Exams > Microsoft > AZ-140: Configuring and Operating Windows Virtual Desktop on Microsoft Azure
AZ-140: Configuring and Operating Windows Virtual Desktop on Microsoft Azure
Page 4 out of 17 pages Questions 31-40 out of 166 questions
Question#31

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From the Azure portal, you modify the Session behavior settings in the RDP Properties of Pool1.
Does this meet the goal?

  • A. Yes
  • B. No
Discover Answer Hide Answer

B

Question#32

You have an Azure Virtual Desktop deployment.
You have a RemoteApp named App1.
You discover that from the Save As dialog box of App1, users can run executable applications other than App1 on the session hosts.
You need to ensure that the users can run only published applications on the session hosts.
What should you do?

  • A. Configure a conditional access policy in Azure Active Directory (Azure AD).
  • B. Modify the Access control (IAM) settings of the host pool.
  • C. Modify the RDP Properties of the host pool.
  • D. Configure an AppLocker policy on the session hosts.
Discover Answer Hide Answer

D
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/security-guide

Question#33

HOTSPOT -
You have an Azure Virtual Desktop Deployment that contains a workspace named Workspace1 and a user named User1. Workspace1 contains a Desktop application group named Pool1Desktop.
At 09:00, you create a conditional access policy that has the following settings:
✑ Assignments:
- Users and groups: User1
- Cloud apps or actions: Azure Virtual Desktop
- Conditions: 0 conditions selected
✑ Access controls
- Grant: Grant access, Require multi-factor authentication
- Sessions: Sign-in frequency 1 hour
User1 performs the actions shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer


Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa

Question#34

You deploy an Azure Virtual Desktop session host pool that includes ten virtual machines.
You need to provide a group of pilot users access to the virtual machines in the pool.
What should you do?

  • A. Create a role definition.
  • B. Add the users to a Remote Desktop Users group on the virtual machines.
  • C. Add the users to the local Administrators group on the virtual machines.
  • D. Create a role assignment.
Discover Answer Hide Answer

D
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/delegated-access-virtual-desktop

Question#35

You have an Azure Active Directory Domain Services (Azure AD DS) managed domain named contoso.com.
You create an Azure Virtual Desktop host pool named Pool1. You assign the Virtual Machine Contributor role for the Azure subscription to a user named Admin1.
You need to ensure that Admin1 can add session hosts to Pool1. The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Assign Admin1 the Desktop Virtualization Host Pool Contributor role for Pool1
  • B. Assign Admin1 the Desktop Virtualization Session Host Operator role for Pool1
  • C. Add Admin1 to the AAD DC Administrators group
  • D. Assign a Microsoft 365 Enterprise E3 license to Admin1
  • E. Generate a registration token
Discover Answer Hide Answer

BE
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac

Question#36

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From the Azure portal, you modify the Advanced settings in the RDP Properties of Pool1.
Does this meet the goal?

  • A. Yes
  • B. No
Discover Answer Hide Answer

B

Question#37

You have a hybrid Azure Active Directory (Azure AD) tenant.
You plan to deploy an Azure Virtual Desktop personal host pool. The host pool will contain 15 virtual machines that run Windows 10 Enterprise. The virtual machines will be joined to the on-premises Active Directory domain and used by the members of a domain group named Department1.
You need to ensure that each user is added automatically to the local Administrators group on the virtual machine to which the user signs in.
What should you configure?

  • A. a role assignment for the host pool
  • B. a role assignment for each virtual machine
  • C. a policy preference in a Group Policy Object (GPO)
  • D. a device setting in Azure AD
Discover Answer Hide Answer

A
Configure direct assignment.
Unlike automatic assignment, when you use direct assignment, you must assign the user to both the personal desktop host pool and a specific session host before they can connect to their personal desktop. If the user is only assigned to a host pool without a session host assignment, they won't be able to access resources and will see an error message that says, "No resources available."
To directly assign a user to a session host in the Azure portal:
1. Sign in to the Azure portal.
2. Enter Azure Virtual Desktop into the search bar.
3. Under Services, select Azure Virtual Desktop.
4. At the Azure Virtual Desktop page, go the menu on the left side of the window and select Host pools.
5. Select the host pool you want to assign users to.
6. Next, go to the menu on the left side of the window and select Application groups.
7. Select the name of the app group you want to assign users to, then select Assignments in the menu on the left side of the window.
8. Select + Add, then select the users or user groups you want to assign to this app group.
9. Select Assign VM in the Information bar to assign a session host to a user.
10.Select the session host you want to assign to the user, then select Assign. You can also select Assignment > Assign user.
11.Select the user you want to assign the session host to from the list of available users.
12.When you're done, select Select.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-personal-desktop-assignment-type

Question#38

HOTSPOT -
You have two Azure subscriptions that are linked to an Azure Active Directory (Azure AD) tenant named contoso.com and contain an Azure Virtual Desktop deployment. The tenant contains a user named User1.
When User1 signs in to Azure Security Center, the user receives the message shown in the following exhibit.

You need to ensure that User1 can manage security information for the tenant. The solution must use the principle of least privilege.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer


Box 1: Security administrator for contoso.com
Incorrect:
* Not at the subscription level, as there are two subscriptions.
* Not Root management group level
Each directory is given a single top-level management group called the root management group. The root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level.
Box 2: Privileged Role Administrator
You need to ensure that User1 can manage security information for the tenant.
Privileged Role Administrator - Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management.
Incorrect:
* External Identity Provider Administrator
This administrator manages federation between Azure AD organizations and external identity providers. With this role, users can add new identity providers and configure all available settings (e.g. authentication path, service ID, assigned key containers). This user can enable the Azure AD organization to trust authentications from external identity providers.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

Question#39

DRAG DROP
-

Your on-premises network contains an Active Directory domain named fabrikam.com that syncs with Azure Active Directory (Azure AD). The domain contains a global group named AVDusers.

You have an Azure subscription that contains the resources shown in the following table.



All Azure Virtual Desktop users are members of the AVDusers group.

You plan to create FSLogix profile containers in Profiles1.

You need to configure Profiles1 and fabrikam.com to ensure that the HostPool1 sessions hosts can access the FSLogix profile containers.

What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Discover Answer Hide Answer


Question#40

You have an Azure Virtual Desktop deployment that contains the resources shown in the following table.



You plan to enable Start VM on connect for Pool1.

You create a custom Azure role named Role1 that has sufficient permissions to start virtual machines on demand.

You need to ensure that the session hosts in Pool1 can start on demand.

To which service principal should you assign Role1?

  • A. Managed1
  • B. Azure Virtual Desktop
  • C. Azure Automation
  • D. Host1
  • E. Azure Compute
Discover Answer Hide Answer

B

chevron rightPrevious Nextchevron right