ExamGecko
Search Search Login
Home Home / Microsoft / MD-102

Microsoft MD-102 Practice Test - Questions Answers, Page 23

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have two computers that run Windows 10. The computers are enrolled in Microsoft Intune as shown in the following table. Windows 10 update rings are defined in Intune as shown in the following table. You assign the update rings as shown in the following table. What is the effect of the configurations on Computer1 and Computer2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have computers that run Windows 10 and are managed by using Microsoft Intune. Users store their files in a folder named D:\Folder1. You need to ensure that only a trusted list of applications is granted write access to D:\Folder1. What should you configure in the device configuration profile?
HOTSPOT You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the devices shown in the following table. Contoso.com contains the Azure Active Directory groups shown in the following table. You add a Windows Autopilot deployment profile. The profile is configured as shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft 365 tenant and an internal certification authority (CA). You need to use Microsoft Intune to deploy the root CA certificate to managed devices. Which type of Intune policy and profile should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT User1 and User2 plan to use Sync your settings. On which devices can the users use Sync your settings? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft 365 tenant that uses Microsoft Intune. From the Microsoft Intune admin center, you plan to create a baseline to monitor the Startup score and the App reliability score of enrolled Windows 10 devices. You need to identify which tool to use to create the baseline and the minimum number of devices required to create the baseline. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a computer named Computed that has Windows 10 installed. You create a Windows PowerShell script named config.psl. You need to ensure that config.psl runs after feature updates are installed on Computer5. Which file should you modify on Computer5?
Your network contains an on-premises Active Directory domain. The domain contains two computers named Computer1 and Computer? that run Windows 10. You install Windows Admin Center on Computer1. You need to manage Computer2 from Computer1 by using Windows Admin Center. What should you do on Computed?
HOTSPOT You have a Microsoft 365 subscription. You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the following table. You need to configure device enrollment to meet the following requirements: Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager. Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a selection made by users during the enrollment. Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 221

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You need to configure an update ring that meets the following requirements:

* Fixes and improvements to existing Windows functionality can be deferred for 14 days but will install automatically seven days after that date.

* The installation of new Windows features can be deferred for 90 days but will install automatically 10 days after that date.

* Devices must restart automatically three days after an update is installed.

How should you configure the update ring? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.


Question 221
Correct answer: Question 221

Question 222

Report
Export
Collapse

You manage 1.000 devices by using Microsoft Intune. You review the Device compliance trends report. For how long will the report display trend data?

A.

30 days

A.

30 days

Answers
B.

60 days

B.

60 days

Answers
C.

90 days

C.

90 days

Answers
D.

365 days

D.

365 days

Answers
Suggested answer: B

Explanation:

The Device compliance trends report shows the number of devices that are compliant, noncompliant, and not evaluated over time. The report displays trend data for the last 60 days by default, but you can change the time range to view data for the last 7, 14, or 30 days as well. The report does not show data for more than 60 days.Reference:[Device compliance trends report]

Question 223

Report
Export
Collapse

You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Azure AD joined and are enrolled in Microsoft Intune.

You plan to manage Microsoft Defender Antivirus on the computers.

You need to prevent users from disabling Microsoft Defender Antivirus,

What should you do?

A.

From the Microsoft Intune admin center, create a security baseline.

A.

From the Microsoft Intune admin center, create a security baseline.

Answers
B.

From the Microsoft 365 Defender portal, enable tamper protection.

B.

From the Microsoft 365 Defender portal, enable tamper protection.

Answers
C.

From the Microsoft Intune admin center, create an account protection policy.

C.

From the Microsoft Intune admin center, create an account protection policy.

Answers
D.

From the Microsoft Intune admin center, create an endpoint detection and response (EDR) policy.

D.

From the Microsoft Intune admin center, create an endpoint detection and response (EDR) policy.

Answers
Suggested answer: B

Explanation:

Tamper protection is a feature of Microsoft Defender Antivirus that prevents users or malicious software from disabling or modifying the antivirus settings. Tamper protection can be enabled from the Microsoft 365 Defender portal for devices that are Azure AD joined and enrolled in Microsoft Intune. This will prevent users from turning off Microsoft Defender Antivirus or changing its configuration through Windows Security, PowerShell, Registry, or Group Policy.Reference:[Enable tamper protection]

Question 224

Report
Export
Collapse

HOTSPOT

You have 1,000 computers that run Windows 10 and are members of an Active Directory domain.

You need to capture the event togs from the computers to Azure.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 224
Correct answer: Question 224

Question 225

Report
Export
Collapse

You have 200 computers that run Windows 10 and are joined to an Active Directory domain.

You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Enable the Allow Remote Shell access setting.

A.

Enable the Allow Remote Shell access setting.

Answers
B.

Enable the Allow remote server management through WinRM setting.

B.

Enable the Allow remote server management through WinRM setting.

Answers
C.

Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.

C.

Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.

Answers
D.

Enable the Windows Defender Firewall: Allow inbound Remote Desktop exceptions setting.

D.

Enable the Windows Defender Firewall: Allow inbound Remote Desktop exceptions setting.

Answers
E.

Set the Startup Type of the Remote Registry service to Automatic

E.

Set the Startup Type of the Remote Registry service to Automatic

Answers
F.

Enable the Windows Defender Firewall: Allow inbound remote administration exception setting.

F.

Enable the Windows Defender Firewall: Allow inbound remote administration exception setting.

Answers
Suggested answer: B, C, F

Explanation:

To enable WinRM on domain computers using Group Policy, you need to perform the following actions:

Enable the Allow remote server management through WinRM setting under Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service. This setting allows you to specify the IP address ranges that can connect to the WinRM service.

Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic under Computer Configuration > Preferences > Control Panel Settings > Services. This setting ensures that the WinRM service starts automatically on the computers.

Enable the Windows Defender Firewall: Allow inbound remote administration exception setting under Computer Configuration > Policies > Security Settings > Windows Firewall and Advanced Security > Windows Firewall and Advanced Security > Inbound Rules. This setting creates a firewall rule that allows incoming TCP connections on port 5985 for WinRM.Reference:How to Enable WinRM via Group Policy,Installation and configuration for Windows Remote Management

Question 226

Report
Export
Collapse

You have a Microsoft 365 Business Standard subscription and 100 Windows 10 Pro devices.

You purchase a Microsoft 365 E5 subscription.

You need to upgrade the Windows 10 Pro devices to Windows 10 Enterprise. The solution must minimize administrative effort.

Which upgrade method should you use?

A.

Windows Autopilot

A.

Windows Autopilot

Answers
B.

a Microsoft Deployment Toolkit (MDT) lite-touch deployment

B.

a Microsoft Deployment Toolkit (MDT) lite-touch deployment

Answers
C.

Subscription Activation

C.

Subscription Activation

Answers
D.

an in-place upgrade by using Windows installation media

D.

an in-place upgrade by using Windows installation media

Answers
Suggested answer: C

Explanation:

Subscription Activation is a feature that allows you to upgrade from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise without needing a product key or reinstallation. You just need to assign a subscription license (such as Microsoft 365 E5) to the user in Azure AD, and then sign in to the device with that user account. The device will automatically activate Windows Enterprise edition using the firmware-embedded activation key for Windows Pro edition. This method minimizes administrative effort and simplifies the upgrade process.Reference:Windows subscription activation,Deploy Windows Enterprise licenses

Question 227

Report
Export
Collapse

HOTSPOT

You have devices that are not rooted enrolled in Microsoft Intune as shown in the following table.

The devices are members of a group named Group1.

In Intune, you create a device compliance location that has the following configurations:

* Name: Network1

* IPv4 range: 192.168.0.0/16

In Intune. you create a device compliance policy for the Android platform. The policy has the following configurations:

* Name: Policy1

* Device health: Rooted devices: Block

* Locations: Location: Network1

* Mark device noncompliant: Immediately

* Assigned: Group1

The Intune device compliance policy has the following configurations:

* Mark devices with no compliance policy assigned as: Compliant

* Enhanced jailbreak detection: Enabled

* Compliance status validity period (days): 20

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 227
Correct answer: Question 227

Question 228

Report
Export
Collapse

You need to implement mobile device management (MDM) for personal devices that run Windows 11. The solution must meet the following requirements:

* Ensure that you can manage the personal devices by using Microsoft Intune.

* Ensure that users can access company data seamlessly from their personal devices.

* Ensure that users can only sign in to their personal devices by using their personal account

What should you use to add the devices to Azure AD?

A.

Azure AD registered

A.

Azure AD registered

Answers
B.

hybrid Azure AD join

B.

hybrid Azure AD join

Answers
C.

AD joined

C.

AD joined

Answers
Suggested answer: A

Explanation:

To implement MDM for personal devices that run Windows 11, you should use Azure AD registered. Azure AD registered devices are devices that are connected to your organization's resources using a personal device and a personal account. You can manage these devices by using Microsoft Intune and enable seamless access to company data. Users can only sign in to their personal devices by using their personal account, not their organizational account.Azure AD registered devices support Windows 10 or newer, iOS, Android, macOS, and Ubuntu 20.04/22.04 LTS1.

The other options are not suitable for this scenario because:

Hybrid Azure AD join is for corporate-owned and managed devices that are joined to both on-premises Active Directory and Azure AD.Users can sign in to these devices by using their organizational account that exists in both directories2.

AD joined is for devices that are joined only to on-premises Active Directory.These devices are not managed by Microsoft Intune and do not have access to cloud resources3.

Question 229

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 subscription.

All computers are enrolled in Microsoft Intune.

You have business requirements for securing your Windows 11 environment as shown in the following table.

What should you implement to meet each requirement? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.


Question 229
Correct answer: Question 229

Question 230

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 subscription that contains two security groups named Group1 and Group2. Microsoft 365 uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You need to assign roles in Intune to meet the following requirements:

* The members of Group1 must manage Intune roles and assignments.

* The members of Group2 must assign existing apps and policies to users and devices.

The solution must follow the principle of least privilege.

Which role should you assign to each group? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 230
Correct answer: Question 230
Total 301 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms