Microsoft Azure Virtual Desktop Specialty (AZ-140) · Difficulty

Medium AZ-140 practice questions

Applied — put a concept to work in a realistic situation. 72 medium questions available — no sign-up, always free.

Question 1 of 25

You are designing application delivery for a pooled AVD host pool running Windows 11 multi-session. The requirement is that applications must NOT be permanently installed on the session hosts, must be attached dynamically at user sign-in, and the golden image must remain unchanged when new app versions are released. Your team also wants Microsoft to handle the application registration and staging process automatically rather than managing it through custom PowerShell scripts. Which application delivery method best meets these requirements?

Reviewed for accuracy · Report an issue
Question 2 of 25

Your company runs a pooled, multi-session Azure Virtual Desktop host pool used by call center staff. Security requires that only a curated set of signed, IT-approved applications may execute on the session hosts, and any unapproved executable, script, or installer must be blocked automatically — including software users might download. The solution must be enforced at the Windows kernel level and centrally managed. Which Windows threat protection feature should you implement on the session hosts?

Reviewed for accuracy · Report an issue
Question 3 of 25

You configured an autoscaling scaling plan for a pooled host pool. During the ramp-down phase, the finance department complains that active users are being forcibly signed out before they finish end-of-month reports, causing lost work. You need to prevent forced sign-offs of active sessions while still allowing the scaling plan to reduce capacity when hosts become empty. Which ramp-down setting should you adjust?

Reviewed for accuracy · Report an issue
Question 4 of 25

You created a dynamic autoscale scaling plan in the Azure portal and assigned it to a pooled host pool with defined ramp-up, peak, ramp-down, and off-peak schedules. Several days later you notice that session hosts are never being started or stopped by the plan, even though the schedule thresholds are clearly being met. The scaling plan shows as enabled and correctly associated with the host pool. What is the most likely cause that you must remediate?

Reviewed for accuracy · Report an issue
Question 5 of 25

Your organization runs a pooled AVD host pool for finance staff. Security requires that the session hosts be hardened against ransomware that attempts to modify or encrypt files in users' FSLogix-mounted profile folders and known application data directories. You must enable a Microsoft Defender feature that blocks untrusted processes from writing to protected folders, while still allowing your approved line-of-business application to save files there. What should you configure?

Reviewed for accuracy · Report an issue
Question 6 of 25

You manage a pooled Azure Virtual Desktop host pool running Windows 11 multi-session. Security requires you to reduce the attack surface by blocking Office applications from creating child processes and from injecting code into other processes, using the built-in Microsoft Defender Antivirus capabilities. You want to enforce this centrally without deploying third-party software. Which Defender feature should you configure on the session hosts?

Reviewed for accuracy · Report an issue
Question 7 of 25

You manage a pooled Azure Virtual Desktop host pool running Windows 11 Enterprise multi-session with Microsoft Defender Antivirus enabled. Users store their profiles in FSLogix profile containers hosted on Azure Files. Users report intermittent profile corruption and slow logon times. Investigation shows Defender Antivirus is actively scanning the mounted VHDX files during logon. What should you configure to resolve the issue while keeping Defender Antivirus protection enabled?

Reviewed for accuracy · Report an issue
Question 8 of 25

Your company runs a pooled Azure Virtual Desktop host pool. The security team enabled Microsoft Defender for Cloud with the enhanced security features (Defender for Servers Plan 2) on the subscription containing the session hosts. In the Defender for Cloud recommendations, you see 'Management ports of your virtual machines should be protected with just-in-time network access control' flagged as unhealthy for all session host VMs. Management currently uses the default deny-inbound behavior via NSGs, and no administrator connects over RDP directly. You must resolve the recommendation with the least ongoing administrative effort while preserving occasional break-glass administrative access. What should you do?

Reviewed for accuracy · Report an issue
Question 9 of 25

Your organization runs a pooled Azure Virtual Desktop deployment with 40 multi-session session hosts. The security team wants to enable advanced threat protection that provides behavioral analytics, adaptive application controls, and integrated vulnerability assessment for these session host VMs. They require these capabilities to appear as security alerts and recommendations in Microsoft Defender for Cloud. Which action should you take?

Reviewed for accuracy · Report an issue
Question 10 of 25

Your organization runs a pooled Azure Virtual Desktop host pool with Windows 11 Enterprise multi-session session hosts that are onboarded to Microsoft Defender for Endpoint. A security review finds that a local administrator on one session host disabled Microsoft Defender Antivirus real-time protection during a troubleshooting session, leaving the host unprotected for several hours. You must ensure that security settings such as real-time protection cannot be turned off locally, even by users with administrative rights on the session host, while requiring the least ongoing administrative effort. What should you do?

Reviewed for accuracy · Report an issue
Question 11 of 25

Your organization runs a pooled AVD host pool with 30 multi-session Windows 11 Enterprise session hosts. The security team wants a continuous, prioritized inventory of software vulnerabilities and misconfigurations on the session hosts, along with remediation recommendations, surfaced in a central portal. They have already enabled Microsoft Defender for Servers Plan 2 on the subscription containing the session hosts. Which capability satisfies this requirement without deploying any additional third-party scanning agents?

Reviewed for accuracy · Report an issue
Question 12 of 25

A company is deploying a pooled Azure Virtual Desktop host pool to run a legacy line-of-business application that requires Kerberos authentication and Group Policy for configuration. The organization is fully cloud-based with identities in Microsoft Entra ID only; there are no on-premises domain controllers and no site-to-site VPN or ExpressRoute connectivity. Users must be able to sign in to the session hosts and have the application authenticate using traditional domain services. Which identity solution should you implement for the session hosts?

Reviewed for accuracy · Report an issue
Question 13 of 25

You are designing a pooled AVD host pool that uses a golden image from Azure Compute Gallery. All user state is redirected to FSLogix profile containers on Azure Files, so the session-host OS disks contain no persistent data. Management wants to minimize per-VM storage cost and reduce OS disk read/write latency for these stateless session hosts, and they accept that reimaging replaces the OS disk. Which OS disk configuration should you choose for the session hosts?

Reviewed for accuracy · Report an issue
Question 14 of 25

You manage an Azure Virtual Desktop pooled host pool. Profiles are stored using FSLogix Cloud Cache configured with two storage providers for resiliency. Users report that after a storage account maintenance event, the FSLogix profile always attempted to load from the same provider first, causing a delay while it failed over. You need to review the registry setting that controls the ordered list of storage locations Cloud Cache uses for profile VHD(X) files. Which registry value under HKLM\SOFTWARE\FSLogix\Profiles should you inspect?

Reviewed for accuracy · Report an issue
Question 15 of 25

Contoso is deploying a pooled AVD host pool for 400 concurrent users in the East US region. Users run data-heavy line-of-business apps and require FSLogix profile containers with very low latency and high, consistent IOPS. The storage design must support tens of thousands of IOPS with sub-millisecond latency and integrate with the existing Active Directory Domain Services. Which storage solution should you choose for the FSLogix profile containers?

Reviewed for accuracy · Report an issue
Question 16 of 25

A company is deploying an Azure Virtual Desktop pooled host pool for 200 concurrent users in the East US region. All session hosts and users are located in East US. The storage administrator wants a highly available profile storage solution that supports Active Directory authentication, offers a service-level agreement backed by Microsoft, and requires the least ongoing management overhead for a single-region deployment. Which storage option should you recommend for the FSLogix profile containers?

Reviewed for accuracy · Report an issue
Question 17 of 25

You are configuring FSLogix Profile Containers on a pooled AVD host pool. You have created an SMB share on Azure Files and assigned the correct NTFS and share permissions. Users report that their profiles are not roaming — a fresh local profile is created at each logon. Which registry configuration under HKLM\SOFTWARE\FSLogix\Profiles is the minimum required to enable Profile Containers and point them at the share?

Reviewed for accuracy · Report an issue
Question 18 of 25

You manage a pooled AVD host pool where FSLogix Profile Containers are stored on an Azure Files share. Users report that after several weeks, the share is filling rapidly even though individual profiles are relatively small. Investigation shows each user's profile VHDX file was created at its maximum configured size regardless of actual data stored. You need to reduce storage consumption so that profile disks consume only the space actually used, while retaining the configured maximum size ceiling. Which FSLogix registry setting should you configure?

Reviewed for accuracy · Report an issue
Question 19 of 25

A pooled AVD host pool uses FSLogix Profile Containers stored on an Azure Files share. After a storage networking outage, users reported being unexpectedly logged on with brand-new temporary local profiles instead of receiving an error, which caused confusion and lost work. To prevent this behavior in the future so that users are instead prevented from signing in (or shown a failure) when their Profile Container cannot be attached, which FSLogix registry setting under HKLM\SOFTWARE\FSLogix\Profiles should you configure?

Reviewed for accuracy · Report an issue
Question 20 of 25

Your organization stores FSLogix profile containers on an Azure Files Premium share. A user reports that files saved to their profile earlier today are missing after a session host crash corrupted their profile VHDX. Azure Backup is not configured for the file share, but the share has scheduled share snapshots enabled through Azure File Sync's snapshot capability and the built-in Azure Files snapshot feature. What is the fastest, supported way to recover the user's profile to its state from earlier today?

Reviewed for accuracy · Report an issue
Question 21 of 25

A financial services company deploys FSLogix Profile Containers on a pooled AVD host pool. Users complain that sign-in and sign-out are slow. Investigation shows that a large local cache folder created by a line-of-business application is being roamed inside every profile container, bloating the VHDX and slowing container attach/detach. The company wants to prevent that specific folder from being stored in the profile container while still roaming the rest of the user profile. What should you implement?

Reviewed for accuracy · Report an issue
Question 22 of 25

Your company stores FSLogix profile containers on an Azure Files premium share. Security requires that the storage account deny access from the public internet, but session hosts in the AVD subnet must still mount the share with low latency and no traffic traversing the internet. You want to avoid deploying additional resources such as private endpoints if a simpler option meets the requirement. What should you configure on the storage account?

Reviewed for accuracy · Report an issue
Question 23 of 25

Your organization uses a pooled AVD host pool built from a custom image stored in an Azure Compute Gallery. Every month you apply Windows updates and line-of-business application changes to a dedicated build VM, generalize it, and publish a new image version. After the last deployment, users reported a broken LOB application, and you needed to quickly return all session hosts to the previously working state. What is the recommended strategy to enable fast rollback in future update cycles?

Reviewed for accuracy · Report an issue
Question 24 of 25

Contoso runs a pooled host pool with 10 session hosts serving 400 kiosk-style users who each run a single lightweight line-of-business app. Sessions are short and users connect and disconnect frequently throughout the day. Support staff report that a few session hosts occasionally become overloaded while others sit nearly idle. You need to change the host pool configuration so that new user sessions are distributed as evenly as possible across all available session hosts to smooth out the load. Which load-balancing setting should you configure on the host pool?

Reviewed for accuracy · Report an issue
Question 25 of 25

You manage a pooled host pool named HP-Finance with 10 session hosts, each sized to comfortably support 15 concurrent users. The business wants to minimize the number of running session hosts during working hours to reduce compute costs, packing users onto as few hosts as possible before new hosts receive connections. You have already configured a scaling plan. Which host pool load-balancing and session-limit configuration best achieves this goal?

Reviewed for accuracy · Report an issue