AZ-140 : Configuring and Operating Windows Virtual Desktop on Microsoft Azure : Part 03

AZ-140 : Configuring and Operating Windows Virtual Desktop on Microsoft Azure : Part 03

1. Case study

   This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

   To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

   At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

   To start the case study
   To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

   Overview

   Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.

   Contoso has an Azure subscription and uses Microsoft 365.

   Existing Infrastructure. Active Directory

   The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.

   The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.

   

   The on-premises Active Directory domain contains the users shown in the following table.

   

   The Azure AD tenant contains the cloud-only users shown in the following table.

   

   Existing Infrastructure. Network Infrastructure

   All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.

   All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.

   Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).

   In the West US Azure region, you have the storage accounts shown in the following table.

   

   Existing Infrastructure. Remote Desktop Infrastructure

   Contoso has a Remote Desktop infrastructure shown in the following table.

   

   Requirements. Planned Changes

   Contoso plans to implement the following changes:

   – Implement FSLogix profile containers for the Paris offices.
   – Deploy a Windows Virtual Desktop host pool named Pool4.
   – Migrate the RDS deployment in the Seattle office to Windows Virtual Desktop in the West US Azure region.

   Requirements. Pool4 Configuration

   Pool4 will have the following settings:

   – Host pool type: Pooled
   – Max session limit: 7
   – Load balancing algorithm: Depth-first
   – Images: Windows 10 Enterprise multi-session
   – Virtual machine size: Standard D2s v3
   – Name prefix: Pool4
   – Number of VMs: 5
   – Virtual network: VNET4

   Requirements. Technical Requirements

   Contoso identifies the following technical requirements:

   – Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
   – For the Windows Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
   – For the Windows Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
   – Enable Operator2 to modify the RDP Properties of the Windows Virtual Desktop deployment in the Montreal office.
   – From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
   – Ensure that the Pool1 virtual machines only run during business hours.
   – Use the principle of least privilege.

   1. You need to configure the device redirection settings. The solution must meet the technical requirements.

      Where should you configure the settings?

      • Workspace1
      • MontrealUsers
      • Group1
      • Pool1
2. Case study

   This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

   To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

   At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

   To start the case study
   To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

   Overview

   Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.

   Existing Environment. Identity Environment

   The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.

   The Azure AD tenant contains the users shown in the following table.

   

   All users are registered for Azure Multi-Factor Authentication (MFA).

   Existing Environment. Cloud Services

   Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.

   Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.

   

   Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises Active Directory domain.

   Network and DNS

   The offices connect to each other by using a WAN link. Each office connects directly to the internet.

   All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.

   Requirements. Planned Changes

   Litware plans to implement the following changes:

   – Deploy Windows Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.
   – Implement FSLogix profile containers.
   – Optimize the custom virtual machine images for the Windows Virtual Desktop session hosts.
   – Use PowerShell to automate the addition of virtual machines to the Windows Virtual Desktop host pools.

   Requirements. Performance Requirements

   Litware identifies the following performance requirements:

   – Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.
   – Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.
   – Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.

   Requirements. Authentication Requirements

   Litware identifies the following authentication requirements:

   – Enforce Azure MFA when accessing Windows Virtual Desktop apps.
   – Force users to reauthenticate if their Windows Virtual Desktop session lasts more than eight hours.

   Requirements. Security Requirements

   Litware identifies the following security requirements:

   – Explicitly allow traffic between the Windows Virtual Desktop session hosts and Microsoft 365.
   – Explicitly allow traffic between the Windows Virtual Desktop session hosts and the Windows – Virtual Desktop infrastructure.
   – Use built-in groups for delegation.
   – Delegate the management of app groups to CloudAdmin1, including the ability to publish app groups to users and user groups.
   – Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.
   – Minimize administrative effort to manage network security.
   – Use the principle of least privilege.

   Requirements. Deployment Requirements

   Litware identifies the following deployment requirements:

   – Use PowerShell to generate the token used to add the virtual machines as session hosts to a Windows Virtual Desktop host pool.
   – Minimize how long it takes to provision the Windows Virtual Desktop session hosts based on the custom virtual machine images.
   – Whenever possible, preinstall agents and apps in the custom virtual machine images.

   1. You need to configure the user settings of Admin1 to meet the user profile requirements.

      What should you do?

      • Modify the membership of the FSLogix ODFC Exclude List group.
      • Modify the membership of the FSLogix Profile Exclude List group.
      • Modify the HKLM\SOFTWARE\FSLogix\Profiles registry settings.
      • Modify the HKLM\SOFTWARE\FSLogix\ODFC registry settings.

   2. You need to ensure the resiliency of the user profiles for the Boston office users. The solution must meet the user performance requirements.

      What should you do?

      • Modify the Account kind setting of storage1.
      • Modify the replication settings of storage1.
      • Implement Azure Site Recovery.
      • Configure Cloud Cache.

3. You have a Windows Virtual Desktop host pool that runs Windows 10 Enterprise multi-session.

   You need to configure automatic scaling of the host pool to meet the following requirements:

   – Distribute new user sessions across all running session hosts.
   – Automatically start a new session host when concurrent user sessions exceed 30 users per host.

   What should you include in the solution?

   • an Azure Automation account and the depth-first load balancing algorithm
   • an Azure Automation account and the breadth-first load balancing algorithm
   • an Azure load balancer and the breadth-first load balancing algorithm
   • an Azure load balancer and the depth-first load balancing algorithm

4. You have a Windows Virtual Desktop host pool named Pool1 and an Azure Automation account named account1. Pool1 is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain named contoso.com.

   You plan to configure scaling for Pool1 by using Azure Automation runbooks.

   You need to authorize the runbooks to manage the scaling of Pool1. The solution must minimize administrative effort.

   What should you configure?

   • a managed identity in Azure Active Directory (Azure AD)
   • a group Managed Service Account (gMSA) in Azure AD DS
   • a Connections shared resource in Azure Automation
   • a Run As account in Azure Automation

5. You have a Windows Virtual Desktop host pool named Pool1 that runs Windows 10 Enterprise multi-session hosts.

   You need to use Performance Monitor to troubleshoot a low frame quality issue that is affecting a current use session to Pool1.

   What should you run to retrieve the user session ID?

   • Get-ComputerInfo

   • qwinsta

   • whoami

   • Get-LocalUser

6. You have an Azure subscription that contains the resources shown in the following table.

   

   Which resources can you back up by using Azure Backup?

   •  WVDVM-0 and share1 only
   • WVDVM-0 only
   • WVDVM-0, Image1, and Image2 only
   • WVDVM-0, share1, and Image1 only
   • WVDVM-0, share1, Image1, and Image2

7. DRAG DROP

   You have a Windows Virtual Desktop host pool named Pool1. Pool1 contains session hosts that use FSLogix profile containers hosted in Azure NetApp Files volumes.

   You need to back up profile files by using snapshots.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

8. Case study

   This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

   To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

   At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

   To start the case study
   To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

   Overview

   Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle branch office opened recently.

   Contoso has an Azure subscription and uses Microsoft 365.

   Existing Infrastructure. Active Directory

   The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.

   The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.

   

   The on-premises Active Directory domain contains the users shown in the following table.

   

   The Azure AD tenant contains the cloud-only users shown in the following table.

   

   Existing Infrastructure. Network Infrastructure

   All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.

   All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.

   Since users often work on confidential documents, all the users use their computer as a client for connecting to Remote Desktop Services (RDS).

   In the West US Azure region, you have the storage accounts shown in the following table.

   

   Existing Infrastructure. Remote Desktop Infrastructure

   Contoso has a Remote Desktop infrastructure shown in the following table.

   

   Requirements. Planned Changes

   Contoso plans to implement the following changes:

   – Implement FSLogix profile containers for the Paris offices.
   – Deploy a Windows Virtual Desktop host pool named Pool4.
   – Migrate the RDS deployment in the Seattle office to Windows Virtual Desktop in the West US Azure region.

   Requirements. Pool4 Configuration

   Pool4 will have the following settings:

   – Host pool type: Pooled
   – Max session limit: 7
   – Load balancing algorithm: Depth-first
   – Images: Windows 10 Enterprise multi-session
   – Virtual machine size: Standard D2s v3
   – Name prefix: Pool4
   – Number of VMs: 5
   – Virtual network: VNET4

   Requirements. Technical Requirements

   Contoso identifies the following technical requirements:

   – Before migrating the RDS deployment in the Seattle office, obtain the recommended deployment configuration based on the current RDS utilization.
   – For the Windows Virtual Desktop deployment in the Montreal office, disable audio output in the device redirection settings.
   – For the Windows Virtual Desktop deployment in the Seattle office, store the FSLogix profile containers in Azure Storage.
   – Enable Operator2 to modify the RDP Properties of the Windows Virtual Desktop deployment in the Montreal office.
   – From a server named Server1, convert the user profile clicks to the FSLogix profile containers.
   – Ensure that the Pool1 virtual machines only run during business hours.
   – Use the principle of least privilege.

   1. You need to configure the virtual machines that have the Pool1 prefix. The solution must meet the technical requirements.

      What should you use?

      • a Windows Virtual Desktop automation task
      • Virtual machine auto-shutdown
      • Service Health in Azure Monitor
      • Azure Automation