AZ-140 · Question #10
AZ-140 Question #10: Real Exam Question with Answer & Explanation
The correct answer is B: Modify the membership of the FSLogix Profile Exclude List group.. FSLogix uses two special Active Directory groups to control profile container behavior: 'FSLogix Profile Exclude List' and 'FSLogix ODFC Exclude List.' Any user added to the FSLogix Profile Exclude List group will have the FSLogix profile container agent bypass them entirely - th
Question
Case Study 2 - Litware, Inc Overview Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India. Existing Environment. Identity Environment The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com. The Azure AD tenant contains the users shown in the following table. All users are registered for Azure Multi-Factor Authentication (MFA). Existing Environment. Cloud Services Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses. Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table. Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises Active Directory domain. Network and DNS The offices connect to each other by using a WAN link. Each office connects directly to the internet. All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office. Requirements. Planned Changes Litware plans to implement the following changes: Deploy Azure Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office. Implement FSLogix profile containers. Optimize the custom virtual machine images for the Azure Virtual Desktop session hosts. Use PowerShell to automate the addition of virtual machines to the Azure Virtual Desktop host pools. Requirements. Performance Requirements Litware identifies the following performance requirements: Minimize network latency of the Azure Virtual Desktop connections from the Boston and Chennai offices. Minimize latency of the Azure Virtual Desktop host authentication in each Azure region. Minimize how long it takes to sign in to the Azure Virtual Desktop session hosts. Requirements. Authentication Requirements Litware identifies the following authentication requirements: Enforce Azure MFA when accessing Azure Virtual Desktop apps. Force users to reauthenticate if their Azure Virtual Desktop session lasts more than eight hours. Requirements. Security Requirements Litware identifies the following security requirements: Explicitly allow traffic between the Azure Virtual Desktop session hosts and Microsoft 365. Explicitly allow traffic between the Azure Virtual Desktop session hosts and the Azure Virtual Desktop infrastructure. Use built-in groups for delegation. Delegate the management of app groups to Admin2, including the ability to publish app groups to users and user groups. Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups. Minimize administrative effort to manage network security. Use the principle of least privilege. Requirements. Deployment Requirements Litware identifies the following deployment requirements: Use PowerShell to generate the token used to add the virtual machines as session hosts to a Azure Virtual Desktop host pool. Minimize how long it takes to provision the Azure Virtual Desktop session hosts based on the custom virtual machine images. Whenever possible, preinstall agents and apps in the custom virtual machine images. User Profile Requirements Litware identifies the following user profile requirements: • In storage1, store user profiles for the Boston office users. • Ensure that the user profiles for the Boston office users replicate synchronously between two Azure regions. • Ensure that Admin1 uses a local profile only when signing in to the Azure Virtual Desktop session hosts. You need to configure the user settings of Admin1 to meet the user profile requirements. What should you do?
Options
- AModify the membership of the FSLogix ODFC Exclude List group.
- BModify the membership of the FSLogix Profile Exclude List group.
- CModify the HKLM\SOFTWARE\FSLogix\Profiles registry settings.
- DModify the HKLM\SOFTWARE\FSLogix\ODFC registry settings.
Explanation
FSLogix uses two special Active Directory groups to control profile container behavior: 'FSLogix Profile Exclude List' and 'FSLogix ODFC Exclude List.' Any user added to the FSLogix Profile Exclude List group will have the FSLogix profile container agent bypass them entirely - their sessions will use a standard local or roaming profile instead. This is the standard, supported method to exclude specific accounts (e.g., admin or service accounts) from profile container management. Option A (ODFC Exclude List) controls Office Data File Container exclusions, not general profile containers. Options C and D involve direct registry edits, which apply globally to all users on a host rather than targeting individual users by group membership, making them the wrong tool for per-user exclusion.
Topics
Community Discussion
No community discussion yet for this question.