Topic 2, Litware, Inc
Case study
This is a case study. Case studies are not timed separately. You can use as much
exam time as you would like to complete each case. However, there may be additional
case studies and sections on this exam. You must manage your time to ensure that you
are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information
that is provided in the case study. Case studies might contain exhibits and other resources
that provide more information about the scenario that is described in the case study. Each
question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review
your answers and to make changes before you move to the next section of the exam. After
you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the
left pane to explore the content of the case study before you answer the questions. Clicking
these buttons displays information such as business requirements, existing environment,
and problem statements. If the case study has an All Information tab, note that the
information displayed is identical to the information displayed on the subsequent tabs.
When you are ready to answer a question, click the Question button to return to the
question.
Overview
Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States,
and a remote office in Chennai, India.
Existing Environment. Identity Environment
The network contains an on-premises Active Directory domain named litware.com that
syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
The Azure AD tenant contains the users shown in the following table.
Litware uses custom virtual machine images and custom scripts to automatically provision
Azure virtual machines and join the virtual machines to the on-premises Active Directory
domain.
Network and DNS
The offices connect to each other by using a WAN link. Each office connects directly to the
internet.
All DNS queries for internet hosts are resolved by using DNS servers in the Boston office,
which point to root servers on the internet. The Chennai office has caching-only DNS
servers that forward queries to the DNS servers in the Boston office.
Requirements. Planned Changes
Litware plans to implement the following changes:
Deploy Windows Virtual Desktop environments to the East US Azure region for the
users in the Boston office and to the South India Azure region for the users in the
Chennai office.
Implement FSLogix profile containers.
Optimize the custom virtual machine images for the Windows Virtual Desktop
session hosts.
Use PowerShell to automate the addition of virtual machines to the Windows
Virtual Desktop host pools.
Requirements. Performance Requirements
Litware identifies the following performance requirements:
Minimize network latency of the Windows Virtual Desktop connections from the
Boston and Chennai offices.
Minimize latency of the Windows Virtual Desktop host authentication in each Azure
region.
Minimize how long it takes to sign in to the Windows Virtual Desktop session
hosts.
Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
Enforce Azure MFA when accessing Windows Virtual Desktop apps.
Force users to reauthenticate if their Windows Virtual Desktop session lasts more
than eight hours.
Requirements. Security Requirements
Litware identifies the following security requirements:
Explicitly allow traffic between the Windows Virtual Desktop session hosts and
Microsoft 365.
Explicitly allow traffic between the Windows Virtual Desktop session hosts and the
Windows Virtual Desktop infrastructure.
Use built-in groups for delegation.
Delegate the management of app groups to CloudAdmin1, including the ability to
publish app groups to users and user groups.
Grant Admin1 permissions to manage workspaces, including listing which apps
are assigned to the app groups.
Minimize administrative effort to manage network security.
Use the principle of least privilege.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
Use PowerShell to generate the token used to add the virtual machines as session
hosts to a Windows Virtual Desktop host pool.
Minimize how long it takes to provision the Windows Virtual Desktop session hosts
based on the custom virtual machine images.
Whenever possible, preinstall agents and apps in the custom virtual machine
images.
You need to ensure the resiliency of the user profiles for the Boston office users. The solution must meet the user performance requirements.
What should you do?
A.
Modify the Account kind setting of storage1.
B.
Modify the replication settings of storage1.
C.
Implement Azure Site Recovery.
D.
Configure Cloud Cache.
Configure Cloud Cache.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtualdesktop-
fslogix
Which two roles should you assign to Admin2 to meet the security requirements? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A.
Desktop Virtualization Host Pool Contributor
B.
Desktop Virtualization Application Group Contributor
C.
Desktop Virtualization Workspace Contributor
D.
Desktop Virtualization Application Group Reader
E.
User Access Administrator
Desktop Virtualization Application Group Contributor
Desktop Virtualization Workspace Contributor
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac
You need to configure a conditional access policy to meet the authentication requirements.
What should you include in the policy configuration? To answer, select the appropriate
options in the answer area.
NOTE Each correct selection is worth one point.
You need to configure the user settings of Admin1 to meet the user profile requirements.
What should you do?
A.
Modify the membership of the FSLogix ODFC Exclude List group.
B.
Modify the membership of the FSLogix Profile Exclude List group.
C.
Modify the HKLM\SOFTWARE\FSLogix\Profiles registry settings.
D.
Modify the HKLM\SOFTWARE\FSLogix\ODFC registry settings.
Modify the membership of the FSLogix ODFC Exclude List group.
Reference:
https://docs.microsoft.com/en-us/fslogix/overview
https://docs.microsoft.com/en-us/fslogix/configure-profile-container-tutorial#set-up-includeand-
exclude-usergroups
You need to ensure that you can implement user profile shares for the Boston office users. The solution must meet the user profile requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to recommend an authentication solution that meets the performance
requirements.
Which two actions should you include in the recommendation? Each correct answer
presents part of the solution.
NOTE: Each correct selection is worth one point.
A.
Join all the session hosts to Azure AD.
B.
In each Azure region that will contain the Windows Virtual Desktop session hosts, create
an Azure Active Directory Domain Service (Azure AD DS) managed domain.
C.
Deploy domain controllers for the on-premises Active Directory domain on Azure virtual
machines.
D.
Deploy read-only domain controllers (RODCs) on Azure virtual machines.
E.
In each Azure region that will contain the Windows Virtual Desktop session hosts, create
an Active Directory site.
Join all the session hosts to Azure AD.
Deploy domain controllers for the on-premises Active Directory domain on Azure virtual
machines.
Explanation:
https://www.compete366.com/blog-posts/how-to-implement-azure-windows-virtual-desktopwvd/
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azuremarketplace
You need to deploy the session hosts to meet the deployment requirements Which PowerShell cmdlel should you run first?
A.
New-AzwvdRegistratrationinfo
B.
Get-AzApiManagementSsoToken
C.
Set-AzWMADDomainExtension
D.
Update-AZwvdSessionHost
Get-AzApiManagementSsoToken
You need to recommend a DNS infrastructure that meet the performance requirements. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to modify the custom virtual machine images to meet the deployment
requirements. What should you install?
A.
the RSAT: Remote Desktop Services Tools optional feature
B.
the Azure Virtual Desktop Agent
C.
the Microsoft Monitoring Agent
D.
the FSLogix agent
the FSLogix agent
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image
You have a Azure Virtual Desktop deployment.
You Implement FSLogix profile container.
You need to ensure that the FSlogix profile containers are not used for specific users. What should you do?
A.
Modify the RDP Properties of the host pool.
B.
Apply an Application Masking rule to each session host.
C.
Apply an AppLocker policy to each session host.
D.
Modify the local groups on each session host.
Apply an AppLocker policy to each session host.
| Page 2 out of 11 Pages |
| Previous |
Copyright © - All Rights Reserved