ERASED TEST, YOU MAY BE INTERESTED ON Topic 3
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
Topic 3 Description: Topic 3 Author: xzcxzcxzcxz Other tests from this author Creation Date: 15/10/2024 Category: Others Number of questions: 24 |
Share the Test:
New Comment
No comments about this test.
Content:
|
You have an Azure Virtual Desktop host pool named Pool1 and an Azure Storage account named Storage1. Storage1 stores FSLogix profile containers in a share folder named share1.
You create a new group named Group1. You provide Group1 with permission to sign in to Pool1.
You need to ensure that the members of Group1 can store the FSLogix profile containers in share1. The solution must use the principle of least privilege.
Which two privileges should you assign to Group1? Each correct answer presents part of the solution. the Storage Blob Data Contributor role for storage1 the List folder / read data NTFS permissions for share1 the Modify NTFS permissions for share1 the Storage File Data SMB Share Reader role for storage1 the Storage File Data SMB Share Elevated Contributor role for storage1 the Storage File Data SMB Share Contributor role for storage1. You have a Azure Virtual Desktop host pool. You need to install Microsoft Antimalware for Azure on the session hosts. What should you do? Add an extension to each session host From a Group Policy Object (GPO), enable Windows 10 security features Configure the RDP Properties of the host pool Sign in to each session host and install a Windows feature. HOTSPOT - You have a Azure Virtual Desktop deployment. You need to ensure that all the connections to the managed resources in the host pool require multi-factor authentication (MFA). Which two settings should you modify in a conditional access policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Cloud apps or actions Grant. HOTSPOT - Your company has the offices shown in the following table. The company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1. Users connect to a Azure Virtual Desktop deployment named WVD1. WVD1 contains session hosts that have public IP addresses from the 52.166.253.0/24 subnet. Contoso.com has a conditional access policy that has the following settings: ✑ Name: Policy1 ✑ Assignments: - Users and groups: User1 - Cloud apps or actions: Azure Virtual Desktop ✑ Access controls: - Grant: Grant access, Require multi-factor authentication ✑ Enable policy: On For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Yes Yes No. You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain. You need to configure idle session timeout settings for users that connect to the session hosts in Pool1. Solution: From an Azure AD DS-joined computer, you modify the AADDC Users GPO settings. Does this meet the goal? Yes No. You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain. You need to configure idle session timeout settings for users that connect to the session hosts in Pool1. Solution: From an Azure AD DS-joined computer, you modify the AADDC Computers GPO settings. Does this meet the goal? Yes No. You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain. You need to configure idle session timeout settings for users that connect to the session hosts in Pool1. Solution: From the Azure portal, you modify the Session behavior settings in the RDP Properties of Pool1. Does this meet the goal? Yes No. You have an Azure Virtual Desktop deployment. You have a RemoteApp named App1. You discover that from the Save As dialog box of App1, users can run executable applications other than App1 on the session hosts. You need to ensure that the users can run only published applications on the session hosts. What should you do? Configure a conditional access policy in Azure Active Directory (Azure AD) Modify the Access control (IAM) settings of the host pool Modify the RDP Properties of the host pool Configure an AppLocker policy on the session hosts. HOTSPOT - You have an Azure Virtual Desktop Deployment that contains a workspace named Workspace1 and a user named User1. Workspace1 contains a Desktop application group named Pool1Desktop. At 09:00, you create a conditional access policy that has the following settings: ✑ Assignments: - Users and groups: User1 - Cloud apps or actions: Azure Virtual Desktop - Conditions: 0 conditions selected ✑ Access controls - Grant: Grant access, Require multi-factor authentication - Sessions: Sign-in frequency 1 hour User1 performs the actions shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. Yes No Yes. You deploy an Azure Virtual Desktop session host pool that includes ten virtual machines. You need to provide a group of pilot users access to the virtual machines in the pool. What should you do? Create a role definition Add the users to a Remote Desktop Users group on the virtual machines Add the users to the local Administrators group on the virtual machines Create a role assignment. You have an Azure Active Directory Domain Services (Azure AD DS) managed domain named contoso.com. You create an Azure Virtual Desktop host pool named Pool1. You assign the Virtual Machine Contributor role for the Azure subscription to a user named Admin1. You need to ensure that Admin1 can add session hosts to Pool1. The solution must use the principle of least privilege. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. Assign Admin1 the Desktop Virtualization Host Pool Contributor role for Pool1 Assign Admin1 the Desktop Virtualization Session Host Operator role for Pool1 Add Admin1 to the AAD DC Administrators group Assign a Microsoft 365 Enterprise E3 license to Admin1 Generate a registration token. You have an Azure Virtual Desktop host pool named Pool1 that is integrated with an Azure Active Directory Domain Services (Azure AD DS) managed domain. You need to configure idle session timeout settings for users that connect to the session hosts in Pool1. Solution: From the Azure portal, you modify the Advanced settings in the RDP Properties of Pool1. Does this meet the goal? Yes No. You have a hybrid Azure Active Directory (Azure AD) tenant. You plan to deploy an Azure Virtual Desktop personal host pool. The host pool will contain 15 virtual machines that run Windows 10 Enterprise. The virtual machines will be joined to the on-premises Active Directory domain and used by the members of a domain group named Department1. You need to ensure that each user is added automatically to the local Administrators group on the virtual machine to which the user signs in. What should you configure? a role assignment for the host pool a role assignment for each virtual machine a policy preference in a Group Policy Object (GPO) a device setting in Azure AD. HOTSPOT - You have two Azure subscriptions that are linked to an Azure Active Directory (Azure AD) tenant named contoso.com and contain an Azure Virtual Desktop deployment. The tenant contains a user named User1. When User1 signs in to Azure Security Center, the user receives the message shown in the following exhibit. You need to ensure that User1 can manage security information for the tenant. The solution must use the principle of least privilege. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Security Admin at the root management group level Security Admin at the subscription level Security administrator for contoso.com External Identity Provider administrator Global administrator Privileged role administrator . DRAG DROP- Your on-premises network contains an Active Directory domain named fabrikam.com that syncs with Azure Active Directory (Azure AD). The domain contains a global group named AVDusers. You have an Azure subscription that contains the resources shown in the following table. All Azure Virtual Desktop users are members of the AVDusers group. You plan to create FSLogix profile containers in Profiles1. You need to configure Profiles1 and fabrikam.com to ensure that the HostPool1 sessions hosts can access the FSLogix profile containers. What should you do? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Assign Azure role-based access control (Azure RBAC) roles to AVDusers Create a computer account for storage 1 Generate a shared access signature (SAS) Assign NTFS permissions to AVDusers Create a shared folder object for Profiles1. You have an Azure Virtual Desktop deployment that contains the resources shown in the following table. You plan to enable Start VM on connect for Pool1. You create a custom Azure role named Role1 that has sufficient permissions to start virtual machines on demand. You need to ensure that the session hosts in Pool1 can start on demand. To which service principal should you assign Role1? Managed1 Azure Virtual Desktop Azure Automation Host1 Azure Compute. You have an Azure Virtual Desktop deployment that contains the resources shown in the following table. You need to enable just-in-time (JIT) VM access for all the session hosts. What should you do first? Deploy Azure Bastion to VNET1 Assign network security groups (NSGs) to the network interfaces of the five session hosts Configure Access control (IAM) for HostPool1 Assign a network security group (NSG) to Subnet1. HOTSPOT- You have an Azure Virtual Desktop deployment that contains the resources shown in the following table. You need to perform the following configurations: • Enable a managed identity for App1. • Enable Clipboard redirection for App1. On which resources should you perform the configurations? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. AG1 Host1 and Host2 Pool1 WS1 AG1 Host1 and Host2 Pool1 WS1. DRAG DROP- You have an Azure Virtual Desktop deployment that contains the resources shown in the following table. You have a Windows 11 device named Device1 that has Azure Command-Line Interface (CLI) installed. You need to use Remote Desktop Connection (mstsc.exe) on Device1 to connect to Host1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Change Bastion1 to the Standard SKU On Bastion1, enable Kerberos authentication On Bastion1, select Native Client Support On Host1, enable just-in-time (JIT) VM access On Device1, run the az network bastion rdp command. HOTSPOT- You have an Azure Virtual Desktop deployment that uses Cloud Cache to store user profiles. You plan to deploy Microsoft Defender Antivirus exclusions to the session hosts by using the following PowerShell script. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. the cloud Cache folder only storageacct1 and storageacct2 only the Cloud Cache folder, storageacct1, and storageacct2 Cache folder only Media-stack folder and Cache folder Media-stack folder, Cache folder, and all text files. DRAG DROP- You have an Azure Virtual Desktop deployment. You plan to use a Conditional Access policy to enforce multi-factor authentication (MFA) when users connect to the deployment. The solution must meet the following requirements: • Enforce MFA when a user connects to Azure Virtual Desktop by using a subscription feed. • Enforce MFA when a user authenticates to a session host that has single sign-on (SSO) enabled. You need to identify which cloud apps to use for the Conditional Access policy. Which app should you use for each requirement? To answer, drag the appropriate apps to the correct requirements. Each app may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Azure Virtual Desktop Azure Windows VM Sign-in Microsoft Remote Desktop Office 365 Windows Virtual Desktop Client. HOTSPOT- You have an Azure Virtual Desktop deployment that has just-in-time (JIT) VM access enabled. You need to request access to a session host by using JIT VM access. Which three virtual machine settings can you use to request access? To answer, select the appropriate settings in the answer area. NOTE: Each selection is worth one point. Connect Microsoft Defender for Cloud Configuration. You have an Azure Virtual Desktop deployment that contains a host pool named Pool1. Pool1 contains two session hosts named Host1 and Host2. You need to enable screen capture protection for the deployment. What should you do? Configure a Group Policy setting on Host1 and Host2 From RDP Properties for Pool1, disable Clipboard redirection Install an Azure virtual machine extension on Host1 and Host2 From RDP Properties for Pool1, disable encoding of redirected video. HOTSPOT- You have an Azure Virtual Desktop host pool that contains 20 Windows 11 session hosts. You create a Windows Defender Application Control (WDAC) policy named Policy1.xml. You need to deploy Policy1.xml to the session hosts. How should you prepare the policy, and to where should you copy the policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Compress Policy1.xml Convert Policy1.xml to its binary form Digitally sign Policy1.xml C:\Windows\System32\AppLocker C:\Windows\System32\Configuration C:\Windows\System32\Codeintegrity\CiPolicies\Active C:\Windows\SystemResources\Windows\UI.AccountsControl. |
Report abuse