Microsoft - AZ-140: Configuring and Operating Microsoft Azure Virtual Desktop
Sample Questions
Question: 281
Measured Skill: Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
You have an Azure Virtual Desktop deployment that contains a host pool named Pool1. Pool1 contains the session hosts shown in the following table.
You have two internal users named User1 and User2.
You plan to enable the following connectivity for the Azure Virtual Desktop deployment:
- User1 will connect to Host1.
- User2 will connect to Host2.
Which license should you recommend for each user?
(To answer, drag the appropriate licenses to the correct users. Each license may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)
| A | User1: RDS Client Access License
User2: RDS Client Access License |
| B | User1: RDS Client Access License
User2: Microsoft 365 E5 |
| C | User1: Per-user access pricing
User2: Windows 365 Enterprise |
| D | User1: Microsoft 365 E5
User2: Per-user access pricing |
| E | User1: Microsoft 365 E5
User2: RDS Client Access License |
| F | User1: Windows 365 Enterprise
User2: Microsoft 365 E5 |
Correct answer: EExplanation:
You must provide an eligible license for each user that accesses Azure Virtual Desktop. The license you need also depends on whether you're using a Windows client operating system or a Windows Server operating system for your session hosts, and whether it's for internal or external commercial purposes. The following table shows the eligible licensing methods for each scenario:
Reference: Eligible licenses to use Azure Virtual Desktop
Question: 282
Measured Skill: Plan and implement user environments and apps (20–25%)
You have an Azure subscription that contains an Azure Virtual Desktop deployment and a storage account named storage1. Storage1 contains an Azure Files share named share1.
The Azure Virtual Desktop deployment contains a host pool named Pool1. Pool1 contains two session hosts that are joined to a Microsoft Entra Domain Services domain.
You need to configure FSLogix profile containers and store them on share1.
Which actions should you perform in sequence?
(To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)
| A | Step1: Assign the Storage File Data SMB Share Contributor role to users and grant permissions.
Step2: Assign the Storage File Data SMB Share Reader role to users and grant permissions.
Step3: Set registry keys on the session hosts to use Profile Containers. |
| B | Step1: Assign the Storage File Data SMB Share Contributor role to users and grant permissions.
Step2: Enable Microsoft Entra Kerberos authentication for share1.
Step3: Set registry keys on the session hosts to use Profile Containers. |
| C | Step1: Assign the Storage File Data SMB Share Reader role to users and grant permissions.
Step2: Enable the Microsoft Entra Domain Services identity source for share1.
Step3: Set registry keys on the session hosts to use Profile Containers. |
| D | Step1: Enable Microsoft Entra Kerberos authentication for share1.
Step2: Enable the Microsoft Entra Kerberos identity source for share1.
Step3: Set registry keys on the session hosts to use Profile Containers. |
| E | Step1: Enable the Microsoft Entra Domain Services identity source for share1.
Step2: Assign the Storage File Data SMB Share Contributor role to users and grant permissions.
Step3: Set registry keys on the session hosts to use Profile Containers. |
| F | Step1: Enable the Microsoft Entra Kerberos identity source for share1.
Step2: Assign the Storage File Data SMB Share Reader role to users and grant permissions.
Step3: Set registry keys on the session hosts to use Profile Containers. |
Correct answer: EExplanation:
The session hosts are joined to a Microsoft Entra Domain Services domain which will provide authentication when users accessing the file share.
To use Active Directory accounts for the share permissions of your file share, you need to enable AD DS or Microsoft Entra Domain Services as a source. This process joins your storage account to a domain, representing it as a computer account.
Users needing to store profiles in your file share need permission to access it. To do this, you need to assign each user the Storage File Data SMB Share Contributor role and the required NTFS permissions.
Reference: Store FSLogix profile containers on Azure Files and Active Directory Domain Services or Microsoft Entra Domain Services
Question: 283
Measured Skill: Plan and implement user environments and apps (20–25%)
You have an Azure Virtual Desktop deployment that contains a host pool named Pool1. All the session hosts in Pool are Microsoft Entra joined.
You have 50 users that will access the deployment by using devices that run Linux.
You need to ensure that the users can sign in to the deployment.
Which custom RDP property should you configure?| A | targetisaadjoined |
| B | enablecredsspsupport |
| C | securitymode |
| D | authentication level |
Correct answer: AExplanation:
There are some requirements to access Microsoft Entra joined session hosts from different Azure Virtual Desktop clients.
The default configuration supports connections from Windows 11 or Windows 10 using the Windows Desktop client. You can use your credentials, smart card, Windows Hello for Business certificate trust or Windows Hello for Business key trust with certificates to sign in to the session host. However, to access the session host, your local PC must meet one of the following conditions:
- The local PC is Microsoft Entra joined to the same Microsoft Entra tenant as the session host
- The local PC is Microsoft Entra hybrid joined to the same Microsoft Entra tenant as the session host
- The local PC is running Windows 11 or Windows 10, version 2004 or later, and is Microsoft Entra registered to the same Microsoft Entra tenant as the session host
If your local PC doesn't meet one of these conditions, add targetisaadjoined:i:1 as a custom RDP property to the host pool. These connections are restricted to entering user name and password credentials when signing in to the session host.
Reference: Microsoft Entra joined session hosts in Azure Virtual Desktop
Question: 284
Measured Skill: Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
You have an Azure Virtual Desktop deployment.
You plan to deploy the host pools shown in the following table.
For which host pools can you configure a load-balancing algorithm?| A | Pool1 and Pool3 only |
| B | Pool1 and Pool4 only |
| C | Pool2 and Pool3 only |
| D | Pool1, Pool2, and Pool3 only |
| E | Pool1, Pool2, Pool3, and Pool4 |
Correct answer: BExplanation:
Azure Virtual Desktop supports two load balancing algorithms for pooled host pools. Each algorithm determines which session host is used when a user starts a remote session. Load balancing doesn't apply to personal host pools because users always have a 1:1 mapping to a session host within the host pool.
The following load balancing algorithms are available for pooled host pools:
Breadth-first, which aims to evenly distribute new user sessions across the session hosts in a host pool. You don't have to specify a maximum session limit for the number of sessions.
Depth-first, which keeps starting new user sessions on one session host until the maximum session limit is reached. Once the session limit is reached, any new user connections are directed to the next session host in the host pool until it reaches its session limit, and so on.
Reference: Configure host pool load balancing in Azure Virtual Desktop
Question: 285
Measured Skill: Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
You have an Azure Virtual Desktop deployment that contains a host pool named Pool1.
You have a virtual machine named Server1 that runs Windows Server.
You need to add Server1 to Pool1.
Which role service should you install on Server first, and which value should you provide during the installation of the Azure Virtual Desktop agent?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Role service: Remote Desktop Connection Broker
Value: The X509.3 certificate |
| B | Role service: Remote Desktop Connection Broker
Value: The host pool name |
| C | Role service: Remote Desktop Gateway
Value: User credentials |
| D | Role service: Remote Desktop Session Host
Value: The registration key |
| E | Role service: Remote Desktop Session Host
Value: The host pool name |
| F | Role service: Remote Desktop Web Access
Value: User credentials |
Correct answer: DExplanation:
If you created virtual machines by using an alternative method outside Azure Virtual Desktop, such as an automated pipeline, you need to install the Remote Desktop Session Host role and register them separately as session hosts to a host pool.
To register session hosts to a host pool, you need to install the Azure Virtual Desktop Agent and the Azure Virtual Desktop Agent Boot Loader on each virtual machine and use the registration key that you generated. You can register session hosts to a host pool by using the agent installers' graphical user interface (GUI) or by using msiexec from a command line.
Reference: Add session hosts to a host pool