Az 140 - 187 Pages
Az 140 - 187 Pages
(AZ-140)
Answer:
Explanation:
Reference:
https://jenzushsu.medium.com/configure-email-discovery-to-subscribe-to-your-windows-virtual-desktop-fee
d-49dbb8db553c https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-ios
Question: 2 CertyIQ
You have an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure virtual network named
VNET1.
To VNET1, you deploy an Azure Active Directory Domain Services (Azure AD DS) managed domain named
litwareinc.com.
To VNET1, you plan to deploy a Azure Virtual Desktop host pool named Pool1.
You need to ensure that you can deploy Windows 10 Enterprise session hosts to Pool1.
What should you do first?
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance
Question: 3 CertyIQ
You have the devices shown in the following table.
You plan to deploy Azure Virtual Desktop for client access to remove virtualized apps.
Which devices support the Remote Desktop client?
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop
Question: 4 CertyIQ
HOTSPOT -
You plan to deploy Azure Virtual Desktop.
Users have the devices shown in the following table.
From which device types can the users connect to Azure Virtual Desktop resources by using the Remote Desktop
client app and the Remote Desktop web client?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-web https://docs.microsoft.com/en-us/azure
/virtual-desktop/connect-android https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-macos
Question: 5 CertyIQ
HOTSPOT -
You have an Azure Virtual Desktop deployment.
You plan to create the host pools shown in the following table.
You need to recommend the virtual machine size for each host pool. The solution must minimize costs.
Which size should you recommend for each pool? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/sizes https://docs.microsoft.com/en-us/azure/virtual
-machines/nvv3-series https://docs.microsoft.com/en-us/azure/virtual-machines/dv4-dsv4-series
Question: 6 CertyIQ
You plan to deploy Azure Virtual Desktop to meet the department requirements shown in the following table.
You plan to use Azure Virtual Desktop host pools with load balancing and autoscaling.
You need to recommend a host pool design that meets the requirements. The solution must minimize costs.
What is the minimum number of host pools you should recommend?
A. 1
B. 2
C. 3
D. 4
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace
Question: 7 CertyIQ
Your company has a main office and two branch offices. Each office connects directly to the internet. The router in
each branch office is configured as an endpoint for the following VPNs:
✑ A VPN connection to the main office
✑ A site-to-site VPN to Azure
The routers in each branch office have the Quality of Service (QoS) rules shown in the following table.
Users in the branch office report slow responses and connection errors when they attempt to connect to Azure
Virtual Desktop resources.
You need to modify the QoS rules on the branch office routers to improve Azure Virtual Desktop performance.
For which rule should you increase the bandwidth allocation?
A. Rule2
B. Rule3
C. Rule4
D. Rule1
Answer: B
Explanation:
Issues with connection would be related to the initial traffic over HTTPS, not infrastructure in Azure. For the
comments related to "QoS requires shortpath", to me that article reads that the type of QoS that requires
shortpath is within AVD, not router-based QoS, which would be completely separate from AVD.
Picking rule 3 because no indication rdp shortpath or private endpoint so traffic will go to public AVD URL via
https.
Question: 8 CertyIQ
You plan to deploy Azure Virtual Desktop. The deployment will use existing virtual machines.
You create a Azure Virtual Desktop host pool.
You need to ensure that you can add the virtual machines to the host pool.
What should you do first?
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace
Question: 9 CertyIQ
You are designing an Azure Virtual Desktop deployment.
You identify the network latency between the locations where users reside and the planned deployment.
What should you use to identify the best Azure region to deploy the host pool?
Answer: B
Explanation:
Azure Virtual Desktop Experience Estimator estimates the connection round trip time (RTT) from your current
location, through the Azure Virtual Desktop service, to each Azure region in which you can deploy virtual
machines.
Reference:
https://azure.microsoft.com/en-gb/services/virtual-desktop/assessment/
Question: 10 CertyIQ
You have an Azure Virtual Desktop host pool named Pool1 in the East US region.
You have a storage account named storage1 that contains FSLogix profile containers. In the East US region, you
have a shared image gallery named SIG1 that contains a virtual machine image named Image1. Image1 is used to
create new session hosts in Pool1.
You plan to deploy a new Azure Virtual Desktop host pool named Pool2 to the South India region.
You need to implement a session host deployment solution for Pool2 that meets the following requirements:
✑ Image1 must replicate in the South India region.
✑ The session hosts in Pool2 must be based on Image1.
✑ Changes to Image1 must be available in the South India and East US regions.
What should you include in the solution?
A. Create a new shared image gallery named SIG2 in the South India region. Upload a copy of Image1 to SIG2.
B. Create a new Azure Storage account named storage2 in the South India region. Copy Image1 to a shared
folder in storage2.
C. From SIG1, update the replication for the latest image version of Image1.
D. Configure geo-redundant storage (GRS) replication for storage1. Copy the VHD file of Image1 to the FSLogix
profile container.
Answer: C
Explanation:
One example is to always replicate the latest image in multi-regions while all older versions are only available
in 1 region. This can help save on storage costs for image versions.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries
Question: 11 CertyIQ
HOTSPOT -
You have an on-premises network.
All users have computers that run Windows 10 Pro.
You plan to deploy Azure Virtual Desktop to meet the department requirements shown in the following table.
You need to recommend licenses for the departments. The solution must minimize costs.
Which license should you recommend for each department? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/windows-10-multisession-faq https://azure.microsoft.
com/en-us/pricing/details/virtual-desktop/#pricing
Question: 12 CertyIQ
Your company has 60,000 users.
You plan to deploy Azure Virtual Desktop.
You need to recommend a storage solution for the FSLogix profile containers. The solution must provide the
highest possible IOPS and the lowest latency desktop experience.
What should you recommend?
Explanation:
Run your most demanding Linux and Windows file workloads in Azure
Running performance-intensive and latency-sensitive file workloads in the cloud can be hard. Azure NetApp
Files makes it easy for enterprise line-of-business (LOB) and storage professionals to migrate and run
complex, file-based applications with no code change. Azure NetApp Files is widely used as the underlying
shared file-storage service in various scenarios. These include migration (lift and shift) of POSIX-compliant
Linux and Windows applications, SAP HANA, databases, high-performance compute (HPC) infrastructure and
apps, and enterprise web applications.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile
Question: 13 CertyIQ
Your company has a single office and has 40 employees.
You are planning an Azure Virtual Desktop deployment. The estimated user workloads are shown in the following
table.
Half the users of each workload type work from home. All the users who work from home do NOT establish a VPN
connection to the office.
Approximately how much bandwidth is needed between the office and Azure to support the planned workloads?
A. 9.5 Mbps
B. 55 Mbps
C. 110 Mbps
D. 220 Mbps
Answer: B
Explanation:
10 * 1,5 = 15
5 x 3 = 15
5 x 5 = 25
Total: 15 + 15 + 25 = 55 mbps
The DNS servers are configured to forward requests to an external DNS service.
You create a new virtual network named VNET2 that is peered to VNET1 and has gateway transit enabled.
You plan to implement an Azure Virtual Desktop host pool in VNET2. The session hosts will be joined to the Active
Directory domain.
You need to configure DNS to meet the following requirements:
✑ Ensure that Azure Virtual Desktop users can resolve on-premises servers and Azure resources.
✑ Ensure that azure Virtual Desktop remains operational if a DNS server fails.
✑ Minimize administrative effort.
What should you configure?
Answer: A
Explanation:
In azure, never configure network settings inside the VM, always via the VNET or the NIC
Answer is AYou should configure the DNS settings of VNET2 to use Server2 and Server1 to meet the
requirements.By configuring the DNS settings of VNET2 to use Server2 and Server1, the Azure Virtual
Desktop users will be able to resolve on-premises servers and Azure resources. Since VNET2 is peered with
VNET1 and has gateway transit enabled, the DNS servers in VNET1 will automatically be available in VNET2.
This will ensure that Azure Virtual Desktop remains operational if a DNS server fails.Configuring the DNS
settings at the VNET level will also minimize administrative effort, as you only need to make the change once
instead of for each individual virtual machine.
Question: 15 CertyIQ
HOTSPOT -
You have an Azure subscription that contains a hybrid Azure Active Directory (Azure AD) tenant and two domain-
joined Azure virtual machines. The virtual machines run Windows Server 2019 and contain managed disks.
You plan to deploy an Azure Virtual Desktop host pool that will use a Storage Spaces Direct Scale-Out File Server
to host user profiles.
You need to ensure that the virtual machines can host the Storage Spaces Direct deployment. The solution must
meet the following requirements:
✑ Ensure that the user profiles are available if a single server fails.
✑ Minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/deploy-storage-spaces-direct
Question: 16 CertyIQ
You have the Azure Virtual Desktop deployment shown in the following table.
You plan to deploy a new host pool as shown in the following table.
You need to ensure that you can deploy the host pool.
What should you do?
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-portal/supportability/per-vm-quota-requests
Question: 17 CertyIQ
You have an Azure subscription that contains 500 users. The users are assigned Microsoft Office 365 E1 licenses.
You deploy an Azure Virtual Desktop solution that contains Windows 10 multi-session hosts and streams a custom
remote app named App1.
You need to ensure that the users are licensed to stream App1. The solution must minimize costs.
Which license should you use?
A. Microsoft 365 E5
B. Office 365 E3
C. a Remote Desktop Services (RDS) client access license (CAL)
D. Windows 10 Enterprise E3
Answer: D
Explanation:
App-V client. The App-V client must be enabled on any client device on which apps will be run from the App-V
server. These will be the Windows 10/11 Enterprise
E3 devices.
Reference:
https://docs.microsoft.com/sv-se/windows/deployment/windows-10-enterprise-e3-overview
Question: 18 CertyIQ
DRAG DROP -
You have an Azure subscription that contains a virtual machine named VM1. VM1 runs a customized version of
Windows 10 Enterprise.
You generalize the operating system on VM1 and shut down the virtual machine.
You need to deploy additional virtual machines based on an image of VM1 by using the Azure portal.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Explanation:
Create a managed image from a snapshot using PowerShell.
You can create a managed image from a snapshot of a generalized VM by following these steps:
1. Create an image of a VM in the portal, capture a VM in the portal
2. Go to the Azure portal, then search for and select Virtual machines.
3. Select your VM from the list.
4. On the page for the VM, on the upper menu, select Capture.
5. The Create an image page appears.
6. For Resource group, either select Create new and enter a name, or select a resource group to use from the
drop-down list. If you want to use an existing gallery, select the resource group for the gallery you want to
use.
7. To create the image in a gallery, select Yes, share it to a gallery as an image version.
8. To only create a managed image, select No, capture only a managed image. The VM must have been
generalized to create a managed image. The only other required information is a name for the image.
9. If you want to delete the source VM after the image has been created, select Automatically delete this
virtual machine after creating the image. This is not recommended.
10.For Gallery details, select the gallery or create a new gallery by selecting Create new. (Step 1)
11.In Operating system state select generalized or specialized. For more information, see Generalized and
specialized images.
12.Select an image definition or select create new and provide a name and information for a new Image
definition. (Step 2)
13.Enter an image version number. If this is the first version of this image, type 1.0.0. (Step 3)
14.If you want this version to be included when you specify latest for the image version, then leave Exclude
from latest unchecked.
15.Select an End of life date. This date can be used to track when older images need to be retired.
16.Under Replication, select a default replica count and then select any additional regions where you would
like your image replicated.
17.When you are done, select Review + create.
18.After validation passes, select Create to create the image.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/capture-image-portal
Question: 19 CertyIQ
You have an Azure Virtual Desktop deployment that contains an Azure compute gallery. The Azure compute
gallery contains an image definition named
Definitions Definitionl contains the following image versions:
* 1.0.0
* 1.1.0
* 1.2.0
You need to ensure that when a virtual machine is created from the Azure compute gallery, the 1.1.0 image version
is used by default.
What should you do?
Answer: B
Explanation:
Updating resources.
Once created, you can make some changes to the gallery resources. These are limited to:
* Azure Compute Gallery:
* Image definition:
* Image version:
Target regions -
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries
Question: 20 CertyIQ
HOTSPOT
-
You have an Azure Virtual Desktop deployment and two Azure Active Directory groups named Group1 and Group2.
You create two Conditional Access policies named Policy1 and Policy2. Policy1 is assigned to Group1. Policy2 is
assigned to Group2. Both policies include Azure Virtual Desktop as a cloud app.
You need to meet the following requirements:
• The users in Group1 must be prompted for multi-factor authentication (MFA) when they connect to Azure Virtual
Desktop.
• The users in Group2 must reauthenticate every eight hours while they are connected to Azure Virtual Desktop.
Which settings should you configure in Policy1 and Policy2? To answer, select the appropriate options in the
answer area.
Answer:
Question: 21 CertyIQ
HOTSPOT
-
You plan to deploy two Azure file shares named Share1 and Share2 that will be used with Azure Virtual Desktop.
Share1 will contain at least 100 GB of data and must be stored on SSDs. Share2 must be able to switch between
Transaction optimized and Cool storage tiers and must be stored on HDDs.
You need to recommend which type of storage accounts to use for the shares. The solution must minimize costs.
What should you recommend for each share? To answer, select the appropriate options in the answer area.
Your on-premises network contains an Active Directory domain that syncs with an Azure AD tenant.
You have an Azure Virtual Desktop host pool that contains Windows 11 session hosts joined to the domain.
You need to configure Azure NetApp Files to store user profile containers.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you
select.
Answer:
Question: 23 CertyIQ
DRAG DROP
-
You have an Azure Virtual Desktop deployment.
You plan to create the host pools shown in the following table.
You need to recommend the virtual machine size for each host pool to meet the session host requirements.
Answer:
Explanation:
F-Series
E-series
N-series
Question: 24 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10
Enterprise multi-session.
You need to prevent users from accessing the internet from Azure Virtual Desktop sessions. The session hosts
must be allowed to access all the required
Microsoft services.
Solution: You configure the RDP Properties of the host pool.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
B. No - The correct to modify the NSG on the network to prevent outgoing traffic
Question: 25 CertyIQ
You deploy an Azure Virtual Desktop host pool named Pool1.
You have an Azure Storage account named store1 that stores FSLogix profile containers in a share named profiles.
You need to configure the path to the storage containers for the session hosts.
Which path should you use?
A. \\store1.blob.core.windows.net\profiles
B. https://store1.file.core.windows.net/profiles
C. \\store1.file.core.windows.net\profiles
D. https://store1.blob.core.windows.net/profiles
Answer: C
Explanation:
C. \\store1.file.core.windows.net\profiles
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-profile-container-adds
Question: 26 CertyIQ
HOTSPOT -
You have a Azure Virtual Desktop host pool that has a max session limit of 15. Disconnected sessions are signed
out immediately.
The session hosts for the host pool are shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script
Question: 27 CertyIQ
HOTSPOT -
You have an Azure virtual machine named VM1 that runs Windows 10 Enterprise multi-session.
You plan to add language packs to VM1 and create a custom image of VM1 for an Azure Virtual Desktop host pool.
You need to ensure that modern apps can use the additional language packs when you deploy session hosts by
using the custom image.
Which command should you run first? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/language-packs https://docs.microsoft.com/en-us/tro
ubleshoot/windows-server/deployment/issues-appx-cleanup-maintenance-task https://docs.microsoft.com/e
n-us/powershell/module/scheduledtasks/disable-scheduledtask?view=windowsserver2019-ps
Question: 28 CertyIQ
DRAG DROP -
You have a Azure Virtual Desktop deployment.
You have a session host named Host1 that has the disk layout shown in the exhibit. (Click the Exhibit tab.)
You plan to deploy an app that must be installed on D. The app requires 500 GB of disk space.
You need to add a new data disk that will be assigned the drive letter D. The solution must maintain the current
performance of Host1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Explanation:
Reference:
https://www.azurecorner.com/change-temporary-drive-azure-vm-use-d-persistent-data-disks/
Question: 29 CertyIQ
You plan to deploy Azure Virtual Desktop session host virtual machines based on a preconfigured master image.
The master image will be stored in a shared image gallery.
You create a virtual machine named Image1 to use as the master image. You install applications and apply
configuration changes to Image1.
You need to ensure that the new session host virtual machines created based on Image1 have unique names and
security identifiers.
What should you do on Image1 before you add the image to the shared image gallery?
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image#determine
-when-to-use-sysprep
Question: 30 CertyIQ
You have a shared image gallery that contains the Windows 10 images shown in the following table.
You create an Azure Virtual Desktop deployment that has the following settings:
Host pool name: Pool1 -
✑ Location: West US
✑ Host pool type: Personal
Which images can you use for the session hosts?
A. Image1 only
B. Image1, Image2, Image3, and Image4
C. Image2 only
D. Image1 and Image2 only
E. Image1 and Image3 only
Answer: E
Explanation:
Reference:
https://azure.microsoft.com/en-in/blog/vm-image-blog-post/
Question: 31 CertyIQ
HOTSPOT -
You have an Azure subscription that contains the virtual machines shown in the following table.
You create a shared image gallery as shown in the SharedGallery1 exhibit. (Click the SharedGallery1 tab.)
You create an image definition as shown in the Image1 exhibit. (Click the Image1 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Yes = Will work but i am not happy about it because the Image is a Specialized which can make problems
No = Location is West US
Reference:
https://www.robinhobo.com/windows-virtual-desktop-wvd-image-management-how-to-manage-and-deploy-
custom-images-including-versioning-with-the-azure- shared-image-gallery-sig/
Question: 32 CertyIQ
DRAG DROP -
You plan to deploy Azure Virtual Desktop.
You need to create Azure NetApp Files storage to store FSLogix profile containers.
Which four actions should you perform in sequence after you register the NetApp Resource Provider? To answer,
move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you
select.
Select and Place:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-fslogix-profile-container#make-sure-userscan
-access-the-azure-netapp-file-share https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp
-files-quickstart-set-up-account-create-volumes?tabs=azure-portal
Question: 33 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10
Enterprise multi-session.
You need to prevent users from accessing the internet from Azure Virtual Desktop sessions. The session hosts
must be allowed to access all the required
Microsoft services.
Solution: You configure rules in the network security group (NSG) linked to the subnet of the session hosts.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
Question: 34 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10
Enterprise multi-session.
You need to prevent users from accessing the internet from Azure Virtual Desktop sessions. The session hosts
must be allowed to access all the required
Microsoft services.
Solution: You configure the Address space settings of the virtual network that contains the session hosts.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
No - B is correct answer.
Question: 35 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Virtual Desktop host pool that contains five session hosts. The session hosts run Windows 10
Enterprise multi-session.
You need to prevent users from accessing the internet from Azure Virtual Desktop sessions. The session hosts
must be allowed to access all the required
Microsoft services.
Solution: You modify the IP configuration of each session host.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
No is a correct answer.
Question: 36 CertyIQ
You have an Azure Virtual Desktop host pool. The pool contains session hosts that run Windows 10 Enterprise
multi-session.
You connect to a Remote Desktop session on Pool1 and discover an issue with the frequency of screen updates.
You need to identify whether the issue related to insufficient server, network, or client resources. The solution
must minimize how long it takes to identify the resource type.
What should you do?
A. From within the current session, use the Azure Virtual Desktop Experience Estimator.
B. From Azure Cloud Shell, run the Get-AzOperationalInsightsWorkspaceUsage cmdlet and specify the
DefaultProfile parameter.
C. From Azure Cloud Shell, run the Get-AzWvdUserSession cmdlet and specify the UserSessionId parameter.
D. From within the current session, use Performance Monitor to display the values of all the RemoteFX
Graphics(*)\Frames Skipped/Second counters.
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/remotefx-graphics-performance-counters
Question: 37 CertyIQ
DRAG DROP -
You have an Azure Virtual Desktop host pool named Pool1.
You need to ensure that you can create an Azure NetApp Files volume that will host user profiles for Pool1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you
select.
Select and Place:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-quickstart-set-up-account-cre
ate-volumes?tabs=azure-portal
Question: 38 CertyIQ
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You use a user account named Admin1 to deploy an Azure Active Directory Domain Services (Azure AD DS)
managed domain named aaddscontoso.com to a virtual network named VNET1.
You plan to deploy an Azure Virtual Desktop host pool named Pool1 to VNET1.
You need to ensure that you can use the Admin1 user account to deploy Windows 10 Enterprise session hosts to
Pool1.
What should you do first?
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace?tabs=azure-po
rtal
Question: 39 CertyIQ
You have an Azure Virtual Desktop host pool named Pool1 that contains the following:
✑ A linked workspace named Workspace1
✑ An application group named Default Desktop
✑ A session host named Host1
You need to add a new data disk.
What should you modify?
A. Host1
B. Workspace1
C. Pool1
D. Default Desktop
Answer: A
Explanation:
AVD session hosts are just VMs that appear in Virtual Machines in the Azure portal. Therefore you manage
them (e.g. add a disk) in the same way as any other VMs.
Question: 40 CertyIQ
HOTSPOT -
You are automating the deployment of an Azure Virtual Desktop host pool.
You deploy the Azure Resource Manager (ARM) template shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the ARM template.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
1 session
The question states "The first time they connect" which means they dont have an assigned VM yet. The "first
time they connect" they will be randomly assigned an available session host which completes the registration.
Any future connections will then be a permanent VM.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/configure-host-pool-
personal-desktop-assignment-type-2019 https://docs.microsoft.com/en-us/azure/cloud-adoption-
framework/scenarios/wvd/eslz-platform-automation-and-devops
Question: 41 CertyIQ
You have an Azure Virtual Desktop deployment.
You need to create a host pool. The solution must ensure that during periods of low CPU usage, credits can be
accumulated, and then used to raise performance above the purchased baseline during periods of high CPU usage.
Which virtual machine series should you specify when you create the pool?
A. A-series
B. D-series
C. H-series
D. B-series
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable
Question: 42 CertyIQ
You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.
You have an Azure Storage account named storage1. Storage1 hosts a file share named share1 that has share and
file system permissions configured. Share1 is configured to use contoso.com for authentication.
You create an Azure Virtual Desktop host pool named Pool1. Pool1 contains two session hosts that use the
Windows 10 multi-session + Microsoft 365 Apps image.
You need to configure an FSLogix profile container for Pool1.
What should you do next?
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-user-profile
Question: 43 CertyIQ
DRAG DROP -
You have an Azure subscription that contains the storage accounts shown in the following table.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image#upload-master-
image-to-a-storage-account-in-azure https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-
profile
Question: 44 CertyIQ
You have an Azure storage account that contains the generalized Windows 10 disk images shown in the following
table.
You need to create an image that will be used to deploy an Azure Virtual Desktop session host.
Which disk should you use?
A. Disk1
B. Disk2
C. Disk3
D. Disk4
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image
Question: 45 CertyIQ
You create the virtual machines shown in the following table.
You need a source virtual hard disk for new Azure Virtual Desktop session host deployments. The source operating
system must have user-specific and machine- specific information removed.
Which virtual machines can you use as the source?
A. SourceVM3 only
B. SourceVM1 only
C. SourceVM1, SourceVM2, and SourceVM3
D. SourceVM1 and SourceVM2 only
E. SourceVM2 only
Answer: E
Explanation:
Generalizing removes machine specific information so the image can be used to create multiple VMs. Once
the VM has been generalized, you need to let the platform know so that the boot sequence can be set
correctly.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/generalize
Question: 46 CertyIQ
You have an Azure Virtual Desktop deployment.
You plan to use FSLogix profile containers.
You need to recommend a solution that will be used to store the containers. The solution must meet the following
requirements:
* The containers must be stored on solid-state drives (SSDs)
* Minimize administrative effort
* Minimize cost
What should you recommend?
Answer: D
Explanation:
Azure Files integration with Azure Active Directory Domain Service
FSLogix profile containers' performance and features take advantage of the cloud. On August 7th, 2019,
Microsoft Azure Files announced the general availability of Azure Files authentication with Azure Active
Directory Domain Service (Azure AD DS). By addressing both cost and administrative overhead, Azure Files
with
Azure AD DS Authentication is a premium solution for user profiles in the Azure Virtual Desktop service.
Premium file shares enable highly I/O-intensive workloads, with high throughput and low latency. Premium file
shares are offered on high-performance solid-state drive (SSD) based storage.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/fslogix-containers-azure-files https://azure.microsoft.
com/en-us/pricing/details/storage/files/
Question: 47 CertyIQ
HOTSPOT -
You have an Azure Virtual Desktop deployment that contains two users named User1 and User2 and the storage
accounts shown in the following table.
The File share settings for storage1 are configured as shown in the following exhibit.
The File share settings for storage2 are configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: Yes -
Storage1: Storage File Data SMB Share Contributor is assigned to User1.
The Share1 on Storage1 is transaction optimized.
Storage File Data SMB Share Contributor, Allows for read, write, and delete access on files and directories in
Azure file shares.
Box 2: Yes -
Storage2 has Share4. User2 is the owner of Storage2.
Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions
Question: 48 CertyIQ
You have an Azure Virtual Desktop host pool named HostPool1. HostPool1 contains Windows 10 session hosts and
the application groups shown in the following table.
You need to assign an instance of a Windows 11 Desktop application group to users.
What should you do first?
Answer: D
Explanation:
If you've already created a host pool and session host VMs using the Azure portal or PowerShell, you can add
application groups from the Azure portal.
The default app group created for a new Azure Virtual Desktop host pool also publishes the full desktop. In
addition, you can create one or more RemoteApp application groups for the host pool.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups
Question: 49 CertyIQ
HOTSPOT -
You have an Azure subscription named Subscription1 that contains the users shown in the following table.
Subscription1 contains the Azure Virtual Desktop host pools shown in the following table.
Subscription1 contains the Azure Virtual Desktop application groups shown in the following table.
You perform the role assignments shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: Yes -
The P1-0.contoso.com session host is in Pool1.
Group1 has the Desktop Virtualization User Session Operator role for Pool1.
User1 is member of Group1.
Desktop Virtualization User Session Operator
The Desktop Virtualization User Session Operator role allows users to send messages, disconnect sessions,
and use the "logoff" function to sign sessions out of the session host. However, this role doesn't let users
perform session host management like removing session host, changing drain mode, and so on. This role can
see assignments, but can't modify admins. We recommend you assign this role to specific host pools. If you
give this permission at a resource group level, the admin will have read permission on all host pools under a
resource group.
Box 2: No -
User2 is member of Group2 and Group3. Those do not give access to the P1-0.contoso.com session host in
Pool1.
Box 3: Yes -
User2, as a member of Group3, is a Desktop Virtualization User for AppGroup2. Pool2 is in AppGroup2. The
P2-0.contoso.com session host is in Pool2.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac
Question: 50 CertyIQ
You have an on-premises network and an Azure subscription. The subscription contains the following virtual
network:
* Name:VNet1
* Address space: 10.10.0.0/16
* Subnet name: Subnet1
* Subnet1 address range: 10.10.0.0/16
You deploy an Azure Virtual Desktop host pool that contains 10 session hosts to Subnets.
You plan to deploy a VPN gateway to VNet1 and provide the session hosts with access to the on-premises network.
You need to ensure that you can deploy the VPN gateway.
What should you do first?
Answer: B
Explanation:
A subnet for the Gateway is needed.
For example:
Subnets -
Now select Subnets and click on the Gateway subnet on the righthand side of the screen.
Edit the settings, and then click OK.
Reference:
https://www.policypak.com/resources/pp-blog/windows-virtual-desktop/
Question: 51 CertyIQ
You have an Azure Virtual Desktop deployment that contains a host pool. The pool has the following settings:
* Resource group: RG1
* Host pool name: Pool1
* Location: East US
* Host pool type: Pooled
The deployment contains the workspaces shown in the following table.
For Pool1, you plan to create a RemoteApp application group named AppGroup1.
In which workspaces can you register AppGroup1?
Answer: B
Explanation:
You can only register the app group to workspaces created in the same location as the host pool. Also. if
you've previously registered another app group from the same host pool as your new app group to a
workspace, it will be selected and you can't edit it. All app groups from a host pool must be registered to the
same workspace.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups
Question: 52 CertyIQ
HOTSPOT -
You have an Azure Virtual Desktop host pool named HostPool1 that contains 20 session hosts.
You create a new scaling plan that has the Ramp-up settings shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: 4 -
20%, minimum percentage of hosts, of 20 session hosts is 4 hosts.
Box 2: evenly across all available session hosts
The load balancing algorithm is breadth-first.
Breadth-first load balancing allows you to evenly distribute user sessions across the session hosts in a host
pool.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing
Question: 53 CertyIQ
HOTSPOT -
You have an Azure subscription.
You plan to deploy an Azure Virtual Desktop solution that will contain Windows 10 multi-session hosts in a single
host pool. The solution has the requirements shown in the following table.
You need to configure the session host for the host pool. The solution must minimize costs.
How many session hosts should the host pool contain, and how many vCPUs should each session host have? To
answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: 25 -
400 users, 16 concurrent users per session host. Need 400/16=25 session hosts.
Box 2: 4 -
1 VCPU for 4 user, 16 concurrent users per session host. Need 16/4=4 vCPU per session host.
Note: The following table shows examples of standard or larger user workloads with 20 or more users:
Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/virtual-machine-recs
Question: 54 CertyIQ
You plan to deploy Azure Virtual Desktop.
You are deploying Storage Spaces Direct to a cluster that will store FSLogix profile containers. The cluster will
NOT use Cloud witness.
What is the minimum number of virtual machines required for the cluster?
A. 1
B. 2
C. 3
D. 4
Answer: B
Explanation:
Storage Spaces Direct is a software-defined storage solution that allows you to share storage resources in
your converged and hyperconverged IT infrastructure. It enables you to combine internal storage drives on a
cluster of physical servers (2 and up to 16) into a software-defined pool of storage.
https://learn.microsoft.com/en-us/azure-stack/hci/concepts/storage-spaces-direct-overview?
toc=%2Fwindows-server%2Fstorage%2Ftoc.json&bc=%2Fwindows-
server%2Fbreadcrumbs%2Ftoc.json#what-is-storage-spaces-direct
Question: 55 CertyIQ
HOTSPOT
-
You have an Azure Virtual Desktop deployment that contains a host pool named HostPool1.
Which three settings should you modify? To answer, select the appropriate settings in the answer area.
Question: 56 CertyIQ
HOTSPOT
-
The subscription uses the Azure Virtual Desktop host pools shown in the following table.
You need to ensure that User1 can create RemoteApp app groups that will be used to stream a suite of custom
apps from the host pools. The solution must meet the following requirements:
Answer:
Explanation:
Question: 57 CertyIQ
You have an Azure compute gallery that contains the Windows 10 images shown in the following table.
You create an Azure Virtual Desktop deployment that has the following settings:
A.Image1 only
B.Image2 only
C.Image1 and Image2 only
D.Image1 and Image3 only
E.Image1, Image2, Image3, and Image4
Answer: A
Question: 58 CertyIQ
You have an Azure Virtual Desktop deployment that contains a host pool named Pool1. Pool1 contains 10 session
hosts that were deployed by using an Azure Resource Manager (ARM) template.
You discover that Windows licenses were NOT applied to the session hosts.
A.Update-AzVm
B.Update-AzWvdDesktop
C.Update-AzWvdHostPool
D.Update-AzWvdWorkspace
E.Update-AzWvdSessionHost
Answer: A
Question: 59 CertyIQ
You have an Azure Virtual Desktop host pool named Pool1 and an Azure Storage account named Storage1.
Storage1 stores FSLogix profile containers in a share folder named share1.
You create a new group named Group1. You provide Group1 with permission to sign in to Pool1.
You need to ensure that the members of Group1 can store the FSLogix profile containers in share1. The solution
must use the principle of least privilege.
Which two privileges should you assign to Group1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. the Storage Blob Data Contributor role for storage1
B. the List folder / read data NTFS permissions for share1
C. the Modify NTFS permissions for share1
D. the Storage File Data SMB Share Reader role for storage1
E. the Storage File Data SMB Share Elevated Contributor role for storage1
F. the Storage File Data SMB Share Contributor role for storage1
Answer: CF
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-file-share
Question: 60 CertyIQ
You have a Azure Virtual Desktop host pool.
You need to install Microsoft Antimalware for Azure on the session hosts.
What should you do?
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware
Question: 61 CertyIQ
HOTSPOT -
You have a Azure Virtual Desktop deployment.
You need to ensure that all the connections to the managed resources in the host pool require multi-factor
authentication (MFA).
Which two settings should you modify in a conditional access policy? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Cloud Apps & Actions >>> Select Windows Virtual Desktop as the app
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa
Question: 62 CertyIQ
HOTSPOT -
Your company has the offices shown in the following table.
The company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named
User1.
Users connect to a Azure Virtual Desktop deployment named WVD1. WVD1 contains session hosts that have public
IP addresses from the 52.166.253.0/24 subnet.
Contoso.com has a conditional access policy that has the following settings:
✑ Name: Policy1
✑ Assignments:
- Users and groups: User1
- Cloud apps or actions: Azure Virtual Desktop
✑ Access controls:
- Grant: Grant access, Require multi-factor authentication
✑ Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa
Question: 63 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain
Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From an Azure AD DS-joined computer, you modify the AADDC Users GPO settings.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Question: 64 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain
Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From an Azure AD DS-joined computer, you modify the AADDC Computers GPO settings.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Question: 65 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain
Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From the Azure portal, you modify the Session behavior settings in the RDP Properties of Pool1.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
no is a right answer
Question: 66 CertyIQ
You have an Azure Virtual Desktop deployment.
You have a RemoteApp named App1.
You discover that from the Save As dialog box of App1, users can run executable applications other than App1 on
the session hosts.
You need to ensure that the users can run only published applications on the session hosts.
What should you do?
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/security-guide
Question: 67 CertyIQ
HOTSPOT -
You have an Azure Virtual Desktop Deployment that contains a workspace named Workspace1 and a user named
User1. Workspace1 contains a Desktop application group named Pool1Desktop.
At 09:00, you create a conditional access policy that has the following settings:
✑ Assignments:
- Users and groups: User1
- Cloud apps or actions: Azure Virtual Desktop
- Conditions: 0 conditions selected
✑ Access controls
- Grant: Grant access, Require multi-factor authentication
- Sessions: Sign-in frequency 1 hour
User1 performs the actions shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa
Question: 68 CertyIQ
You deploy an Azure Virtual Desktop session host pool that includes ten virtual machines.
You need to provide a group of pilot users access to the virtual machines in the pool.
What should you do?
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/delegated-access-virtual-desktop
Question: 69 CertyIQ
You have an Azure Active Directory Domain Services (Azure AD DS) managed domain named contoso.com.
You create an Azure Virtual Desktop host pool named Pool1. You assign the Virtual Machine Contributor role for the
Azure subscription to a user named Admin1.
You need to ensure that Admin1 can add session hosts to Pool1. The solution must use the principle of least
privilege.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Assign Admin1 the Desktop Virtualization Host Pool Contributor role for Pool1
B. Assign Admin1 the Desktop Virtualization Session Host Operator role for Pool1
C. Add Admin1 to the AAD DC Administrators group
D. Assign a Microsoft 365 Enterprise E3 license to Admin1
E. Generate a registration token
Answer: BE
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac
Question: 70 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain
Services (Azure AD DS) managed domain.
You need to configure idle session timeout settings for users that connect to the session hosts in Pool1.
Solution: From the Azure portal, you modify the Advanced settings in the RDP Properties of Pool1.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Question: 71 CertyIQ
You have a hybrid Azure Active Directory (Azure AD) tenant.
You plan to deploy an Azure Virtual Desktop personal host pool. The host pool will contain 15 virtual machines that
run Windows 10 Enterprise. The virtual machines will be joined to the on-premises Active Directory domain and
used by the members of a domain group named Department1.
You need to ensure that each user is added automatically to the local Administrators group on the virtual machine
to which the user signs in.
What should you configure?
Answer: A
Explanation:
Configure direct assignment.
Unlike automatic assignment, when you use direct assignment, you must assign the user to both the personal
desktop host pool and a specific session host before they can connect to their personal desktop. If the user is
only assigned to a host pool without a session host assignment, they won't be able to access resources and
will see an error message that says, "No resources available."
To directly assign a user to a session host in the Azure portal:
1. Sign in to the Azure portal.
2. Enter Azure Virtual Desktop into the search bar.
3. Under Services, select Azure Virtual Desktop.
4. At the Azure Virtual Desktop page, go the menu on the left side of the window and select Host pools.
5. Select the host pool you want to assign users to.
6. Next, go to the menu on the left side of the window and select Application groups.
7. Select the name of the app group you want to assign users to, then select Assignments in the menu on the
left side of the window.
8. Select + Add, then select the users or user groups you want to assign to this app group.
9. Select Assign VM in the Information bar to assign a session host to a user.
10.Select the session host you want to assign to the user, then select Assign. You can also select Assignment
> Assign user.
11.Select the user you want to assign the session host to from the list of available users.
12.When you're done, select Select.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-personal-desktop-assignment-ty
pe
Question: 72 CertyIQ
HOTSPOT -
You have two Azure subscriptions that are linked to an Azure Active Directory (Azure AD) tenant named
contoso.com and contain an Azure Virtual Desktop deployment. The tenant contains a user named User1.
When User1 signs in to Azure Security Center, the user receives the message shown in the following exhibit.
You need to ensure that User1 can manage security information for the tenant. The solution must use the principle
of least privilege.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: Security administrator for contoso.com
Incorrect:
* Not at the subscription level, as there are two subscriptions.
* Not Root management group level
Each directory is given a single top-level management group called the root management group. The root
management group is built into the hierarchy to have all management groups and subscriptions fold up to it.
This root management group allows for global policies and Azure role assignments to be applied at the
directory level.
Box 2: Privileged Role Administrator
You need to ensure that User1 can manage security information for the tenant.
Privileged Role Administrator - Can manage role assignments in Azure AD, and all aspects of Privileged
Identity Management.
Incorrect:
* External Identity Provider Administrator
This administrator manages federation between Azure AD organizations and external identity providers. With
this role, users can add new identity providers and configure all available settings (e.g. authentication path,
service ID, assigned key containers). This user can enable the Azure AD organization to trust authentications
from external identity providers.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview https://docs.microsoft.co
m/en-us/azure/active-directory/roles/permissions-reference
Question: 73 CertyIQ
DRAG DROP
-
Your on-premises network contains an Active Directory domain named fabrikam.com that syncs with Azure Active
Directory (Azure AD). The domain contains a global group named AVDusers.
You have an Azure subscription that contains the resources shown in the following table.
All Azure Virtual Desktop users are members of the AVDusers group.
You need to configure Profiles1 and fabrikam.com to ensure that the HostPool1 sessions hosts can access the
FSLogix profile containers.
What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration
may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.
Answer:
Question: 74 CertyIQ
You have an Azure Virtual Desktop deployment that contains the resources shown in the following table.
You create a custom Azure role named Role1 that has sufficient permissions to start virtual machines on demand.
You need to ensure that the session hosts in Pool1 can start on demand.
A. Managed1
B. Azure Virtual Desktop
C. Azure Automation
D. Host1
E. Azure Compute
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/virtual-desktop/start-virtual-machine-connect?tabs=azure-
portal#assign-the-desktop-virtualization-power-on-contributor-role-with-the-azure-portal
Question: 75 CertyIQ
You have an Azure Virtual Desktop deployment that contains the resources shown in the following table.
You need to enable just-in-time (JIT) VM access for all the session hosts.
Answer: B
Explanation:
https://stefanos.cloud/kb/how-to-configure-just-in-time-jit-access-for-an-azure-vm/
Question: 76 CertyIQ
HOTSPOT
-
You have an Azure Virtual Desktop deployment that contains the resources shown in the following table.
You need to perform the following configurations:
On which resources should you perform the configurations? To answer, select the appropriate options in the
answer area.
Answer:
Explanation:
Box2: (Pool1)
https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files.
Question: 77 CertyIQ
DRAG DROP
-
You have an Azure Virtual Desktop deployment that contains the resources shown in the following table.
You have a Windows 11 device named Device1 that has Azure Command-Line Interface (CLI) installed.
You need to use Remote Desktop Connection (mstsc.exe) on Device1 to connect to Host1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Answer:
Question: 78 CertyIQ
You have an Azure Virtual Desktop deployment.
You publish a RemoteApp named AppVersion1.
You need AppVersion1 to appear in the Remote Desktop client as Sales Contact Application.
Which PowerShell cmdlet should you use?
A. New-AzADApplication
B. Update-AzWvdApplicationGroup
C. Register-AzWvdApplicationGroup
D. Update-AzWvdApplication
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-feed-for-virtual-desktop-users https://doc
s.microsoft.com/en-us/powershell/module/az.desktopvirtualization/update-azwvdapplication?view=azps-5.7.0
Question: 79 CertyIQ
You have an Azure Virtual Desktop deployment that contains the following:
✑ A host pool named Pool1
✑ Two session hosts named Host1 and Host2
✑ An application group named RemoteAppGroup1 that contains a RemoteApp named App1
You need to prevent users from copying and pasting between App1 and their local device.
What should you do?
Answer: D
Explanation:
Answering to Suman concern answer would be Yes. It is Pool level seting. So it would impact any app that
would be ruuning on this pool. But desctription doesn't say that we have other apps in this pool :)
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-rdp-properties
Question: 80 CertyIQ
HOTSPOT -
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD)
tenant. The domain contains the users shown in the following table.
You have an Azure Virtual Desktop deployment that contains the application groups shown in the following table.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/environment-setup
Question: 81 CertyIQ
You have an Azure Virtual Desktop host pool that contains two session hosts. The Microsoft Teams client is
installed on each session host.
You discover that only the Microsoft Teams chat and collaboration features work. The calling and meeting features
are disabled.
You need to ensure that users can set the calling and meeting features from within Microsoft Teams.
What should you do?
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/teams-on-wvd
Question: 82 CertyIQ
You have an Azure Virtual Desktop host pool that contains 20 Windows 10 Enterprise multi-session hosts.
Users connect to the Azure Virtual Desktop deployment from computers that run Windows 10.
You plan to implement FSLogix Application Masking.
You need to deploy Application Masking rule sets. The solution must minimize administrative effort.
To where should you copy the rule sets?
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/fslogix-office-app-rule-editor
Question: 83 CertyIQ
You have an Azure Virtual Desktop host pool named Pool1.
You are troubleshooting an issue for a Remote Desktop client that stopped responding.
You need to restore the default Remote Desktop client settings and unsubscribe from all workspaces.
Which command should you run?
A. msrdcw
B. resetengine
C. mstsc
D. resetpluginhost
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-client
Question: 84 CertyIQ
Your network contains an on-premises Active Directory domain and an Azure Virtual Desktop deployment. The
computer accounts for all the session hosts are in an organizational unit (OU) named WVDHostsOU. All user
accounts are in an OU named CorpUsers.
A domain administrator creates a Group Policy Object (GPO) named Policy1 that only contains user settings. The
administrator links Policy1 to WVDHostsOU.
You discover that when users sign in to the session hosts, none of the settings from Policy1 are applied.
What should you configure to apply GPO settings to the users when they sign in to the session hosts?
A. loopback processing
B. FSLogix profiles
C. mandatory Roaming User Profiles
D. restricted groups
Answer: A
Explanation:
A. loopback processing
Loopback is a special mode of GP processing that you set on a per-computer basis. When a computer has
loopback enabled, any user that logs onto that computer can be given a set of per-user policies that is
different than the ones they would normally receive by virtue of where their user account is
Reference:
https://www.linkedin.com/pulse/windows-virtual-desktop-remoteapps-jason-byway
Question: 85 CertyIQ
You have an Azure Virtual Desktop deployment.
You need to provide external users with access to the deployment. The external users have computers that run
Windows 10 Pro and Windows 10 Enterprise. The users do not have the ability to install applications.
What should you recommend that the users use to connect to the deployment?
A. Microsoft Edge
B. RemoteApp and Desktop Connection
C. Remote Desktop Manager
D. Remote Desktop Connection
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-user
s https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-web
Question: 86 CertyIQ
You network contains an on-premises Active Directory domain. The domain contains a universal security group
named AVDusers.
You have a hybrid Azure Active Directory (Azure AD) tenant. AVDusers syncs to Azure AD.
You have an Azure Virtual Desktop host pool that contains four Windows 10 Enterprise multi-session hosts.
You need to ensure that only the members of AVDusers can establish Azure Virtual Desktop sessions to the host
pool.
What should you do?
A. Assign AVDusers to an Azure role scoped to each host pool.
B. On each session host, add AVDusers to the local Remote Desktop Users group.
C. Assign AVDusers to an Azure role scoped to the session hosts.
D. Assign AVDusers to an application group.
Answer: D
Explanation:
D is correct. By assigning them to the application group they would then appear for the respective Remote
Apps and associated DAG.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups
Question: 87 CertyIQ
You deploy multiple Azure Virtual Desktop session hosts that have only private IP addresses.
You need to ensure that administrators can initiate an RDP session to the session hosts by using the Azure portal.
What should you implement?
Answer: C
Explanation:
Azure Bastion is a new fully platform-managed PaaS service you provision inside your virtual network. It
provides secure and seamless RDP/SSH connectivity to your VMs directly in the Azure portal over SSL. When
you connect via Azure Bastion, your virtual machines do not need a public IP address.
Reference:
https://azure.microsoft.com/en-us/services/azure-bastion/
Question: 88 CertyIQ
You have an Azure Virtual Desktop host pool named Pool1. Pool1 contains session hosts that have a third-party
application named App1. App1 is published by using a RemoteApp group.
A new MSI-based version of App1 is installed each month to each host. The name of the executable file is different
for each version of App1.
You need to automate the process of making a new version of App1 available via RemoteApp. The process must
ensure that the user experience remains the same when launching the application from the Windows Desktop
client.
Which two cmdlets should you run? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Remove-AzWvdApplication
B. New-AzWvdApplication
C. New-AzWvdApplicationGroup
D. New-AzWvdMsixPackage
E. New-AzRoleAssignment
F. Remove-AzWvdMsixPackage
Answer: BD
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/what-is-app-attach https://docs.microsoft.com/en-us/
powershell/module/az.desktopvirtualization/new-azwvdapplication?view=azps-6.4.0
Question: 89 CertyIQ
You have an Azure Virtual Desktop deployment.
You need to recommend a solution to run containerized applications without installing the applications on the
session hosts.
What should you include in the recommendation?
A. EXE applications
B. MSI packages
C. APPX app packages
D. MSIX app packages
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/msix/msix-container
Question: 90 CertyIQ
HOTSPOT -
You have an Azure Virtual Desktop host pool named Pool1 and an Azure Storage account named storage1. Pool1
and storage1 are in the same Azure region.
The current network utilization of the session hosts during peak hours is 95%.
You plan to use FSLogix profile containers stored in storage1 for users that connect to Pool1.
You need to configure the session hosts and storage1 to minimize network latency when loading and updating
profiles.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix
Question: 91 CertyIQ
You have an Azure Virtual Desktop host pool named Pool1 that contains three session hosts. The session hosts are
configured to use FSLogix profiles.
On a management computer, you create an Application Masking rule and assignment files.
You need to apply Application Masking to the session hosts in Pool1.
What should you do?
Answer: D
Explanation:
Reference:
https://cloudbuild.co.uk/fslogix-application-masking-in-windows-virtual-desktop/
Question: 92 CertyIQ
You have an Azure Virtual Desktop deployment.
The session hosts are joined to an on-premises Active Directory domain named contoso.com.
You need to limit user sessions to three hours.
What should you configure?
Answer: A
Explanation:
Question: 93 CertyIQ
DRAG DROP -
You have an Azure Virtual Desktop host pool named Pool1, an application named App1, and an Azure file share
named Share1.
You need to ensure that you can publish App1 to Pool1 by using MSIX app attach.
Which four actions should you perform in sequence before you publish App1? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/msix/packaging-tool/create-app-package
https://docs.microsoft.com/en-us/azure/virtual-desktop/app-attach-image-prep
Question: 94 CertyIQ
HOTSPOT -
Your network contains an on-premises Active Directory domain named contoso.com that syncs to an Azure Active
Directory (Azure AD) tenant.
You have an Azure subscription that contains an Azure Virtual Desktop host pool.
You create an Azure Storage account named storage1.
You need to use FSLogix profile containers in storage1 to store user profiles for a group named Group1. The
solution must use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable https://docs.micros
oft.com/en-us/azure/virtual-desktop/create-file-share
Question: 95 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have the following:
✑ A Microsoft 365 E5 tenant
✑ An on-premises Active Directory domain
✑ A hybrid Azure Active Directory (Azure AD) tenant
✑ An Azure Active Directory Domain Services (Azure AD DS) managed domain
✑ An Azure Virtual Desktop deployment
The Azure Virtual Desktop deployment contains personal desktops that are hybrid joined to the on-premises
domain and enrolled in Microsoft Intune.
You need to configure the security settings for the Microsoft Edge browsers on the personal desktops.
Solution: You create and configure a Group Policy Object (GPO) in the on-premises domain.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
No, this solution does not fully meet the goal.The solution of creating and configuring a Group Policy Object
(GPO) in the on-premises domain would apply the security settings to the Microsoft Edge browser on the
personal desktops joined to the on-premises domain. However, it would not apply the settings to the personal
desktops that are enrolled in Microsoft Intune and joined to the Azure AD domain.Therefore, the proposed
solution of creating and configuring a GPO in the on-premises domain does not fully meet the goal of
configuring the security settings for the Microsoft Edge browsers on all personal desktops in the Azure
Virtual Desktop deployment.
No. On-premises domain GPO doesn't cover Intune joined hybrid devices. So those devices can be even non
domain joined devices and so on.So you can acheive this only by using Intune config profile.
Question: 96 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have the following:
✑ A Microsoft 365 E5 tenant
✑ An on-premises Active Directory domain
✑ A hybrid Azure Active Directory (Azure AD) tenant
✑ An Azure Active Directory Domain Services (Azure AD DS) managed domain
✑ An Azure Virtual Desktop deployment
The Azure Virtual Desktop deployment contains personal desktops that are hybrid joined to the on-premises
domain and enrolled in Microsoft Intune.
You need to configure the security settings for the Microsoft Edge browsers on the personal desktops.
Solution: You configure a configuration profile in Intune.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/fundamentals/azure-virtual-desktop
Question: 97 CertyIQ
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have the following:
✑ A Microsoft 365 E5 tenant
✑ An on-premises Active Directory domain
✑ A hybrid Azure Active Directory (Azure AD) tenant
✑ An Azure Active Directory Domain Services (Azure AD DS) managed domain
An Azure Virtual Desktop deployment
The Azure Virtual Desktop deployment contains personal desktops that are hybrid joined to the on-premises
domain and enrolled in Microsoft Intune.
You need to configure the security settings for the Microsoft Edge browsers on the personal desktops.
Solution: You configure a compliance policy in Intune.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
You need to configure a Configuration Profile in Intune or use Group Policy.
Question: 98 CertyIQ
You have an Azure Virtual Desktop deployment that contains multiple host pools.
You need to create a PowerShell script to sign users out of a specific session host before you perform a
maintenance task.
Which PowerShell module should you load in the script?
A. Az.Automation
B. Az.Compute
C. Az.Maintenance
D. Az.DesktopVirtualization
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/powershell/module/az.desktopvirtualization/?view=azps-6.6.0#desktopvirtu
alization https://techgenix.com/logging-off-and-removing-wvd-user-sessions/
Question: 99 CertyIQ
You have an on-premises network and an Azure subscription. The subscription contains the following:
✑ A virtual network
✑ An Azure Firewall instance
✑ An Azure Virtual Desktop host pool
The virtual network connects to the on-premises network by using a site-to-site VPN.
You need to ensure that only users from the on-premises network can connect to the Azure Virtual Desktop
managed resources in the host pool. The solution must minimize administrative effort.
What should you configure?
A. a conditional access policy
B. an Azure Firewall rule
C. a network security group (NSG) rule
D. a user-defined route
Answer: A
Explanation:
To ensure that only users from the on-premises network can connect to the Azure Virtual Desktop managed
resources in a host pool, you can use Azure Firewall to restrict access to the Azure Virtual Desktop resources.
Azure Firewall allows you to control inbound and outbound network traffic to and from your Azure resources,
including Azure Virtual Desktop resources.
Answer: CEF
Explanation:
CEF. The whole point of this is to minimize what needs to be done on the local PCs. These designated correct
answers need to be changed.
Explanation:
VHDlocations must be removed, but ccdlocations must be added so there's no right answer here.
Reference:
https://docs.microsoft.com/en-us/fslogix/configure-cloud-cache-tutorial
Answer: A
Explanation:
Just need to add the user(s) into the FSLogix Profile Exclude List group.
Reference:
https://docs.microsoft.com/en-us/fslogix/configure-profile-container-tutorial
You have an Azure Virtual Desktop host pool. All the session hosts have a folder named C:\Folder1.
You create an FSLogix Application Masking rule as shown in the following exhibit.
You create assignments for the Application Masking rule as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Radio buttons at the bottom are used to configure options of each entry, it's not a global option.
If applies = No, it means the masking is inactive. CONTOSO\Group1 - applies NO - means the rule does not
applies so Folder1 is visible.
Question is about Assignment Order. "The first assignment applies the Rule Set to Everyone, the second
specifies the Rule Set does NOT apply to User1. In this case, the Rule Set would apply to everyone except
User1."
References:
https://docs.microsoft.com/en-us/fslogix/application-masking-rules-ht https://docs.microsoft.com/en-
us/fslogix/application-masking-users-groups-ht
A. Yes
B. No
Answer: B
Explanation:
Reference:
https://www.compete366.com/blog-posts/eight-tips-on-how-to-manage-azure-virtual-desktop-avd/
All the users plan to use a web browser to access Azure Virtual Desktop resources.
Which users can connect to Azure Virtual Desktop by using their preferred browser?
A. User2 only
B. User1 only
C. User1, User2, and User3
D. User2 and User3 only
E. User1 and User2 only
Answer: C
Explanation:
Connect to Azure Virtual Desktop with the web client, supported browsers.
While any HTML5-capable browser should work, we officially support the following operating systems and
browsers:
Mozilla Firefox - Windows, macOS, Linux (User1)
Apple Safari - macOS (User3)
Note: There is no answer option for User1 and User3 only, so we go for User1, User2 and User3.
Incorrect:
Internet Explorer not supported (not User2)
As of September 30, 2021, the Azure Virtual Desktop web client no longer supports Internet Explorer. We
recommend that you use Microsoft Edge to connect to the web client instead.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/user-documentation/connect-web
A. Install the MSRDC by using msiexec.exe and the ALLUSERS=1 command line option.
B. Install the MSRDC by using msiexec.exe and the ALLUSERS=2 command line option.
C. Install the MSRDC by using msiexec.exe and the MSIINSTALLPERUSER=1 command line option.
Answer: A
Explanation:
Although your users can install the client directly after downloading it, if you're deploying to multiple devices,
you may want to also deploy the client to them through other means. Deploying using group policies or the
Microsoft Endpoint Configuration Manager lets you run the installer silently using a command line. Run the
following commands to deploy the client per-device or per-user.
Per-device installation -
msiexec.exe /I <path to the MSI> /qn ALLUSERS=1
Incorrect:
Per-user installation -
msiexec.exe /i `<path to the MSI>` /qn ALLUSERS=2 MSIINSTALLPERUSER=1
Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-
admin
You need to create a share that will host FSLogix profiles for AVDPool1. The solution must meet the following
requirements:
* Maximize read and write performance for the profiles.
* Control access to the SMB share by using the users and groups stored in contoso.com.
Which account should you use to host the share?
A. Account1
B. Account2
C. Account3
Answer: A
Explanation:
You can create FSLogix profile containers using Azure NetApp Files, an easy-to-use Azure native platform
service that helps customers quickly and reliably provision enterprise-grade SMB volumes for their Azure
Virtual Desktop environments.
We [Microsoft] recommend using FSLogix profile containers as a user profile solution for the Azure Virtual
Desktop service. FSLogix profile containers store a complete user profile in a single container and are
designed to roam profiles in non-persistent remote computing environments like Azure Virtual Desktop.
Create and manage Active Directory connections for Azure NetApp Files.
Azure NetApp Files supports both Active Directory Domain Services (AD DS) and Azure Active Directory
Domain Services (AADDS) for AD connections.
Incorrect:
Not C: Not the preferred solution.
Note: You can create an Azure file share authenticated by a domain controller on an existing Azure Virtual
Desktop host pool. You can use this file share to store storage profiles.
Assign Azure RBAC permissions to Azure Virtual Desktop users
All users that need to have FSLogix profiles stored on the storage account must be assigned the Storage File
Data SMB Share Contributor role.
Users signing in to the Azure Virtual Desktop session hosts need access permissions to access your file share.
Granting access to an Azure File share involves configuring permissions both at the share level as well as on
the NTFS level, similar to a traditional Windows share.
To configure share level permissions, assign each user a role with the appropriate access permissions.
Permissions can be assigned to either individual users or an Azure AD group.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-fslogix-profile-container https://docs.microsof
t.com/en-us/azure/azure-netapp-files/create-active-directory-connections https://docs.microsoft.com/en-us/
azure/virtual-desktop/create-file-share
A. Change Host pool type to Pooled and specify Load balancing algorithm as Depth-first.
B. Change Host pool type to Pooled and specify Load balancing algorithm as Breadth-first.
C. Create Windows 10 Enterprise multi-session images.
D. Configure the session hosts as hybrid Azure AD-joined.
Answer: D
Explanation:
Azure Virtual Desktop multi-session with Microsoft Intune is now generally available.
You can now use Microsoft Intune to manage Windows 10 or Windows 11 Enterprise multi-session remote
desktops in the Microsoft Endpoint Manager admin center just as you can manage a shared Windows 10 or
Windows 11 client device. When managing such virtual machines (VMs), you'll be able to use both device-
based and user configuration.
Prerequisites -
This feature supports Windows 10 or Windows 11 Enterprise multi-session VMs, which include:
* Hybrid Azure AD-joined and enrolled in Microsoft Intune using one of the following methods:
Configured with Active Directory group policy, set to use Device credentials, and set to automatically enroll
devices that are Hybrid Azure AD-joined.
Configuration Manager co-management.
* Etc.
Incorrect: Not related to load balancing.
Set up as remote desktops in pooled host pools that have been deployed through Azure Resource Manager.
Azure Virtual Desktop supports two load-balancing algorithms. Each algorithm determines which session host
will host a user's session when they connect to a resource in a host pool.
The following load-balancing algorithms are available in Azure Virtual Desktop:
Breadth-first load balancing allows you to evenly distribute user sessions across the session hosts in a host
pool.
Depth-first load balancing allows you to saturate a session host with user sessions in a host pool. Once the
first session host reaches its session limit threshold, the load balancer directs any new user connections to
the next session host in the host pool until it reaches its limit, and so on.
Reference:
https://docs.microsoft.com/en-us/mem/intune/fundamentals/azure-virtual-desktop-multi-session https://docs
.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing
Explanation:
Box 1: 50 -
Max session limit is set to 10.
This is the maximum number of concurrent sessions on a host. For depth-first, once a VM hits 10 users, then
the next VM will begin accepting users.
There are 5 VMs, so the maximum number of concurrent user sessions is 50 (10x5).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing https://deviceadvice.io/202
1/03/30/how-to-create-pooled-shared-windows-virtual-desktop-environment/
You need to configure the path to where the user profiles are stored. The solution must minimize administrative
effort.
Which registry setting should you use?
A. VHDLocations
B. CCDLocations
C. ProfileDirSDDL
D. FlipFlopProfileDirectoryName
Answer: A
Explanation:
VHDLocations
https://learn.microsoft.com/en-us/fslogix/configure-profile-container-tutorial#configure-profile-container-
registry-settings
Which two actions should you perform for each session host? Each correct answer presents part of the solution.
A. Install FSLogix.
B. Install the OneDrive sync app by using the per-machine installation option.
C. Implement Application Masking.
D. Install the OneDrive sync app by using the per-user installation option.
E. Deploy an MSIX app attach package.
Answer: AE
Explanation:
"MSIX app attach is an application layering solution that lets you deliver applications to active user sessions
in Azure Virtual Desktop. The MSIX package system separates apps from the operating system, making it
easier to build images for virtual machines."
https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/msix-app-attach
You need to configure Windows Defender Firewall to allow inbound network traffic for RDP Shortpath on Host1.
Which program in the C:\Windows\System32 folder should you specify in the inbound firewall rule?
A. Rdpshell.exe
B. Svchost.exe
C. Raserver.exe
D. Mstsc.exe
Answer: D
Explanation:
You have an Azure Virtual Desktop host pool that contains 10 session hosts.
You plan to configure each session host to use an FSLogix profile container that will exclude specific folders in the
user profile.
What should you name the configuration file, and which registry setting should you identify? To answer, select the
appropriate options in the answer area.
You have an Azure Virtual Desktop deployment that contains a host pool named Pool1. Pool1 contains session hosts
that run a line-of-business (LOB) app named App1.
You have an Azure Compute Gallery that contains the following image:
Image version 1.1.1 was used to deploy all the current session hosts.
You plan to deploy a new virtual machine named VM1 as a source for a new image version that will contain an
update for App1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Answer:
Question: 115 CertyIQ
HOTSPOT
-
You have an Azure Virtual Desktop deployment that contains two Azure AD-joined session hosts named Host1 and
Host2.
FSLogix Profile Containers and Office Containers have different locations and are used for both session hosts.
You have an Azure AD tenant that contains the users shown in the following table.
Answer:
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing https://docs.microsoft.com/
en-us/azure/virtual-desktop/configure-host-pool-load-balancing
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-load-balancing
Answer: A
Explanation:
A is correct since Run as account will be removed"Azure Automation Run As Account will retire on September
30, 2023 and will be replaced with Managed Identities."https://learn.microsoft.com/en-
us/azure/automation/automation-security-overview
You can use both but manage identity minimize administrative effort. Strongly recommended to use by MS. I
am using it a lot.
A.Get-ComputerInfo
B.qwinsta
C.whoami
D.Get-LocalUser
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-vm-configuration
Answer: A
Explanation:
Azure Storage Blob backup in background is not Azure backup solution though in background it uses backup
services vault solution but it is more like a local backup solution.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-afs
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-introduction
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-manage-snapshots
A. Invoke-RdsUserSessionLogoff
B. Remove-AzWvdUserSession
C. Invoke-RestMethod
D. Remove-Alias
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery
Question: 123 CertyIQ
You have an Azure Virtual Desktop deployment.
You use the Start/Stop VMs during off-hours feature in Azure.
You need to configure which virtual machines must never be stopped by the solution.
What should you configure?
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-solution-vm-management https://docs.micros
oft.com/en-us/azure/automation/automation-solution-vm-management-enable
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
A. Yes
B. No
Answer: A
Explanation:
A is correct, you enable the Drain mode. This prevents new connections and once users log off they won't be
able to log into this specific host.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/drain-mode
A. Yes
B. No
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/drain-mode
A. Yes
B. No
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/drain-mode
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/azure-monitor
A. Configure a shared image gallery that has replicas in the East US and West US regions
B. Create new session hosts in the West US region and add the session hosts to an existing host pool
C. Create an additional host pool in the West US region
D. Enable Azure Site Recovery replication of the virtual machines to the West US region
E. Enable Azure Backup to a Recovery Services vault in the West US region
Answer: CD
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/azure-monitor
Answer: D
Explanation:
I ran into some conitunity problems in a production enviroment, while the hostpool was set to validation mode
[yes].The issue was related to [Start on VM at connect] We figuered out that the issues was caused by the
agent version. When we manally rolled back the agent version the function became available again. I've
contacted Microsoft for the issues and the stated the following:Cause:Know issue When Validation
environment on Host pool is set to true (this only should be set for testing environments).Resolution:Set
Validation Environment to false (this is the recommended option in production environments)Therefor I'm with
answer [D]
Answer: C
Explanation:
Apply a Group Policy setting to disable the Time & language settings
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/safe-url-list
Number of VMs: 3 -
The session hosts have the following configurations:
✑ Image used to create the virtual machines: Windows 10 Enterprise
✑ Virtual machines domain-joined to: On-premises contoso.com domain
You need to ensure that you can use Microsoft EndPoint Manager to manage security update on the session hosts.
What should you do?
Answer: B
Explanation:
A. AVDVM-0 only
B. AVDVM-0 and share1 only
C. AVDVM-0, Image1, and Image2 only
D. AVDVM-0, share1, and Image1 only
E. AVDVM-0, share1, Image1, and Image2
Answer: E
Explanation:
Reference:
https://www.techrepublic.com/article/how-to-create-a-backup-recovery-service-with-microsoft-azure/
A. Yes
B. No
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/drain-mode
You need to recommend a business continuity solution that meets the following requirements:
* Users must be able to connect to HostPool1 if a datacenter in the East US region fails.
* Costs must be minimized.
What should you include in the recommendation for each resource? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
The regions is the same, "if a datacenter fails" and and cost must be minimized .
Storage1: ZRS
You need to ensure that users can restore files saved to their FSLogix profile.
What should you do?
A. From the CPool1 blade in the Azure portal, create a new volume.
B. From the Azure portal, create an Azure Backup vault and a backup policy.
C. From the Volume1 blade in the Azure portal, create a snapshot policy.
D. From the Azure portal, create a Recovery Services vault and a backup policy.
Answer: C
Explanation:
it says they are using netapp for fslogix, so you should use snapshot policieshttps://learn.microsoft.com/en-
us/azure/azure-netapp-files/backup-configure-policy-based
From the docs: Azure Files Premium tier integrates with Azure Backup and is supported in conjunction with
FSLogix. Azure NetApp Files offers a similar snapshot mechanism to make copies of your FSLogix profile
containers.https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-
desktop-fslogix#backup-and-restore
You have an Azure Virtual Desktop deployment that contains the session hosts shown in the following table.
Users connect to Azure from the locations shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You deploy a new Azure Virtual Desktop host pool named HostPool1 to the East US Azure region.
You need to ensure that all the traffic between HostPool1 and Server1 is routed via the Microsoft backbone
network.
A. service endpoints
B. virtual network peering
C. routing tables
D. Azure Traffic Manager
Answer: B
Explanation:
It doesn't specify a service. It just generally says connectivity to the server. So for that reason i go with answer
B.
You need to create a disaster recovery environment in the West US region. The solution must minimize costs and
administrative effort.
Answer: D
Explanation:
You plan to deploy Update Management to manage automated updates for server-based session hosts.
Which two actions should you perform? Each correct answer presents part of the solution.
Answer: AB
Explanation:
You need to prevent the users from copying files between an Azure Virtual Desktop session and the computers.
The solution must minimize administrative effort.
Explanation:
You have an Azure Virtual Desktop personal host pool. Each session host in the pool that has an operating system
disk and a data disk.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Answer:
Question: 145 CertyIQ
You have the devices shown in the following table.
You plan to deploy Azure Virtual Desktop for client access to remote virtualized apps.
A. Device1 only
B. Device1 and Device2 only
C. Device1 and Device3 only
D. Device1, Device2, and Device3
Answer: C
Explanation:
You plan to create a new host pool named Pool1 that will contain five Windows 11 session hosts.
You need to enable secure boot and vTPM on the session hosts.
How should you configure the Virtual Machines settings?
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch
You have an Azure Virtual Desktop host pool named HostPool1 that must support 60 sessions.
The session hosts for HostPool1 are configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.
You have an Azure Virtual Desktop deployment that contains the resources shown in the following table.
To which resources can you back up the profile containers and the data disks? To answer, select the appropriate
options in the answer area.
You need to dynamically allocate resources to HostPool1 based on the number of sessions for each host.
What should you create?
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch
You plan to deploy a new Azure Virtual Desktop host pool named Pool2 to the South India region.
You need to implement a session host deployment solution for Pool2 that meets the following requirements:
A. Configure geo-redundant storage (GRS) replication for storage1. Copy the VHD file of Image1 to the FSLogix
profile container.
B. From SIG1, update the replication for the latest image version of Image1.
C. Create a new Azure compute gallery named SIG2 in the South India region. Upload a copy of Image1 to SIG2.
D. Create a new Azure Storage account named storage2 in the South India region. Copy Image1 to a shared
folder in storage2.
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=azure-cli#updating-
resources
You need to ensure that only approved virtual machine extensions are installed on the Pool 1 session hosts. The
solution must minimize administrative effort.
Answer: B
Explanation:
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/migrate/azure-best-practices/contoso-mi
gration-rds-to-wvd
You have an Azure Virtual Desktop deployment that contains a host pool named HostPool1.
You plan to deploy session hosts to HostPool1 as shown in the following table.
You need to recommend which operating system version to deploy from Azure Marketplace to the session hosts.
What should you recommend for each session host? To answer, select the appropriate options in the answer area.
Answer:
You have an Azure subscription that contains the resources shown in the following table.
You have a virtual machine named Server1 that runs Windows Server and is connected to VNet3.
You need to deploy the Azure Virtual Desktop host pools shown in the following table.
•The session hosts in Pool1 must access Server1 via the Microsoft backbone network.
•The session hosts in Pool2 must access storage1 via the Microsoft backbone network.
What should you configure on the virtual networks? To answer, select the appropriate options in the answer area.
Answer:
Question: 155 CertyIQ
HOTSPOT
-
You have an Azure subscription that contains the virtual machines shown in the following table.
You create an Azure Compute Gallery as shown in the Azure compute gallery exhibit. (Click the Azure compute
gallery tab.)
You create a virtual machine image definition as shown in the VM image definition exhibit. (Click the VM image
definition tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Your on-premises network contains an Active Directory domain named contoso.com that syncs with Azure AD.
You deploy an Azure Virtual Desktop pooled host pool named HostPool1 that contains five hybrid-joined session
hosts.
You need to ensure that all the user sessions of HostPool1 meet the following requirements:
What should you use to meet each requirement? To answer, select the appropriate options in the answer area.
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer: CE
Explanation:
C – Have a domain controller in each Azure region (East US – Boston Office & South India – Chennai Office) to
minimise network latency of AVD connections from both offices and minimise latency of the AVD host
authentication in each Azure region.
E – Creating active directory sites is to reduce latency through Client affinity. Domain controllers use site
information to inform Active Directory clients about domain controllers present within the closest site as the
client.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/site-functions
Question: 158 CertyIQ
You plan to implement the FSLogix profile containers for the Seattle office.
Which storage account should you use?
A. storage2
B. storage4
C. storage3
D. storage1
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile
Manage Access and Security
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Explanation:
Reference:
https://azure.microsoft.com/en-us/services/virtual-desktop/assessment/
Explanation:
1. Admin2
2. Operator1
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbachttps://docs.microsoft.com/en-us/azure/virtual-
desktop/rbac
"The Host Pool Contributor role lets you manage all aspects of host pools, including access to resources.
You'll need an extra contributor role, Virtual Machine Contributor, to create virtual machines. You will need
AppGroup and Workspace contributor roles to create host pool using the portal or you can use Desktop
Virtualization Contributor role.The Host Pool Contributor role lets you manage all aspects of host pools,
including access to resources. You'll need an extra contributor role, Virtual Machine Contributor, to create
virtual machines. You will need AppGroup and Workspace contributor roles to create host pool using the
portal or you can use Desktop Virtualization Contributor role."
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
A virtual network named VNET4 was recently created are peered to the other virtual networks. VNET4 does NOT
contain any AVD virtual machines.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to
Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.
Answer:
Question: 162 CertyIQ
Introductory Info Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to
complete each case. However, there may be additional case studies and sections on this exam. You must manage
your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next section of the exam. After you begin a new section, you cannot return
to this section.
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
A. storage2
B. storage4
C. storage3
D. storage1
Answer: D
Explanation:
My answer is D—storage1.Can't be storage2 since there is no such thing as a StorageV2 storage account with
premium performance. StorageV2 storage accounts are Standard performance only.Can't be storage3 since
"BlobStorage" itself, is not a selectable storage account type. BlobStorage refers to GPv2, block blob and
page blob storage types. It does not include the File shares storage account type.Can't be storage4 since you
can't even create StorageV1 accounts anymore.
I choose D - Storage1 standard v2the types of storage available areStandard v2Premium block blobPremium
fileshare - this can be another option in questionPremium page blobno such thing called
premiumv2https://learn.microsoft.com/en-us/azure/storage/common/storage-account-
overview#performance-tiers
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
A. Service endpoints
B. Address space
C. DNS servers
D. Access control (IAM)
E. Peerings
Answer: C
Explanation:
DNS should be configured to use an Active Directory Domain Controller.
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer: AB
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/firewall/protect-windows-virtual-desktop
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft
365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources
shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer: D
Explanation:
We recommend you use an image from the Azure Image Gallery. However, if you do need to use a customized
image, make sure you DONT already have the Azure Virtual Desktop Agent installed on your VM. Using a
customized image with the Azure Virtual Desktop Agent can cause problems with the image, such as blocking
registration and preventing user session connections
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft
365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources
shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
A. Update-AzWvdSessionHost
B. Get-AzApiManagementSsoToken
C. Set-AzVMADDomainExtension
D. New-AzWvdRegistrationInfo
Answer: C
Explanation:
Reference:
https://rozemuller.com/avd-automation-cocktail-avd-automated-with-powershell/
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Existing Infrastructure. Network Infrastructure
All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.
A virtual network named VNET4 was recently created are peered to the other virtual networks. VNET4 does NOT
contain any AVD virtual machines.
All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.
Since users often work on confidential documents, all the users use their computer as a client for connecting to
Remote Desktop Services (RDS).
In the West US Azure region, you have the storage accounts shown in the following table.
Answer:
Explanation:
1. Admin2
2. Operator1
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbachttps://docs.microsoft.com/en-us/azure/virtual-
desktop/rbac
"The Host Pool Contributor role lets you manage all aspects of host pools, including access to resources.
You'll need an extra contributor role, Virtual Machine Contributor, to create virtual machines. You will need
AppGroup and Workspace contributor roles to create host pool using the portal or you can use Desktop
Virtualization Contributor role.The Host Pool Contributor role lets you manage all aspects of host pools,
including access to resources. You'll need an extra contributor role, Virtual Machine Contributor, to create
virtual machines. You will need AppGroup and Workspace contributor roles to create host pool using the
portal or you can use Desktop Virtualization Contributor role."
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer: CE
Explanation:
Reference:
https://www.compete366.com/blog-posts/how-to-implement-azure-windows-virtual-desktop-wvd/ https://do
cs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
All users are registered for Azure Multi-Factor Authentication (MFA).
Existing Environment. Cloud Services
Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft
365 Enterprise E5 licenses.
Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources
shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer:
Explanation:
Reference:
https://www.christiaanbrinkhoff.com/2020/03/01/learn-here-how-to-configure-azure-files-with-active-directo
ry-ad-authentication-for-fslogix-profile-container-and- msix-app-attach/
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer: BE
Explanation:
The "Desktop Virtualization Application Group Contributor" role allows users to manage all aspects of
application groups. If you want users to publish application groups to users or user groups, they'll also need
the "User Access Administrator" role.
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer: BC
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
A. Workspace1
B. MontrealUsers
C. Group1
D. Pool1
Answer: D
Explanation:
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
A. Pester
B. RemoteDesktop
C. ServerManager
D. ActiveDirectory
E. Hyper-V
Answer: ADE
Explanation:
Contoso identifies the following technical requirements:
✑ From a server named Server1, convert the user profile disks to the FSLogix profile containers.
The PowerShell modules for Hyper-V, Active Directory, and Pester are prerequisites to running the cmdlets to
convert user profile disks to FSLogix.
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/migrate/azure-best-practices/contoso-mi
gration-rds-to-wvd
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/fslogix/overview
https://docs.microsoft.com/en-us/fslogix/configure-profile-container-tutorial#set-up-include-and-exclude-us
er-groups
Overview -
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in
Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active
Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines
and join the virtual machines to the on-premises
Active Directory domain.
Existing Environment. Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root
servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers
in the Boston office.
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix
Overview -
Contoso, Ltd. is a law firm that has a main office in Montreal and branch offices in Paris and Seattle. The Seattle
branch office opened recently.
Contoso has an Azure subscription and uses Microsoft 365.
Existing Infrastructure. Active Directory
The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory
(Azure AD) tenant. One of the domain controllers runs as an Azure virtual machine and connects to a virtual
network named VNET1. All internal name resolution is provided by DNS server that run on the domain controllers.
The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.
The on-premises Active Directory domain contains the users shown in the following table.
The Azure AD tenant contains the cloud-only users shown in the following table.
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/automation/automation-solution-vm-management-
config#schedule"This scenario is the default configuration when you first deploy Start/Stop VMs during off-
hours. For example, you can configure the feature to stop all VMs across a subscription when you leave work
in the evening, and start them in the morning when you are back in the office."
Thank you
Thank you for being so interested in the premium exam material.
I'm glad to hear that you found it informative and helpful.
If you have any feedback or thoughts on the bumps, I would love to hear them.
Your insights can help me improve our writing and better understand our readers.
Best of Luck
You have worked hard to get to this point, and you are well-prepared for the exam
Keep your head up, stay positive, and go show that exam what you're made of!