ExamGecko
Search Search Login
Home Home / Microsoft / MD-102

Microsoft MD-102 Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have two computers that run Windows 10. The computers are enrolled in Microsoft Intune as shown in the following table. Windows 10 update rings are defined in Intune as shown in the following table. You assign the update rings as shown in the following table. What is the effect of the configurations on Computer1 and Computer2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have computers that run Windows 10 and are managed by using Microsoft Intune. Users store their files in a folder named D:\Folder1. You need to ensure that only a trusted list of applications is granted write access to D:\Folder1. What should you configure in the device configuration profile?
HOTSPOT You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the devices shown in the following table. Contoso.com contains the Azure Active Directory groups shown in the following table. You add a Windows Autopilot deployment profile. The profile is configured as shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT User1 and User2 plan to use Sync your settings. On which devices can the users use Sync your settings? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft 365 tenant that uses Microsoft Intune. From the Microsoft Intune admin center, you plan to create a baseline to monitor the Startup score and the App reliability score of enrolled Windows 10 devices. You need to identify which tool to use to create the baseline and the minimum number of devices required to create the baseline. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a computer named Computed that has Windows 10 installed. You create a Windows PowerShell script named config.psl. You need to ensure that config.psl runs after feature updates are installed on Computer5. Which file should you modify on Computer5?
Your network contains an on-premises Active Directory domain. The domain contains two computers named Computer1 and Computer? that run Windows 10. You install Windows Admin Center on Computer1. You need to manage Computer2 from Computer1 by using Windows Admin Center. What should you do on Computed?
HOTSPOT You have a Microsoft 365 tenant and an internal certification authority (CA). You need to use Microsoft Intune to deploy the root CA certificate to managed devices. Which type of Intune policy and profile should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft 365 subscription. You plan to enroll devices in Microsoft Endpoint Manager that have the platforms and versions shown in the following table. You need to configure device enrollment to meet the following requirements: Ensure that only devices that have approved platforms and versions can enroll in Endpoint Manager. Ensure that devices are added to Microsoft Azure Active Directory (Azure AD) groups based on a selection made by users during the enrollment. Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 41

Report
Export
Collapse

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You have a Windows 11 device named Device1 that is enrolled in Intune. Device1 has been offline for 30 days.

You need to remove Device1 from Intune immediately. The solution must ensure that if the device checks in again, any apps and data provisioned by Intune are removed. User-installed apps, personal data, and OEM-installed apps must be retained.

What should you use?

A.

a Delete action

A.

a Delete action

Answers
B.

a Retire action

B.

a Retire action

Answers
C.

a Fresh Start action

C.

a Fresh Start action

Answers
D.

an Autopilot Reset action

D.

an Autopilot Reset action

Answers
Suggested answer: B

Explanation:

A retire action removes a device from Intune management and removes any apps and data provisioned by Intune. User-installed apps, personal data, and OEM-installed apps are retained. A retire action can be performed on devices that are offline for more than 30 days. Reference:

https://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe

Question 42

Report
Export
Collapse

You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices.

You need to review the startup times and restart frequencies of the devices. What should you use?

A.

Azure Monitor

A.

Azure Monitor

Answers
B.

intune Data Warehouse

B.

intune Data Warehouse

Answers
C.

Microsoft Defender for Endpoint

C.

Microsoft Defender for Endpoint

Answers
D.

Endpoint analytics

D.

Endpoint analytics

Answers
Suggested answer: D

Explanation:

Endpoint analytics is a feature of Microsoft Intune that provides insights into the performance and health of devices. You can use endpoint analytics to review the startup times and restart frequencies of the devices, as well as other metrics such as sign-in times, battery life, app reliability, and software inventory. Reference: https://docs.microsoft.com/en-us/mem/analytics/overview

Question 43

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 E5 subscription.

You create a new update rings policy named Policy1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point,


Answer:

Question 43
Correct answer: Question 43

Explanation:

*Updates that contain fixes and improvements to existing Windows functionality can be deferred for 30 days.

This is because the update rings policy named Policy1 has the "Quality updates deferral period (days)" setting set to 30. This means that quality updates, which include fixes and improvements to existing Windows functionality, can be deferred for up to 30 days from the date they are released by Microsoft. After 30 days, the devices will automatically install the quality updates. Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure

*Updates that contain new Windows functionality will be installed within 60 days of release.

This is because the update rings policy named Policy1 has the "Feature updates deferral period (days)" setting set to 60. This means that feature updates, which include new Windows functionality, can be deferred for up to 60 days from the date they are released by Microsoft. After 60 days, the devices will automatically install the feature updates. Reference: https://docs.microsoft.com/enus/ mem/intune/protect/windows-update-for-business-configure

Question 44

Report
Export
Collapse

You have computer that run Windows 10 and connect to an Azure Log Analytics workspace. The workspace is configured to collect all available events from Windows event logs.

The computers have the logged events shown in the following table.

Which events are collected in the Log Analytics workspace?

A.

1 only

A.

1 only

Answers
B.

2 and 3 only

B.

2 and 3 only

Answers
C.

1 and 3 only

C.

1 and 3 only

Answers
D.

1, 2, and 4 on

D.

1, 2, and 4 on

Answers
E.

1, 2, 3, and 4

E.

1, 2, 3, and 4

Answers
Suggested answer: E

Explanation:

All events from Windows event logs are collected in the Log Analytics workspace, regardless of the event level or source. Therefore, events 1, 2, 3, and 4 are all collected in the workspace. Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events

Question 45

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that contains 10 Android Enterprise devices. Each device has a corporate-owned work profile and is enrolled in Microsoft Intune.

You need to configure the devices to run a single app in kiosk mode.

Which Configuration settings should you modify in the device restrictions profile?

A.

General

A.

General

Answers
B.

Users and Accounts

B.

Users and Accounts

Answers
C.

System security

C.

System security

Answers
D.

Device experience

D.

Device experience

Answers
Suggested answer: D

Explanation:

To configure the devices to run a single app in kiosk mode, you need to modify the Device experience settings in the device restrictions profile. You can specify the app package name and activity name for the app that you want to run in kiosk mode. Reference: https://docs.microsoft.com/enus/ mem/intune/configuration/device-restrictions-android-for-work#device-experience

Question 46

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft

Intune.

You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize administrative effort.

What should you do?

A.

Onboard the macOS devices to the Microsoft Purview compliance portal.

A.

Onboard the macOS devices to the Microsoft Purview compliance portal.

Answers
B.

From the Microsoft Intune admin center, create a security baseline.

B.

From the Microsoft Intune admin center, create a security baseline.

Answers
C.

Install Defender for Endpoint on the macOS devices.

C.

Install Defender for Endpoint on the macOS devices.

Answers
D.

From the Microsoft Intune admin center, create a configuration profile.

D.

From the Microsoft Intune admin center, create a configuration profile.

Answers
Suggested answer: C

Explanation:

To apply Microsoft Defender for Endpoint antivirus policies to the macOS devices, you need to install

Defender for Endpoint on the devices. You can use Intune to deploy a script that installs Defender for

Endpoint on macOS devices. After installation, you can use Intune to create and assign antivirus policies to the devices. Reference: https://docs.microsoft.com/en-us/windows/security/threatprotection/ microsoft-defender-atp/mac-install-with-intune

Question 47

Report
Export
Collapse

You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.

You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices.

The solution must minimize administrative effort.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure the

Windows Defender Antivirus settings.

A.

To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure the

Windows Defender Antivirus settings.

Answers
B.

To configure Microsoft Defender Firewall, create a device configuration profile and configure the

Device restrictions settings.

B.

To configure Microsoft Defender Firewall, create a device configuration profile and configure the

Device restrictions settings.

Answers
C.

To configure Microsoft Defender Antivirus, create a device configuration profile and configure the

Endpoint protection settings.

C.

To configure Microsoft Defender Antivirus, create a device configuration profile and configure the

Endpoint protection settings.

Answers
D.

To configure Microsoft Defender Antivirus, create a device configuration profile and configure the

Device restrictions settings.

D.

To configure Microsoft Defender Antivirus, create a device configuration profile and configure the

Device restrictions settings.

Answers
E.

To configure Microsoft Defender Firewall, create a device configuration profile and configure the

Endpoint protection settings.

E.

To configure Microsoft Defender Firewall, create a device configuration profile and configure the

Endpoint protection settings.

Answers
F.

To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure

Windows Defender Firewall with Advanced Security.

F.

To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure

Windows Defender Firewall with Advanced Security.

Answers
Suggested answer: C, E

Explanation:

To configure Microsoft Defender Firewall and Microsoft Defender Antivirus on Azure AD joined devices that are managed by Intune, you need to create a device configuration profile and configure the Endpoint protection settings. You can use this profile to configure various settings for firewall and antivirus protection on the devices. Reference: https://docs.microsoft.com/enus/ mem/intune/protect/endpoint-protection-windows-10

Question 48

Report
Export
Collapse

You have an Azure AD group named Group1. Group! contains two Windows 10 Enterprise devices named Device1 and Device2. You create a device configuration profile named Profile1. You assign

Profile! to Group1. You need to ensure that Profile! applies to Device1 only. What should you modify in Profile 1?

A.

Assignments

A.

Assignments

Answers
B.

Settings

B.

Settings

Answers
C.

Scope (Tags)

C.

Scope (Tags)

Answers
D.

Applicability Rules

D.

Applicability Rules

Answers
Suggested answer: D

Explanation:

To ensure that Profile1 applies to Device1 only, you need to modify the Applicability Rules in Profile1.

You can use applicability rules to filter which devices receive a profile based on criteria such as device model, manufacturer, or operating system version. You can create an applicability rule that matches

Device1's properties and excludes Device2's properties. Reference: https://docs.microsoft.com/enus/ mem/intune/configuration/device-profile-assign#applicability-rules

Question 49

Report
Export
Collapse

DRAG DROP

You have a Microsoft 365 subscription that includes Microsoft Intune.

You need to implement a Microsoft Defender for Endpoint solution that meets the following requirements:

• Enforces compliance for Defender for Endpoint by using Conditional Access

• Prevents suspicious scripts from running on devices

What should you configure? To answer, drag the appropriate features to the correct requirements.

Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 49
Correct answer: Question 49

Explanation:

To enforce compliance for Defender for Endpoint by using Conditional Access, you need to configure an Intune connection in the Defender for Endpoint portal. This allows you to use Intune device compliance policies to evaluate the health and compliance status of devices that are enrolled in

Defender for Endpoint. You can then use Conditional Access policies to block or allow access to cloud apps based on the device compliance status. Reference: https://docs.microsoft.com/enus/ windows/security/threat-protection/microsoft-defender-atp/conditional-access

To prevent suspicious scripts from running on devices, you need to configure an attack surface reduction (ASR) rule in Intune. ASR rules are part of the endpoint protection settings that you can apply to devices by using device configuration profiles. You can use the ASR rule "Block Office applications from creating child processes" to prevent Office applications from launching child processes such as scripts or executables. Reference: https://docs.microsoft.com/enus/ mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-asr-rules

Question 50

Report
Export
Collapse

Your network contains an on-premises Active Directory domain and an Azure AD tenant.

The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following table.

Which device configuration profile type template should you use?

A.

Administrative Templates

A.

Administrative Templates

Answers
B.

Endpoint protection

B.

Endpoint protection

Answers
C.

Device restrictions

C.

Device restrictions

Answers
D.

Custom

D.

Custom

Answers
Suggested answer: A

Explanation:

To configure the settings shown in the table, you need to use the Administrative Templates device configuration profile type template. This template allows you to configure hundreds of settings that are also available in Group Policy. You can use this template to configure settings such as password policies, account lockout policies, and audit policies. Reference: https://docs.microsoft.com/enus/ mem/intune/configuration/administrative-templates-windows

Total 301 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms