Microsoft - AZ-140: Configuring and Operating Microsoft Azure Virtual Desktop
Sample Questions
Question: 342
Measured Skill: Monitor and maintain an Azure Virtual Desktop infrastructure (10–15%)
Note: This questions is based on a case study. The case study is not shown in this demo.
Which monitoring solution should you configure to meet the security requirements?| A | Azure Virtual Desktop Insights |
| B | Application Insights |
| C | VM insights |
| D | Azure Monitor activity log insights |
Correct answer: AExplanation:
The Security Requirements section contains the following.
The client version and operating system used to connect to the session hosts must be logged.
Azure Virtual Desktop Insights is a dashboard built on Azure Monitor Workbooks that helps IT professionals understand their Azure Virtual Desktop environments.
Azure Virtual Desktop Insights is specifically designed to monitor Azure Virtual Desktop environments. It provides detailed telemetry including:
- Client version
- Operating system used by the client
- Connection diagnostics
- Session performance metrics
- Host pool and workspace diagnostics
References:
Enable Insights to monitor Azure Virtual Desktop
Monitoring considerations for Azure Virtual Desktop workloads
Question: 343
Measured Skill: Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
Note: This questions is based on a case study. The case study is not shown in this demo.
Which host pool design and which service should you configure to meet the disaster recovery requirements?
(To answer, drag the appropriate solution to the correct requirements. Each solution may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)
| A | Design: Two host pools that each contains session hosts in the East US Azure region
Service: Azure File Sync |
| B | Design: One host pool that contains session hosts in both the East US Azure region and the West US Azure region
Service: Azure File Sync |
| C | Design: One host pool that contains session hosts in the East US Azure region and one host pool that contains session hosts in the West US Azure region
Service: Azure Front Door |
| D | Design: Two host pools that each contains session hosts in the East US Azure region
Service: Azure Front Door |
| E | Design: One host pool that contains session hosts in the East US Azure region and one host pool that contains session hosts in the West US Azure region
Service: FSLogix Cloud Cache |
| F | Design: One host pool that contains session hosts in both the East US Azure region and the West US Azure region
Service: FSLogix Cloud Cache |
Correct answer: CExplanation:
The Disaster Recovery Requirements section contains the following.
- Minimize outages if an Azure region fails.
- Minimize the recovery time objective (RTO).
- Minimize administrative effort in the event of a failover.
To minimize outages if an Azure region fails, we need to deploy two host pools in different Azure regions. A single Azure Virtual Desktop host pool cannot span multiple Azure regions. All session hosts within a single host pool must reside in the same Azure region.
Azure Front Door should be used to distribute traffic across the host pools located in different Azure regions. It acts as a global load balancer, allowing you to configure routing rules that direct traffic to backends such as host pools in multiple regions. Azure Front Door is a fully managed service, so you don't have to worry about scaling or maintenance.
References:
Azure Virtual Desktop business continuity and disaster recovery concepts
Multiregion Business Continuity and Disaster Recovery (BCDR) for Azure Virtual Desktop
Azure Front Door frequently asked questions (FAQ)
Question: 344
Measured Skill: Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
Which type of host pool and load balancing algorithm should you configure to meet the performance requirements?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Host pool type: Automatic
Load balancing algorithm type: Breadth-first |
| B | Host pool type: Direct
Load balancing algorithm type: Automatic |
| C | Host pool type: Personal
Load balancing algorithm type: Depth-first |
| D | Host pool type: Personal
Load balancing algorithm type: Automatic |
| E | Host pool type: Pooled
Load balancing algorithm type: Breadth-first |
| F | Host pool type: Pooled
Load balancing algorithm type: Depth-first |
Correct answer: FExplanation:
The Performance Requirements section contains the following.
- Each Azure Virtual Desktop session host must support 15 user sessions.
- Each new user session must be assigned to a single session host until the maximum session limit is reached for that host.
A host pool is a collection of Azure virtual machines that are registered to Azure Virtual Desktop as session hosts. All session host virtual machines in a host pool should be sourced from the same image for a consistent user experience. You control the resources published to users through application groups.
A host pool can be one of two types:
Personal, where each session host is assigned to an individual user. Personal host pools provide dedicated desktops to end-users that optimize environments for performance and data separation.
Pooled, where user sessions can be load balanced to any session host in the host pool. There can be multiple different users on a single session host at the same time. Pooled host pools provide a shared remote experience to end-users, which ensures lower costs and greater efficiency.
Azure Virtual Desktop supports two load balancing algorithms for pooled host pools. Each algorithm determines which session host is used when a user starts a remote session. Load balancing doesn't apply to personal host pools because users always have a 1:1 mapping to a session host within the host pool.
The following load balancing algorithms are available for pooled host pools:
Breadth-first, which aims to evenly distribute new user sessions across the session hosts in a host pool. You don't have to specify a maximum session limit for the number of sessions.
Depth-first, which keeps starting new user sessions on one session host until the maximum session limit is reached. Once the session limit is reached, any new user connections are directed to the next session host in the host pool until it reaches its session limit, and so on.
References:
Azure Virtual Desktop terminology
Configure host pool load balancing in Azure Virtual Desktop
Question: 345
Measured Skill: Plan and implement user environments and apps (20–25%)
You have an Azure Virtual Desktop deployment that contains a host pool named Pool1. Pool1 contains a session host named Computer1 that runs Windows 11 Enterprise multi-session.
You plan to manage the user profiles of Computer1 by using FSLogix.
You need to use Local Group Policy Editor to configure FSLogix on Computer1 by using the English (United States) version of fslogix.admx and fslogix.adml Group Policy administrative template files.
To which folder on Computer1 should you copy the files?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | fslogix.admx: C:\Windows
fslogix.adml: C:\Windows\System32 |
| B | fslogix.admx: C:\Windows\en-US
fslogix.adml: C:\Windows |
| C | fslogix.admx: C:\Windows\System32
fslogix.adml: C:\Windows\System32\en-US |
| D | fslogix.admx: C:\Windows\System32\en-US
fslogix.adml: C:\Windows\policyDefinitions |
| E | fslogix.admx: C:\Windows\policyDefinitions
fslogix.adml: C:\Windows\policyDefinitions\en-US |
| F | fslogix.admx: C:\Windows\policyDefinitions\en-US
fslogix.adml: C:\Windows\en-US |
Correct answer: EExplanation:
FSLogix provides Group Policy administrative template files in the form of .admx and language-specific .adml files. These files can be used within the Local Group Policy Editor and the Group Policy Management Editor. The Local Group Policy Editor is used to edit Local Group Policy Objects (LGPOs). The Group Policy Management Editor, which is available from within the Group Policy Management Console (GPMC), can be used to edit domain-based policy objects.
When local Group Policy Objects (LGPOs) are used, the template files must be copied to the following locations:
Reference: Using FSLogix Group Policy Template Files
Question: 346
Measured Skill: Plan and implement user environments and apps (20–25%)
You have an Azure Virtual Desktop deployment.
You plan to implement FSLogix profiles for the deployment.
You need to configure NTFS permissions for the file share that will store the FSLogix profiles. The solution must follow the principle of least privilege.
At which level should you apply permissions for CREATOR OWNER?| A | This folder, subfolders and files |
| B | Subfolders and files only |
| C | This folder only |
| D | Files only |
Correct answer: BExplanation:
FSLogix works with SMB storage systems to store Profile or ODFC containers. SMB storage is used in standard configurations where VHDLocations holds the UNC path to the storage locations. SMB storage providers can also be used in Cloud Cache configurations where CCDLocations is used instead of VHDLocations.
SMB storage permissions rely on traditional NTFS Access Control Lists (ACL) applied at file or folder levels to ensure the proper security of the data that is stored.
Windows ACL(s) are important to configure correctly so that only the user (CREATOR OWNER) has access to their profile directory or VHD(x) file. Additionally, you need to ensure any other administrative groups have 'Full Control' from an operational perspective. This concept is known as user-based access and is the recommended configuration.
The table outlines the recommended ACL(s) to be configured.
Reference: Configure SMB Storage Permissions