Ask Question
Microsoft MD-102 Practice Test - Questions Answers, Page 5
Add to Whishlist
List of questions
Question 41
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You have a Windows 11 device named Device1 that is enrolled in Intune. Device1 has been offline for 30 days.
You need to remove Device1 from Intune immediately. The solution must ensure that if the device checks in again, any apps and data provisioned by Intune are removed. User-installed apps, personal data, and OEM-installed apps must be retained.
What should you use?
a Delete action
a Retire action
a Fresh Start action
an Autopilot Reset action
A retire action removes a device from Intune management and removes any apps and data provisioned by Intune. User-installed apps, personal data, and OEM-installed apps are retained. A retire action can be performed on devices that are offline for more than 30 days. Reference:
https://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
Question 42
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices.
You need to review the startup times and restart frequencies of the devices. What should you use?
Azure Monitor
intune Data Warehouse
Microsoft Defender for Endpoint
Endpoint analytics
Endpoint analytics is a feature of Microsoft Intune that provides insights into the performance and health of devices. You can use endpoint analytics to review the startup times and restart frequencies of the devices, as well as other metrics such as sign-in times, battery life, app reliability, and software inventory. Reference: https://docs.microsoft.com/en-us/mem/analytics/overview
Question 43
HOTSPOT
You have a Microsoft 365 E5 subscription.
You create a new update rings policy named Policy1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point,
Answer:
*Updates that contain fixes and improvements to existing Windows functionality can be deferred for 30 days.
This is because the update rings policy named Policy1 has the "Quality updates deferral period (days)" setting set to 30. This means that quality updates, which include fixes and improvements to existing Windows functionality, can be deferred for up to 30 days from the date they are released by Microsoft. After 30 days, the devices will automatically install the quality updates. Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure
*Updates that contain new Windows functionality will be installed within 60 days of release.
This is because the update rings policy named Policy1 has the "Feature updates deferral period (days)" setting set to 60. This means that feature updates, which include new Windows functionality, can be deferred for up to 60 days from the date they are released by Microsoft. After 60 days, the devices will automatically install the feature updates. Reference: https://docs.microsoft.com/enus/ mem/intune/protect/windows-update-for-business-configure
Question 44
You have computer that run Windows 10 and connect to an Azure Log Analytics workspace. The workspace is configured to collect all available events from Windows event logs.
The computers have the logged events shown in the following table.
Which events are collected in the Log Analytics workspace?
1 only
2 and 3 only
1 and 3 only
1, 2, and 4 on
1, 2, 3, and 4
All events from Windows event logs are collected in the Log Analytics workspace, regardless of the event level or source. Therefore, events 1, 2, 3, and 4 are all collected in the workspace. Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events
Question 45
You have a Microsoft 365 E5 subscription that contains 10 Android Enterprise devices. Each device has a corporate-owned work profile and is enrolled in Microsoft Intune.
You need to configure the devices to run a single app in kiosk mode.
Which Configuration settings should you modify in the device restrictions profile?
General
Users and Accounts
System security
Device experience
To configure the devices to run a single app in kiosk mode, you need to modify the Device experience settings in the device restrictions profile. You can specify the app package name and activity name for the app that you want to run in kiosk mode. Reference: https://docs.microsoft.com/enus/ mem/intune/configuration/device-restrictions-android-for-work#device-experience
Question 46
You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft
Intune.
You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize administrative effort.
What should you do?
Onboard the macOS devices to the Microsoft Purview compliance portal.
From the Microsoft Intune admin center, create a security baseline.
Install Defender for Endpoint on the macOS devices.
From the Microsoft Intune admin center, create a configuration profile.
To apply Microsoft Defender for Endpoint antivirus policies to the macOS devices, you need to install
Defender for Endpoint on the devices. You can use Intune to deploy a script that installs Defender for
Endpoint on macOS devices. After installation, you can use Intune to create and assign antivirus policies to the devices. Reference: https://docs.microsoft.com/en-us/windows/security/threatprotection/ microsoft-defender-atp/mac-install-with-intune
Question 47
You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.
You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices.
The solution must minimize administrative effort.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure the
Windows Defender Antivirus settings.
To configure Microsoft Defender Firewall, create a device configuration profile and configure the
Device restrictions settings.
To configure Microsoft Defender Antivirus, create a device configuration profile and configure the
Endpoint protection settings.
To configure Microsoft Defender Antivirus, create a device configuration profile and configure the
Device restrictions settings.
To configure Microsoft Defender Firewall, create a device configuration profile and configure the
Endpoint protection settings.
To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure
Windows Defender Firewall with Advanced Security.
To configure Microsoft Defender Firewall and Microsoft Defender Antivirus on Azure AD joined devices that are managed by Intune, you need to create a device configuration profile and configure the Endpoint protection settings. You can use this profile to configure various settings for firewall and antivirus protection on the devices. Reference: https://docs.microsoft.com/enus/ mem/intune/protect/endpoint-protection-windows-10
Question 48
You have an Azure AD group named Group1. Group! contains two Windows 10 Enterprise devices named Device1 and Device2. You create a device configuration profile named Profile1. You assign
Profile! to Group1. You need to ensure that Profile! applies to Device1 only. What should you modify in Profile 1?
Assignments
Settings
Scope (Tags)
Applicability Rules
To ensure that Profile1 applies to Device1 only, you need to modify the Applicability Rules in Profile1.
You can use applicability rules to filter which devices receive a profile based on criteria such as device model, manufacturer, or operating system version. You can create an applicability rule that matches
Device1's properties and excludes Device2's properties. Reference: https://docs.microsoft.com/enus/ mem/intune/configuration/device-profile-assign#applicability-rules
Question 49
DRAG DROP
You have a Microsoft 365 subscription that includes Microsoft Intune.
You need to implement a Microsoft Defender for Endpoint solution that meets the following requirements:
β’ Enforces compliance for Defender for Endpoint by using Conditional Access
β’ Prevents suspicious scripts from running on devices
What should you configure? To answer, drag the appropriate features to the correct requirements.
Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
To enforce compliance for Defender for Endpoint by using Conditional Access, you need to configure an Intune connection in the Defender for Endpoint portal. This allows you to use Intune device compliance policies to evaluate the health and compliance status of devices that are enrolled in
Defender for Endpoint. You can then use Conditional Access policies to block or allow access to cloud apps based on the device compliance status. Reference: https://docs.microsoft.com/enus/ windows/security/threat-protection/microsoft-defender-atp/conditional-access
To prevent suspicious scripts from running on devices, you need to configure an attack surface reduction (ASR) rule in Intune. ASR rules are part of the endpoint protection settings that you can apply to devices by using device configuration profiles. You can use the ASR rule "Block Office applications from creating child processes" to prevent Office applications from launching child processes such as scripts or executables. Reference: https://docs.microsoft.com/enus/ mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-asr-rules
Question 50
Your network contains an on-premises Active Directory domain and an Azure AD tenant.
The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following table.
Which device configuration profile type template should you use?
Administrative Templates
Endpoint protection
Device restrictions
Custom
To configure the settings shown in the table, you need to use the Administrative Templates device configuration profile type template. This template allows you to configure hundreds of settings that are also available in Group Policy. You can use this template to configure settings such as password policies, account lockout policies, and audit policies. Reference: https://docs.microsoft.com/enus/ mem/intune/configuration/administrative-templates-windows
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question