ExamGecko
Search Search Login
Home Home / Microsoft / MD-102

Microsoft MD-102 Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have two computers that run Windows 10. The computers are enrolled in Microsoft Intune as shown in the following table. Windows 10 update rings are defined in Intune as shown in the following table. You assign the update rings as shown in the following table. What is the effect of the configurations on Computer1 and Computer2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have computers that run Windows 10 and are managed by using Microsoft Intune. Users store their files in a folder named D:\Folder1. You need to ensure that only a trusted list of applications is granted write access to D:\Folder1. What should you configure in the device configuration profile?
HOTSPOT You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the devices shown in the following table. Contoso.com contains the Azure Active Directory groups shown in the following table. You add a Windows Autopilot deployment profile. The profile is configured as shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft 365 tenant and an internal certification authority (CA). You need to use Microsoft Intune to deploy the root CA certificate to managed devices. Which type of Intune policy and profile should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT User1 and User2 plan to use Sync your settings. On which devices can the users use Sync your settings? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft 365 tenant that uses Microsoft Intune. From the Microsoft Intune admin center, you plan to create a baseline to monitor the Startup score and the App reliability score of enrolled Windows 10 devices. You need to identify which tool to use to create the baseline and the minimum number of devices required to create the baseline. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a computer named Computed that has Windows 10 installed. You create a Windows PowerShell script named config.psl. You need to ensure that config.psl runs after feature updates are installed on Computer5. Which file should you modify on Computer5?
Your network contains an on-premises Active Directory domain. The domain contains two computers named Computer1 and Computer? that run Windows 10. You install Windows Admin Center on Computer1. You need to manage Computer2 from Computer1 by using Windows Admin Center. What should you do on Computed?
HOTSPOT You have a Microsoft 365 subscription. You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the following table. You need to configure device enrollment to meet the following requirements: Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager. Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a selection made by users during the enrollment. Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 101

Report
Export
Collapse

DRAG DROP

You have a Microsoft 365 subscription that contains the devices shown in the following table.

You need to ensure that only devices running trusted firmware or operating system builds can access network resources.

Which compliance policy setting should you configure for each device? To answer, drag the appropriate settings to the correct devices. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Question 101
Correct answer: Question 101

Explanation:

Box 1:

Device Compliance settings for Windows 10/11 in Intune

There are the different compliance settings you can configure on Windows devices in Intune. As part of your mobile device management (MDM) solution, use these settings to require BitLocker, set a minimum and maximum operating system, set a risk level using Microsoft Defender for Endpoint, and more.

Note: Windows Health Attestation Service evaluation rules

Require BitLocker:

Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user dat a. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.

Not configured (default) - This setting isn't evaluated for compliance or non-compliance.

Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.

Box 2: Prevent jailbroken devices from having corporate access

Device Compliance settings for iOS/iPadOS in Intune

There are different compliance settings you can configure on iOS/iPadOS devices in Intune. As part of your mobile device management (MDM) solution, use these settings to require an email, mark rooted (jailbroken) devices as not compliant, set an allowed threat level, set passwords to expire, and more.

Device Health

Jailbroken devices

Supported for iOS 8.0 and later

Not configured (default) - This setting isn't evaluated for compliance or non-compliance.

Block - Mark rooted (jailbroken) devices as not compliant.

Box 3: Prevent rooted devices from having corporate access.

Device compliance settings for Android Enterprise in Intune

There are different compliance settings you can configure on Android Enterprise devices in Intune. As part of your mobile device management (MDM) solution, use these settings to mark rooted devices as not compliant, set an allowed threat level, enable Google Play Protect, and more.

Device Health - for Personally-Owned Work Profile

Rooted devices

Not configured (default) - This setting isn't evaluated for compliance or non-compliance.

Block - Mark rooted devices as not compliant.

Reference: https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-createwindows

https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android-for-work

https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios

Question 102

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to perform the following tasks for User1:

Set the Usage location to Canada.

Configure the Phone and Email authentication contact info for self-service password reset (SSPR).

Which two settings should you configure in the Azure Active Directory admin center? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.


Question 102
Correct answer: Question 102

Question 103

Report
Export
Collapse

You have a Microsoft 365 subscription that contains 100 devices enrolled in Microsoft Intune.

You need to review the startup processes and how often each device restarts.

What should you use?

A.

Endpoint analytics

A.

Endpoint analytics

Answers
B.

Intune Data Warehouse

B.

Intune Data Warehouse

Answers
C.

Azure Monitor

C.

Azure Monitor

Answers
D.

Device Management

D.

Device Management

Answers
Suggested answer: B

Question 104

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

In the Microsoft 365 Apps admin center, you create a Microsoft Office customization.

Which users can download the Office customization file from the admin center?

A.

Admin1, Admin2, Admin3. and Admin4

A.

Admin1, Admin2, Admin3. and Admin4

Answers
B.

Admin1, Admin2, and Admin3 only

B.

Admin1, Admin2, and Admin3 only

Answers
C.

Admin3 only

C.

Admin3 only

Answers
D.

Admin3 and Admin4 only

D.

Admin3 and Admin4 only

Answers
E.

Admin1 and Admin3 only

E.

Admin1 and Admin3 only

Answers
Suggested answer: B

Explanation:

* Admin1

An application admin has full access to enterprise applications, applications registrations, and application proxy settings.

* Admin2

Mark your app as publisher verified.

In Azure AD this user must be a member of one of the following roles: Application Admin, Cloud

Application Admin, or Global Admin.

* Admin3

Office Apps admin - Assign the Office Apps admin role to users who need to do the following:

- Use the Office cloud policy service to create and manage cloud-based policies for Office

- Create and manage service requests

- Manage the What's New content that users see in their Office apps

- Monitor service health

Reference:

Office Apps admin - Assign the Office Apps admin role to users who need to do the following

https://docs.microsoft.com/en-us/azure/active-directory/develop/mark-app-as-publisher-verified

Question 105

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 E5 subscription.

You create an app protection policy for Android devices named Policy1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Question 105
Correct answer: Question 105

Explanation:

Box 1: Install the Intune Company Portal app on the device

On Android, Android devices will prompt to install the Intune Company Portal app regardless of which Device type is chosen.

Bix 2: Devices only

For Android devices, unmanaged devices are devices where Intune MDM management has not been detected. This includes devices managed by third-party MDM vendors.

Reference: https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies#appprotection-policies-for-iosipados-and-android-apps

Question 106

Report
Export
Collapse

You have a Microsoft 365 E5 subscription.

You need to download a report that lists all the devices that are NOT enrolled in Microsoft Intune and are assigned an app protection policy.

What should you select in the Microsoft Endpoint Manager admin center?

A.

Apps. and then App protection policies

A.

Apps. and then App protection policies

Answers
B.

Apps. and then Monitor

B.

Apps. and then Monitor

Answers
C.

Devices, and then Monitor

C.

Devices, and then Monitor

Answers
D.

Reports, and the Device compliance

D.

Reports, and the Device compliance

Answers
Suggested answer: A

Explanation:

App report: You can search by platform and app, and then this report will provide two different app protection statuses that you can select before generating the report. The statuses can be Protected or Unprotected.

Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies-monitor

Question 107

Report
Export
Collapse

HOTSPOT

Your company uses Microsoft Defender for Endpoint Microsoft Defender for Endpoint includes the device groups shown in the following table.

You onboard a computer to Microsoft Defender for Endpoint as shown in the following exhibit.

What is the effect of the Microsoft Defender for Endpoint configuration? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 107
Correct answer: Question 107

Question 108

Report
Export
Collapse

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.

Computer1 has apps that are compatible with Windows 10.

You need to perform a Windows 10 in-place upgrade on Computer1.

Solution: You copy the Windows 10 installation media to a network share. You start Computer1 from Windows PE (WinPE), and then you run setup.exe from the network share.

Does this meet the goal?

A.

Yes

A.

Yes

Answers
B.

No

B.

No

Answers
Suggested answer: B

Explanation:


Question 109

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 subscription that uses Microsoft Intune.

You plan to manage Windows updates by using Intune.

You create an update ring for Windows 10 and later and configure the User experience settings for the ring as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Question 109
Correct answer: Question 109

Question 110

Report
Export
Collapse

You have a Microsoft 365 tenant.

You have devices enrolled in Microsoft Intune.

You assign a conditional access policy named Policy1 to a group named Group1. Policy! restricts devices marked as noncompliant from accessing Microsoft OneDrive for Business.

You need to identify which noncompliant devices attempt to access OneDrive for Business. What should you do?

A.

From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook.

A.

From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook.

Answers
B.

From the Microsoft Intune admin center, review Device compliance report.

B.

From the Microsoft Intune admin center, review Device compliance report.

Answers
C.

From the Microsoft Intune admin center, review the Noncompliant devices report.

C.

From the Microsoft Intune admin center, review the Noncompliant devices report.

Answers
D.

From the Microsoft Intune admin center, review the Setting compliance report.

D.

From the Microsoft Intune admin center, review the Setting compliance report.

Answers
Suggested answer: C
Total 301 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms