ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-140 All Questions

View all questions & answers for the AZ-140 exam
Go to Exam

Exam AZ-140 topic 3 question 53 discussion

Actual exam question from Microsoft's AZ-140
Question #: 53
Topic #: 3
[All AZ-140 Questions]

Case study -

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.


To start the case study -

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.



Overview -

Northwind Traders is a manufacturing company based in New York City.



Existing Environment -


Identity Environment -

The on-premises network contains an Active Directory Domain Services (AD DS) domain named northwindtraders.com.

Northwind Traders has a Microsoft Entra tenant and a Microsoft Entra Domain Services managed domain. The northwindtraders.com domain syncs with the Microsoft Entra tenant.


Virtual Machines -

The company has an on-premises Hyper-V virtual machine named VM1 that has the following configurations:

• Generation: 1
• Disk size: 2 TB
• Disk format: VHDX
• Disk type: Dynamically expanding


Cloud Services -

Northwind Traders has a Microsoft 365 E5 subscription. The subscription contains 500 users that are assigned Microsoft 365 E5 licenses.

The company has an Azure subscription that contains the resources shown in the following table.



Both subscriptions are linked to the Microsoft Entra tenant.



Requirements -


Planned Changes -

Northwind Traders identifies the following planned changes:

• Deploy an Azure Virtual Desktop host pool that will contain 10 session hosts joined to the Microsoft Entra Domain Services managed domain.
• Configure VM1 as the source image for the Azure Virtual Desktop deployment and upload the image to Azure.
• The Azure Virtual Desktop deployment will provide access to a custom app named App1.


Performance Requirements -

Northwind Traders identifies the following performance requirements:

• Each Azure Virtual Desktop session host must support 15 user sessions.
• Each new user session must be assigned to a single session host until the maximum session limit is reached for that host.


Application Requirements -

Northwind Traders identifies the following application requirements:

• Microsoft OneDrive must launch when users connect to a RemoteApp session in Azure Virtual Desktop.
• App1 requires a desktop resolution of 1280 x 1024.
• Administrative effort must be minimized.


Disaster Recovery Requirements -

Northwind Traders identifies the following disaster recovery requirements for the Azure Virtual Desktop deployment:

• Minimize outages if an Azure region fails.
• Minimize the recovery time objective (RTO).
• Minimize administrative effort in the event of a failover.


Security Requirements -

Northwind Traders identifies the following security requirements:

• When users sign in to the Azure Virtual Desktop deployment by using the Azure Virtual Desktop client, they must authenticate by using their Microsoft Entra username and password only.
• When users sign in to the Azure Virtual Desktop deployment by using a web browser, they must authenticate by using the Microsoft Authenticator app.
• All the Azure Virtual Desktop session hosts deployed by using the VM1 source image must be onboarded to Microsoft Defender for Endpoint.
• The client version and operating system used to connect to the session hosts must be logged.
• The solution must follow the principle of least privilege.


Networking Requirements -

The Azure Virtual Desktop session hosts must be able to access the resources on the on-premises network.


User Profile Requirements -

Northwind Traders identifies the following user profile requirements:

• Users must be able to access share1 by using their Microsoft Entra account.
• Azure Virtual Desktop user profiles must be managed by using FSLogix.
• All user profiles must be stored in share1.


Which two actions should you perform to meet the security requirements for Defender for Endpoint? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

  • A. Add a Defender for Endpoint onboarding script to VM1 and run the script at first startup.
  • B. Use a Group Policy Object (GPO) to run an on boarding script from a shared location.
  • C. Create an app attach image for the Azure Virtual Desktop deployment.
  • D. Run a Defender for Endpoint onboarding script on VM1 before generalizing the VM1 source image.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by Lapiduse at June 30, 2025, 8:03 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lolo13698
1 month ago
Selected Answer: AB
As per already seen question, script to be run with GPO at first boot.
upvoted 1 times
...
Lapiduse
1 month, 2 weeks ago
Selected Answer: AB
Not sure, but I assume it should be: A, B Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the AVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It's executed as a startup script at first boot on all the AVD machines that are provisioned from the AVD golden image. However, if you're using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. https://learn.microsoft.com/en-us/defender-endpoint/onboard-windows-multi-session-device
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel