Exam4Training

Which two actions should you include in the recommendation?

Topic 2, Litware, Inc

Case study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview

Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.

Existing Environment. Identity Environment

The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.

The Azure AD tenant contains the users shown in the following table.

All users are registered for Azure Multi-Factor Authentication (MFA).

Existing Environment. Cloud Services

Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.

Litware has an Azure subscription associated to the Azure AD tenant.

The subscription contains the resources shown in the following table.

Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises Active Directory domain.

Network and DNS

The offices connect to each other by using a WAN link. Each office connects directly to the internet.

All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.

Requirements. Planned Changes

Litware plans to implement the following changes:

– Deploy Windows Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.

– Implement FSLogix profile containers.

– Optimize the custom virtual machine images for the Windows Virtual Desktop session hosts.

– Use PowerShell to automate the addition of virtual machines to the Windows Virtual Desktop host pools.

Requirements. Performance Requirements

Litware identifies the following performance requirements:

– Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.

– Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.

– Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.

Requirements. Authentication Requirements

Litware identifies the following authentication requirements:

– Enforce Azure MFA when accessing Windows Virtual Desktop apps.

– Force users to reauthenticate if their Windows Virtual Desktop session lasts more than eight hours.

Requirements. Security Requirements

Litware identifies the following security requirements:

– Explicitly allow traffic between the Windows Virtual Desktop session hosts and Microsoft 365.

– Explicitly allow traffic between the Windows Virtual Desktop session hosts and the Windows Virtual Desktop infrastructure.

– Use built-in groups for delegation.

– Delegate the management of app groups to CloudAdmin1, including the ability to publish app groups to users and user groups.

– Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.

– Minimize administrative effort to manage network security.

– Use the principle of least privilege.

Requirements. Deployment Requirements

Litware identifies the following deployment requirements:

– Use PowerShell to generate the token used to add the virtual machines as session hosts to a Windows Virtual Desktop host pool.

– Minimize how long it takes to provision the Windows Virtual Desktop session hosts based on the custom virtual machine images.

– Whenever possible, preinstall agents and apps in the custom virtual machine images.

You need to recommend an authentication solution that meets the performance requirements.

Which two actions should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Join all the session hosts to Azure AD.

B. In each Azure region that will contain the Windows Virtual Desktop session hosts, create an Azure Active Directory Domain Service (Azure AD DS) managed domain.

C. Deploy domain controllers for the on-premises Active Directory domain on Azure virtual machines.

D. Deploy read-only domain controllers (RODCs) on Azure virtual machines.

E. In each Azure region that will contain the Windows Virtual Desktop session hosts, create an Active Directory site.

Answer: BC

Explanation:

Based on the information provided in the case study and the requirements for the authentication solution that meets the performance requirements for Litware, Inc., the two actions that should be included in the recommendation are:

B. In each Azure region that will contain the Windows Virtual Desktop session hosts, create an Azure Active Directory Domain Service (Azure AD DS) managed domain.

C. Deploy domain controllers for the on-premises Active Directory domain on Azure virtual machines.

Here’s the rationale for each option:

A. Joining all the session hosts to Azure AD would not directly address the performance requirements for minimizing network latency and authentication latency, as Azure AD is primarily an identity and access management service. It’s used for different purposes than on-premises domain join operations.

B. Creating an Azure AD DS managed domain in each Azure region allows for integration with Azure AD while also providing domain services like group policy, Kerberos/NTLM authentication, which are required for traditional domain-joined computers. It would provide a local authentication service within the Azure region, which helps to minimize latency for Windows Virtual Desktop host authentication.

C. Deploying domain controllers on Azure virtual machines would place the domain services closer to the Windows Virtual Desktop session hosts in Azure, thereby reducing authentication latency and improving sign-in times to the session hosts.

D. Deploying read-only domain controllers (RODCs) would not be as beneficial because RODCs are typically used in scenarios where physical security cannot be guaranteed. Since the Azure environment is secure, full domain controllers would be preferable to handle authentication requests efficiently.

E. Creating an Active Directory site for each Azure region would help with authentication traffic routing for on-premises Active Directory, ensuring that authentication requests are serviced by the closest domain controller, thus reducing latency. However, this would only be effective if domain controllers were deployed within those Azure regions, which ties back to option C.

Therefore, the recommended actions to meet the performance requirements for authentication would be options B and C.

Latest AZ-140 Dumps Valid Version with 53 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version