LATEST NEWS
Newsletter

Azure Virtual Desktop Specialty Exam Renewal Assessment Solved (AZ-140)

MS Cloud Explorers > Blogs > Certifications > Azure Virtual Desktop Specialty Exam Renewal Assessment Solved (AZ-140)
AZ-140, Azure Virtual Desktop - Exam Renewal

 

  • AZ-140 Assessment

  • Microsoft Azure Virtual Desktop Specialty

You have a deployment of Azure Virtual Desktop.

An estimate of the deployment’s bandwidth usage is required. Bidirectional data transfer types between a client and a session host must be included in the estimate.

Which two kinds of data ought to be incorporated into the estimate? Every right response provides a complete solution.

  • file transfers
  • graphics
  • heartbeats
  • input
  • printing

The two correct answers are:

  1. Graphics – Azure Virtual Desktop constantly transfers graphical data from the session host to the client, making it a significant factor in bandwidth utilization.

  2. Input – User inputs (such as keyboard strokes, mouse movements, and touch inputs) are transmitted from the client to the session host, making them a bidirectional data transfer type.

You have a host pool called HS-Pool1 in your Azure Virtual Desktop deployment. Users use a VPN to connect to the session hosts in HS-Pool 1.

When trying to connect to the AVD session hosts, users encounter irregular VPN connectivity problems.

The virtual network gateway and its connections require diagnosis and troubleshooting.

What should you use?

  • Select only one answer.
  • Azure Analysis Services
  • Azure Network Watcher
  • Azure Resource Explorer
  • Azure Service Health

The correct answer is:

Azure Network Watcher

Explanation:

Azure Network Watcher provides tools to troubleshoot and diagnose network issues, including monitoring the health of Azure Virtual Network (VNet) gateways and their connections. You can use Network Watcher’s VPN diagnostics, connection troubleshoot, and packet capture features to investigate the intermittent VPN connectivity issues.

You have a deployment of Azure Virtual Desktop.

As an AVD Administrator you must suggest a way to assess the deployment’s connection quality. The following specifications must be fulfilled by the solution:

Gather graphics and network connection information on a regular basis while a user is using Azure Virtual Desktop.

The correlation ID for the particular Azure Virtual Desktop connection should be obtained.

Keep track of the latency measurements for both TCP and UDP connections.

What needs to be suggested in the implementation?

  • Azure Analysis Services
  • Azure Network Watcher
  • Log Analytics
  • RemoteFX network performance counters

The correct answer is:

Log Analytics

Explanation:

Log Analytics, as part of Azure Monitor and Azure Virtual Desktop Insights, can:

  • Collect network connection and graphics performance data throughout a session.
  • Store correlation IDs to track specific Azure Virtual Desktop connections.
  • Measure latency for both TCP and UDP connections, helping analyze connection quality.

You have a deployment of Azure Virtual Desktop.

You intend to store FSLogix user profile containers in Azure NetApp Files.

You make an account on NetApp.

You must finish configuring Azure NetApp Files.

What needs to be created first?

  • a capacity pool
  • a file share
  • an access key
  • an NFS volume

The correct answer is:

A capacity pool

Explanation:

In Azure NetApp Files, before creating an NFS volume (which will store FSLogix user profile containers), you must first create a capacity pool. The capacity pool provides the underlying storage allocation for volumes.

You have a deployment of Azure Virtual Desktop.

To store user profile data, you want to set up an Azure Storage account.

You must determine how Standard and Premium file sharing differ from one another.

Which two features separate a Premium file share?

  • deployed to the FileStorage storage account type
  • deployed to the general-purpose version 2 storage account type
  • high latency for IO intensive workloads
  • uses the pay-as-you-go billing model
  • uses the provisioned billing model

The correct answers are:

Deployed to the FileStorage storage account type
Uses the provisioned billing model

Explanation:

Premium file shares in Azure Files offer high-performance, low-latency storage optimized for IO-intensive workloads, such as FSLogix user profiles in Azure Virtual Desktop.

  1. Deployed to the FileStorage storage account type – ✅ Correct

    • Premium file shares require a FileStorage account, which is specifically optimized for Azure Files.
    • Standard file shares, on the other hand, are deployed in general-purpose v2 (GPv2) storage accounts.

  2. Uses the provisioned billing model – ✅ Correct

    • Premium file shares use a provisioned billing model, meaning you pay for the provisioned capacity regardless of actual usage.
    • Standard file shares use a pay-as-you-go model, where you pay for actual usage.

You have a deployment of Azure Virtual Desktop.

FSLogix user profile containers are what you intend to use.

You make a new file share called avd-fs1 and an Azure Storage account called avd-store1.

You must confirm that avd-fs1 can be accessed using identity-based Kerberos authentication.

What needs to be set up on storage 1 first?

  • a shared access signature (SAS)
  • Access control (IAM)
  • an identity source
  • share-level permissions

The correct answer is:

An identity source

Explanation:

To enable identity-based Kerberos authentication for Azure Files (which is required for FSLogix profile containers in Azure Virtual Desktop), you must first configure an identity source. This means integrating the Azure Storage account with Active Directory (AD) or Azure AD Kerberos authentication.

You have a deployment of Azure Virtual Desktop.

To store user profile data, you must first create an Azure Storage account called storage1. The following specifications must be fulfilled by the solution:

support for Azure page blobs and Azure file shares.

Set up redundancy to guard against failures at the datacenter level.

How should storage1 be set up?

  • Premium performance with locally-redundant storage (LRS)
  • Premium performance with zone-redundant storage (LRS)
  • Standard performance with locally-redundant storage (LRS)
  • Standard performance with zone-redundant storage (ZRS)

The correct answer is:

Standard performance with zone-redundant storage (ZRS)

Explanation:

To meet the requirements:

  1. Support for both Azure file shares and Azure page blobs:

    • Only standard performance storage accounts (GPv2 or BlobStorage) support both Azure Files and page blobs.
    • Premium performance storage accounts (FileStorage) only support Azure Files, not page blobs.

  2. Configure redundancy to protect against datacenter-level failures:

    • Zone-redundant storage (ZRS) provides redundancy across multiple availability zones, protecting against datacenter failures.
    • Locally-redundant storage (LRS) only replicates data within a single datacenter, making it less resilient.

You have a host pool called Pool1 in your Azure Virtual Desktop deployment.

You have a Windows Server 2022 virtual machine in Azure called PRD-Server1.

You must confirm that PRD-Server 1 can be added to Pool 1 as a session host.

What can one to do?

  • Enable RDP Shortpath for Pool1.
  • Enable the Validation environment for Pool1.
  • Installing the Remote Desktop Web Access (RDP) role on Server1.
  • Install the Remote Desktop Session Host (RDP) role on Server1.

The correct answer is:

Install the Remote Desktop Session Host role on Server1.

Explanation:

To add Server1 as a session host to Pool1 in Azure Virtual Desktop (AVD), it must have the Remote Desktop Session Host (RDSH) role installed. This role enables the server to host remote desktop sessions for multiple users, which is required for AVD session hosts.

You have the following host pools in your Azure Virtual Desktop deployment (AVD):

HostPool1
  – Type: Pooled
  – PreferredAppGroupType: Desktop
HostPool2
  – Type: Pooled
  – PreferredAppGroupType: None
HostPool3
  – Type: Personal
  – PreferredAppGroupType: Desktop
For the deployment, a RemoteApp application group must be added.

Can the RemoteApp Application group be added to whatever host pool?

  • HostPool1 only
  • HostPool1 and HostPool2
  • HostPool1, HostPool2, and HostPool3
  • HostPool2 only
  • HostPool3 only

The correct answer is:

HostPool2 only

Explanation:

  • In Azure Virtual Desktop (AVD), a RemoteApp application group (RemoteApp App Group) allows publishing individual applications instead of full desktops.
  • A host pool can have either a Desktop Application Group (DAG) or a RemoteApp Application Group (RAAG), but not both.
  • HostPool1 and HostPool3 already have Desktop as the PreferredAppGroupType, meaning they cannot have a RemoteApp App Group.
  • HostPool2 has PreferredAppGroupType: None, meaning it does not have a Desktop Application Group and is eligible for a RemoteApp App Group.

You have the following Azure Compute Gallery galleries and an Azure Virtual Desktop deployment:

Role-based access control (RBAC) sharing is used in Gallery 1.
Gallery 2: Makes use of RBAC and direct sharing
An Azure compute gallery that shares resources with all Azure customers, including those from outside your company, must be put into place. The solution must reduce expenses and administrative work.

What should you do?

  • Create a new Azure compute gallery that uses RBAC + share to public community gallery sharing.
  • To enable public community gallery sharing, change Gallery 1 to utilize RBAC + share.
  • Change Gallery 2 to use a tag that contains the URL for the legal agreement, the Publisher URL, and the Publisher support email.
  • Modify Gal to use RBAC + share to public community gallery sharing.

The correct answer is:

Modify Gallery2 to use RBAC + share to public community gallery sharing.

Explanation:

To share Azure Compute Gallery images with all Azure users, including users outside your organization, you must enable public community gallery sharing.

  • Gallery1 (RBAC sharing):

    • Limited to users or groups within your organization who have been assigned RBAC roles.
    • Cannot be shared publicly.

  • Gallery2 (RBAC + share directly sharing):

    • Allows sharing with specific external users, but not with all Azure users.
    • To enable public sharing, you must modify it to use RBAC + share to public community gallery sharing.

An Azure Virtual Desktop deployment is part of your Azure subscription.

Throughout the subscription, you want to distribute unique virtual machine images to Azure Virtual Desktop administrators in various geographical locations.

What should be used to make sharing Azure virtual machines easier?

  • Microsoft Entra App Gallery
  • Azure Compute Gallery
  • Azure Marketplace
  • Container instances
  • resource groups

The correct answer is:

Azure Compute Gallery

Explanation:

To share custom virtual machine (VM) images across multiple regions for Azure Virtual Desktop, the best solution is Azure Compute Gallery (formerly known as Shared Image Gallery).

Why Azure Compute Gallery?

  • Simplifies sharing: Allows you to share VM images with multiple Azure Virtual Desktop administrators.
  • Supports multiple regions: You can replicate images across different Azure regions, improving availability.
  • Efficient image management: Supports versioning and scaling for VM image deployments.

You have a Hyper-V virtual machine that runs Windows 11 and has the following configurations:

Name: VM1

  • Generation: Generation 2
  • Trusted Platform Module (TPM): Enabled
  • Disk type: Dynamic
  • Disk format: VHD

You intend to make a VM1 image, upload it to Azure, and utilize it as the foundation for Azure Virtual Desktop session hosts.

Make verify that VM1 is compatible with the Azure environment.

What should you do?

  • Convert the disk format to VHDX.
  • Convert the disk type to a fixed disk.
  • Disable TPM.
  • Reconfigure the generation to Generation 1.

The correct answer is:

Convert the disk type to a fixed disk.

Explanation:

To successfully upload a Hyper-V virtual machine image to Azure and use it as a base for Azure Virtual Desktop session hosts, the VM must meet Azure’s disk requirements.

  1. Azure only supports VHD format (not VHDX).

    • VM1 already uses VHD, so no changes are needed here.

  2. Azure does not support dynamic disks for VM images.

    • The disk must be converted from dynamic to fixed before uploading to Azure.

You have a group called Group1 and an Azure Virtual Desktop deployment.

You intend to utilize Conditional Access to make sure that Group 1 members login to the Azure Virtual Desktop service using multifactor authentication (MFA).

Group1 is assigned to AVDPolicy1, a Conditional Access policy that you write.

The AVDPolicy1 configuration must be finished.

Which three settings need to be set up?

  • Access controls: Grant
  • Access controls: Session
  • Conditions: Client apps
  • Conditions: Device platforms
  • Target resources

The correct answers are:

Access controls: Grant
Conditions: Client apps
Target resources

Explanation:

To enforce multifactor authentication (MFA) for Group1 when connecting to Azure Virtual Desktop (AVD) using Conditional Access, you need to configure the following settings:

  1. Access controls: Grant → ✅ Required

    • In the Grant section, you need to configure “Require multi-factor authentication (MFA)” to enforce MFA for users connecting to AVD.

  2. Conditions: Client apps → ✅ Required

    • In the Conditions section, select Client apps and specify that the policy applies to browser and modern authentication clients (e.g., Remote Desktop client).

  3. Target resources → ✅ Required

    • You must specify Azure Virtual Desktop as the target resource so the policy applies only when users connect to AVD.

You have a deployment of Azure Virtual Desktop.

Pool1 is the host pool that you intend to use.

Which Azure Virtual Desktop service principle needs a role-based access control (RBAC) role given to it in this host pool setting?

  • Autoscale
  • Load balancing algorithm
  • Preferred app group type
  • Validation environment

The correct answer is:

Autoscale

Explanation:

Autoscale in Azure Virtual Desktop (AVD) requires role-based access control (RBAC) permissions for a service principal because it automates the process of scaling session hosts based on demand.

  • Why is RBAC required?
    • Autoscale needs permissions to start, stop, and manage session hosts.
    • It uses a managed identity or service principal that must have roles like Virtual Machine Contributor to perform these actions.

The host pools in your Azure Virtual Desktop deployment include the following:

Pool1

  • Type: Personal
  • Contains ten Windows 10 x64 Generation 2 Enterprise multi-session hosts.

Pool2

  • Type: Pooled
  • Ten Windows 11, x64 Generation 2 Enterprise multi-session hosts are included in Pool2.

Pool3

  • Type: Personal
  • Two Windows Server 2022 Datacenter x64 Generation 1 session hosts are included in Pool 3.

On session hosts, you intend to activate Confidential VM settings.

Which host pools have session hosts with Confidential VM parameters available for configuration?

  • Pool1 only
  • Pool1 and Pool2 only
  • Pool1 and Pool3 only
  • Pool2 and Pool3 only
  • Pool2 only
  • Pool3 only

The correct answer is:

Pool1 and Pool2 only

Explanation:

Confidential VMs in Azure provide enhanced security features like memory encryption and require specific hardware and OS support.

Requirements for Confidential VMs:

  1. Generation 2 VMRequired
  2. Windows 10 or Windows 11 (Enterprise multi-session supported) – ✅
  3. Windows Server is NOT supported

Now, let’s analyze each pool:

PoolTypeOSGenerationConfidential VM Support?
Pool1PersonalWindows 10 Enterprise multi-sessionGen 2Supported
Pool2PooledWindows 11 Enterprise multi-sessionGen 2Supported
Pool3PersonalWindows Server 2022 DatacenterGen 1Not Supported
  • Pool1 and Pool2 meet all requirements (Gen 2 + Windows 10/11 multi-session).
  • Pool3 is NOT supported because:
    • It uses Windows Server 2022 (Confidential VMs do not support Windows Server).
    • It is also Generation 1, while Confidential VMs require Generation 2.

You have a pooled host pool called Pool1 in your Azure Virtual Desktop deployment. There are 25 session hosts in Pool 1.

You intend to manage and keep an eye on the session hosts’ vulnerabilities and threats using the Microsoft Defender portal.

You must make sure that Microsoft Defender for Endpoint receives security information from the session hosts.

When using the Microsoft Defender portal, what should you do first?

  • Add a URL/Domain indicator.
  • Configure an assessment job.
  • Download a virtual desktop infrastructure (VDI) onboarding package.
  • Run a detection test.

The correct answer is:

Download a virtual desktop infrastructure (VDI) onboarding package.

Explanation:

To ensure Azure Virtual Desktop (AVD) session hosts report security information to Microsoft Defender for Endpoint, you must onboard them as part of a Virtual Desktop Infrastructure (VDI).

Steps to Enable Defender for Endpoint on AVD Session Hosts:

  1. Download the VDI onboarding package from the Microsoft Defender portal.
  2. Deploy the package to all AVD session hosts in Pool1.
  3. Verify reporting by running a detection test after onboarding.

You have a pooled host pool called Pool1 in your Azure Virtual Desktop deployment. There are 25 session hosts in Pool 1.

You must suggest a solution that satisfies the following security specifications:

makes certain that every session host is set up correctly and that, when necessary, exploit mitigation mechanisms are used.

discovers unsecured session hosts, dynamically evaluates the security situation, and implements suggested fixes to enhance security overall.

Regarding the Azure Virtual Desktop infrastructure, what recommendations would you make?

  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Windows Defender Application Control (WDAC)
  • Windows Defender Device Guard

The correct answer is:

Microsoft Defender for Endpoint

Explanation:

Microsoft Defender for Endpoint (MDE) is the best solution because it:

  • Continuously monitors session hosts for security misconfigurations and vulnerabilities.
  • Applies exploit mitigation techniques automatically to protect against threats.
  • Dynamically assesses the security state of each session host.
  • Provides recommendations and automated actions to improve security posture.

This aligns perfectly with the security requirements stated in the question.

You are planning an Azure Virtual Desktop AVD) deployment that will be using FSLogix for store the users profile

For profile and ODFC containers, you must provide an FSLogix feature that can help guarantee high availability and resilience.

What should you recommend?

  • a custom profile redirections.xml file
  • Application Rule Sets
  • Cloud Cache
  • VHD Disk Compaction

The correct answer is:

Cloud Cache

Explanation:

FSLogix Cloud Cache is designed to improve resiliency and high availability for FSLogix profile and ODFC (Office Data Files Cache) containers by:

  • Enabling multiple storage locations (e.g., Azure Files, Azure NetApp Files, SMB shares).
  • Providing automatic failover if one storage location becomes unavailable.
  • Caching user profiles locally to improve performance and reduce storage dependency.

This ensures that user profiles remain available even if a primary storage location fails.

You have a host pool called Pool1 in your Azure Virtual Desktop deployment. Host1 is the session host found in Pool1.

You implement FSLogix profile containers.

You need to verify where the FSLogix profile container is being stored on Host1.

Which command should you run?

  • frx list-redirects
  • frx list-rules
  • frx report-assignment
  • frxcontext –install

The correct answer is:

frx list-redirects

Explanation:

The frx list-redirects command is used to validate the storage location of the FSLogix profile container on a session host. It shows where user profiles are being redirected within the FSLogix configuration.

This helps confirm that profiles are being stored in the correct location (e.g., an Azure Files or SMB share).

Five session hosts include the host pool in your Azure Virtual Desktop deployment. FSLogix profile containers are used by every session host.

You intend to combine the FSLogix implementation with Cloud Cache.

To use Cloud Cache for profile redirection, you must set up an FSLogix registry option on each session host.

Which registry setting ought to be a part of the setup?

  • CCDLocations
  • ProxyDirectory
  • VHDLocations
  • WriteCacheDirectory

The correct answer is:

CCDLocations

Explanation:

To integrate Cloud Cache with FSLogix profile containers, you must configure the CCDLocations registry setting.

  • CCDLocations defines multiple storage locations (e.g., Azure Files, SMB shares) where the FSLogix profile containers are stored and cached.
  • It allows automatic failover and high availability, ensuring user profiles remain accessible even if a primary storage location becomes unavailable.

You have a host pool called Pool1 in your Azure Virtual Desktop deployment. Host1 is the session host found in Pool1.

Device1 is the device that a user uses to connect to Host1.

Based on Device 1’s location, you must make sure that printers are accessible.

What should you configure?

  • location override on Device1
  • location override on Host1
  • Network auto detect on Pool1
  • the load balancing algorithm on Pool1

The correct answer is:

Location override on Host1

Explanation:

To ensure printers are available based on the location of the user’s device (Device1), you must configure location-based printing in Azure Virtual Desktop (AVD).

“Location override on Host1” is the correct setting because:

  • Host1 (session host) needs to detect the location of Device1 and apply the correct printer mapping.
  • Location-based printing allows printers to be assigned dynamically based on the user’s location.

In your Azure Virtual Desktop setup, you have a host pool named Pool1. The session host in Pool1 is called Host1.

The device that a user connects to Host1 is called Device1.

For inactive Remote Desktop connections, a time limit must be set.

What must be configured?

  • a scaling plan on Pool1
  • Group Policy settings on Device1
  • Group Policy settings on Host1
  • session behavior on Pool1

The correct answer is:

Group Policy settings on Host1

Explanation:

To set a time limit for idle Remote Desktop connections, you need to configure Group Policy settings on Host1 (the session host).

  • The relevant Group Policy setting is:
    Set a time limit for Remote Desktop Services sessions that are both active and inactive
    • Location:
      Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits
    • This policy automatically disconnects or logs off idle users after a specified time.

In your Azure Virtual Desktop setup, you have a host pool named Pool1. Pool 1 contains ten session hosts.

You plan to use Azure Monitor for Pool 1.

You must ensure that the required components are configured in order to support Azure Monitor.

Which two parts need to be set up?

  • Azure Analysis Services
  • Automation tasks
  • diagnostic settings
  • Log Analytics workspace
  • Microsoft Purview

The correct answers are:

Diagnostic settings
Log Analytics workspace

Explanation:

To implement Azure Monitor for Azure Virtual Desktop (AVD), you need to configure:

1️⃣ Diagnostic settings

  • Enables Azure Monitor to collect logs and metrics from AVD components (session hosts, host pools, user sessions, etc.).
  • Must be configured on each session host and host pool to send data to a Log Analytics workspace.

2️⃣ Log Analytics workspace

  • Stores logs and performance data collected from AVD resources.
  • Azure Monitor uses Log Analytics queries to analyze session performance, user activity, and troubleshooting logs.

Your organization, MSCloudExplorers, has deployed Azure Virtual Desktop (AVD) with the following resources:

  • MSCE-HostPool: A pooled host pool for users

  • MSCE-AppGroup: A RemoteApp application group that publishes specific apps

  • MSCE-Workspace: A workspace that contains MSCE-AppGroup as a registered application group

  • MSCE-AutoScale: An autoscaling plan used for optimizing session host resources

You need to collect diagnostic logs related to user subscription feeds (i.e., the user’s ability to see their assigned apps in the AVD client).

Where should you configure diagnostic settings to capture this information?

  • MSCE-AppGroup

  • MSCE-AutoScale

  • MSCE-HostPool

  • MSCE-Workspace

The correct answer is: MSCE-Workspace

Explanation:

  • User subscription feed logs (e.g., what users can see in their AVD client) are tied to the workspace registration.

  • These logs help troubleshoot scenarios where users do not see expected applications in their AVD feed.

  • Therefore, you must configure diagnostic settings on the workspace resource, not the host pool, app group, or scaling plan.

We’d love your feedback!
Share your thoughts on the Renewal Test and help us improve by reporting any inaccurate answers.

🔗 Explore more Renewal Tests at mscloudexplorers.com/learn
📘 Discover more Microsoft 365 & Intune-related blogs at mscloudexplorers.com/blog
🔔 Follow us on LinkedIn for regular updates, tips, and community insights.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *