Are you looking for a trusted source for AZ-140 exam questions? You have landed at the right place.
The AZ-140: Configuring and Operating Microsoft Azure Virtual Desktop Certification exam is for administrators and it requires you to carry a subject matter expertise in the planning, management, and delivery of a virtual desktop experience and remote apps, on Azure, for various devices.
The questions and answers that follow will give you an overview of the AZ-140 exam. The passing score for the exam is a minimum of 700.
Domain: Implement an Azure Virtual Desktop infrastructure
Q1: Your organization has an Azure Virtual Desktop host pool. You have been asked to install MS Antimalware for Azure on the session hosts. How would you accomplish the requirement?
A. Activate Windows 10 security features using a Group Policy Object (GPO).
B. Add an extension for each session host.
C. Install a Windows feature by signing in to each session host.
D. For the host pool, configure the RDP Properties.
Correct Answer: B
Explanation
Microsoft Antimalware is not by default installed in the VMs platform and is available as an additional/optional feature through Visual Studio and Azure portal Virtual Machine configuration under Security Extensions.
Option A is incorrect. Activating Windows 10 security features using a Group Policy Object (GPO) won’t help in installing MS Antimalware.
Option B is correct. You need to add a security extension for every session host to install the MS Antimalware.
Option C is incorrect. Installing a Windows feature won’t help in meeting the requirements.
Option D is incorrect. Configuration of the RDP Properties for the host pool won’t help you meet the requirements.
Reference: To know more about Antimalware, please visit the below-given link: https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware
Domain: Implement an Azure Virtual Desktop infrastructure
Q2: Standard and Premium are 2 different tiers of storage that are offered by Azure Files. These tiers allow you to tailor the cost and the performance of your file shares to accomplish the requirements.
Fill in the blanks to complete the statement below.
Standard file shares are backed by ________ and are deployed in ___________ storage account type.
A. SSDs and FileStorage
B. HHDs and FileStorage
C. SSDs and GPv2
D. HHDs and GPv2
Correct Answer: D
Explanation
Standard file shares are backed by HHDs (hard disk drives) and are deployed in GPv2 (general-purpose version 2) storage account type. They offer reliable performance for I/O workloads which are less sensitive to performance variabilities like general purpose file shares and dev/test environments.
Option A is incorrect. These are Premium file shares which are backed by SSDs (solid-state drives) and FileStorage is the storage account type in which they are deployed.
Option B is incorrect. HHDs and FileStorage are the incorrect entries.
Option C is incorrect. SSDs and GPv2 are the incorrect entries to define standard file shares.
Option D is correct. Standard file shares are backed by HHDs and are deployed in GPv2 storage account type.
Reference: To know more about Storage options for FSLogix profile containers in Azure Virtual Desktop, please visit the below-given link: ttps://docs.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile
Domain: Implement an Azure Virtual Desktop infrastructure
Q3: An organization uses breadth-first load balancing. During a non-typical weather-related event, an unexpectedly high number of users logged onto WVD to work remotely. During this time, users complained of slowness and applications crashing. What would you do to prevent performance issues for a higher than expected number of users?
A. Set the Host Pool max session limit and change the load balancing algorithm to depth-first.
B. Set the Host Pool Max Session limit.
C. Implement an auto-scale solution to scale up the session hosts at the time of high activity.
D. Double the number of session hosts to accommodate a greater number of users.
Correct Answer: B
Explanation
During the configuration of breadth-first load balancing, you might set a maximum session limit per session host in the host pool. Host Pool Max Session Limit can be set to a number that will best suit your environment. It will avoid performance issues by preventing the new connections beyond the defined capacity.
Run the below PowerShell cmdlet for configuring a host pool for breadth-first load balancing and to set a new maximum session limit:
Option A is incorrect. You don’t need to change to depth-first to set a max session limit. It can even be set in breadth-first load balancing.
Option B is correct. Host Pool Max Session Limit can be set to a number that will best suit your environment.
Option C is incorrect. Auto Scaling up is not a recommended solution as the session host would require to be removed and replaced to add larger Virtual Machine sizes.
Option D is incorrect. Doubling the number of session hosts isn’t a recommended solution as we don’t know if that would provide adequate capacity.
Reference: To know more about load balancing options, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-load-balancing#configure-breadth-first-load-balancing
Domain: Implement an Azure Virtual Desktop infrastructure
Q4: You add several languages to a base image and utilize that image for deploying the Session Hosts. Users log in but don’t have an option to add additional languages. Which of the following steps would you take?
A. Update the Inbox Apps for multi-language.
B. Create a content repository for language packs.
C. Run the Set-WinUserLanguageList cmdlet to add the language list to the settings menu.
D. Create a content repository for features on demand.
E. None of these.
Correct Answer: C
Explanation
To make your users select the languages you installed, sign in as the user, and then run the below PowerShell cmdlet for adding the installed language packs to the Languages menu. Also, this script can be set up as a logon script or an automated task that activates when the users sign in to their session.
Option A is incorrect. This task is needed to build the base image, before the session host deployment.
Option B is incorrect. A content repository should be created for language packs before deploying the session hosts.
Option C is correct. Running the Set-WinUserLanguageList cmdlet to add the language list to the settings menu is the right option.
Option D is incorrect. Creating a content repository for features on-demand, won’t meet the goal.
Option E is incorrect. You need to run the Set-WinUserLanguageList cmdlet as mentioned in the explanation.
Reference: To know more about adding language packs to a Windows 10 multi-session image, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/language-packs?WT.mc_id=AZ-MVP-5004159#enable-languages-in-windows-settings-app
Domain: Implement an Azure Virtual Desktop infrastructure
Q5: You are publishing a new image to a Shared Image Gallery. You desire to test/verify the image before it is available to any new session host. How would you stop the new session host from utilizing the image unless the image version is particularly referenced during deployment?
A. Temporary set the version as 0.0.1 until the image is tested.
B. Set the end of life to a past date.
C. Set the option to exclude the version from the latest.
D. Create a managed image first, then move the managed image to a SIG once validated.
Correct Answer: C
Explanation
New deployments using the version “latest” will always utilize the newest image version from a SIG. You can exclude a new image from the latest. When being excluded, you need to specify the new image version during the deployment.
Option A is incorrect. Temporary setting the version as 0.0.1 until the image is tested won’t help in meeting the goal.
Option B is incorrect. End-of-life dates are just informational; users will still be capable of creating VMs from images and versions past the end-of-life date.
Option C is correct. Setting the option to exclude the version from the latest will stop the new session host from utilizing the image unless the image version is particularly referenced during deployment.
Option D is incorrect. Creating a managed image first, then moving the managed image to a SIG once validated is the incorrect solution.
Reference: To know more about storing and sharing images in an Azure Compute Gallery, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries#image-versions
Domain: Manage Access and Security
Q6: You need to allow one of the users to view everything in the deployment but not make any changes. Which of the following RBAC roles would you provide?
A. Desktop Virtualization Contributor
B. Desktop Virtualization Reader
C. Desktop Virtualization Host Pool Reader
D. Desktop Virtualization Application Group Reader
Correct Answer: B
Explanation
The Desktop Virtualization Reader is the specific role that allows you to view everything in the deployment but not make any changes.
Option A is incorrect. The Desktop Virtualization Contributor role will allow the user to manage all aspects of the deployment.
Option B is correct. The Desktop Virtualization Reader is the specific role that allows you to view everything in the deployment but not make any changes.
Option C is incorrect. Host Pool Reader will allow the user to see everything in the host pool.
Option D is incorrect. Application Group Reader should be assigned if you want the user to get access to information about the various applications in the workspace.
Reference: To know more about Built-in roles for Azure Virtual Desktop, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac?WT.mc_id=AZ-MVP-5004159
Domain: Manage Access and Security
Q7: A conditional access policy is implemented to enforce multi-factor authentication (MFA) when logging into the Azure Virtual Desktop. The company wants the MFA requirement to be eliminated/disabled when a user authenticates from the corporate network.
Which of the following options will help in meeting the company’s requirements?
A. Adding the public IP as an MFA trusted IP and then adding an exception for the trusted locations in the policy
B. Adding the public IP as a trusted IP range location and then adding an exception for the trusted locations in the policy
C. Adding the corporate public IP as a trusted IP range location and then setting an exclusion in security defaults
D. Adding the corporate public IP as an MFA trusted IP and then setting an exclusion in security defaults
E. None of these
Correct Answers: A and B
Explanation
The public IP of the corporate network can be added as Multi-factor authentication (MFA) trusted IP or added to a trusted IP range location. Then these options can be added as an exclusion to a conditional Access Policy.
Option A is correct. Adding the public IP as an MFA trusted IP and then adding an exception for the trusted locations in the policy will help in eliminating MFA requirements when a user authenticates from the corporate network.
Option B is correct. Adding the public IP as a trusted IP range location and then adding an exception for the trusted locations in the policy will help in eliminating MFA requirements when a user authenticates from the corporate network.
Option C is incorrect. Setting an exclusion in security defaults won’t help in meeting the company’s requirements.
Option D is incorrect. Setting an exclusion in security defaults won’t help in meeting the company’s requirements.
Option E is incorrect. Adding the public IP of the corporate network as multi-factor authentication (MFA) trusted IP or to a trusted IP range location and then Setting an exclusion in security defaults won’t help in meeting the company’s requirements.
Reference: To know more about location conditions in a Conditional Access Policy, please visit the below-given link: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition#trusted-locations
Domain: Manage Access and Security
Q8: Your team lead has asked you to get an overview of the security posture of your existing Azure Virtual Desktop implementation. Which of the following Azure Services would you review?
A. Azure Defender Portal
B. Azure Virtual Desktop Insights
C. Azure Security Center
D. Custom workbook in Log Analytics
Correct Answer: C
Explanation
Azure Security Center strengthens the security postures of data centers and offers advanced threat protection across the hybrid workloads in the cloud. It provides you with the tools required to harden the network, secure the services and ensure you are on top of your security posture.
Option A is incorrect. Azure defender portal doesn’t help in analyzing the security posture of your AVD implementation.
Option B is incorrect. Azure Virtual Desktop Insights is not a way to get an overview of the security posture of your existing Azure Virtual Desktop implementation.
Option C is correct. Azure Security Center offers an overview of security-related stuff in Azure and also recommends the activities that will help in enhancing the overall security posture of Azure Virtual Desktop.
Option D is incorrect. Custom workbooks in Log Analytics won’t help with the overview of security posture.
Reference: To know more about Azure Security Center, please visit the below-given link: https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction
Domain: Manage User Environments and Apps
Q9: Which of the following Azure AD roles must be assigned to the administrator to configure and manage Universal Print?
A. Global Administrator
B. Printer Administrator
C. Local Administrator
D. Database Administrator
E. Any of the above
Correct Answers: A and B
Explanation
For configuring and managing Universal Print, an administrator must be assigned any of these two Azure AD (Azure Active Directory) roles: Global Administrator or printer administrator.
Option A is correct. Assigning the Global Administrator role to an administrator allows the administrator to configure and manage the universal print.
Option B is correct. Assigning the Printer Administrator role to an administrator allows the administrator to configure and manage the universal print.
Option C is incorrect. A local administrator is an incorrect role to be assigned to the administrator.
Option D is incorrect. The Database Administrator role won’t meet the requirements.
Option E is incorrect. For configuring and managing Universal Print, an administrator must be assigned either a Global Administrator or printer administrator role.
Reference: To know more about how to set up Universal print, please visit the below-given link: https://docs.microsoft.com/en-us/universal-print/fundamentals/universal-print-getting-started
Domain: Manage User Environments and Apps
Q10: MSIX app attach can be used for delivering the MSIX applications to both virtual and physical machines. Which of the following are the key capabilities/characteristics of an MSIX app attached in an Azure Virtual Desktop deployment?
A. It can create separation among the operating system, user data, and apps using MSIX containers.
B. It can eliminate the need for repackaging while delivering apps dynamically.
C. It can decrease the time it consumes for a user to log/sign in.
D. It can decrease infrastructural requirements and costs.
E. All the above
Correct Answer: E
Explanation
In an Azure Virtual Desktop (AVD) deployment, the MSIX app attach can:
- Create separation among the operating system, user data, and apps using MSIX containers.
- Eliminate the need for repackaging while delivering apps dynamically.
- Decrease the time it consumes for a user to log/sign in.
- Decrease the infrastructural requirements and cost.
Option A is incorrect. All the given are the key capabilities of the MSIX app attached.
Option B is incorrect. All the given options represent the key capabilities MSIX app attach can do in AVD deployment.
Option C is incorrect. All the given options represent the key capabilities MSIX app attach can do in AVD deployment.
Option D is incorrect. All the given options represent the key capabilities MSIX app attach can do in AVD deployment.
Option E is correct. All the given are the key capabilities of the MSIX app attached.
Reference: To know more about MSIX app attach, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/what-is-app-attach
Domain: Manage User Environments and Apps
Q11: You are planning to deploy Azure Virtual Desktop. One of the users is having an android based mobile phone. Would the user be able to connect to the Azure Virtual Desktop resources from his mobile phone by using the Remote Desktop web client?
A. Yes
B. No
Correct Answer: B
Explanation
The web client allows the users to access their Azure Virtual Desktop resources from a web browser in a simple way. But the web client currently does not support the mobile OS. The supported operating systems by web clients are windows, macOS and Linux.
Reference: To know more about how to connect to Azure Virtual Desktop with the web client, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/user-documentation/connect-web
Domain: Monitor and Maintain an Azure Virtual Desktop Infrastructure
Q12: As a part of the fail-over process, you want to automate a rapid deployment and a new host pool with a large number of session hosts. Which of the following would you use to deploy the host pool.
A. Azure Portal
B. ARM Templates
C. PowerShell Scripts
D. Azure Site Recovery
Correct Answer: B
Explanation
ARM templates are a better option than the portal because they work with automation solutions. These templates can deploy a number of servers in parallel and add them to the Host Pool during the deployment, which makes it much quicker than PowerShell.
Option A is incorrect. Azure Portal is not the best choice as ARM templates are better than portals as they work with automation solutions.
Option B is correct. ARM templates are a better option than the portal because they work with automation solutions.
Option C is incorrect. ARM templates are faster than PowerShell scripts.
Option D is incorrect. Azure site recovery is not the best solution.
Reference: To more about using ARM templates, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-template?WT.mc_id=AZ-MVP-5004159
Domain: Monitor and Maintain an Azure Virtual Desktop Infrastructure
Q13: Azure Delights company has hired you as an expert member to give your inputs in their projects. In a team meeting, you want to tell the team members about the scaling tool and its uses. Choose the statements that you can use to explain the scaling tool.
A. The scaling tool is a low-cost automation option to optimize the session host VM costs
B. You can’t use the scaling tool to schedule virtual machines to start and stop depending upon Peak and Off-Peak business hours
C. The scaling tool can be used to scale out VMs depending upon the number of sessions per CPU core
D. Scaling tools can be used to scale in virtual machines during Off-Peak hours, allowing the minimum number of session host VMs to run
E. All of the above
Correct Answers: A, C, and D
Explanation
The scaling tool offers a low-cost automation option to optimize the session host VM costs.
The scaling tool can be used to
- Schedule Virtual machines to start and stop based on Peak and Off-Peak business hours.
- Scale-out virtual machines depending upon the number of sessions per CPU core.
- Scale in virtual machines during Off-Peak hours, allowing the minimum number of session host VMs to run.
Option A is correct. A scaling tool is a low-cost automation option to optimize the session host VM costs.
Option B is incorrect. The scaling tool can also be used to schedule virtual machines to start and stop depending upon Peak and Off-Peak business hours.
Option C is correct. The scaling tool can be used to scale out VMs depending upon the number of sessions per CPU core.
Option D is correct. The scaling tool can be used to scale virtual machines during Off-Peak hours, allowing the minimum number of session host VMs to run.
Option E is incorrect. The scaling tool can also be used to schedule virtual machines to start and stop depending upon Peak and Off-Peak business hours.
Reference: To know more about scaling session hosts using Azure Automation, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script
Domain: Monitor and Maintain an Azure Virtual Desktop Infrastructure
Q14: You need to create an FSLogix profile. Which of the following is not a necessary step you need to perform in the process of creating an FSLogix profile?
A. Create an Azure storage account with a file share
B. Install FSLogix software in Azure Virtual Desktop gallery images
C. Create a new role in Azure AD to read and write in Azure storage
D. None of these
Correct Answer: B
Explanation
You don’t need to install FSLogix software in AVD gallery images while creating the FSLogix profile as it is already installed in the Azure gallery images. You might need to install the FSLogix software yourself if you decide to use your own image.
Option A is incorrect. FSLogix profiles store user-assigned virtual disks in the file share in Azure.
Option B is correct. You don’t need to install FSLogix software in AVD gallery images while creating the FSLogix profile as it is already installed in the Azure gallery images.
Option C is incorrect. A new role is needed in Azure AD to read and write in Azure storage so the users can access and change the virtual disks that contain their user profile.
Option D is incorrect. You don’t need to install FSLogix software in Azure Virtual Desktop gallery images.
Reference: To know more about how to create an FSLogix profile for Azure Virtual Desktop users, please visit the below-given link: https://docs.microsoft.com/en-us/learn/modules/m365-optimize-wvd/3-provision-fslogix
Domain: Monitor and Maintain an Azure Virtual Desktop Infrastructure
Q15: Which of the following cmdlet would you use in PowerShell for creating a new empty RemoteApp app group?
A. New-AzWvdApplicationGroup
B. Create-AzWvdApplicationGroup
C. Set-AzWvdApplicationGroup
D. Get-AzWvdApplicationGroup
E. New-AzRoleAssignment
Correct Answer: A
Explanation
New-AzWvdApplicationGroup cmdlet is used for creating a new empty RemoteApp app group.
Syntax:
Option A is correct. New-AzWvdApplicationGroup cmdlet is the right cmdlet for creating an empty new RemoteApp app group.
Option B is incorrect. Create-AzWvdApplicationGroup is not the right command.
Option C is incorrect. Set-AzWvdApplicationGroup won’t help in creating an empty new RemoteApp app group.
Option D is incorrect. To check whether the app group was successfully created run the Get-AzWvdApplicationGroup cmdlet to view the list of all app groups.
Option E is incorrect. The new-AzRoleAssignment cmdlet is used to grant the users access to the RemoteApp program in the app group.
Reference: To know more about how to manage app groups using PowerShell or the Azure CLI, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups-powershell?tabs=azure-powershell
Domain: Implement an Azure Virtual Desktop Infrastructure
Q16: You are having a small pilot group of AVD using FSLogix. The company cut the expenses for the pilot by utilizing Transactional Optimized storage for the Azure file share. Users find that applications are slow and sometimes there are errors.
Which of the following steps would you take to resolve the issue?
A. Upgrade the storage account to Azure NetApp files
B. Enable large file shares on the storage account
C. Create a new premium file share, use RoboCopy to migrate existing profiles
D. Upgrade the storage account to Azure Premium file share
Correct Answer: B
Explanation
For a Transaction File share, the maximum IOPS is 1000. Enabling large file shares on the storage account will increase it to 10,000 IOPS. This change won’t affect the environment.
Option A is incorrect. You can’t upgrade a storage account to Azure NetApp Files.
Option B is correct. Enabling large file shares on the storage account is the recommended solution to resolve the identified issue.
Option C is incorrect. Profiles should be moved to a Premium storage account only if the pilot moves to production.
Option D is incorrect. You can’t upgrade a storage account to Azure premium file share.
Reference: To know more about Azure Files scalability and performance targets, please visit the below-given link: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-scale-targets?WT.mc_id=AZ-MVP-5004159#azure-file-share-scale-targets
Domain: Implement an Azure Virtual Desktop infrastructure
Q17: Your company has an AVD host pool that runs Windows 10 Enterprise multi-session. You have been asked to configure the automatic scaling for the host pool in such a way that the following 2 requirements are met:
New user sessions should be distributed across all running session hosts.
A new session host should be started automatically when concurrent user sessions surpass 30 users per host.
What would you consider in the solution?
A. An Azure Automation account and the breadth-first load balancing algorithm
B. An Azure load balancer and the breadth-first load balancing algorithm
C. An Azure Automation account and the depth-first load balancing algorithm
D. An Azure load balancer and the depth-first load balancing algorithm
Correct Answer: C
Explanation
Depth-first load balancing allows the users to saturate a session host with user sessions in a host pool. Once the 1st session host touches its session limit threshold, any new user connections are directed by the load balancer to the next session host in the host pool until its limit is reached and so on.
Option A is incorrect. To meet the goal, there is a need for an Azure Automation account and depth-first load balancing algorithm, not breadth-first.
Option B is incorrect. There is a need for the Azure automation account to meet the goal.
Option C is correct. An Azure Automation account and the depth-first load-balancing algorithm are required to meet the given requirements.
Option D is incorrect. There is a need for an Azure automation account to meet the goal, Azure load balance won’t help.
References: To know more about load balancing algorithms, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing, https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-load-balancing
Domain: Implement an Azure Virtual Desktop Infrastructure
Q18: You notice an Azure Virtual Desktop Agent issue with the error: “Connection not found: RDAgent does not have an active connection to the broker”.
Which of the following steps would you take to resolve this issue?
A. Decrease the max session limit
B. Increase the max session limit
C. Increase the resource capacity of the VMs
D. Decrease the resource capacity of the VMs
E. Generate a new registration key for the VM
Correct Answers: A and C
Explanation
Error: “Connection not found: RDAgent does not have an active connection to the broker” indicates that your virtual machines may be at their connection limit, so the VMs can’t accept new connections. This issue can be resolved by decreasing the max session limit and increasing the resource capacity of the virtual machines.
Option A is correct. Decreasing the max session limit will ensure that the resources are more evenly distributed across session hosts and it will prevent resource depletion.
Option B is incorrect. To resolve the given issue, it is recommended to decrease the max session limit.
Option C is correct. Increasing the resource capacity of virtual machines will increase the connection limit for the VMs.
Option D is incorrect. resource capacity of VMs needs to be increased, not decreased.
Option E is incorrect. Generating the new registration key is not the recommended solution to resolve the issue.
Reference: To know more about how to troubleshoot common Azure Virtual Desktop Agent issues, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-agent
Domain: Manage Access and Security
Q19: The customer service department in your company needs to send the messages to AVD users, disconnect the sessions, and sign the users out of the session host. Which role is needed for the customer service department?
A. Session Host Operator
B. User session operator
C. Desktop Virtualization Host Pool Reader
D. Desktop Virtualization Application Group Reader
Correct Answer: B
Explanation
The User Session Operator role allows sending the messages to the intended users, disconnecting the sessions, and utilizing the “logoff” function to sign users out of the session host.
The following figure describes the permissions associated with the User Session Operator role:
Option A is incorrect. The session Host operator role allows the user to view and remove the session hosts, even changing drain mode.
Option B is correct. The User Session Operator role allows sending the messages to the intended users, disconnecting the sessions, and utilizing the “logoff” function to sign users out of the session host.
Option C is incorrect. Host Pool Reader will allow the user to see everything in the host pool and therefore is not the right role to be assigned.
Option D is incorrect. Application Group Reader should be assigned if you want the user to get access to information about the various applications in the workspace.
Reference: To know more about Built-in roles for Azure Virtual Desktop, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac?WT.mc_id=AZ-MVP-5004159
Domain: Manage Access and Security
Q20: Your company wants to enable multi-factor authentication (MFA) for all logins but the company does not have Azure AD Premium P1 or P2 licenses. Which option does the company have to enable MFA in this case?
A. Azure Policies
B. Azure Blueprint
C. Conditional Access Policy
D. Azure Security Defaults
Correct Answer: D
Explanation
Conditional Access Policies can be implemented only with Azure AD Premium P1 or P2 licenses. Azure Blueprints and Azure policies have no effect on the user logins. Azure Security Defaults can be used to enforce MFA for all user logins and there is no need for an Azure AD Premium license.
Option A is incorrect. Azure policies have no effect on the user logins.
Option B is incorrect. Azure blueprints also have no effect on the user logins.
Option C is incorrect. Conditional Access Policies can be implemented only with Azure AD Premium P1 or P2 licenses.
Option D is correct. Azure Security Defaults can be used to enforce MFA for all user logins and there is no need for an Azure AD Premium license.
Reference: To know more about the security defaults, please visit the below-given link: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
Domain: Manage User Environments and Apps
Q21: Which of the following is/are the potential benefit(s) of deploying VDI (virtual desktop infrastructure) platforms hosting Windows operating systems in your organization?
A. It helps in streamlining the management
B. It helps in reducing costs through consolidation and centralization of the resources
C. It helps in delivering end-users mobility and the freedom to access VDs (virtual desktops) from anywhere, at any time, on any device.
D. All of these
Correct Answer: D
Explanation
Administrators deploy virtual desktop infrastructure (VDI) to
- Streamline the management.
- Cut down the cost through consolidation and centralization of the resources.
- Provide end-users mobility and the freedom to access VDs (Virtual Desktops) from anywhere, at any time, on any device.
Option A is incorrect. Deploying VDI helps in streamlining the management along with all other given options.
Option B is incorrect. VDI streamlines management, reduces cost, and delivers end-users mobility.
Option C is incorrect. VDI also helps in delivering end-users mobility and the freedom to access VDs (virtual desktops) from anywhere, at any time, on any device.
Option D is correct. All the given are potential benefits of deploying VDI.
Reference: To know more about Device identity and desktop virtualization, please visit the below-given link: https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-device-identity-virtual-desktop-infrastructure
Domain: Manage User Environments and Apps
Q22: In an Azure Virtual Desktop deployment, which of the following solutions can help you in running containerized applications without the need to install the applications on the session hosts?
A. MSI packages
B. MSIX app packages
C. EXE applications
D. APPX app packages
Correct Answer: B
Explanation
Applications that are packaged through MSIX runs in a lightweight app container. The child processes run in the container and are isolated utilizing file system and registry virtualization.
Option A is incorrect. MSI packages won’t help in running containerized applications without the need to install the applications on the session hosts.
Option B is correct. MSIX app packages are the right solution to run containerized applications without the need to install the applications on the session hosts.
Option C is incorrect. EXE applications are not the right solution.
Option D is incorrect. APPX app packages are not the right solution to run containerized applications without the need to install the applications on the session hosts.
Reference: To know more about MSIX containers, please visit the below-given link: https://docs.microsoft.com/en-us/windows/msix/msix-container
Domain: Monitor and Maintain an Azure Virtual Desktop Infrastructure
Q23: Being the admin, you need to start a failover due to the secondary region outage. Before starting the failover, you need to end the user connections in the current region. Which of the following cmdlet would you run in PowerShell to disconnect the users in Azure Virtual Desktop (classic)?
A. Remove-RdsUserSessionLogoff
B. Invoke-RdsUserSessionLogoff
C. Remove-AzWvdUserSession
D. Invoke-AzWvdUserSession
Correct Answer: B
Explanation
The invoke-RdsUserSessionLogoff cmdlet is used to disconnect the users in Azure Virtual Desktop (classic).
Option A is incorrect. Remove-RdsUserSessionLogoff is the incorrect cmdlet to run.
Option B is correct. The invoke-RdsUserSessionLogoff cmdlet is used to disconnect the users in Azure Virtual Desktop (classic).
Option C is incorrect. Remove-AzWvdUserSession is used to disconnect the users in the Azure-integrated version of AVD.
Option D is incorrect. Invoke-AzWvdUserSession is not the valid cmdlet.
Reference: To know more about Azure Virtual Desktop disaster recovery, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery
Domain: Monitor and Maintain an Azure Virtual Desktop Infrastructure
Q24: Read the statement below:
“The scaling tool uses the depth-first load balancing option in peak hours and the breadth-first load balancing option in off-peak hours.”
Is the above statement correct?
A. Yes
B. No
Correct Answer: B
Explanation
The scaling tool controls the load-balancing mode of the host pool it is currently scaling. Breadth-first load balancing mode is used by the scaling tool for both peak and off-peak hours.
Reference: To know more about scaling session hosts using Azure Automation, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script
Domain: Monitor and Maintain an Azure Virtual Desktop Infrastructure
Q25: You need to remove a host pool that is no longer in use. But when you attempt to delete it, it fails with an error.
Which of the following actions do you need to perform first before deleting a host pool?
A. Delete RBAC roles associated with the host pool
B. Remove the app groups associated with the host Pool
C. Enable drain mode on all session hosts in the host pool
D. Decrease the Max session limit
Correct Answer: B
Explanation
All the host pools created in AVD are attached to app groups and session hosts. You need to delete app groups associated with the host pool before deleting the host pool.
Option A is incorrect. Deleting RBAC roles associated with the host pool is not the necessary step.
Option B is correct. You need to delete app groups associated with the host pool before deleting the host pool.
Option C is incorrect. It is a good practice to put the session hosts in drain mode and wait for the users on the host pool to log off, but it is not a necessary step.
Option D is incorrect. Decreasing the Max session limit is the incorrect option.
Reference: To know more about how to delete a host pool, please visit the below-given link: https://docs.microsoft.com/en-us/azure/virtual-desktop/delete-host-pool?tabs=azure-portal
Summary
We are sure that we were able to provide you with clarity on various concepts with these free questions and answers. Hope, this will help your AZ-140 exam preparation. Keep learning and practicing the provided AZ-140 sample questions and ace the exam! Stay tuned with us for more practice questions.
- Which AWS Certification is Best For Developers - December 5, 2023
- Top Popular Hands on Labs for Google Cloud Platform (GCP) - October 29, 2023
- 7 Exam Tips for Google Cloud Database Engineer Certification - September 21, 2023
- What Is Azure Web Application Firewall (WAF)? - September 8, 2023
- The 5 Best Team Chat Apps for Business in 2024 - August 10, 2023
- What is Microsoft Cybersecurity Reference Architectures? - July 31, 2023
- How to Secure & Migrate your SAP Environment on AWS - July 26, 2023
- A Comparison of SUM-DMO and SWPM - July 21, 2023