2V0-51.23 Practice Test

Explanation: The VMware Horizon component that needs to be deployed to allow users to log into VMware Workspace ONE Access and connect to remote desktops and applications without having to provide Active Directory credentials is the Enrollment Server. The Enrollment Server is a standalone service that integrates with VMware Workspace ONE Access and enables True Single Sign-On (SSO) for Horizon clients that are using non-AD-based authentication methods such as RSA SecureID, RADIUS, or SAML1. The Enrollment Server requests short-lived certificates on behalf of the users from a certificate authority (CA), and these certificates are used for authentication to the Horizon environment2. The Enrollment Server must be installed and configured in the same domain or forest as the Connection Server, and it must have an enrollment agent certificate that authorizes it to act as an enrollment agent2.
The other options are not valid or feasible because:
A Replica Server is a Connection Server instance that replicates the Horizon LDAP configuration data from another Connection Server instance, and provides high availability and load balancing for user connections3. A Replica Server does not request or issue certificates for users, and it does not integrate with VMware Workspace ONE Access.
A Security Server is a Connection Server instance that resides within a DMZ and acts as a proxy for external user connections to the Horizon environment4. A Security Server does not request or issue certificates for users, and it does not integrate with VMware Workspace ONE Access. Security Servers are deprecated in Horizon 8 and replaced by Unified Access Gateways (UAGs)4.
A vCenter Server is a management platform that provides centralized control and visibility of vSphere hosts and virtual machines in the Horizon environment5. A vCenter Server does not request or issue certificates for users, and it does not integrate with VMware Workspace ONE Access.

Explanation: Access groups are a way of organizing and delegating the administration of machines, desktop pools, application pools, and farms in Horizon. By default, all these objects reside in the root access group, which appears as / or Root (/) in Horizon Console. A high-level administrator can create sub-access groups under the root access group and assign different permissions to different administrators for each access group. For example, a high-level administrator can create an access group called RDS Farms and assign the Inventory Administrators role to a junior-level administrator for that access group. This way, the junior-level administrator can see and manage all the RDS farms that are in the RDS Farms access group, but not the ones that are in other access groups or the root access group. Therefore, to correct the issue of a junior-level administrator not being able to see all RDS farms, a high-level administrator needs to make changes to the access groups and the permissions associated with them.

Explanation: The two options that are available for the administrator to make the shortcut available to all desktop pool users, while minimizing ongoing administrative effort, before updating the desktop pool golden image are:
Copy the shortcut to c:\users\Public\Desktop. This option will place the shortcut in the public desktop folder, which is shared by all users who log on to the same computer. The public desktop folder is normally a hidden folder, so the administrator needs to enable the option to show hidden files and folders in File Explorer1. This option does not require any additional software or configuration, but it will only work for the existing desktops in the pool. If new desktops are added or refreshed, the shortcut will not be copied automatically.
Configure a Shortcut with DEM (Dynamic Environment Manager). This option will use the DEM console to create a shortcut configuration that will apply the shortcut to the user’s desktop during logon2. The administrator needs to install and configure DEM on the Horizon environment, and create a configuration share and a profile archive share for storing the DEM settings3. This option requires more initial setup, but it will work for any desktop in the pool, regardless of whether it is new or refreshed. It also allows more flexibility and control over the shortcut properties and conditions.
The other options are not valid or feasible because:
Copying the shortcut during user provisioning to a non-writeable App Volume will not work because App Volumes are used to deliver applications, not shortcuts. App Volumes are virtual disks that are attached to the virtual machines at runtime, and they contain application files, registry entries, and settings4. Copying a shortcut to an App Volume will not make it appear on the user’s desktop.
Copying the shortcut to the Windows Default Domain Controller Policy will not work because this policy is used to configure settings for domain controllers, not desktops. The Default Domain Controller Policy is a Group Policy Object (GPO) that is linked to the Domain Controllers organizational unit (OU) in Active Directory, and it contains security settings that are applied to all domain controllers in the domain5. Copying a shortcut to this policy will not affect any desktops in the Horizon environment.
Configuring a Shortcut with Horizon View Client will not work because Horizon View Client is used to connect to remote desktops and applications, not to create shortcuts. Horizon View Client is a software application that runs on various devices and platforms, and it allows users to access their virtual desktops and applications through a secure connection6. Configuring a shortcut with Horizon View Client will not make it appear on the user’s desktop.