Topic 1, Contoso. Ltd
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.
Existing Infrastructure. Remote Desktop Infrastructure
Contoso has a Remote Desktop infrastructure shown in the following table.
Requirements. Planned Changes
Contoso plans to implement the following changes:
– Implement FSLogix profile containers for the Paris offices.
– Deploy a Windows Virtual Desktop host pool named Pool4.
– Migrate the RDS deployment in the Seattle office to Windows Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
– Host pool type: Pooled
– Max session limit: 7
– Load balancing algorithm: Depth-first
– mages: Windows 10 Enterprise multi-session
– Virtual machine size: Standard D2s v3
– Name prefix: Pool4
– Number of VMs: 5
– Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
– Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
– For the Windows Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
– For the Windows Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
– Enable Operator2 to modify the RDP Properties of the Windows Virtual Desktop deployment in the Montreal office.
– From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
– Ensure that the Pool1 virtual machines only run during business hours.
– Use the principle of least privilege.
DRAG DROP
You need to evaluate the RDS deployment in the Seattle office. The solution must meet the technical requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/migrate/azure-best-practices/contoso-migration-rds-to-wvd
HOTSPOT
You are planning the deployment of Pool4.
What will be the maximum number of users that can connect to Pool4, and how many session hosts are needed to support five concurrent user sessions? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You plan to implement the FSLogix profile containers for the Seattle office.
Which storage account should you use?
- A . storage2
- B . storage4
- C . storage3
- D . storage1
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile
Which role should you assign to Operator2 to meet the technical requirements?
- A . Desktop Virtualization Session Host Operator
- B . Desktop Virtualization Host Pool Contributor
- C . Desktop Virtualization User Session Operator
- D . Desktop Virtualization Contributor
B
Explanation:
Considering the principle of least privilege, which is a technical requirement, you would not want to give Operator2 more permissions than necessary to complete their tasks. The most appropriate role that would allow Operator2 to modify the RDP Properties of the host pool without providing excessive permissions would be:
B. Desktop Virtualization Host Pool Contributor
This role should allow Operator2 to perform the necessary modifications on the Windows Virtual Desktop deployment in the Montreal office according to the case study details and technical requirements.
HOTSPOT
Which users can create Pool4, and which users can join session hosts to the domain? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to configure the device redirection settings. The solution must meet the technical requirements.
Where should you configure the settings?
- A . Workspace1
- B . MontrealUsers
- C . Group1
- D . Pool1
You need to configure the virtual machines that have the Pool1 prefix. The solution must meet the
technical requirements.
What should you use?
- A . a Windows Virtual Desktop automation task
- B . Virtual machine auto-shutdown
- C . Service Health in Azure Monitor
- D . Azure Automation
D
Explanation:
Azure Automation can be used to create a schedule that starts and stops the Pool1 virtual machines to ensure they are only running during business hours, thus meeting the technical requirement of operating within a specific time window and adhering to the principle of least privilege by not running resources when they are not needed.
Which setting should you modify for VNET4 before you can deploy Pool4?
- A . Service endpoints
- B . Address space
- C . DNS servers
- D . Access control (1AM)
- E . Peerings
C
Explanation:
DNS should be configured to use an Active Directory Domain Controller.
Which three PowerShell modules should you install on Server1 to meet the technical requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Pester
- B . RemoteDesktop
- C . ServerManager
- D . ActiveDirectory
- E . Hyper-V
BDE
Explanation:
Given that we are looking for three PowerShell modules necessary for managing an Azure Virtual Desktop (AVD) environment and converting user profile disks to FSLogix profile containers, we should consider modules that are related to these tasks. Based on the options provided and the typical requirements for these tasks, here are the considerations:
RemoteDesktop: This module is used to configure and manage a Remote Desktop environment, which is necessary for tasks such as configuring RDP properties on a Windows Virtual Desktop host.
ActiveDirectory: Since Azure Virtual Desktop integrates with Azure AD and may require synchronization or management of user entities, the ActiveDirectory module could be useful for scripting tasks related to domain services.
Hyper-V: While the Azure Virtual Desktop environment operates in the cloud, the Hyper-V module could potentially be used if there is a need to manage local VMs or if Server1 is also being used to configure or convert virtual machines that are being prepared for Azure.
Given that the FSLogix profile containers are related to user profiles and the conversion process might involve actions related to Active Directory and virtual machines, the three PowerShell modules that should be installed on Server1 to meet the technical requirements are likely:
B. RemoteDesktop: To manage RDP properties and sessions within the AVD environment.
D. ActiveDirectory: To handle any user profile and directory services-related tasks.
E. Hyper-V: To manage virtual machines, especially if the conversion process involves local VMs before they are migrated to Azure.
These modules would provide the necessary tools to administer the AVD environment and handle the conversion of user profiles to FSLogix containers as per the requirements of the case study.
Topic 2, Litware, Inc
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant.
The subscription contains the resources shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises Active Directory domain.
Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.
Requirements. Planned Changes
Litware plans to implement the following changes:
– Deploy Windows Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
– Implement FSLogix profile containers.
– Optimize the custom virtual machine images for the Windows Virtual Desktop session hosts.
– Use PowerShell to automate the addition of virtual machines to the Windows Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
– Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
– Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
– Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.
Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
– Enforce Azure MFA when accessing Windows Virtual Desktop apps.
– Force users to reauthenticate if their Windows Virtual Desktop session lasts more than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
– Explicitly allow traffic between the Windows Virtual Desktop session hosts and Microsoft 365.
– Explicitly allow traffic between the Windows Virtual Desktop session hosts and the Windows Virtual Desktop infrastructure.
– Use built-in groups for delegation.
– Delegate the management of app groups to CloudAdmin1, including the ability to publish app groups to users and user groups.
– Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
– Minimize administrative effort to manage network security.
– Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
– Use PowerShell to generate the token used to add the virtual machines as session hosts to a Windows Virtual Desktop host pool.
– Minimize how long it takes to provision the Windows Virtual Desktop session hosts based on the custom virtual machine images.
– Whenever possible, preinstall agents and apps in the custom virtual machine images.
You need to recommend an authentication solution that meets the performance requirements.
Which two actions should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Join all the session hosts to Azure AD.
- B . In each Azure region that will contain the Windows Virtual Desktop session hosts, create an Azure Active Directory Domain Service (Azure AD DS) managed domain.
- C . Deploy domain controllers for the on-premises Active Directory domain on Azure virtual machines.
- D . Deploy read-only domain controllers (RODCs) on Azure virtual machines.
- E . In each Azure region that will contain the Windows Virtual Desktop session hosts, create an Active Directory site.
BC
Explanation:
Based on the information provided in the case study and the requirements for the authentication solution that meets the performance requirements for Litware, Inc., the two actions that should be included in the recommendation are:
B. In each Azure region that will contain the Windows Virtual Desktop session hosts, create an Azure Active Directory Domain Service (Azure AD DS) managed domain.
C. Deploy domain controllers for the on-premises Active Directory domain on Azure virtual machines.
Here’s the rationale for each option:
DRAG DROP
You need to ensure that you can implement user profile shares for the Boston office users. The solution must meet the user profile requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
This sequence assumes that Admin1 has the necessary permissions to perform actions on the VM that will house the user profile shares, which would be the case if Admin1 is a domain admin or has equivalent permissions. The sequence of actions focuses on setting up the storage account, enabling Azure AD authentication, and then moving on to the VM to perform any final steps.
Which two roles should you assign to Admin2 to meet the security requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Desktop Virtualization Host Pool Contributor
- B . Desktop Virtualization Application Group Contributor
- C . Desktop Virtualization Workspace Contributor
- D . Desktop Virtualization Application Group Reader
- E . User Access Administrator
BC
Explanation:
You need to configure the user settings of Admin1 to meet the user profile requirements.
What should you do?
- A . Modify the membership of the FSLogix ODFC Exclude List group.
- B . Modify the membership of the FSLogix Profile Exclude List group.
- C . Modify the HKLMSOFTWAREFSLogixProfiles registry settings.
- D . Modify the HKLMSOFTWAREFSLogixODFC registry settings.
C
Explanation:
This action allows you to set up the FSLogix profile behavior specific to Admin1, according to the requirements set forth by the organization. It will enable you to define where Admin1’s profile container will be stored and how it will be managed by FSLogix.
You need to ensure the resiliency of the user profiles for the Boston office users. The solution must
meet the user performance requirements.
What should you do?
- A . Modify the Account kind setting of storage1.
- B . Modify the replication settings of storage1.
- C . Implement Azure Site Recovery.
- D . Configure Cloud Cache.
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix
You need to implement network security to meet the security requirements and the performance requirements.
Which two actions should you perform? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Deploy two Azure Firewall instances and Azure Firewall Manager.
- B . Filter traffic by using outbound rules.
- C . Filter traffic by using infrastructure rules.
- D . Filter traffic by using inbound rules.
- E . Deploy a network security group (NSG) and two application security groups.
- F . Deploy an Azure Firewall instance and Azure Firewall Manager.
EF
Explanation:
The security requirements outlined in the case study specify the need to explicitly allow traffic between the Windows Virtual Desktop session hosts and Microsoft 365, as well as between the Windows Virtual Desktop session hosts and the Windows Virtual Desktop infrastructure. The performance requirements emphasize minimizing administrative effort to manage network security and employing the principle of least privilege.
Considering these requirements, the two actions that should be performed are:
E. Deploy a network security group (NSG) and two application security groups.
F. Deploy an Azure Firewall instance and Azure Firewall Manager.
Here’s the rationale for each option:
You need to modify the custom virtual machine images to meet the deployment requirements.
What should you install?
- A . the RSAT: Remote Desktop Services Tools optional feature
- B . the Azure Virtual Desktop Agent
- C . the Microsoft Monitoring Agent
- D . the FSLogix agent
B,D
Explanation:
Both of these agents are essential for a functioning WVD environment and would need to be installed on the custom virtual machine images.
HOTSPOT
You need to recommend a DNS infrastructure that meet the performance requirements.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to deploy the session hosts to meet the deployment requirements.
Which PowerShell cmdlel should you run first?
- A . New-AzwvdRegistratrationinfo
- B . Get-AzApiManagementSsoToken
- C . Set-AzWMADDomainExtension
- D . Update-AZwvdSessionHost
A
Explanation:
This cmdlet generates a registration token that you use when deploying new session hosts to ensure they register with the correct host pool in AVD.
HOTSPOT
You need to configure a conditional access policy to meet the authentication requirements.
What should you include in the policy configuration? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
Topic 3, Misc. Questions
HOTSPOT
You have a Windows Virtual Desktop deployment.
Many users have iOS devices that have the Remote Desktop Mobile app installed.
You need to ensure that the users can connect to the feed URL by using email discovery instead of entering the feed URL manually.
How should you configure the _msradc DNS record? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Topic 3, Misc. Questions
HOTSPOT
You have a Windows Virtual Desktop deployment.
Many users have iOS devices that have the Remote Desktop Mobile app installed.
You need to ensure that the users can connect to the feed URL by using email discovery instead of entering the feed URL manually.
How should you configure the _msradc DNS record? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Topic 3, Misc. Questions
HOTSPOT
You have a Windows Virtual Desktop deployment.
Many users have iOS devices that have the Remote Desktop Mobile app installed.
You need to ensure that the users can connect to the feed URL by using email discovery instead of entering the feed URL manually.
How should you configure the _msradc DNS record? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
You have an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure virtual network named VNET1.
To VNET1, you deploy an Azure Active Directory Domain Services (Azure AD DS) managed domain named litwareinc.com.
To VNET1, you plan to deploy a Windows Virtual Desktop host pool named Pool1. You need to ensure that you can deploy Windows 10 Enterprise host pools to Pool1.
What should you do first?
- A . Modify the settings of the litwareinc.com DNS zone.
- B . Modify the DNS settings of VNET1.
- C . Add a custom domain name to contoso.com.
- D . Implement Azure AD Connect cloud sync.
B
Explanation:
To deploy a Windows Virtual Desktop (WVD) host pool and ensure that you can deploy Windows 10 Enterprise multi-session hosts, you need to have proper domain services and networking in place. Given the deployment of Azure Active Directory Domain Services (Azure AD DS) managed domain and the need for the virtual machines in the host pool to join this domain, the virtual network settings must allow these VMs to locate and join the managed domain.
Here are the steps you would typically take:
You have the devices shown in the following table.
You plan to deploy Windows Virtual Desktop for client access to remove virtualized apps.
Which devices support the Remote Desktop client?
- A . Device1 and Device2 only
- B . Device1 and Device3 only
- C . Device1, Device2, and Device3
- D . Device1 only
C
Explanation:
The Remote Desktop client for Windows Virtual Desktop (WVD), now known as Azure Virtual Desktop, is supported on various operating systems including different versions of Windows. The Remote Desktop client is available for Windows 10, and while Windows 8.1 may not have the latest client, it can still connect to WVD using the available Remote Desktop client. Windows 10 IoT Enterprise also supports the Remote Desktop client as it is a version of Windows 10 optimized for smaller devices and scenarios which still require enterprise-grade manageability and security.
Based on the operating systems listed:
Device1 with Windows 10 Home can use the Remote Desktop client.
Device2 with Windows 8.1 Professional can use the Remote Desktop client, although it may need to be a specific version of the client compatible with Windows 8.1.
Device3 with Windows 10 IoT Enterprise supports the Remote Desktop client as it is part of the Windows 10 family.
Therefore, the correct answer is:
C. Device1, Device2, and Device3.
HOTSPOT
You plan to deploy Windows Virtual Desktop.
Users have the devices shown in the following table.
From which device types can the users connect to Windows Virtual Desktop resources by using the Remote Desktop client app and the Remote Desktop web client? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
The Remote Desktop client app is available for a variety of platforms, including Windows, Android, and macOS. This means users can connect to Windows Virtual Desktop resources using the Remote Desktop client app from a wide range of devices.
Based on the platforms listed:
A Tablet with Windows 10 Pro can use the Remote Desktop client app.
A Phone with Android can use the Remote Desktop client app.
A Laptop with macOS can also use the Remote Desktop client app.
For the Remote Desktop web client, it is accessible from any device with a web browser that supports modern web standards, which includes tablets, phones, and laptops regardless of the operating system.
Therefore, the correct answers are:
For the Remote Desktop client app: Tablet, phone, and laptop.
For the Remote Desktop web client: Tablet, phone, and laptop.
HOTSPOT
You have a Windows Virtual Desktop deployment.
You plan to create the host pools shown in the following table.
You need to recommend the virtual machine size for each host pool. The solution must minimize costs.
Which size should you recommend for each pool? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/sizes
https://docs.microsoft.com/en-us/azure/virtual-machines/nvv3-series
https://docs.microsoft.com/en-us/azure/virtual-machines/dv4-dsv4-series
You plan to deploy Windows Virtual Desktop to meet the department requirements shown in the following table.
You plan to use Windows Virtual Desktop host pools with load balancing and autoscaling.
You need to recommend a host pool design that meets the requirements. The solution must minimize costs.
What is the minimum number of host pools you should recommend?
- A . 1
- B . 2
- C . 3
- D . 4
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace
3 Host Pools – The RemoteApp can be joinned inside the IT Multi-Session desktop or the Engineering. https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups The default app group created for a new Azure Virtual Desktop host pool also publishes the full desktop. In addition, you can create one or more RemoteApp application groups for the host pool.
Your company has a main office and two branch offices. Each office connects directly to the internet.
The router in each branch office is configured as an endpoint for the following VPNs:
✑ A VPN connection to the main office
✑ A site-to-site VPN to Azure
The routers in each branch office have the Quality of Service (QoS) rules shown in the following table.
Users in the branch office report slow responses and connection errors when they attempt to connect to Windows Virtual Desktop resources.
You need to modify the QoS rules on the branch office routers to improve Windows Virtual Desktop performance.
For which rule should you increase the bandwidth allocation?
- A . Rule2
- B . Rule3
- C . Rule4
- D . Rule1
B
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-desktop/safe-url-list
Any Remote Desktop clients you use must have access to the following URLs:
Remote Desktop clients
Address Outbound TCP port
*.wvd.microsoft.com 443
*.servicebus.windows.net 443
go.microsoft.com 443
aka.ms 443
docs.microsoft.com 443
privacy.microsoft.com 443
query.prod.cms.rt.microsoft.com 443
You plan to deploy Windows Virtual Desktop. The deployment will use existing virtual machines.
You create a Windows Virtual Desktop host pool.
You need to ensure that you can add the virtual machines to the host pool.
What should you do first?
- A . Register the Microsoft.DesktopVirtualization provider.
- B . Generate a registration key.
- C . Run the Invoke-AzVMRunCommand cmdlet.
- D . Create a role assignment.
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace
You deploy a Windows Virtual Desktop host pool named Pool1.
You have an Azure Storage account named store1 that stores FSLogix profile containers in a share named profiles.
You need to configure the path to the storage containers for the session hosts.
Which path should you use?
- A . \store1.blob.core.windows.netprofiles
- B . https://store1.file.core.windows.net/profiles
- C . \store1.file.core.windows.netprofiles
- D . https://store1.blob.core.windows.net/profiles
C
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile
Azure offers multiple storage solutions that you can use to store your FSLogix profile container. We recommend storing FSLogix profile containers on Azure Files for most of our customers.
HOTSPOT
You have a Windows Virtual Desktop host pool that has a max session limit of 15. Disconnected sessions are signed out immediately.
The session hosts for the host pool are shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script
HOTSPOT
You have an Azure virtual machine named VM1 that runs Windows 10 Enterprise multi-session.
You plan to add language packs to VM1 and create a custom image of VM1 for a Windows Virtual Desktop host pool.
You need to ensure that modern apps can use the additional language packs when you deploy session hosts by using the custom image.
Which command should you run first? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/deployment/issues-appx-cleanup-maintenance-task
https://docs.microsoft.com/en-us/powershell/module/scheduledtasks/disable-scheduledtask?view=windowsserver2019-ps
DRAG DROP
You have a Windows Virtual Desktop deployment.
You have a session host named Host1 that has the disk layout shown in the exhibit. (Click the Exhibit tab.)
You plan to deploy an app that must be installed on D. The app requires 500 GB of disk space.
You need to add a new data disk that will be assigned the drive letter D. The solution must maintain the current performance of Host1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Reference: https://www.azurecorner.com/change-temporary-drive-azure-vm-use-d-persistent-data-disks/
You plan to deploy Windows Virtual Desktop session host virtual machines based on a preconfigured master image. The master image will be stored in a shared image.
You create a virtual machine named Image1 to use as the master image. You install applications and apply configuration changes to Image1.
You need to ensure that the new session host virtual machines created based on Image1 have unique names and security identifiers.
What should you do on Image1 before you add the image to the shared image gallery?
- A . At a command prompt, run the set computername command.
- B . At a command prompt, run the sysprep command.
- C . From PowerShell, run the rename-computer cmdlet.
- D . From the lock screen of the Windows device, perform a Windows Autopilot Reset.
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image#determinewhen-to-use-sysprep
You have a shared image gallery that contains the Windows 10 images shown in the following table.
You create a Windows Virtual Desktop deployment that has the following settings:
✑ Host pool name: Pool1
✑ Location: West US
✑ Host pool type: Personal
Which images can you use for the session hosts?
- A . Image1 only
- B . Image1, Image2, Image3, and Image4
- C . Image2 only
- D . Image1 and Image2 only
- E . Image1 and Image3 only
D
Explanation:
For a Windows Virtual Desktop (WVD) personal host pool, you can use either generalized or specialized images. The key factors to consider when choosing an image are:
The operating system state (generalized or specialized).
The location of the image relative to the location of the host pool to minimize latency and data transfer costs.
Given the host pool is of type "Personal" and located in "West US", you would ideally want to choose an image that is in the same region to optimize performance and possibly reduce costs. However, since it’s a personal host pool, it can use both generalized and specialized images. The difference is:
A generalized image is a clean image used to deploy a new virtual machine that doesn’t retain any previous personalization or system state. This is often done using Sysprep to generalize an image in Windows.
A specialized image is one that has been configured with a specific system state and applications, and retains its unique system identity.
Considering the above, the images you can use for the session hosts in the West US location are:
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.
You create a shared image gallery as shown in the SharedGallery1 exhibit. (Click the SharedGallery1 tab.)
You create an image definition as shown in the Image1 exhibit. (Click the Image1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
In Azure, when creating an image definition in a shared image gallery, you need to specify a region where the image version based on this definition will be stored. The image version can be created from a managed image, a snapshot, or a VHD in a storage account. The region of the source for the image version must match the region specified in the image definition.
Based on the shared image gallery and image definition details provided:
The shared image gallery is created in the West Europe region.
The image definition for Image1 is created in the East US region.
With these details in mind, let’s evaluate each statement:
You can use the operating system disk of VM1 as a source for a version of Image1.
VM1 is located in West Europe. However, the image definition for Image1 is in East US. Therefore, you cannot use VM1’s disk for Image1 because the regions do not match.
You can use the operating system disk of VM2 as a source for a version of Image1.
VM2 is located in East US, which matches the region specified in the image definition for Image1. Therefore, you can use VM2’s disk for Image1.
You can use the operating system disk of VM3 as a source for a version of Image1.
VM3 is located in West US. The image definition for Image1 is in East US, so VM3’s disk cannot be used for Image1 because the regions do not match.
Here are the answers:
You can use the operating system disk of VM1 as a source for a version of Image1: No
You can use the operating system disk of VM2 as a source for a version of Image1: Yes
You can use the operating system disk of VM3 as a source for a version of Image1: No
DRAG DROP
You plan to deploy Windows Virtual Desktop.
You need to create Azure NetApp Files storage to store FSLogix profile containers.
Which four actions should you perform in sequence after you register the NetApp Resource Provider? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Explanation:
To set up Azure NetApp Files storage for FSLogix profile containers in Windows Virtual Desktop, you typically follow these steps:
Create a NetApp account.
Create a capacity pool.
Create a volume within the capacity pool.
Configure an Active Directory connection for the volume if necessary (this is only required if you are going to use SMB and need Kerberos for authentication).
A managed identity is not typically required specifically for the NetApp Files setup, and creating an Azure file share is not related to Azure NetApp Files ― this is a separate service within Azure storage options.
Here’s the sequence of actions in order:
Create a NetApp account.
Create a capacity pool.
Create a volume.
Configure an Active Directory connection. (This is assuming that FSLogix requires SMB access which would require AD authentication; if NFS is used instead, this step might not be necessary).
Azure NetApp Files requires these steps to set up a new environment, particularly when you are dealing with file shares that will be accessed by multiple users and devices, as is the case with FSLogix profile containers.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10 Enterprise multi-session.
You need to prevent users from accessing the internet from Windows Virtual Desktop sessions. The session hosts must be allowed to access all the required Microsoft services.
Solution: You configure rules in the network security group (NSG) linked to the subnet of the session hosts.
Does that meet the goal?
- A . Yes
- B . No
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10 Enterprise multi-session.
You need to prevent users from accessing the internet from Windows Virtual Desktop sessions. The session hosts must be allowed to access all the required Microsoft services.
Solution: You configure the Address space settings of the virtual network that contains the session hosts.
Does that meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10 Enterprise multi-session.
You need to prevent users from accessing the internet from Windows Virtual Desktop sessions. The session hosts must be allowed to access all the required Microsoft services. Solution: You modify the IP configuration of each session host.
Does that meet the goal?
- A . Yes
- B . No
You have a Windows Virtual Desktop host pool named Pool1 and an Azure Storage account named
Storage1.
Storage1 stores FSLogix profile containers in a share folder named share1.
You create a new group named Group1. You provide Group1 with permission to sign in to Pool1.
You need to ensure that the members of Group1 can store the FSLogix profile containers in share1.
The solution must use the principle of least privilege.
Which two privileges should you assign to Group1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . the Storage Blob Data Contributor role for storage1
- B . the List folder / read data NTFS permissions for share1
- C . the Modify NTFS permissions for share1
- D . the Storage File Data SMB Share Reader role for storage1
- E . the Storage File Data SMB Share Elevated Contributor role for storage1
- F . the Storage File Data SMB Share Contributor role for storage1
CF
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/create-file-share
You have a Windows Virtual Desktop host pool.
You need to install Microsoft Antimalware for Azure on the session hosts.
What should you do?
- A . Add an extension to each session host.
- B . From a Group Policy Object (GPO), enable Windows 10 security features.
- C . Configure the RDP Properties of the host pool.
- D . Sign in to each session host and install a Windows feature.
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware
HOTSPOT
You have a Windows Virtual Desktop deployment.
You need to ensure that all the connections to the managed resources in the host pool require multi-factor authentication (MFA).
Which two settings should you modify in a conditional access policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
In order to enforce Multi-Factor Authentication (MFA) for all connections to managed resources in a Windows Virtual Desktop host pool, you need to configure a Conditional Access Policy in Azure AD.
The two settings that should be modified in a Conditional Access Policy to accomplish this are:
Assignments -> Users and groups: You would choose ‘All users’ or a specific group of users that you want to enforce MFA on.
Access controls -> Grant: In this section, you would configure the control to ‘Grant access’ and require ‘Multi-Factor Authentication’.
You would not necessarily need to alter the ‘Cloud apps or actions’ or ‘Conditions’ unless you want to specify particular apps or conditions under which the policy applies. If you want the policy to apply to all cloud apps, you can leave it as ‘No cloud apps or actions selected’, which will enforce the policy for all apps by default. However, if you only want to apply MFA to the Windows Virtual Desktop app, you would select that specific app under the ‘Cloud apps or actions’ section.
In ‘Conditions’, you could specify certain conditions like location or device state, but this is not required just to enforce MFA; it’s more about refining the policy.
Please note that you would also need to ensure that the ‘Enable policy’ switch at the end of the configuration is set to ‘On’ for the policy to be active.
HOTSPOT
You have a Windows Virtual Desktop deployment.
You need to ensure that all the connections to the managed resources in the host pool require multi-factor authentication (MFA).
Which two settings should you modify in a conditional access policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
In order to enforce Multi-Factor Authentication (MFA) for all connections to managed resources in a Windows Virtual Desktop host pool, you need to configure a Conditional Access Policy in Azure AD.
The two settings that should be modified in a Conditional Access Policy to accomplish this are:
Assignments -> Users and groups: You would choose ‘All users’ or a specific group of users that you want to enforce MFA on.
Access controls -> Grant: In this section, you would configure the control to ‘Grant access’ and require ‘Multi-Factor Authentication’.
You would not necessarily need to alter the ‘Cloud apps or actions’ or ‘Conditions’ unless you want to specify particular apps or conditions under which the policy applies. If you want the policy to apply to all cloud apps, you can leave it as ‘No cloud apps or actions selected’, which will enforce the policy for all apps by default. However, if you only want to apply MFA to the Windows Virtual Desktop app, you would select that specific app under the ‘Cloud apps or actions’ section.
In ‘Conditions’, you could specify certain conditions like location or device state, but this is not required just to enforce MFA; it’s more about refining the policy.
Please note that you would also need to ensure that the ‘Enable policy’ switch at the end of the configuration is set to ‘On’ for the policy to be active.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a W indows Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From an Azure AD DS-joined computer, you modify the AADDC Computer GPO settings.
Does that meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From an Azure AD DS-joined computer, you modify the AADDC Computers GPO settings.
Does that meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Windows Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From the Azure portal, you modify the Session behavior settings in the RDP Properties of Pool1.
Does that meet the goal?
- A . Yes
- B . No
You have a Windows Virtual Desktop deployment.
You publish a RemoteApp named AppVersion1.
You need AppVersion1 to appear in the Remote Desktop client as Sales Contact Application.
Which PowerShell cmdlet should you use?
- A . New-AzADApplication
- B . Update-AzWvdApplicationGroup
- C . Register-AzWvdApplicationGroup
- D . Update-AzWvdApplication
D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-feed-for-virtual-desktop-users
https://docs.microsoft.com/en-us/powershell/module/az.desktopvirtualization/update-azwvdapplication?view=azps-5.7.0
You have a Windows Virtual Desktop deployment that contains the following:
✑ A host pool named Pool1
✑ Two session hosts named Host1 and Host2
✑ An application group named RemoteAppGroup1 that contains a RemoteApp named App1
You need to prevent users from copying and pasting between App1 and their local device.
What should you do?
- A . Create an AppLocker policy.
- B . Modify the locks of RemoteAppGroup1.
- C . Modify the locks of RemoteAppGroup1.
- D . Modify the RDP Properties of Pool1.
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-rdp-properties
You have a Windows Virtual Desktop deployment that contains the following:
✑ A host pool named Pool1
✑ Two session hosts named Host1 and Host2
✑ An application group named RemoteAppGroup1 that contains a RemoteApp named App1
You need to prevent users from copying and pasting between App1 and their local device.
What should you do?
- A . Create an AppLocker policy.
- B . Modify the locks of RemoteAppGroup1.
- C . Modify the locks of RemoteAppGroup1.
- D . Modify the RDP Properties of Pool1.
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-rdp-properties
You have a Windows Virtual Desktop host pool that contains two session hosts. The Microsoft Teams client is installed on each session host.
You discover that only the Microsoft Teams chat and collaboration features work. The calling and meeting features are disabled.
You need to ensure that users can set the calling and meeting features from within Microsoft Teams.
What should you do?
- A . Install the Remote Desktop WebRTC Redirector Service.
- B . Configure Remote audio mode in the RDP Properties.
- C . Install the Teams Meeting add-in for Outlook.
- D . Configure audio input redirection.
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/teams-on-wvd
You have a Windows Virtual Desktop host pool that contains 20 Windows 10 Enterprise multi-session hosts.
Users connect to the Windows Virtual Desktop deployment from computers that run Windows 10.
You plan to implement FSLogix Application Masking.
You need to deploy Application Masking rule sets. The solution must minimize administrative effort. To where should you copy the rule sets?
- A . the FSLogix profile container of each user
- B . C:Program FilesFSLogixAppsRules on every Windows 10 computer
- C . C:Program FilesFSLogixAppsRules on every session host
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/fslogix-office-app-rule-editor
You have a Windows Virtual Desktop host pool named Pool1.
You are troubleshooting an issue for a Remote Desktop client that stopped responding.
You need to restore the default Remote Desktop client settings and unsubscribe from all workspaces.
Which command should you run?
- A . msrdcw
- B . resetengine
- C . mstsc
- D . resetpluginhost
B
Explanation:
The correct command to restore the default Remote Desktop client settings and unsubscribe from all workspaces in a Windows Virtual Desktop (now Azure Virtual Desktop) environment is:
B. resetengine
This command is used with the Windows Virtual Desktop client and resets the client to its default settings, which includes unsubscribing from all workspaces. You would run this command in a Command Prompt window.
Your network contains an on-premises Active Directory domain and a Windows Virtual Desktop deployment.
The computer accounts for all the session hosts are in an organizational unit (OU) named WVDHostsOU. All user accounts are in an OU named CorpUsers.
A domain administrator creates a Group Policy Object (GPO) named Policy1 that only contains user settings.
The administrator links Policy1 to WVDHostsOU.
You discover that when users sign in to the session hosts, none of the settings from Policy1 are applied.
What should you configure to apply GPO settings to the users when they sign in to the session hosts?
- A . loopback processing
- B . FSLogix profiles
- C . mandatory Roaming User Profiles
- D . restricted groups
A
Explanation:
Reference: https://www.linkedin.com/pulse/windows-virtual-desktop-remoteapps-jason-byway
You have a Windows Virtual Desktop deployment.
You need to provide external users with access to the deployment. The external users have computers that run Windows 10 Pro and Windows 10 Enterprise. The users do not have the ability to install applications.
What should you recommend that the users use to connect to the deployment?
- A . Microsoft Edge
- B . RemoteApp and Desktop Connection
- C . Remote Desktop Manager
- D . Remote Desktop Connection
A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users
https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-web
You network contains an on-premises Active Directory domain. The domain contains a universal security group named WVDusers.
You have a hybrid Azure Active Directory (Azure AD) tenant. WVDusers syncs to Azure AD.
You have a Windows Virtual Desktop host pool that contains four Windows 10 Enterprise multi-session hosts.
You need to ensure that only the members of WVDusers can establish Windows Virtual Desktop sessions to the host pool.
What should you do?
- A . Assign WVDusers to an Azure role scoped to each host pool.
- B . On each session host, add WVDusers to the local Remote Desktop Users group.
- C . Assign WVDusers to an Azure role scoped to the session hosts.
- D . Assign WVDusers to an application group.
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups
You deploy multiple Windows Virtual Desktop session hosts that have only private IP addresses. You need to ensure that administrators can initiate an RDP session to the session hosts by using the Azure portal.
What should you implement?
- A . Remote Desktop Connection Broker (RD Connection Broker)
- B . Azure Application Gateway
- C . Azure Bastion
- D . Remote Desktop Session Host (RD Session Host)
You have a Windows Virtual Desktop host pool that runs Windows 10 Enterprise multi-session.
You need to configure automatic scaling of the host pool to meet the following requirements:
Distribute new user sessions across all running session hosts.
Automatically start a new session host when concurrent user sessions exceed 30 users per host.
What should you include in the solution?
- A . an Azure Automation account and the depth-first load balancing algorithm
- B . an Azure Automation account and the breadth-first load balancing algorithm
- C . an Azure load balancer and the breadth-first load balancing algorithm
- D . an Azure load balancer and the depth-first load balancing algorithm
B
Explanation:
For the scenario described, you need a solution that automatically scales out the number of session hosts based on the number of concurrent user sessions. Azure Virtual Desktop (AVD) supports two types of load-balancing algorithms:
Depth-first: This algorithm fills up one session host to its maximum capacity before moving on to the next one. This approach doesn’t distribute new sessions evenly and therefore doesn’t meet the requirement to distribute new user sessions across all running session hosts.
Breadth-first: This algorithm distributes new sessions across all available session hosts in the host pool. This approach meets the requirement to distribute new user sessions across all running session hosts.
Since you need to automatically start a new session host when concurrent user sessions exceed a certain number per host, Azure Automation can be used to automate this scaling process based on a predefined threshold of concurrent sessions.
Therefore, the solution should include:
B. an Azure Automation account and the breadth-first load balancing algorithm
This combination will ensure that new user sessions are distributed across all running session hosts and that new session hosts are automatically started when the threshold of 30 concurrent user sessions per host is reached.
You have a Windows Virtual Desktop host pool named Pool1 and an Azure Automation account named account1. Pool1 is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain named contoso.com.
You plan to configure scaling for Pool1 by using Azure Automation runbooks.
You need to authorize the runbooks to manage the scaling of Pool1. The solution must minimize administrative effort.
What should you configure?
- A . a managed identity in Azure Active Directory (Azure AD)
- B . a group Managed Service Account (gMSA) in Azure AD DS
- C . a Connections shared resource in Azure Automation
- D . a Run As account in Azure Automation
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script
You have a Windows Virtual Desktop host pool named Pool1 that runs Windows 10 Enterprise multi-
session hosts.
You need to use Performance Monitor to troubleshoot a low frame quality issue that is affecting a current use session to Pool1.
What should you run to retrieve the user session ID?
- A . Get-ComputerInfo
- B . qwinsta
- C . whoami
- D . Get-LocalUser
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-vm-configuration
You have an Azure subscription that contains the resources shown in the following table.
Which resources can you back up by using Azure Backup?
- A . WVDVM-0 and share1 only
- B . WVDVM-0 only
- C . WVDVM-0, Image1, and Image2 only
- D . WVDVM-0, share1, and Image1 only
- E . WVDVM-0, share1, Image1, and Image2
A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-afs
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-introduction
DRAG DROP
You have a Windows Virtual Desktop host pool named Pool1. Pool1 contains session hosts that use FSLogix profile containers hosted in Azure NetApp Files volumes.
You need to back up profile files by using snapshots.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-manage-snapshots