Exam series: NSE4_FGT-7.0 Number of questions: 60
Exam time: 105 minutes
Language: English and Japanese
Product version: FortiOS 7.0
Status: Available
Exam details: exam description
NSE 4 Certification The Network Security Professiona* designation identifies your ability to
configure, install, and manage the day-to-day configuration, monitoring, and
operation of FortiGate to support specific corporate network security policies.
Visit the
Fortinet NSE Certification Program page for information about certification
requirements.
Fortinet NSE 4—FortiOS 7.0 The Fortinet NSE 4—FortiOS 7.0 exam is part of the NSE 4 Network Security
Professional program, and recognizesthe successful candidate’s knowledge of and
expertise with FortiGate.
The exam tests applied knowledge of FortiGate configuration, operation, and
day-to-day administration, and includes operational scenarios, configuration
extracts, and troubleshooting captures.
Audience
The Fortinet NSE 4—FortiOS 7.0 exam is intended for network and security
professionals responsible for the configuration and administration of firewal*
solutions in an enterprise network security infrastructure.
Exam Details Exam name Fortinet NSE 4—FortiOS 7.0
Exam series NSE4_FGT-7.0
Time allowed 105 minutes
Exam Description
Exam questions 60 multiple-choice questions
Scoring Pass or fail, a score report is available from your Pearson VUE account
Language English and Japanese
Product version FortiOS 7.0
Exam Topics
Successful candidates have applied knowledge and skills in the following areas
and tasks:
* FortiGate deployment
* Perform initial configuration
* Implement the Fortinet Security Fabric
* Configure log settings and diagnose problems using the logs
* Describe and configure VDOMs to split a FortiGate into multiple virtual
devices
* Identify and configure different operation modes for an FGCP HA cluster
* Diagnose resource and connectivity problems
* Firewall and authentication
* Identify and configure how firewall policy NAT and central NAT works
* Identify and configure different methods of firewall authentication
* Explain FSSO deployment and configuration
* Content inspection
* Describe and inspect encrypted traffic using certificates
* Identify FortiGate inspection modes and configure web and DNS filtering
* Configure application control to monitor and control network applications
* Explain and configure antivirus scanning modes to neutralize malware threats
* Configure IPS, DoS, and WAF to protect the network from hacking and DDoS
attacks
* Routing and Layer 2 switching
* Configure and route packets using static and policy-based routes
* Configure SD-WAN to load balance traffic between multiple WAN links
effectively
* Configure FortiGate interfaces or VDOMs to operate as Layer 2 devices
* VPN
* Configure and implement different SSL-VPN modes to provide secure access to
the private network
* Implement a meshed or partially redundant IPsec VPN
Training Resources
The following resources are recommended for attaining the knowledge and skills
that are covered on the exam. The recommended training is available as a
foundation for exam preparation. In addition to training, candidates are
strongly encouraged to have hands-on experience with the exam topics and
objectives.
NSE Training Institute Courses * NSE 4 FortiGate Security 7.0
* NSE 4 FortiGate Infrastructure 7.0
Other Resources * FortiOS 7.0—Administration Guide
* FortiOS 7.0—New Features Guide
Experience * Minimum of six months of hands-on experience with FortiGate
QUESTION 1 Which two statements about FortiGate FSSO agentless polling mode are true?
(Choose two.)
A. FortiGate uses the AD server as the collector agent.
B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
C. FortiGate does not support workstation check.
D. FortiGate directs the collector agent to use a remote LDAP server.
Answer: B,D
QUESTION 2 FortiGuard categories can be overridden and defined in different categories.
To create a web rating override
for example.com home page, the override must be configured using a specific
syntax.
Which two syntaxes are correct to configure web rating override for the home
page? (Choose two.)
A. www.exaple.com
B. www.example.com/index.html
C. example.com
D. www.example.com:443
Answer: A,C
QUESTION 3
Which three options are the remote log storage options you can configure on
FortiGate? (Choose three.)
A. FortiSandbox
B. FortiCloud
C. FortiSIEM
D. FortiCache
E. ForiAnalyzer
AWS Certified Solutions Architect – Associate Learn more about this certification and AWS resources that can help you
prepare
This credential helps organizations identify and develop talent with critical
skills for implementing cloud initiatives. Earning AWS Certified Solutions
Architect – Associate validates the ability to design and implement distributed
systems on AWS.
Who should take this exam? AWS Certified Solutions Architect – Associate is intended for anyone with
one or more years of hands-on experience designing available, cost-efficient,
fault-tolerant, and scalable distributed systems on AWS. Before you take this
exam, we recommend you have:
One year of hands-on experience with AWS technology, including using compute,
networking, storage, and database AWS services as well as AWS deployment and
management services
Experience deploying, managing, and operating workloads on AWS as well as
implementing security controls and compliance requirements
Familiarity with using both the AWS Management Console and the AWS Command Line
Interface (CLI)
Understanding of the AWS Well-Architected Framework, AWS networking, security
services, and the AWS global infrastructure
Ability to identify which AWS services meet a given technical requirement and to
define technical requirements for an AWS-based application
What does it take to earn this certification? To earn this certification, you’ll need to take and pass the AWS Certified
Solutions Architect – Associate exam (SAA-C02). The exam features a combination
of two question formats: multiple choice and multiple response. Additional
information, such as the exam content outline and passing score, is in the exam
guide.
Review sample questions that demonstrate the format of the questions used on
this exam and include rationales for the correct answers.
Introduction The AWS Certified Solutions Architect – Associate (SAA-C02) exam is intended
for individuals who perform in a solutions architect role. The exam validates a
candidate’s ability to design secure and robust solutions by using AWS
technologies.
The exam also validates a candidate’s ability to complete the following tasks:
Design a solution by using appropriate AWS services and by following
architectural principles based on requirements
Provide implementation guidance based on best practices to the organization
throughout the workload lifecycle
Target candidate description The target candidate should have at least 1 year of hands-on experience
designing secure, high-performing, cost-effective, highly available, and
scalable systems by using AWS services.
Recommended AWS knowledge
The target candidate should have the following knowledge: Hands-on experience using compute, networking, storage, management, and
database AWS services
The ability to identify and define technical requirements for a solution that
involves AWS technology
The ability to identify which AWS services meet a given technical requirement
An understanding of best practices for building well-architected solutions on
AWS
An understanding of the AWS global infrastructure
An understanding of AWS security services and features in relation to
traditional services
What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target
candidate is not expected to be able to perform. These items are out of scope
for the exam: Design a complex, hybrid network architecture
Design identity federation within multiple accounts
Design an architecture that meets compliance requirements
Incorporate specialized services in a design
Develop deployment strategies
Create a migration strategy for complex multi-tier applications
For a detailed list of specific tools and technologies that might be covered
on the exam, as well as a list of in-scope AWS services, refer to the Appendix.
Exam contentResponse types
There are two types of questions on the exam: Multiple choice: Has one correct response and three incorrect responses (distractors)
Multiple response: Has two or more correct responses out of five or more
response options
Select one or more responses that best complete the statement or answer the
question. Distractors, or incorrect answers, are response options that a
candidate with incomplete knowledge or skill might choose. Distractors are
generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing.
The exam includes 50 questions that will affect your score.
Unscored content The exam includes 15 unscored questions that do not affect your score. AWS
collects information about candidate performance on these unscored questions to
evaluate these questions for future use as scored questions. These unscored
questions are not identified on the exam.
Exam results The AWS Certified Solutions Architect – Associate exam is a pass or fail
exam. The exam is scored against a minimum standard established by AWS
professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The
minimum passing score is 720. Your score shows how you performed on the exam as
a whole and whether or not you passed. Scaled scoring models help equate scores
across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance
at each section level. This information provides general feedback about your
exam performance. The exam uses a compensatory scoring model, which means that
you do not need to achieve a passing score in each section. You need to pass
only the overall exam.
Each section of the exam has a specific weighting, so some sections have more
questions than other sections have. The table contains general information that
highlights your strengths and weaknesses. Use caution when interpreting
section-level feedback.
Content outline
This exam guide includes weightings, test domains, and objectives for the exam.
It is not a comprehensive listing of the content on the exam. However,
additional context for each of the objectives is available to help guide your
preparation for the exam. The following table lists the main content domains and
their weightings. The table precedes the complete exam content outline, which
includes the additional context. The percentage in each domain represents only
scored content.
Domain
1: Design Resilient Architectures 1.1 Design a multi-tier architecture solution Determine a solution design based on access patterns.
Determine a scaling strategy for components used in a design.
Select an appropriate database based on requirements.
Select an appropriate compute and storage service based on requirements.
1.2 Design highly available and/or fault-tolerant architectures Determine the amount of resources needed to provide a fault-tolerant
architecture across Availability Zones.
Select a highly available configuration to mitigate single points of
failure.
Apply AWS services to improve the reliability of legacy applications when
application changes are not possible.
Select an appropriate disaster recovery strategy to meet business
requirements.
Identify key performance indicators to ensure the high availability of the
solution.
1.3 Design decoupling mechanisms using AWS services Determine which AWS services can be leveraged to achieve loose
coupling of components.
Determine when to leverage serverless technologies to enable decoupling.
1.4 Choose appropriate resilient storage Define a strategy to ensure the durability of data.
Identify how data service consistency will affect the operation of the
application.
Select data services that will meet the access requirements of the
application.
Identify storage services that can be used with hybrid or non-cloud-native
applications.
Domain 2: Design High-Performing Architectures
2.1 Identify elastic and scalable compute solutions for a workload
Select the appropriate instance(s) based on compute, storage, and
networking requirements.
Choose the appropriate architecture and services that scale to meet
performance requirements.
Identify metrics to monitor the performance of the solution.
2.2 Select high-performing and scalable storage solutions for a workload Select a storage service and configuration that meets performance
demands.
Determine storage services that can scale to accommodate future needs.
2.3 Select high-performing networking solutions for a workload
Select appropriate AWS connectivity options to meet performance demands.
Select appropriate features to optimize connectivity to AWS public
services.
Determine an edge caching strategy to provide performance benefits.
Select appropriate data transfer service for migration and/or ingestion.
2.4 Choose high-performing database solutions for a workload Select an appropriate database scaling strategy.
Determine when database caching is required for performance improvement.
Choose a suitable database service to meet performance needs.
Domain
3: Design Secure Applications and Architectures
3.1 Design secure access to AWS resources
Determine when to choose between users, groups, and roles.
Interpret the net effect of a given access policy.
Select appropriate techniques to secure a root account.
Determine ways to secure credentials using features of AWS IAM.
Determine the secure method for an application to access AWS APIs.
Select appropriate services to create traceability for access to AWS
resources.
3.2 Design secure application tiers Given traffic control requirements, determine when and how to use
security groups and network ACLs.
Determine a network segmentation strategy using public and private
subnets.
Select the appropriate routing mechanism to securely access AWS service
endpoints or internet-based resources from Amazon VPC.
Select appropriate AWS services to protect applications from external
threats.
3.3 Select appropriate data security options Determine the policies that need to be applied to objects based on
access patterns.
Select appropriate encryption options for data at rest and in transit for
AWS services.
Select appropriate key management options based on requirements.
Domain 4: Design Cost-Optimized Architectures
4.1 Identify cost-effective storage solutions Determine the most cost-effective data storage options based on
requirements.
Apply automated processes to ensure that data over time is stored on
storage tiers that minimize costs.
4.2 Identify cost-effective compute and database services
Determine the most cost-effective Amazon EC2 billing options for each
aspect of the workload.
Determine the most cost-effective database options based on requirements.
Select appropriate scaling strategies from a cost perspective.
Select and size compute resources that are optimally suited for the
workload.
Determine options to minimize total cost of ownership (TCO) through
managed services and serverless architectures.
4.3 Design cost-optimized network architectures
Identify when content delivery can be used to reduce costs.
Determine strategies to reduce data transfer costs within AWS.
Determine the most cost-effective connectivity options between AWS and
on-premises environments.
Appendix Which key tools, technologies, and concepts might be covered on the exam?
The following is a non-exhaustive list of the tools and technologies that could
appear on the exam. This list is subject to change and is provided to help you
understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of
these technologies will likely be covered more than others on the exam, the
order and placement of them in this list is no indication of relative weight or
importance: Compute
Cost management
Database
Disaster recovery
High availability
Management and governance
Microservices and component decoupling
Migration and data transfer
Networking, connectivity, and content delivery
Security
Serverless design principles
Storage
AWS services and features Analytics: Amazon Athena
Amazon Elasticsearch Service (Amazon ES)
Amazon EMR
AWS Glue
Amazon Kinesis
Amazon QuickSight
AWS Billing and Cost Management:
AWS Budgets
Cost Explorer
QUESTION 1
A solutions architect is designing a solution where users will be directed to a
backup static error page if the
primary website is unavailable. The primary website’s DNS records are hosted in
Amazon Route 53 where
their domain is pointing to an Application Load Balancer (ALB).
Which configuration should the solutions architect use to meet the company’s
needs while minimizing changes
and infrastructure overhead?
A. Point a Route 53 alias record to an Amazon CloudFront distribution with the
ALB as one of its origins.
Then, create custom error pages for the distribution.
B. Set up a Route 53 active-passive failover configuration. Direct traffic to a
static error page hosted within an
Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is
unhealthy.
C. Update the Route 53 record to use a latency-based routing policy. Add the
backup static error page hosted
within an Amazon S3 bucket to the record so the traffic is sent to the most
responsive endpoints.
D. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2
instance hosting a static
error page as endpoints. Route 53 will only send requests to the instance if the
health checks fail for the ALB.
Answer: B
QUESTION 2 A solutions architect is designing a high performance computing (HPC)
workload on Amazon EC2. The EC2
instances need to communicate to each other frequently and require network
performance with low latency and high throughput.
Which EC2 configuration meets these requirements?
A. Launch the EC2 instances in a cluster placement group in one Availability
Zone.
B. Launch the EC2 instances in a spread placement group in one Availability
Zone.
C. Launch the EC2 instances in an Auto Scaling group in two Regions and peer the
VPCs.
D. Launch the EC2 instances in an Auto Scaling group spanning multiple
Availability Zones.
Answer: A
QUESTION 3 A company wants to host a scalable web application on AWS. The application
will be accessed by users from
different geographic regions of the world. Application users will be able to
download and upload unique data
up to gigabytes in size. The development team wants a cost-effective solution to
minimize upload and
download latency and maximize performance.
What should a solutions architect do to accomplish this?
A. Use Amazon S3 with Transfer Acceleration to host the application.
B. Use Amazon S3 with CacheControl headers to host the application.
C. Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the
application.
D. Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the
application.
Answer: C
QUESTION 4 A company is migrating from an on-premises infrastructure to the AWS Cloud.
One of the company’s
applications stores files on a Windows file server farm that uses Distributed
File System Replication (DFSR) to
keep data in sync. A solutions architect needs to replace the file server farm.
Which service should the solutions architect use?
A. Amazon Elastic File System (Amazon EFS)
B. Amazon FSx
C. Amazon S3
D. AWS Storage Gateway
Answer: B
QUESTION 5 A company has a legacy application that processes data in two parts. The
second part of the process takes
longer than the first, so the company has decided to rewrite the application as
two microservices running on
Amazon ECS that can scale independently.
How should a solutions architect integrate the microservices?
A. Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3
event notifications to
invoke microservice 2.
B. Implement code in microservice 1 to publish data to an Amazon SNS topic.
Implement code in microservice
2 to subscribe to this topic.
C. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose.
Implement code in
microservice 2 to read from Kinesis Data Firehose.
D. Implement code in microservice 1 to send data to an Amazon SQS queue.
Implement code in microservice
2 to process messages from the queue.
Answer: D
QUESTION 6 A company captures clickstream data from multiple websites and analyzes it
using batch processing. The data
is loaded nightly into Amazon Redshift and is consumed by business analysts. The
company wants to move
towards near-real-time data processing for timely insights. The solution should
process the streaming data with
minimal effort and operational overhead.
Which combination of AWS services are MOST cost-effective for this solution?
(Choose two.)
A. Amazon EC2
B. AWS Lambda
C. Amazon Kinesis Data Streams
D. Amazon Kinesis Data Firehose
E. Amazon Kinesis Data Analytics
Answer: B,D
QUESTION 7
A company’s application runs on Amazon EC2 instances behind an Application Load
Balancer (ALB). The
instances run in an Amazon EC2 Auto Scaling group across multiple Availability
Zones. On the first day of
every month at midnight, the application becomes much slower when the month-end
financial calculation batch
executes. This causes the CPU utilization of the EC2 instances to immediately
peak to 100%, which disrupts
the application.
What should a solutions architect recommend to ensure the application is able to
handle the workload and
avoid downtime?
A. Configure an Amazon CloudFront distribution in front of the ALB.
B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.
C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly
schedule.
D. Configure Amazon ElastiCache to remove some of the workload from the EC2
instances.
Answer: C
QUESTION 8 A company runs a multi-tier web application that hosts news content. The
application runs on Amazon EC2
instances behind an Application Load Balancer. The instances run in an EC2 Auto
Scaling group across
multiple Availability Zones and use an Amazon Aurora database. A solutions
architect needs to make the
application more resilient to periodic increases in request rates.
Which architecture should the solutions architect implement? (Choose two.)
A. Add AWS Shield.
B. Add Aurora Replica.
C. Add AWS Direct Connect.
D. Add AWS Global Accelerator.
E. Add an Amazon CloudFront distribution in front of the Application Load
Balancer.
Answer: D,E
QUESTION 9 An application running on AWS uses an Amazon Aurora Multi-AZ deployment for
its database. When
evaluating performance metrics, a solutions architect discovered that the
database reads are causing high I/O
and adding latency to the write requests against the database.
What should the solutions architect do to separate the read requests from the
write requests?
A. Enable read-through caching on the Amazon Aurora database.
B. Update the application to read from the Multi-AZ standby instance.
C. Create a read replica and modify the application to use the appropriate
endpoint.
D. Create a second Amazon Aurora database and link it to the primary database as
a read replica.
Candidates for this exam are Azure administrators with subject
matter expertise in planning, delivering, and managing virtual desktop
experiences and remote apps, for any device, on Azure.
Candidates for this exam should have experience in Azure technologies, including
virtualization, networking, identity, storage, backups, resilience, and disaster
recovery. They should understand on-premises virtual desktop infrastructure
technologies as they relate to migrating to Windows Virtual Desktop. These
professionals use the Azure portal and Azure Resource Manager (ARM) templates to
accomplish many of their tasks. They might use PowerShell and Azure Command-Line
Interface (CLI) for more efficient automation.
Candidates for this exam must have expert Azure administration skills.
Beta exams are not scored immediately because we are gathering data on the
quality of the questions and the exam. Learn more about the value and importance
of beta exams.
Part of the requirements for: Microsoft Certified: Windows Virtual Desktop
Specialty
Related exams: none
Important: See details
Exam AZ-140: Configuring and Operating Windows Virtual Desktop on Microsoft
Azure (beta)
Languages: English
Retirement date: none
This exam measures your ability to accomplish the following technical tasks:
plan a Windows Virtual Desktop architecture; implement a Windows Virtual Desktop
infrastructure; manage access and security; manage user environments and apps;
and monitor and maintain a Windows Virtual Desktop infrastructure.
Skills measured Plan a Windows Virtual Desktop architecture (10-15%)
Implement a Windows Virtual Desktop infrastructure (25-30%)
Manage access and security (10-15%)
Manage user environments and apps (20-25%)
Monitor and maintain a Windows Virtual Desktop infrastructure (20-25%)
Audience Profile Candidates for this exam are Microsoft Azure administrators with subject
matter expertise in planning, delivering, and managing virtual desktop
experiences and remote apps, for any device, on Azure.
Responsibilities for this role include deploying virtual desktop experiences and
apps to Azure.
Professionals in this role deliver applications on Windows Virtual Desktop and
optimize them to run in multi-session virtual environments. To deliver these
experiences, they work closely with the Azure administrators and architects,
along with Microsoft 365 Administrators.
Candidates for this exam should have experience in Azure technologies, including
virtualization, networking, identity, storage, backups, resilience, and disaster
recovery. They should understand on-premises virtual desktop infrastructure
technologies as they relate to migrating to Windows Virtual Desktop. These
professionals use the Azure portal and Azure Resource Manager templates to
accomplish many tasks. This role may use PowerShell and Azure Command-Line
Interface (CLI) for more efficient automation.
Candidates for this exam must have expert Azure administration skills.
Skills Measured NOTE: The bullets that follow each of the skills measured are intended to
illustrate how we assess that skill. This list is not definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam
may contain questions on Preview features if those features are commonly used.
Plan a Windows Virtual Desktop Architecture (10-15%)
Design the Windows Virtual Desktop architecture assess existing physical and virtual desktop environments
assess network capacity and speed requirements for Windows Virtual Desktop
recommend an operating system for a Windows Virtual Desktop implementation
plan and configure name resolution for Active Directory (AD) and Azure Active
Directory
Domain Services (Azure AD DS) plan a host pools architecture
recommend resource groups, subscriptions, and management groups
configure a location for the Windows Virtual Desktop metadata
calculate and recommend a configuration for performance requirements
calculate and recommend a configuration for Azure Virtual Machine capacity
requirements
Design for user identities and profiles select an appropriate licensing model for Windows Virtual Desktop based on
requirements
recommend an appropriate storage solution (including Azure NetApp Files versus
Azure Files)
plan for Windows Virtual Desktop client deployment
plan for user profiles
recommend a solution for network connectivity
plan for Azure AD Connect for user identities
Implement a Windows Virtual Desktop Infrastructure (25-30%) Implement and manage networking for Windows Virtual Desktop
implement Azure virtual network connectivity
manage connectivity to the internet and on-premises networks
implement and manage network security
manage Windows Virtual Desktop session hosts by using Azure Bastion
monitor and troubleshoot network connectivity
Implement and manage storage for Windows Virtual Desktop configure storage for FSLogix components
configure storage accounts
configure disks
create file shares
Create and configure host pools and session hosts
create a host pool by using the Azure portal
automate creation of Windows Virtual Desktop host and host pools by using
PowerShell,
Command-Line Interface (CLI), and Azure Resource Manager templates create a host pool based on Windows client or Windows Server session hosts
configure host pool settings
manage licensing for session hosts that run Windows client or Windows Server
assign users to host pools
apply OS and application updates to a running Windows Virtual Desktop host
apply security and compliance settings to session hosts
Create and manage session host images create a gold image
modify a session host image
install language packs in Windows Virtual Desktop
deploy a session host by using a custom image
plan for image update and management
create and use a Shared Image Gallery
troubleshoot OS issues related to Windows Virtual Desktop
Manage Access and Security (10-15%) Manage access plan and implement Azure roles and role-based access control (RBAC) for
Windows Virtual Desktop
manage local roles, groups and rights assignment on Windows Virtual Desktop
session hosts
configure user restrictions by using Azure AD group policies and AD policies
Manage security
plan and implement Conditional Access policies for connections to Windows
Virtual Desktop
plan and implement multifactor authentication in Windows Virtual Desktop
manage security by using Azure Security Center
configure Microsoft Defender Antivirus for session hosts
Manage User Environments and Apps (20-25%)
Implement and manage FSLogix plan for FSLogix
install and configure FSLogix
configure Profile Containers
configure Cloud Cache
migrate user profiles to FSLogix
Configure user experience settings
configure Universal Print
configure user settings through group policies and Endpoint Manager policies
configure persistent and non-persistent desktop environments
configure Remote Desktop Protocol (RDP) properties on a host pool
configure session timeout properties
troubleshoot user profile issues
troubleshoot Windows Virtual Desktop clients
Install and configure apps on a session host configure dynamic application delivery by using MSIX App Attach
implement application masking
deploy an application as a RemoteApp
implement and manage OneDrive for Business for a multi-session environment
implement and manage Microsoft Teams AV Redirect
implement and manage browsers and internet access for Windows Virtual Desktop
sessions
create and configure an application group
troubleshoot application issues related to Windows Virtual Desktop
Monitor and Maintain a Windows Virtual Desktop Infrastructure (20- 25%)
Plan and implement business continuity and disaster recovery plan and implement a disaster recovery plan for Windows Virtual Desktop
design a backup strategy for Windows Virtual Desktop
configure backup and restore for FSLogix user profiles, personal virtual
desktop infrastructures (VDIs), and golden images
Automate Windows Virtual Desktop management tasks
configure automation for Windows Virtual Desktop
automate management of host pools, session hosts, and user sessions by using
PowerShell and Azure Command-Line Interface (CLI) implement autoscaling in host pools
Monitor and manage performance and health monitor Windows Virtual Desktop by using Azure Monitor
monitor Windows Virtual Desktop by using Azure Advisor
customize Azure Monitor workbooks for Windows Virtual Desktop monitoring
optimize session host capacity and performance
manage active sessions and application groups
monitor and optimize autoscaling results
QUESTION 1 You have an Azure Active Directory (Azure AD) tenant named contoso.com and
an Azure virtual network named VNET1.
To VNET1, you deploy an Azure Active Directory Domain Services (Azure AD DS)
managed domain named litwareinc.com.
To VNET1, you plan to deploy a Windows Virtual Desktop host pool named Pool1.
You need to ensure that you can deploy Windows 10 Enterprise host pools to
Pool1.
What should you do first?
A. Modify the settings of the litwareinc.com DNS zone.
B. Modify the DNS settings of VNET1.
C. Add a custom domain name to contoso.com.
D. Implement Azure AD Connect cloud sync.
Correct Answer: B
QUESTION 2 You plan to deploy Windows Virtual Desktop session host virtual machines
based on a preconfigured master image. The master image will be stored in a
shared image.
You create a virtual machine named Image1 to use as the master image. You
install applications and apply configuration changes to Image1.
You need to ensure that the new session host virtual machines created based on
Image1 have unique names and security identifiers.
What should you do on Image1 before you add the image to the shared image
gallery?
A. At a command prompt, run the set computername command.
B. At a command prompt, run the sysprep command.
C. From PowerShell, run the rename-computer cmdlet.
D. From the lock screen of the Windows device, perform a Windows Autopilot
Reset.
Correct Answer: B
QUESTION 3 You have a Windows Virtual Desktop host pool named Pool1 and an Azure
Storage account named Storage1.
Storage1 stores FSLogix profile containers in a share folder named share1.
You create a new group named Group1. You provide Group1 with permission to sign
in to Pool1.
You need to ensure that the members of Group1 can store the FSLogix profile
containers in share1. The
solution must use the principle of least privilege.
Which two privileges should you assign to Group1? Each correct answer presents
part of the solution.
NOTE: Each correct selection is worth one point.
A. the Storage Blob Data Contributor role for storage1
B. the List folder / read data NTFS permissions for share1
C. the Modify NTFS permissions for share1
D. the Storage File Data SMB Share Reader role for storage1
E. the Storage File Data SMB Share Elevated Contributor role for storage1
F. the Storage File Data SMB Share Contributor role for storage1
