join the computer to the domain using the same credentials used for the deployment. This removes WVD from troubleshooting and addresses the two most common causes of this error: connectivity issues to the domain controller and credential problems. https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-vm-configuration#vms-are-not-joined-to-the-domain
Question 56 of 60
56. Question
An administrator needs the minimal access required to perform maintenance on Session Hosts including removing them from the pool and changing drain mode. What role is required for the administrator?
Correct
The role required for the administrator to perform maintenance on Session Hosts, including removing them from the pool and changing drain mode, is Session Host Operator.
This role provides the necessary permissions to manage session hosts within a host pool without granting broader access to other resources.
The role required for the administrator to perform maintenance on Session Hosts, including removing them from the pool and changing drain mode, is Session Host Operator.
This role provides the necessary permissions to manage session hosts within a host pool without granting broader access to other resources.
The role required for the administrator to perform maintenance on Session Hosts, including removing them from the pool and changing drain mode, is Session Host Operator.
This role provides the necessary permissions to manage session hosts within a host pool without granting broader access to other resources.
You have a small pilot group of WVD using FSLogix. The organization cut expenses for the pilot by using Transactional Optimized storage for the Azure file share. Users notice that applications seem slow and sometimes error out. What step should you take to address the issue?
Correct
The maximum IOPS for a Transaction File share is 1000, enabling large file shares will increase that amount to 10,000 IOPS. This change can be made without impacting the environment. It is not possible to update a storage account to Premium or NetApp Files. Moving the profiles to a Premium storage account should only be done if the pilot moves to production. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-scale-targets#azure-file-share-scale-targets
Incorrect
The maximum IOPS for a Transaction File share is 1000, enabling large file shares will increase that amount to 10,000 IOPS. This change can be made without impacting the environment. It is not possible to update a storage account to Premium or NetApp Files. Moving the profiles to a Premium storage account should only be done if the pilot moves to production. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-scale-targets#azure-file-share-scale-targets
Unattempted
The maximum IOPS for a Transaction File share is 1000, enabling large file shares will increase that amount to 10,000 IOPS. This change can be made without impacting the environment. It is not possible to update a storage account to Premium or NetApp Files. Moving the profiles to a Premium storage account should only be done if the pilot moves to production. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-scale-targets#azure-file-share-scale-targets
Question 58 of 60
58. Question
What option will assign the largest number of users on the smallest number of session hosts?
Correct
WVD depth-first load balancing consolidates new connections to the session host with the most number of users until the max session limit is reached. Load balancing options are only available with pooled host pools. https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-load-balancing
Incorrect
WVD depth-first load balancing consolidates new connections to the session host with the most number of users until the max session limit is reached. Load balancing options are only available with pooled host pools. https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-load-balancing
Unattempted
WVD depth-first load balancing consolidates new connections to the session host with the most number of users until the max session limit is reached. Load balancing options are only available with pooled host pools. https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-load-balancing
Question 59 of 60
59. Question
What two options are recommended for FSLogix profile storage?
Correct
All options will work, but NetApp Files and Azure Files Premium are recommended for production workloads due to the high IOPS requirement and low management overhead. https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile
Incorrect
All options will work, but NetApp Files and Azure Files Premium are recommended for production workloads due to the high IOPS requirement and low management overhead. https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile
Unattempted
All options will work, but NetApp Files and Azure Files Premium are recommended for production workloads due to the high IOPS requirement and low management overhead. https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile
Question 60 of 60
60. Question
Select two requirements for deploying a WVD host pool
Correct
The two requirements for deploying a WVD host pool are:
Azure Subnet: A WVD host pool requires an Azure subnet to deploy the virtual machines that will host the user sessions.
Active Directory Domain Service: An Active Directory Domain Service is necessary to authenticate and authorize users accessing the WVD host pool.
A custom image and Workspace are optional components, depending on the specific configuration and customization needs of the WVD environment.