Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. AZ-140

Microsoft AZ-140 Exam (page: 3)
Microsoft Configuring and Operating Azure Virtual Desktop
Updated on: 25-Dec-2025

Viewing Page 3 of 43
AZ-140 PDF 341 Questions

You have an Azure subscription that contains 500 users. The users are assigned Microsoft Office 365 E1 licenses.

You deploy an Azure Virtual Desktop solution that contains Windows 10 multi-session hosts and streams a custom remote app named App1.

You need to ensure that the users are licensed to stream App1. The solution must minimize costs.

Which license should you use?

  1. Microsoft 365 E5
  2. Office 365 E3
  3. a Remote Desktop Services (RDS) client access license (CAL)
  4. Windows 10 Enterprise E3

Answer(s): D

Explanation:

App-V client. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10/11 Enterprise E3 devices.


Reference:

https://docs.microsoft.com/sv-se/windows/deployment/windows-10-enterprise-e3-overview



DRAG DROP (Drag and Drop is not supported)

You have an Azure subscription that contains a virtual machine named VM1. VM1 runs a customized version of Windows 10 Enterprise.

You generalize the operating system on VM1 and shut down the virtual machine.

You need to deploy additional virtual machines based on an image of VM1 by using the Azure portal.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Create a managed image from a snapshot using PowerShell.
You can create a managed image from a snapshot of a generalized VM by following these steps:

1. Create an image of a VM in the portal, capture a VM in the portal

2. Go to the Azure portal, then search for and select Virtual machines.

3. Select your VM from the list.

4. On the page for the VM, on the upper menu, select Capture.

5. The Create an image page appears.

6. For Resource group, either select Create new and enter a name, or select a resource group to use from the drop-down list. If you want to use an existing gallery, select the resource group for the gallery you want to use.

7. To create the image in a gallery, select Yes, share it to a gallery as an image version.

8. To only create a managed image, select No, capture only a managed image. The VM must have been generalized to create a managed image. The only other required information is a name for the image.

9. If you want to delete the source VM after the image has been created, select Automatically delete this virtual machine after creating the image. This is not recommended.

10. For Gallery details, select the gallery or create a new gallery by selecting Create new. (Step 1)

11. In Operating system state select generalized or specialized. For more information, see Generalized and specialized images.

12. Select an image definition or select create new and provide a name and information for a new Image definition. (Step 2)

13. Enter an image version number. If this is the first version of this image, type 1.0.0. (Step 3)

14. If you want this version to be included when you specify latest for the image version, then leave Exclude from latest unchecked.

15. Select an End of life date. This date can be used to track when older images need to be retired.

16. Under Replication, select a default replica count and then select any additional regions where you would like your image replicated.

17.
When you are done, select Review + create.

18. After validation passes, select Create to create the image.


Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/capture-image-portal



You have an Azure Virtual Desktop deployment that contains an Azure compute gallery. The Azure compute gallery contains an image definition named Definition1. Definition1 contains the following image versions:

· 1.0.0
· 1.1.0
· 1.2.0

You need to ensure that when a virtual machine is created from the Azure compute gallery, the 1.1.0 image version is used by default.

What should you do?

  1. Select Exclude from latest for image version 1.0.0.
  2. Select Exclude from latest for image version 1.2.0.
  3. Apply a lock to image version 1.1.0.
  4. Apply a tag named default to image version 1.1.0.

Answer(s): B

Explanation:

Updating resources.
Once created, you can make some changes to the gallery resources. These are limited to:
* Azure Compute Gallery:
* Image definition:
* Image version:
Regional replica count
Target regions
Exclude from latest
End of life date
Note: When you specify to use latest when creating a VM, the latest image is chosen based on the highest MajorVersion, then MinorVersion, then Patch.


Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries



HOTSPOT (Drag and Drop is not supported)

You have an Azure Virtual Desktop deployment and two Azure Active Directory groups named Group1 and Group2.

You create two Conditional Access policies named Policy1 and Policy2. Policy1 is assigned to Group1. Policy2 is assigned to Group2. Both policies include Azure Virtual Desktop as a cloud app.

You need to meet the following requirements:

The users in Group1 must be prompted for multi-factor authentication (MFA) when they connect to Azure

Virtual Desktop.
The users in Group2 must reauthenticate every eight hours while they are connected to Azure Virtual

Desktop.

Which settings should you configure in Policy1 and Policy2? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Access control: Grant
The users in Group1 must be prompted for multi-factor authentication (MFA) when they connect to Azure Virtual Desktop.

Create a Conditional Access policy (see step 15 below).
Here's how to create a Conditional Access policy that requires multi-factor authentication when connecting to Azure Virtual Desktop:

1. Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.

2. In the search bar, type Azure Active Directory and select the matching service entry.

3. Browse to Security > Conditional Access.

4. Select New policy > Create new policy.

5. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.

6. Under Assignments, select Users or workload entities.

7. Under the Include tab, select Select users and groups and tick Users and groups. On the right, search for and choose the group that contains your Azure Virtual Desktop users as group members.

8. Select Select.

9. Under Assignments, select Cloud apps or actions.

10. Under the Include tab, select Select apps.

11. On the right, select one of the following apps based on which version of Azure Virtual Desktop you're using. If you're using Azure Virtual Desktop (based on Azure Resource Manager), you can configure MFA on two different apps:
* Azure Virtual Desktop (app ID 9cdead84-a844-4324-93f2-b2e6bb768d07), which applies when the user subscribes to a feed and authenticates to the Azure Virtual Desktop Gateway during a connection.
* Microsoft Remote Desktop

If you're using Azure Virtual Desktop (classic), choose these apps:
Windows Virtual Desktop (app ID 5a0aa725-4958-4b0c-80a9-34562e23f3b7) Windows Virtual Desktop Client (app ID fa4345a4-a730-4230-84a8-7d9651b86739), which will let you set policies on the web client.

12. Once you've selected your app, select Select.

13. Under Assignments, select Conditions > Client apps. On the right, for Configure, select Yes, and then select the client apps this policy will apply to

14. Once you've selected the client apps this policy will apply to, select Done.

15. Under Assignments, select Access controls > Grant, select Grant access, Require multi-factor authentication, and then select Select.

16. At the bottom of the page, set Enable policy to On and select Create.

Box 2: Access controls: Session
The users in Group2 must reauthenticate every eight hours while they are connected to Azure Virtual Desktop.

Configure sign-in frequency
To optionally configure the time period before a user is asked to sign-in again:

1. Open the policy you created previously.
2. Under Assignments, select Access controls > Session. On the right, select Sign-in frequency. Set the value for the time period before a user is asked to sign-in again, and then select Select. For example, setting the value to 1 and the unit to Hours, will require multi-factor authentication if a connection is launched over an hour after the last one.
3. At the bottom of the page, under Enable policy select Save.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa



HOTSPOT (Drag and Drop is not supported)

You plan to deploy two Azure file shares named share1 and share2 that will be used with Azure Virtual Desktop.

The share1 file share will contain at least 100 GB of data and must be stored on SSDs.

The share2 file share must be able to switch between Transaction optimized and Cool storage tiers and must be stored on HDDs.

You need to recommend which type of storage accounts to use for the shares. The solution must minimize costs.

What should you recommend for each share? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Premium file shares
Share1 will contain at least 100 GB of data and must be stored on SSDs.

Premium file shares enable highly I/O-intensive workloads, with high throughput and low latency. Premium file shares are offered on high-performance solid-state drive (SSD) based storage.

Incorrect:
* Page Blob pricing:



* Premium block blobs
Block blob storage is used for streaming and storing documents, videos, pictures, backups, and other unstructured text or binary data.

Box 2: Standard general-purpose v2
Share2 must be able to switch between Transaction optimized and Cool storage tiers and must be stored on HDDs.

Transaction optimized file shares enable transaction heavy workloads that don't need the latency offered by premium file shares with consistent latency. Transaction optimized file shares are a great fit for applications that require file storage or for backend storage.

General purpose v2 storage accounts offer the latest Azure Files features, including hot and cool tiers and are recommended for all users. Transaction optimized file shares are available in both general purpose v1 and v2 storage accounts.


Reference:

https://azure.microsoft.com/en-us/pricing/details/storage/files/ https://azure.microsoft.com/en-us/pricing/details/storage/page-blobs/ https://azure.microsoft.com/en-us/pricing/details/storage/files/



Your network contains an on-premises Active Directory domain. The domain contains a universal security group named AVDusers.

You have a hybrid Azure AD tenant. AVDusers syncs to Azure AD.

You have an Azure Virtual Desktop host pool that contains four Windows 10 Enterprise multi-session hosts.

You need to ensure that the members of AVDusers can establish Azure Virtual Desktop sessions to the host pool.

What should you do?

  1. On each session host, add AVDusers to the local Remote Desktop Users group.
  2. Assign AVDusers to an Azure role scoped to the host pool.
  3. Assign AVDusers to an application group.
  4. Assign AVDusers to an Azure role scoped to the session hosts.

Answer(s): C

Explanation:

The default app group created for a new Azure Virtual Desktop host pool also publishes the full desktop. In addition, you can create one or more RemoteApp application groups for the host pool.
Assign AVDusers to the application group and they would then appear for the respective Remote Apps and associated DAG.


Reference:

https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups



You plan to deploy Azure Virtual Desktop session host virtual machines based on a preconfigured master image. The master image will be stored in an Azure compute gallery.

You create a virtual machine named Image1 to use as the master image. You install applications and apply configuration changes to Image1.

You need to ensure that the new session host virtual machines created based on Image1 have unique names and security identifiers.

What should you do on Image1 before you add the image to the Azure compute gallery?

  1. At a command prompt, run the set computername command.
  2. From PowerShell, run the rename-computer cmdlet.
  3. At a command prompt, run the sysprep command.
  4. From the lock screen of the Windows device, perform a Windows Autopilot Reset.

Answer(s): C

Explanation:

Remove machine specific information by generalizing a VM before creating an image Sysprep removes all your personal account and security information, and then prepares the machine to be used as an image.
Note: Generalizing a VM is not necessary for creating an image in an Azure Compute Gallery unless you specifically want to create a generalized image. Generalizing is required when creating a managed image outside of a gallery.
Generalizing removes machine specific information so the image can be used to create multiple VMs. Once the VM has been generalized, you need to let the platform know so that the boot sequence can be set correctly.
Incorrect:
* Windows Autopilot Reset
Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and simply. Specifically, Windows Autopilot Reset:
Removes personal files, apps, and settings.
Reapplies a device's original settings.
Sets the region, language, and keyboard to the original values.
Maintains the device's identity connection to Azure AD.
Maintains the device's management connection to Intune.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-machines/generalize https://learn.microsoft.com/en-us/mem/autopilot/windows-autopilot-reset



DRAG DROP (Drag and Drop is not supported)

Your on-premises network contains an Active Directory domain that syncs with a Microsoft Entra tenant.

You have an Azure Virtual Desktop host pool that contains Windows 11 session hosts joined to the domain.

You need to configure Azure NetApp Files to store user profile containers.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Note: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Step 1: Create a new Azure NetApp Files account.
To get started, you need to set up an Azure NetApp Files account.

Step 2: Create a capacity pool
Next, create a new capacity pool:

Step 3: Configure an Active Directory connection to the Microsoft Entra tenant. After that, you need to join an Active Directory connection.

Note:
1. Select Active Directory connections in the menu on the left side of the page, then select the Join button to open the Join Active Directory page.



2. Etc.

Step 4: Create a new SMB volume
Next, you'll need to create a new SMB volume.


Reference:

https://learn.microsoft.com/en-us/azure/virtual-desktop/create-fslogix-profile-container



Viewing Page 3 of 43



Share your comments for Microsoft AZ-140 exam with other users:

Wang 6/9/2022 10:05:00 PM

pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.
UNITED STATES


gr 7/2/2023 7:03:00 AM

ques 4 answer should be c ie automatically recover from failure
Anonymous