Microsoft - AZ-140: Configuring and Operating Microsoft Azure Virtual Desktop
Sample Questions
Question: 353
Measured Skill: Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
You have an Azure subscription that contains a virtual network named VNet1, a storage account named storage1, and five Azure Virtual Desktop session hosts. VNet1 and storage1 are in the East US Azure region. The session hosts are connected to VNet1.
In storage1, you create an Azure Files share named share1.
You need to ensure that the session hosts connect to share1 by using the Microsoft backbone network.
Solution: You add a service endpoint to VNet1.
Does this meet the goal?Correct answer: AExplanation:
We should add either a private endpoint to storage1 or a service endpoint to VNet1.
A private endpoint is a network interface that uses a private IP address from your virtual network. This network interface connects you privately and securely to a service that's powered by Azure Private Link. By enabling a private endpoint, you're bringing the service into your virtual network.
Azure virtual network service endpoints provide secure and direct connectivity to Azure services over an optimized route through the Azure backbone network. These endpoints allow you to secure critical Azure service resources exclusively to your virtual networks, enabling private IP addresses to reach Azure services without requiring public IP addresses.
References:
Azure virtual network service endpoints
What is a private endpoint?
Service Endpoints vs Private Endpoints
Question: 354
Measured Skill: Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
You have an Azure Virtual Desktop deployment.
You plan to deploy the host pools shown in the following table.
For which host pools can you configure a load-balancing algorithm?| A | Pool1 only |
| B | Pool2 only |
| C | Pool1 and Pool2 only |
| D | Pool1 and Pool3 only |
| E | Pool1, Pool2, and Pool3 |
Correct answer: DExplanation:
Azure Virtual Desktop supports two load balancing algorithms for pooled host pools. Each algorithm determines which session host is used when a user starts a remote session. Load balancing doesn't apply to personal host pools because users always have a 1:1 mapping to a session host within the host pool.
The following load balancing algorithms are available for pooled host pools:
Breadth-first, which aims to evenly distribute new user sessions across the session hosts in a host pool. You don't have to specify a maximum session limit for the number of sessions.
Depth-first, which keeps starting new user sessions on one session host until the maximum session limit is reached. Once the session limit is reached, any new user connections are directed to the next session host in the host pool until it reaches its session limit, and so on.
Reference: Configure host pool load balancing in Azure Virtual Desktop
Question: 355
Measured Skill: Plan and implement identity and security (15–20%)
You have 20 Azure Virtual Desktop session hosts that run Windows 11.
You need to enable the following features on the session hosts:
- Controlled folder access
- Reputation-based protection
Which Windows Security tile should you use to enable each feature?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Controlled folder access: Firewall & network protection
Reputation-based protection: Device security |
| B | Controlled folder access: Virus & thread protection
Reputation-based protection: Firewall & network protection |
| C | Controlled folder access: Account protection
Reputation-based protection: Virus & thread protection |
| D | Controlled folder access: Device security
Reputation-based protection: Account protection |
| E | Controlled folder access: Virus & thread protection
Reputation-based protection: App & browser control |
| F | Controlled folder access: App & browser control
Reputation-based protection: Device security |
Correct answer: EExplanation:
Controlled folder access is part of the ransomware protection settings and accessible from the Virus & thread protection tile.
Reputation-based protection is accessible from the App & browser control tile.
Question: 356
Measured Skill: Plan and implement user environments and apps (20–25%)
You have an Azure subscription that contains a user named User1 and an Azure Virtual Desktop deployment. The deployment contains the resources shown in the following table.
You need to assign User1 to the Azure Virtual Desktop deployment.
To which resources can you assign User1?| A | Pool1, Pool2, and Host2 |
| B | Pool2, Host2, and AppGrp2 |
| C | Host2, AppGrp1, and AppGrp2 |
| D | Host1, Host2, AppGrp1, and AppGrp2 |
Correct answer: CExplanation:
For pooled host pools users are assigned to application groups (AppGrp1, AppGrp2) to get access to desktops and apps.
For personal host pools users are assigned to a specific session host (Host2 in Pool2).
References:
Preferred application group type behavior for pooled host pools in Azure Virtual Desktop
Configure personal desktop assignment
Question: 357
Measured Skill: Monitor and maintain an Azure Virtual Desktop infrastructure (10–15%)
You have an Azure Virtual Desktop deployment that contains the resources shown in the following table.
You need to use Azure Backup to back up profiles1 and the Pool1 session hosts as often as possible.
How often should you schedule the backups for each resource?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | profiles1: Every hour
Session hosts: Every 12 hours |
| B | profiles1: Every four hours
Session hosts: Every four hours |
| C | profiles1: Every eight hours
Session hosts: Every four hours |
| D | profiles1: Every 12 hours
Session hosts: Every eight hours |
| E | profiles1: Every 24 hours
Session hosts: Every 12 hours |
| F | profiles1: Every 24 hours
Session hosts: Every 24 hours |
Correct answer: BExplanation:
Azure Backup supports both Recovery Services vault and Backup vault, and enables you to back up and restore different datasources.
Azure Backup uses Recovery Services vaults to orchestrate and manage backups for Azure virtual machines and Azure File shares.
Azure Backup now supports the Enhanced policy for Azure virtual machine (VM) backup that offers:
- Zonal resiliency by using zone-redundant storage for Instant Restore snapshots.
- Multiple backups per days. You can schedule backups as frequently as every 4 hours for Azure VMs.
- Support for new Azure offerings, including Trusted Launch VMs, Premium solid-state drive (SSD) v2 and Ultra SSD disks, and multidisk crash-consistent snapshot support.
- Longer retention in snapshot (operational) tier up to 30 days.
A backup policy for Azure Files can schedule backups up to every 4 hours at maximum.
References:
Support matrix for Azure Backup
Back up an Azure VM by using the Enhanced policy
Quickstart: Create a backup policy for Azure Files using Azure portal