Configuring and Operating Windows Virtual Desktop on Microsoft Azure v1.0

Page:    1 / 8   
Exam contains 126 questions

You have an Azure Virtual Desktop host pool. The pool contains session hosts that run Windows 10 Enterprise multi-session.
You connect to a Remote Desktop session on Pool1 and discover an issue with the frequency of screen updates.
You need to identify whether the issue related to insufficient server, network, or client resources. The solution must minimize how long it takes to identify the resource type.
What should you do?

  • A. From within the current session, use the Azure Virtual Desktop Experience Estimator.
  • B. From Azure Cloud Shell, run the Get-AzOperationalInsightsWorkspaceUsage cmdlet and specify the DefaultProfile parameter.
  • C. From Azure Cloud Shell, run the Get-AzWvdUserSession cmdlet and specify the UserSessionId parameter.
  • D. From within the current session, use Performance Monitor to display the values of all the RemoteFX Graphics(*)\Frames Skipped/Second counters.


Answer : D

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/remotefx-graphics-performance-counters

DRAG DROP -
You have an Azure Virtual Desktop host pool named Pool1.
You need to ensure that you can create an Azure NetApp Files volume that will host user profiles for Pool1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:




Answer :

Reference:
https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-quickstart-set-up-account-create-volumes?tabs=azure-portal

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You use a user account named Admin1 to deploy an Azure Active Directory Domain Services (Azure AD DS) managed domain named aaddscontoso.com to a virtual network named VNET1.
You plan to deploy an Azure Virtual Desktop host pool named Pool1 to VNET1.
You need to ensure that you can use the Admin1 user account to deploy Windows 10 Enterprise session hosts to Pool1.
What should you do first?

  • A. Add Admin1 to the AAD DC Administrators group of contoso.com.
  • B. Assign the Cloud device administrator role to Admin1.
  • C. Assign a Microsoft 365 Enterprise E3 license to Admin1.
  • D. Change the password of Admin1.


Answer : A

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace?tabs=azure-portal

You have an Azure Virtual Desktop host pool named Pool1 that contains the following:
✑ A linked workspace named Workspace1
✑ An application group named Default Desktop
✑ A session host named Host1
You need to add a new data disk.
What should you modify?

  • A. Host1
  • B. Workspace1
  • C. Pool1
  • D. Default Desktop


Answer : A

HOTSPOT -
You are automating the deployment of an Azure Virtual Desktop host pool.
You deploy the Azure Resource Manager (ARM) template shown in the following exhibit.


Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the ARM template.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/configure-host-pool-personal-desktop-assignment-type-2019 https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-platform-automation-and-devops

You have an Azure Virtual Desktop deployment.
You need to create a host pool. The solution must ensure that during periods of low CPU usage, credits can be accumulated, and then used to raise performance above the purchased baseline during periods of high CPU usage.
Which virtual machine series should you specify when you create the pool?

  • A. A-series
  • B. D-series
  • C. H-series
  • D. B-series


Answer : D

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable

You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You have an Azure Storage account named storage1. Storage1 hosts a file share named share1 that has share and file system permissions configured. Share1 is configured to use contoso.com for authentication.
You create an Azure Virtual Desktop host pool named Pool1. Pool1 contains two session hosts that use the Windows 10 multi-session + Microsoft 365 Apps image.
You need to configure an FSLogix profile container for Pool1.
What should you do next?

  • A. Install the FSLogix agent on the session hosts of Pool1.
  • B. From storage1, set Allow shared key access to Disabled.
  • C. Configure the Profiles setting for the session hosts of Pool1.
  • D. Generate a shared access signature (SAS) key for storage1.


Answer : A

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-user-profile

DRAG DROP -
You have an Azure subscription that contains the storage accounts shown in the following table.


You have a custom generalized Windows 10 image.
You plan to deploy an Azure Virtual Desktop host pool that will use the custom image and FSLogix profile containers.
You need to recommend which storage accounts to use for the custom image and the profile containers. The solution must meet the following requirements:
Minimize costs to store the image.

✑ Maximize performance of the profile containers.
Which account should you recommend for each type of content? To answer, drag the appropriate accounts to the correct content type. Each account may be used once, more than once, or not at all. You many need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image#upload-master-image-to-a-storage-account-in-azure https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile

You have an Azure storage account that contains the generalized Windows 10 disk images shown in the following table.


You need to create an image that will be used to deploy an Azure Virtual Desktop session host.
Which disk should you use?

  • A. Disk1
  • B. Disk2
  • C. Disk3
  • D. Disk4


Answer : A

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.


The on-premises Active Directory domain contains the users shown in the following table.

The Azure AD tenant contains the cloud-only users shown in the following table.

Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
A virtual network named VNET4 was recently created are peered to the other virtual networks. VNET4 does NOT contain any AVD virtual machines.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.

Existing Infrastructure. Remote Desktop Infrastructure
Contoso has a Remote Desktop infrastructure shown in the following table.


Requirements. Planned Changes -
Contoso plans to implement the following changes:
Implement FSLogix profile containers for the Paris offices.
Deploy an Azure Virtual Desktop host pool named Pool4.
Migrate the RDS deployment in the Seattle office to Azure Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
Host pool type: Pooled
Max session limit: 7
Load balancing algorithm: Depth-first
Images: Windows 10 Enterprise multi-session
Virtual machine size: Standard D2s v3
Name prefix: Pool4
Number of VMs: 5
Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
For the Azure Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
For the Azure Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
Enable Operator2 to modify the RDP Properties of the Azure Virtual Desktop deployment in the Montreal office.
From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
Ensure that the Pool1 virtual machines only run during business hours.
Use the principle of least privilege.


HOTSPOT -
You are planning the deployment of Pool4.
What will be the maximum number of users that can connect to Pool4, and how many session hosts are needed to support five concurrent user sessions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.


The on-premises Active Directory domain contains the users shown in the following table.

The Azure AD tenant contains the cloud-only users shown in the following table.

Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
A virtual network named VNET4 was recently created are peered to the other virtual networks. VNET4 does NOT contain any AVD virtual machines.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.

Existing Infrastructure. Remote Desktop Infrastructure
Contoso has a Remote Desktop infrastructure shown in the following table.


Requirements. Planned Changes -
Contoso plans to implement the following changes:
Implement FSLogix profile containers for the Paris offices.
Deploy an Azure Virtual Desktop host pool named Pool4.
Migrate the RDS deployment in the Seattle office to Azure Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
Host pool type: Pooled
Max session limit: 7
Load balancing algorithm: Depth-first
Images: Windows 10 Enterprise multi-session
Virtual machine size: Standard D2s v3
Name prefix: Pool4
Number of VMs: 5
Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
For the Azure Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
For the Azure Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
Enable Operator2 to modify the RDP Properties of the Azure Virtual Desktop deployment in the Montreal office.
From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
Ensure that the Pool1 virtual machines only run during business hours.
Use the principle of least privilege.

You plan to implement the FSLogix profile containers for the Seattle office.
Which storage account should you use?

  • A. storage2
  • B. storage4
  • C. storage3
  • D. storage1


Answer : A

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.


The on-premises Active Directory domain contains the users shown in the following table.

The Azure AD tenant contains the cloud-only users shown in the following table.

Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
A virtual network named VNET4 was recently created are peered to the other virtual networks. VNET4 does NOT contain any AVD virtual machines.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.

Existing Infrastructure. Remote Desktop Infrastructure
Contoso has a Remote Desktop infrastructure shown in the following table.


Requirements. Planned Changes -
Contoso plans to implement the following changes:
Implement FSLogix profile containers for the Paris offices.
Deploy an Azure Virtual Desktop host pool named Pool4.
Migrate the RDS deployment in the Seattle office to Azure Virtual Desktop in the West US Azure region.
Requirements. Pool4 Configuration
Pool4 will have the following settings:
Host pool type: Pooled
Max session limit: 7
Load balancing algorithm: Depth-first
Images: Windows 10 Enterprise multi-session
Virtual machine size: Standard D2s v3
Name prefix: Pool4
Number of VMs: 5
Virtual network: VNET4
Requirements. Technical Requirements
Contoso identifies the following technical requirements:
Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
For the Azure Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
For the Azure Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
Enable Operator2 to modify the RDP Properties of the Azure Virtual Desktop deployment in the Montreal office.
From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
Ensure that the Pool1 virtual machines only run during business hours.
Use the principle of least privilege.

Which setting should you modify for VNET4 before you can deploy Pool4?

  • A. Service endpoints
  • B. Address space
  • C. DNS servers
  • D. Access control (IAM)
  • E. Peerings


Answer : C

Explanation:
DNS should be configured to use an Active Directory Domain Controller.

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.


All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.

Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.

Requirements. Planned Changes -
Litware plans to implement the following changes:
Deploy Azure Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
Implement FSLogix profile containers.
Optimize the custom virtual machine images for the Azure Virtual Desktop session hosts.
Use PowerShell to automate the addition of virtual machines to the Azure Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.

Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
Enforce Azure MFA when accessing Azure Virtual Desktop apps.
Force users to reauthenticate if their Azure Virtual Desktop session lasts more than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
Explicitly allow traffic between the Azure Virtual Desktop session hosts and Microsoft 365.
Explicitly allow traffic between the Azure Virtual Desktop session hosts and the Azure Virtual Desktop infrastructure.
Use built-in groups for delegation.
Delegate the management of app groups to Admin2, including the ability to publish app groups to users and user groups.
Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
Minimize administrative effort to manage network security.
Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
Use PowerShell to generate the token used to add the virtual machines as session hosts to an Azure Virtual Desktop host pool.
Minimize how long it takes to provision the Azure Virtual Desktop session hosts based on the custom virtual machine images.
Whenever possible, preinstall agents and apps in the custom virtual machine images.

User Profile Requirements -
Litware identifies the following user profile requirements:
In storage1, store user profiles for the Boston office users.
Ensure that the user profiles for the Boston office users replicate synchronously between two Azure regions.
Ensure that Admin1 uses a local profile only when signing in to the Azure Virtual Desktop session hosts.

You need to implement network security to meet the security requirements and the performance requirements.
Which two actions should you perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Deploy two Azure Firewall instances and Azure Firewall Manager.
  • B. Filter traffic by using outbound rules.
  • C. Filter traffic by using infrastructure rules.
  • D. Filter traffic by using inbound rules.
  • E. Deploy a network security group (NSG) and two application security groups.
  • F. Deploy an Azure Firewall instance and Azure Firewall Manager.


Answer : AB

Reference:
https://docs.microsoft.com/en-us/azure/firewall/protect-windows-virtual-desktop

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.


All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.

Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.

Requirements. Planned Changes -
Litware plans to implement the following changes:
Deploy Azure Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
Implement FSLogix profile containers.
Optimize the custom virtual machine images for the Azure Virtual Desktop session hosts.
Use PowerShell to automate the addition of virtual machines to the Azure Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.

Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
Enforce Azure MFA when accessing Azure Virtual Desktop apps.
Force users to reauthenticate if their Azure Virtual Desktop session lasts more than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
Explicitly allow traffic between the Azure Virtual Desktop session hosts and Microsoft 365.
Explicitly allow traffic between the Azure Virtual Desktop session hosts and the Azure Virtual Desktop infrastructure.
Use built-in groups for delegation.
Delegate the management of app groups to Admin2, including the ability to publish app groups to users and user groups.
Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
Minimize administrative effort to manage network security.
Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
Use PowerShell to generate the token used to add the virtual machines as session hosts to an Azure Virtual Desktop host pool.
Minimize how long it takes to provision the Azure Virtual Desktop session hosts based on the custom virtual machine images.
Whenever possible, preinstall agents and apps in the custom virtual machine images.

User Profile Requirements -
Litware identifies the following user profile requirements:
In storage1, store user profiles for the Boston office users.
Ensure that the user profiles for the Boston office users replicate synchronously between two Azure regions.
Ensure that Admin1 uses a local profile only when signing in to the Azure Virtual Desktop session hosts.

You need to modify the custom virtual machine images to meet the deployment requirements.
What should you install?

  • A. the RSAT: Remote Desktop Services Tools optional feature
  • B. the Azure Virtual Desktop Agent
  • C. the Microsoft Monitoring Agent
  • D. the FSLogix agent


Answer : D

Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image

Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.


All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.

Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.

Requirements. Planned Changes -
Litware plans to implement the following changes:
Deploy Azure Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
Implement FSLogix profile containers.
Optimize the custom virtual machine images for the Azure Virtual Desktop session hosts.
Use PowerShell to automate the addition of virtual machines to the Azure Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.

Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
Enforce Azure MFA when accessing Azure Virtual Desktop apps.
Force users to reauthenticate if their Azure Virtual Desktop session lasts more than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
Explicitly allow traffic between the Azure Virtual Desktop session hosts and Microsoft 365.
Explicitly allow traffic between the Azure Virtual Desktop session hosts and the Azure Virtual Desktop infrastructure.
Use built-in groups for delegation.
Delegate the management of app groups to Admin2, including the ability to publish app groups to users and user groups.
Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
Minimize administrative effort to manage network security.
Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
Use PowerShell to generate the token used to add the virtual machines as session hosts to an Azure Virtual Desktop host pool.
Minimize how long it takes to provision the Azure Virtual Desktop session hosts based on the custom virtual machine images.
Whenever possible, preinstall agents and apps in the custom virtual machine images.

User Profile Requirements -
Litware identifies the following user profile requirements:
In storage1, store user profiles for the Boston office users.
Ensure that the user profiles for the Boston office users replicate synchronously between two Azure regions.
Ensure that Admin1 uses a local profile only when signing in to the Azure Virtual Desktop session hosts.

You need to deploy the session hosts to meet the deployment requirements.
Which PowerShell cmdlet should you run first?

  • A. Update-AzWvdSessionHost
  • B. Get-AzApiManagementSsoToken
  • C. Set-AzVMADDomainExtension
  • D. New-AzWvdRegistrationInfo


Answer : C

Reference:
https://rozemuller.com/avd-automation-cocktail-avd-automated-with-powershell/

Page:    1 / 8   
Exam contains 126 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.