MD-102 Questions - IT Exam Questions

MD-102 Questions 1-4. Case study -\ \ Overview -\ ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.\ ADatum has a Microsoft 365 E5 subscription.\ \ Environment -\ \ Network Environment -\ The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.\ A group of black text Description automatically generated\ ADatum has a hybrid Azure AD tenant named adatum.com.e Users and Groups -\ The adatum.com tenant contains the users shown in the following table.\ ![A screenshot of a computer Description automatically generated](media/image2.png)\ All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.\ Enterprise State Roaming is enabled for Group1 and GroupA.\ Group1 and Group2 have a Membership type of Assigned.\ \ Devices -\ ADatum has the Windows 10 devices shown in the following table.\ A group of people in a group Description automatically generated\ The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.\ The Windows 10 devices are configured as shown in the following table.\ ![A white rectangular box with black text Description automatically generated](media/image4.png)\ All the Azure AD joined devices have an executable file named C:\\AppA.exe and a folder named D:\\Folder1.\ \ Microsoft Intune Configuration -\ Microsoft Intune has the compliance policies shown in the following table.\ A close up of a sign Description automatically generated\ ![A screenshot of a computer Description automatically generated](media/image6.png)\ The Automatic Enrollment settings have the following configurations:\ \ MDM user scope: GroupA -\ \ MAM user scope: GroupB -\ You have an Endpoint protection configuration profile that has the following Controlled folder access settings:\ \ Name: Protection1 -\ \ Folder protection: Enable -\ List of apps that have access to protected folders: C:\\\*\\AppA.exe\ List of additional folders that need to be protected: D:\\Folder1\ Assignments:\ \ Included groups: Group2, GroupB -\ \ Windows Autopilot Configuration -\ ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.\ A screenshot of a computer Description automatically generated\ Currently, there are no devices deployed by using Windows Autopilot.\ The Intune connector for Active Directory is installed on Server1.\ \ Requirements -\ \ Planned Changes -\ ADatum plans to implement the following changes:\ Purchase a new Windows 10 device named Device6 and enroll the device in Intune\ New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.\ Deployed a network boundary configuration profile that will have the following settings:\ \ Name: Boundary1 -\ Network boundary: 192.168.1.0/24\ \ Scope tags: Tag1 -\ Assignments:\ \ Included groups: Group1, Group2 -\ Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:\ \ Name: Connection1 -\ \ Connection name: VPN1 -\ \ Connection type: L2TP -\ Assignments:\ Included groups: Group1, Group2, GroupA\ Excluded groups: \--\ \ Name: Connection2 -\ Connection name: VPN2 -\ \ Connection type: IKEv2 -\ Assignments:\ Included groups: GroupA -\ Excluded groups: GroupB -\ \ Technical Requirements -\ ADatum must meet the following technical requirements:\ Users in GroupA must be able to deploy new computers.\ Administrative effort must be minimized. 1.For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ ![A screenshot of a computer Description automatically generated](media/image8.png) 2\. Which devices are registered by using the Windows Autopilot deployment service? - A. Device1 only - B. Device3 only - C. Device1 and Device3 only - D. Device1, Device2, and Device3 3\. A screenshot of a survey Description automatically generated 4\. Which devices have a network boundary of 192.168.1.0/24 applied? - A. Device2 only - B. Device3 only - C. Device1, Device2, and Device5 only - D. Device1, Device2, Device3, and Device4 only 5\. HOTSPOT -\ You have a Microsoft 365 subscription.\ You use Microsoft Intune Suite to manage devices.\ You have the iOS app protection policy shown in the following exhibit.\ ![A screen shot of a computer Description automatically generated](media/image10.png)\ Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.\ NOTE: Each correct selection is worth one point.\ A screenshot of a computer error Description automatically generated 6\. DRAG DROP -\ You have a Microsoft 365 E5 subscription and a computer that runs Windows 11.\ You need to create a customized installation of Microsoft 365 Apps for enterprise.\ Which four actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.\ ![A screenshot of a computer Description automatically generated](media/image12.png) 7\. You have devices enrolled in Microsoft Intune as shown in the following table.\ A table with text on it Description automatically generated\ On which devices can you apply app configuration policies? - A. Device2 only - B. Device1 and Device2 only - C. Device3 and Device4 only - D. Device2, Device3, and Device4 only - E. Device1, Device2, Device3, and Device4 8\. HOTSPOT -\ You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.\ ![A table with text and numbers Description automatically generated](media/image14.png)\ All devices contain an app named App1 and are enrolled in Microsoft Intune.\ You need to prevent users from copying data from App1 and pasting the data into other apps.\ Which type of policy and how many policies should you create in Intune? To answer, select the appropriate options in the answer area.\ NOTE: Each correct selection is worth one point.\ A screenshot of a computer Description automatically generated 9\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ You use Microsoft Intune to manage devices.\ You plan to deploy two apps named App1 and App2 to all Windows devices. App1 must be installed before App2.\ From the Intune admin center, you create and deploy two Windows app (Win32) apps.\ You need to ensure that App1 is installed before App2 on every device.\ What should you configure? - A. the App1 deployment configurations - B. a dynamic device group - C. a detection rule - D. the App2 deployment configurations 10\. You have a Microsoft Intune subscription.\ You have devices enrolled in Intune as shown in the following table.\ ![A table with text and numbers Description automatically generated](media/image16.png)\ An app named App1 is installed on each device.\ What is the minimum number of app configuration policies required to manage App1? - A. 1 - B. 2 - C. 3 - D. 4 - E. 5 11\. You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune.\ You need to deploy a custom line-of-business (LOB) app to the devices by using Intune.\ Which extension should you select for the app package file? - A. .intunemac - B. .ipa - C. .apk - D. .appx 12\. You have a Microsoft 365 E5 subscription that contains a user named User1 and a web app named App1.\ App1 must only accept modern authentication requests.\ You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:\ \ Assignments -\ Users or workload identities: User1\ \ Cloud apps or actions: App1 -\ \ Access controls -\ \ Grant: Block access -\ You need to block only legacy authentication requests to App1.\ Which condition should you add to CAPolicy1? - A. Filter for devices - B. Device platforms - C. User risk - D. Sign-in risk - E. Client apps 13\. All users have Microsoft 365 apps deployed.\ You need to configure Microsoft 365 apps to meet the following requirements:\ Enable the automatic installation of WebView2 Runtime.\ Prevent users from submitting feedback.\ Which two settings should you configure in the Microsoft 365 Apps admin center? To answer, select the appropriate settings in the answer area.\ NOTE: Each correct selection is worth one point.\ A screenshot of a computer Description automatically generated 14\. You have a Microsoft 365 subscription.\ You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM).\ You need to deploy the Microsoft 365 Apps for enterprise suite to all the computers.\ What should you do? - A. From the Microsoft Intune admin center, create a Windows 10 device profile. - B. From Azure AD, add an app registration. - C. From Azure AD, add an enterprise application. - D. From the Microsoft Intune admin center, add an app. 15\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ You use Microsoft Intune to manage devices.\ You have a Windows 11 device named Device1 that is enrolled in Intune. Device1 has been offline for 30 days.\ You need to remove Device1 from Intune immediately. The solution must ensure that if the device checks in again, any apps and data provisioned by Intune are removed. User-installed apps, personal data, and OEM-installed apps must be retained.\ What should you use? - A. a Delete action - B. a Retire action - C. a Fresh Start action - D. an Autopilot Reset action 16\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ You use Microsoft Intune to manage devices.\ You need to review the startup times and restart frequencies of the devices.\ What should you use? - A. Azure Monitor - B. Intune Data Warehouse - C. Microsoft Defender for Endpoint - D. Endpoint analytics 17\. HOTSPOT -\ You have a Microsoft 365 E5 subscription.\ You create a new update rings policy named Policy1 as shown in the following exhibit.\ ![A screenshot of a computer update Description automatically generated](media/image18.png)\ Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.\ NOTE: Each correct selection is worth one point.\ A screenshot of a computer program Description automatically generated 18\. You have computers that run Windows 10 and connect to an Azure Log Analytics workspace. The workspace is configured to collect all available events from the Windows event logs.\ The computers have the logged events shown in the following table.\ ![A white rectangular box with black text Description automatically generated](media/image20.png)\ Which events are collected in the Log Analytics workspace? - A. 1 only - B. 2 and 3 only - C. 1 and 3 only - D. 1, 2, and 4 only - E. 1, 2, 3, and 4 19\. You have a Microsoft 365 E5 subscription that contains 10 Android Enterprise devices. Each device has a corporate-owned work profile and is enrolled in Microsoft Intune.\ You need to configure the devices to run a single app in kiosk mode.\ Which Configuration settings should you modify in the device restrictions profile? - A. Users and Accounts - B. General - C. System security - D. Device experience 20\. You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft Intune.\ You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize administrative effort.\ What should you do? - A. Onboard the macOS devices to the Microsoft Purview compliance portal. - B. From the Microsoft Intune admin center, create a security baseline. - C. Install Defender for Endpoint on the macOS devices. - D. From the Microsoft Intune admin center, create a configuration profile. 21\. You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.\ You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize administrative effort.\ Which two actions should you perform? Each correct answer presents part of the solution.\ NOTE: Each correct selection is worth one point. - A. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure the Windows Defender Antivirus settings. - B. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Device restrictions settings. - C. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Endpoint protection settings. - D. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Device restrictions settings. - E. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Endpoint protection settings. - F. To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure Windows Defender Firewall with Advanced Security. 22\. You have an Azure AD group named Group1. Group1 contains two Windows 10 Enterprise devices named Device1 and Device2.\ You create a device configuration profile named Profile1. You assign Profile1 to Group1.\ You need to ensure that Profile1 applies to Device1 only.\ What should you modify in Profile1? - A. Assignments - B. Settings - C. Scope (Tags) - D. Applicability Rules 23\. You have a Microsoft 365 subscription that includes Microsoft Intune.\ You need to implement a Microsoft Defender for Endpoint solution that meets the following requirements:\ Enforces compliance for Defender for Endpoint by using Conditional Access\ Prevents suspicious scripts from running on devices\ What should you configure? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.\ NOTE: Each correct selection is worth one point.\ A close-up of a question Description automatically generated 24\. Your network contains an on-premises Active Directory domain and an Azure AD tenant.\ The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following table.\ ![A table with numbers and letters Description automatically generated](media/image22.png)\ You need to migrate the existing Default Domain Policy GPO settings to a device configuration profile.\ Which device configuration profile type template should you use? - A. Administrative Templates - B. Endpoint protection - C. Device restrictions - D. Custom 25\. You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace.\ Which three types of data can you collect from the computers by using Log Analytics? Each correct answer presents a complete solution.\ NOTE: Each correct selection is worth one point. - - - - - 26\. You have a Microsoft 365 E5 subscription. The subscription contains 25 computers that run Windows 11 and are enrolled in Microsoft Intune.\ You need to onboard the devices to Microsoft Defender for Endpoint.\ What should you create in the Microsoft Intune admin center? - A. an attack surface reduction (ASR) policy - B. a security baseline - C. an endpoint detection and response (EDR) policy - D. an account protection policy - E. an antivirus policy 27\. Your company uses Microsoft Intune to manage devices.\ You need to ensure that only Android devices that use Android work profiles can enroll in Intune.\ Which two configurations should you perform in the device enrollment restrictions? Each correct answer presents part of the solution.\ NOTE: Each correct selection is worth one point. - A. From Platform Settings, set Android device administrator Personally Owned to Block. - B. From Platform Settings, set Android Enterprise (work profile) to Allow. - C. From Platform Settings, set Android device administrator Personally Owned to Allow. - D. From Platform Settings, set Android device administrator to Block. 28\. HOTSPOT -\ You have the device configuration profile shown in the following exhibit.\ A screenshot of a computer Description automatically generated\ Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.\ NOTE: Each correct selection is worth one point.\ ![A screenshot of a computer Description automatically generated](media/image24.png) 29\. HOTSPOT -\ You have 100 Windows 10 devices enrolled in Microsoft Intune.\ You need to configure the devices to retrieve Windows updates from the internet and from other computers on a local network.\ Which Delivery Optimization setting should you configure, and which type of Intune object should you create? To answer, select the appropriate options in the answer area.\ NOTE: Each correct selection is worth one point.\ A screenshot of a computer Description automatically generated 30\. HOTSPOT -\ You have an Azure AD tenant that contains the users shown in the following table.\ ![A group of people in a box Description automatically generated](media/image26.png)\ You have devices enrolled in Microsoft Intune as shown in the following table.\ A white and black text Description automatically generated\ From Intune, you create and send a custom notification named Notification1 to Group1.\ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ NOTE: Each correct selection is worth one point.\ ![A screenshot of a computer Description automatically generated](media/image28.png) 31\. You use Microsoft Intune and Intune Data Warehouse.\ You need to create a device inventory report that includes the data stored in the data warehouse.\ What should you use to create the report? - A. the Company Portal app - B. Endpoint analytics - C. the Azure portal app - D. Microsoft Power BI 32\. You have a Microsoft 365 E5 subscription and 25 Apple iPads.\ You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollment method.\ What should you do first? - A. Configure an Apply MDM push certificate. - B. Add your user account as a device enrollment manager (DEM). - C. Modify the enrollment restrictions. - D. Upload a file that has the device identifiers for each iPad. 33\. HOTSPOT -\ You have 100 computers that run Windows 10. You have no servers. All the computers are joined to Azure AD.\ The computers have different update settings, and some computers are configured for manual updates.\ You need to configure Windows Update. The solution must meet the following requirements:\ The configuration must be managed from a central location.\ Internet traffic must be minimized.\ Costs must be minimized.\ How should you configure Windows Update? To answer, select the appropriate options in the answer area.\ NOTE: Each correct selection is worth one point.\ A screenshot of a computer program Description automatically generated 34\. You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined Windows devices. All the devices are enrolled in Microsoft Intune.\ You need to configure Delivery Optimization on the devices to meet the following requirements:\ Allow downloads from the internet and from other computers on the local network.\ Limit the percentage of used bandwidth to 50.\ What should you use? - A. a configuration profile - B. a Windows Update for Business Group Policy setting - C. a Microsoft Peer-to-Peer Networking Services Group Policy setting - D. an Update ring for Windows 10 and later profile 35\. Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10.\ You have the groups shown in the following table.\ ![A close-up of a box Description automatically generated](media/image30.png)\ Which groups can you add to Group4? - A. Group2 only - B. Group1 and Group2 only - C. Group2 and Group3 only - D. Group1, Group2, and Group3 36\. DRAG DROP -\ You have a Microsoft 365 subscription. The subscription contains computers that run Windows 11 and are enrolled in Microsoft Intune.\ You need to create a compliance policy that meets the following requirements:\ Requires BitLocker Drive Encryption (BitLocker) on each device\ Requires a minimum operating system version\ Which setting of the compliance policy should you configure for each requirement? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.\ NOTE: Each correct selection is worth one point.\ A white background with black text Description automatically generated 37\. HOTSPOT -\ You have a Microsoft 365 E5 subscription that uses Microsoft Intune.\ You have the Windows 11 devices shown in the following table.\ ![A close-up of a sign Description automatically generated](media/image32.png)\ You deploy the device compliance policy shown in the exhibit. (Click the Exhibit tab.)\ A screenshot of a computer Description automatically generated\ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ NOTE: Each correct selection is worth one point.\ ![A white background with black text Description automatically generated](media/image34.png) 38\. DRAG DROP -\ You have a Microsoft 365 subscription that contains the devices shown in the following table.\ A list of windows operating system Description automatically generated\ You need to ensure that only devices running trusted firmware or operating system builds can access network resources.\ Which compliance policy setting should you configure for each device? To answer, drag the appropriate settings to the correct devices. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.\ NOTE: Each correct selection is worth one point.\ ![A screenshot of a computer Description automatically generated](media/image36.png) 39\. DRAG DROP -\ You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.\ You plan to create and monitor the results of a compliance policy used to validate the BIOS version of the devices.\ Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.\ A screenshot of a computer Description automatically generated 40\. DRAG DROP -\ You have a computer that runs Windows 10 and contains two local users named User1 and User2.\ You need to ensure that the users can perform the following actions:\ User1 must be able to adjust the date and time.\ User2 must be able to clear Windows logs.\ The solution must use the principle of least privilege.\ To which group should you add each user? To answer, drag the appropriate groups to the correct users. Each group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.\ NOTE: Each correct selection is worth one point.\ ![A screenshot of a computer Description automatically generated](media/image38.png) 41\. HOTSPOT -\ You have an Azure AD tenant named contoso.com.\ You have the devices shown in the following table.\ A table with text on it Description automatically generated\ Which devices can be Azure AD joined, and which devices can be registered in contoso.com? To answer, select the appropriate options in the answer area.\ NOTE: Each correct selection is worth one point.\ ![A screenshot of a computer Description automatically generated](media/image40.png) 42\. HOTSPOT -\ You have an Azure AD tenant named contoso.com that contains the users shown in the following table.\ A list of data Description automatically generated with medium confidence\ You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup and has the local users shown in the following table.\ ![A screenshot of a computer Description automatically generated](media/image42.png)\ UserA joins Computer1 to Azure AD by using user1\@contoso.com.\ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ NOTE: Each correct selection is worth one point.\ A person standing in front of a white background Description automatically generated 43\. Your network contains an Active Directory domain. The domain contains a user named Admin1. All computers run Windows 10.\ You enable Windows PowerShell remoting on the computers.\ You need to ensure that Admin1 can establish remote PowerShell connections to the computers. The solution must use the principle of least privilege.\ To which group should you add Admin1? - A. Access Control Assistance Operators - B. Remote Desktop Users - C. Power Users - D. Remote Management Users 44\. HOTSPOT -\ You have a Microsoft Intune subscription.\ You are creating a Windows Autopilot deployment profile named Profile1 as shown in the following exhibit. Profile1 will be deployed to Windows 10 devices.\ ![A screenshot of a computer Description automatically generated](media/image44.png)\ Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.\ NOTE: Each correct selection is worth one point.\ A screenshot of a computer Description automatically generated 45\. HOTSPOT -\ You have a server named Server1 and computers that run Windows 10. Server1 has the Microsoft Deployment Toolkit (MDT) installed.\ You plan to upgrade the Windows 10 computers to Windows 11 by using the MDT deployment wizard.\ You need create a deployment share on Server1.\ What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? To answer, select the appropriate options in the answer area.\ NOTE: Each correct selection is worth one point.\ ![A screenshot of a computer program Description automatically generated](media/image46.png) 46\. DRAG DROP -\ You have a Microsoft Deployment Toolkit (MDT) server named MDT1.\ When computers start from the LiteTouchPE\_x64.iso image and connect to MDT1, the welcome screen appears as shown in the following exhibit.\ A screenshot of a computer Description automatically generated\ You need to prevent the welcome screen from appearing when the computers connect to MDT1.\ Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.\ ![A screenshot of a computer Description automatically generated](media/image48.png) 47\. You use Windows Admin Center to remotely administer computers that run Windows 10.\ When connecting to Windows Admin Center, you receive the message shown in the following exhibit.\ A screenshot of a computer error Description automatically generated\ You need to prevent the message from appearing when you connect to Windows Admin Center.\ To which certificate store should you import the certificate? - A. Client Authentication Issuers - B. Personal - C. Trusted Root Certification Authorities 48\. HOTSPOT -\ You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.\ ![A close-up of a sign Description automatically generated](media/image50.png)\ Contoso.com contains the Azure AD groups shown in the following table.\ A close up of a box Description automatically generated\ You add a Windows Autopilot deployment profile. The profile is configured as shown in the following exhibit.\ ![A screenshot of a computer Description automatically generated](media/image52.png)\ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ NOTE: Each correct selection is worth one point.\ A white background with black text Description automatically generated 49\. Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 11.\ You need to configure the Remote Desktop settings of all the computers. The solution must meet the following requirements:\ Prevent the sharing of clipboard contents.\ Ensure that users authenticate by using Network Level Authentication (NLA).\ Which two nodes of the Group Policy Management Editor should you use? To answer, select the appropriate nodes in the answer area.\ NOTE: Each correct selection is worth one point.\ ![A screen shot of a computer Description automatically generated](media/image54.png) 50\. HOTSPOT -\ You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ You use Microsoft Intune to manage devices.\ Azure AD joined Windows devices enroll automatically in Intune.\ You have the devices shown in the following table.\ A table with text on it Description automatically generated\ You are preparing to upgrade the devices to Windows11. All the devices are compatible with Windows 11.\ You need to evaluate Windows Autopilot and in-place upgrade as deployment methods to implement Windows 11 Pro on the devices, while retaining all user settings and applications.\ Which devices can be upgraded by using each method? To answer, select the appropriate options in the answer area.\ NOTE: Each correct selection is worth one point.\ ![A screenshot of a computer Description automatically generated](media/image56.png) 51\. DRAG DROP -\ You have 100 computers that run Windows 10.\ You plan to deploy Windows 11 to the computers by performing a wipe and load installation.\ You need to recommend a method to retain the user settings and the user data.\ Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.\ A screenshot of a computer Description automatically generated 52\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ You use Microsoft Intune to manage devices.\ You use Windows Autopilot to deploy Windows 11 to devices.\ A support engineer reports that when a deployment fails, they cannot collect deployment logs from failed device.\ You need to ensure that when a deployment fails, the deployment logs can be collected.\ What should you configure? - A. the automatic enrollment settings - B. the Windows Autopilot deployment profile - C. the enrollment status page (ESP) profile - D. the device configuration profile 53\. You have a Microsoft 365 E5 subscription that contains a user named User1 and uses Microsoft Intune Suite.\ You use Microsoft Intune to manage devices.\ You have a device named Devic1 that is enrolled in Intune.\ You need to ensure that User1 can use Remote Help from the Intune admin center for Device1.\ Which three actions should you perform? Each correct answer presents part of the solution.\ NOTE: Each correct selection is worth one point. - A. Deploy the Remote Help app to Device1. - B. Assign the Help Desk Operator role to User1. - C. Assign the Intune Administrator role to User1. - D. Assign a Microsoft 365 E5 license to User1. - E. Rerun device onboarding on Device1. - F. Assign the Remote Help add-on license to User1. 54\. You have a Windows 11 capable device named Device1 that runs the 64-bit version of Windows 10 Enterprise and has Microsoft Office 2019 installed.\ You have the Windows 11 Enterprise images shown in the following table.\ ![A white rectangular box with black text Description automatically generated](media/image58.png)\ Which images can be used to perform an in-place upgrade of Device1? - A. Image1 only - B. Image2 only - C. Image1 and Image2 55\. HOTSPOT -\ You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant by using Azure AD Connect.\ You use Microsoft Intune and Configuration Manager to manage devices.\ You need to recommend a deployment plan for new Windows 11 devices. The solution must meet the following requirements:\ Devices for the marketing department must be joined to the AD DS domain only. The IT department will install complex applications on the devices at build time, before giving the devices to the marketing department users.\ Devices for the sales department must be Azure AD joined. The devices will be shipped directly from the manufacturer to the homes of the sales department users.\ Administrative effort must be minimized.\ Which deployment method should you recommend for each department? To answer, select the appropriate options in the answer area.\ NOTE: Each correct selection is worth point.\ A screenshot of a computer Description automatically generated 56\. You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.\ In the Out-of-Box Drivers node, you create folders that contain drivers for different hardware models.\ You need to configure the Inject Drivers MDT task to use PnP detection to install the drivers for one of the hardware models.\ What should you do first? - A. Import an OS package. - B. Create a selection profile. - C. Add a Gather task to the task sequence. - D. Add a Validate task to the task sequence. 57\. You have an on-premises server named Server1 that hosts a Microsoft Deployment Toolkit (MDT) deployment share named MDT1.\ You need to ensure that MDT1 supports multicast deployments.\ What should you install on Server1? - A. Multipath I/O (MPIO) - B. Multipoint Connector - C. Windows Deployment Services (WDS) - D. Windows Server Update Services (WSUS) 58\. Your company standardizes on Windows 10 Enterprise for all users.\ Some users purchase their own computer from a retail store. The computers run Windows 10 Pro.\ You need to recommend a solution to upgrade the computers to Windows 10 Enterprise, join the computers to Azure AD, and install several Microsoft Store apps. The solution must meet the following requirements:\ Ensure that any applications installed by the users are retained.\ Minimize user intervention.\ What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. - A. Windows Autopilot - B. Microsoft Deployment Toolkit (MDT) - C. a Windows Configuration Designer provisioning package - D. Windows Deployment Services (WDS) 59\. Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.\ When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.\ You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.\ Solution: From the Microsoft Entra admin center, you modify the User settings and the Device settings.\ Does this meet the goal? - A. Yes - B. No 60\. Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.\ When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.\ You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.\ Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you create and assign a device restrictions profile.\ Does this meet the goal? - A. Yes - B. No 61\. Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.\ When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.\ You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.\ Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you configure the Windows Hello for Business enrollment options.\ Does this meet the goal? - A. Yes - B. No 62-66. Case study -\ \ \ Overview -\ \ Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.\ \ Contoso has the users and computers shown in the following table.\ \ ![A table with numbers and text Description automatically generated](media/image60.png)\ \ The company has IT, human resources (HR), legal (LEG), marketing (MKG), and finance (FIN) departments.\ \ Contoso recently purchased a Microsoft 365 subscription.\ \ The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.\ \ \ Existing Environment -\ \ The network contains an Active Directory domain named contoso.com that is synced to Azure AD.\ \ All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.\ \ The computers are managed by using Microsoft Configuration Manager. The mobile devices are managed by using Microsoft Intune.\ \ The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example FIN-6785. All the computers are joined to the on-premises Active Directory domain.\ \ Each department has an organizational unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.\ \ \ Intune Configuration -\ \ The domain has the users shown in the following table.\ \ A white rectangular sign with black text Description automatically generated\ \ User2 is a device enrollment manager (DEM) in Intune.\ \ The devices enrolled in Intune are shown in the following table.\ \ ![A white box with black text Description automatically generated](media/image62.png)\ \ The device compliance policies in Intune are configured as shown in the following table.\ \ A list of black text Description automatically generated\ \ The device compliance policies have the assignments shown in the following table.\ \ ![A list of items with black text Description automatically generated](media/image64.png)\ \ The device limit restrictions in Intune are configured as shown in the following table.\ \ A white rectangular box with black text Description automatically generated\ \ \ Requirements -\ \ \ Planned changes -\ \ Contoso plans to implement the following changes:\ Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.\ Implement co-management for the computers.\ \ \ Technical Requirements -\ \ Contoso must meet the following technical requirements:\ \ Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.\ Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.\ Create a provisioning package for new computers in the HR department.\ Block iOS devices from sending diagnostic and usage telemetry data.\ Use the principle of least privilege whenever possible.\ Enable the users in the MKG department to use App1.\ Pilot co-management for the IT department.\ \ \ 62. You need to meet the technical requirements for the iOS devices.\ \ Which object should you create in Intune? - A. a deployment profile - B. an app protection policy - C. a device configuration profile - D. a compliance policy 63\. ![A screenshot of a survey Description automatically generated](media/image66.png) 64\. You need to prepare for the deployment of the Phoenix office computers.\ \ What should you do first? - A. Generalize the computers and configure the Device settings from the Microsoft Entra admin center. - B. Extract the serial number of each computer to an XML file and upload the file from the Microsoft Intune admin center. - C. Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Intune admin center. - D. Generalize the computers and configure the Mobility (MDM and MAM) settings from the Microsoft Entra admin center. - E. Extract the serial number information of each computer to a CSV file and upload the file from the Microsoft Intune admin center. 65\. A screenshot of a computer Description automatically generated 66\. ![A screenshot of a computer Description automatically generated](media/image68.png) 67\. Your network contains an Active Directory domain named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10.\ \ On Computer1, you need to run the Invoke-Command cmdlet to execute several PowerShell commands on Computer2.\ \ What should you do first? - A. On Computer2, run the Enable-PSRemoting cmdlet. - B. On Computer2, add Computer1 to the Remote Management Users group. - C. From Active Directory, configure the Trusted for Delegation setting for the computer account of Computer2. - D. On Computer1, run the New-PSSession cmdlet. 68\. You have an Azure AD tenant that contains the devices shown in the following table.\ \ A table with text on it Description automatically generated\ \ Which devices can be activated by using subscription activation? - A. Device1 only - B. Device1 and Device2 only - C. Device1 and Device3 only - D. Device1, Device2, Device3, and Device4 69\. You have 25 computers that run Windows 10 Pro.\ \ You have a Microsoft 365 E5 subscription that uses Microsoft Intune.\ \ You need to upgrade the computers to Windows 11 Enterprise by using an in-place upgrade. The solution must minimize administrative effort.\ \ What should you use? - A. Microsoft Deployment Toolkit (MDT) and a default image of Windows 11 Enterprise - B. Microsoft Configuration Manager and a custom image of Windows 11 Enterprise - C. Windows Autopilot - D. Subscription Activation 70\. You use the Microsoft Deployment Toolkit (MDT) to manage Windows 11 deployments.\ \ From Deployment Workbench, you modify the WinPE settings and add PowerShell support.\ \ You need to generate a new set of WinPE boot image files that contain the updated settings.\ \ What should you do? - A. From the Deployment Shares node, update the deployment share. - B. From the Advanced Configuration node, create new media. - C. From the Packages node, import a new operating system package. - D. From the Operating Systems node, import a new operating system. 71\. You are replacing 100 company-owned Windows devices.\ \ You need to use the Microsoft Deployment Toolkit (MDT) to securely wipe and decommission the devices. The solution must meet the following requirements:\ \ Back up the user state.\ Minimize administrative effort.\ \ Which task sequence template should you use? - A. Standard Client Task Sequence - B. Standard Client Replace Task Sequence - C. Litetouch OEM Task Sequence - D. Sysprep and Capture 72\. Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 11.\ \ You need to enable the Windows Remote Management (WinRM) service on Computer1 and perform the following configurations:\ \ For the WinRM service, set Startup type to Automatic.\ Create a listener that accepts requests from any IP address.\ Enable a firewall exception for WS-Management communications.\ \ Which PowerShell cmdlet should you use? - A. Connect-WSMan - B. Enable-PSRemoting - C. Invoke-WSManAction - D. Enable-PSSessionConfiguration 73\. HOTSPOT\ -\ \ Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. The tenant contains the users shown in the following table.\ \ ![A white rectangular object with black text Description automatically generated](media/image70.png)\ \ You assign Windows 10/11 Enterprise E5 licenses to Group1 and User2.\ \ You deploy the devices shown in the following table.\ \ A screenshot of a computer program Description automatically generated\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image72.png) 74\. HOTSPOT\ -\ \ Your network contains an Active Directory domain named adatum.com, a workgroup, and computers that run Windows 10. The computers are configured as shown in the following table.\ \ A table with text on it Description automatically generated\ \ The local Administrator accounts on Computer1, Computer2, and Computer3 have the same user name and password.\ \ On Computer1, Windows Defender Firewall is configured as shown in the following exhibit.\ \ ![A screenshot of a computer Description automatically generated](media/image74.png)\ \ The services on Computer1 have the following states.\ \ A screenshot of a computer program Description automatically generated\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer program Description automatically generated](media/image76.png) 75\. You have a Hyper-V host that contains the virtual machines shown in the following table.\ \ A white rectangular box with black text and black text Description automatically generated\ \ On which virtual machines can you install Windows 11? - A. VM1 only - B. VM3 only - C. VM1 and VM2 only - D. VM2 and VM3 only - E. VM1, VM2, and VM32 3 76\. HOTSPOT\ -\ \ You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.\ \ ![A white rectangular object with black text Description automatically generated](media/image78.png)\ \ Group2 has been assigned in the Enrollment Status Page.\ \ You have the devices shown in the following table.\ \ A white background with black text Description automatically generated\ \ You capture and upload the hardware IDs of the devices in the marketing department.\ \ You configure Windows Autopilot.\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ ![A white background with black text Description automatically generated](media/image80.png) 77\. You have a Microsoft 365 subscription that contains a user named User1. User1 is assigned a Windows 10/11 Enterprise E3 license.\ \ You use Microsoft Intune Suite to manage devices.\ \ User1 activates the following devices:\ \ Device1: Windows 11 Enterprise\ Device2: Windows 10 Enterprise\ Device3: Windows 11 Enterprise\ \ How many more devices can User1 activate? - A. 2 - B. 3 - C. 7 - D. 8 78\. DRAG DROP\ -\ \ Your company has a computer named Computer1 that runs Windows 10.\ \ Computer1 was used by a user who left the company.\ \ You plan to repurpose Computer1 and assign the computer to a new user.\ \ You need to redeploy Computer1 by using Windows Autopilot.\ \ Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.\ \ A screenshot of a computer Description automatically generated 79\. You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 11.\ \ You create a new task sequence by using the Standard Client Task Sequence template to deploy Windows 11 Enterprise to new computers. The computers have a single hard disk.\ \ You need to modify the task sequence to create a system volume and a data volume.\ \ Which phase should you modify in the task sequence? - A. Initialization - B. State Restore - C. Preinstall - D. Postinstall 80\. You have a Microsoft Deployment Toolkit (MDT) deployment share.\ \ From the Deployment Workbench, you open the New Task Sequence Wizard and select the Standard Client Upgrade Task Sequence task sequence template.\ \ You discover that there are no operating system images listed on the Select OS page as shown in the following exhibit.\ \ ![A screenshot of a computer Description automatically generated](media/image82.png)\ \ You need to be able to select an operating system image to perform a Windows 11 in-place upgrade.\ \ What should you do? - A. Enable monitoring for the deployment share. - B. Import a full set of source files. - C. Import a custom image file. - D. Run the Update Deployment Share Wizard. 81\. Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection.\ The company\'s security policy states the following:\ \ Personal devices do not need to be enrolled in Intune.\ Users must authenticate by using a PIN before they can access corporate email data.\ Users can use their personal iOS and Android devices to access corporate cloud services.\ Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.\ \ You need to configure a solution to enforce the security policy.\ \ What should you create? - A. a device configuration profile from the Microsoft Intune admin center - B. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal - C. an insider risk management policy from the Microsoft Purview compliance portal - D. an app protection policy from the Microsoft Intune admin center 82\. You have a Microsoft 365 subscription that contains 500 Android Enterprise devices.\ \ All the devices are enrolled in Microsoft Intune.\ \ You need to deliver bookmarks to the Chrome browser on the devices.\ \ What should you create? - A. a compliance policy - B. a configuration profile - C. an app protection policy - D. an app configuration policy 83\. You have a Microsoft 365 E5 subscription and 100 computers that run Windows 10.\ \ You need to deploy Microsoft Office Professional Plus 2019 to the computers by using Microsoft Office Deployment Tool (ODT).\ \ What should you use to create a customization file for ODT? - A. the Microsoft 365 admin center - B. the Microsoft Intune admin center - C. the Microsoft Purview compliance portal - D. the Microsoft 365 Apps admin center 84\. You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices enrolled in Microsoft Intune.\ \ You plan to use Intune to deploy an application named App1 that contains multiple installation files.\ \ What should you do first? - A. Prepare the contents of App1 by using the Microsoft Win32 Content Prep Tool. - B. Create an Android application package (APK). - C. Upload the contents of App1 to Intune. - D. Install the Microsoft Deployment Toolkit (MDT). 85\. HOTSPOT\ -\ \ You have groups that use the Dynamic Device membership type as shown in the following table.\ \ A close-up of a box Description automatically generated\ \ You are deploying Microsoft 365 apps.\ \ You have devices enrolled in Microsoft Intune as shown in the following table.\ \ ![A white rectangular box with black text Description automatically generated](media/image84.png)\ \ In the Microsoft Intune admin center, you create a Microsoft 365 Apps app as shown in the exhibit. (Click the Exhibit tab.)\ \ A screenshot of a computer Description automatically generated\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ ![](media/image86.png) 86\. You have a Microsoft 365 subscription. All devices run Windows 10.\ \ You need to prevent users from enrolling the devices in the Windows Insider Program.\ \ What two configurations should you perform from the Microsoft Intune admin center? Each correct answer is a complete solution.\ \ NOTE: Each correct selection is worth one point. - A. a device restrictions device configuration profile - B. an app configuration policy - C. a Windows 10 and later security baseline - D. a custom device configuration profile - E. a Windows 10 and later update ring 87\. You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.\ \ You plan to use Endpoint analytics.\ \ You need to create baseline metrics.\ \ What should you do first? - A. Modify the Baseline regression threshold. - B. Onboard 10 devices to Endpoint analytics. - C. Create a Log Analytics workspace. - D. Create an Azure Monitor workbook. 88\. You install a feature update on a computer that runs Windows 10.\ \ How many days do you have to roll back the update? - A. 5 - B. 10 - C. 14 - D. 30 89\. You have a Microsoft Azure subscription that contains an Azure Log Analytics workspace.\ \ You deploy a new computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.\ \ You need to ensure that you can use Log Analytics to query events from Computer1.\ \ What should you do on Computer1? - A. Join Azure AD. - B. Configure Windows Defender Firewall. - C. Create an event subscription - D. Install the Azure Monitor Agent. 90\. You have a Microsoft 365 E5 subscription and 100 unmanaged iPad devices.\ \ You need to deploy a specific iOS update to the devices. Users must be prevented from manually installing a more recent version of iOS.\ \ Which two actions should you perform? Each correct answer presents part of the solution.\ \ NOTE: Each correct selection is worth one point. - - - - - 91\. You have a Microsoft 365 subscription that includes Microsoft Intune.\ \ You have an update ring named UpdateRing1 that contains the following settings:\ \ Automatic update behavior: Auto install and restart at a scheduled time\ Automatic behavior frequency: First week of the month\ Scheduled install day: Tuesday\ Scheduled install time: 3 AM\ \ From the Microsoft Intune admin center, you select Uninstall for the feature updates of UpdateRing1.\ \ When will devices start to remove the feature updates? - A. when a user approves the uninstall - B. as soon as the policy is received - C. next Tuesday - D. the first Tuesday of the next month 92\. You have a hybrid deployment of Azure AD that contains 50 Windows 10 devices. All the devices are enrolled in Microsoft Intune.\ \ You discover that Group Policy settings override the settings configured in Microsoft Intune policies.\ \ You need to ensure that the settings configured in Microsoft Intune override the Group Policy settings.\ \ What should you do? - A. From Group Policy Management Editor, configure the Computer Configuration settings in the Default Domain Policy. - B. From the Microsoft Intune admin center, create a custom device profile. - C. From the Microsoft Intune admin center, create an Administrative Templates device profile. - D. From Group Policy Management Editor, configure the User Configuration settings in the Default Domain Policy. 93\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ \ You use Microsoft Intune to manage devices.\ \ You need to ensure that the startup performance of managed Windows 11 devices is captured and available for review in the Intune admin center.\ \ What should you configure? - A. the Azure Monitor agent - B. a device compliance policy - C. a Conditional Access policy - D. an Intune data collection policy 94\. HOTSPOT\ -\ \ You have a Microsoft 365 E5 subscription that uses Microsoft Intune.\ \ Devices are enrolled in Intune as shown in the following table.\ \ A screenshot of a computer Description automatically generated\ \ The devices are the members of groups as shown in the following table.\ \ ![A white rectangular box with black text Description automatically generated](media/image88.png)\ \ You create an iOS/iPadOS update profile as shown in the following exhibit.\ \ A screenshot of a computer Description automatically generated\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ ![A white background with black text Description automatically generated](media/image90.png) 95\. You have a Microsoft Intune deployment that contains the resources shown in the following table.\ \ A close-up of a list of text Description automatically generated\ \ You create a policy set named Set1 and add Comply1 to Set1.\ \ Which additional resources can you add to Set1? - A. Conf1 only - B. Comply2 only - C. Comply2 and Conf1 only - D. CA1, Conf1, and Office1 only - E. Comply2, CA1, Conf1, and Office1 96\. You use Microsoft Defender for Endpoint to protect computers that run Windows 10.\ \ You need to assess the differences between the configuration of Microsoft Defender for Endpoint and the Microsoft-recommended configuration baseline.\ \ Which tool should you use? - A. Microsoft Defender for Endpoint Power BI app - B. Microsoft Secure Score - C. Endpoint Analytics - D. Microsoft 365 Defender portal 97\. You have a Microsoft 365 E5 subscription that contains 1,000 Windows 11 devices. All the devices are enrolled in Microsoft Intune.\ \ You plan to integrate Intune with Microsoft Defender for Endpoint.\ \ You need to establish a service-to-service connection between Intune and Defender for Endpoint.\ \ Which settings should you configure in the Microsoft Intune admin center? - A. Premium add-ons - B. Connectors and tokens - C. Tenant enrollment - D. Microsoft Tunnel Gateway 98\. DRAG DROP\ -\ \ You have a Microsoft Intune subscription that is configured to use a PFX certificate connector to an on-premises Enterprise certification authority (CA).\ \ You need to use Intune to configure autoenrollment for Android devices by using public key pair (PKCS) certificates.\ \ Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.\ \ ![A screenshot of a questionnaire Description automatically generated](media/image92.png) 99\. Your company uses Microsoft Intune.\ \ More than 500 Android and iOS devices are enrolled in the Intune tenant.\ \ You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.\ \ You need to ensure that the policies can target the devices based on their version of Android or iOS.\ \ What should you configure first? - A. groups that have dynamic membership rules in Azure AD - B. Device categories in Intune - C. Corporate device identifiers in Intune - D. Device settings in Azure AD 100\. DRAG DROP\ -\ \ You have 500 Windows 10 devices enrolled in Microsoft Intune.\ \ You plan to use Exploit protection in Microsoft Intune to enable the following system settings on the devices:\ Data Execution Prevention (DEP)\ Force randomization for images (Mandatory ASLR)\ \ You need to configure a Windows 10 device that will be used to create a template file.\ \ Which protection areas on the device should you configure in the Windows Security app before you create the template file? To answer, drag the appropriate protection areas to the correct settings. Each protection area may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.\ \ NOTE: Each correct selection is worth one point.\ \ A questionnaire with text and words Description automatically generated with medium confidence 101\. You have an Azure AD tenant named contoso.com.\ \ You have a workgroup computer named Computer1 that runs Windows 11.\ \ You need to add Computer1 to contoso.com.\ \ What should you use? - A. dsregcmd.exe - B. Computer Management - C. netdom.exe - D. the Settings app 102\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ \ You use Microsoft Intune to manage Windows 11 devices.\ \ You need to implement passwordless authentication that requires users to use number matching.\ \ Which authentication method should you use? - A. Microsoft Authenticator - B. voice calls - C. FIDO2 security keys - D. text messages 103\. You use a Microsoft Intune subscription to manage iOS devices.\ \ You configure a device compliance policy that blocks jailbroken iOS devices.\ \ You need to enable Enhanced jailbreak detection.\ \ What should you configure? - A. the Compliance policy settings - B. the device compliance policy - C. a network location - D. a configuration profile 104\. DRAG DROP\ -\ \ You have a Microsoft 365 subscription that contains two users named User1 and User2.\ \ You need to ensure that the users can perform the following tasks:\ User1 must be able to create groups and manage users.\ User2 must be able to reset passwords for nonadministrative users.\ \ The solution must use the principle of least privilege.\ \ Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image94.png) 105\. HOTSPOT\ -\ \ You have a Microsoft Intune subscription that has the following device compliance policy settings:\ Mark devices with no compliance policy assigned as: Compliant\ Compliance status validity period (days): 14\ \ On January1, you enroll Windows 10 devices in Intune as shown in the following table.\ \ A white box with black text Description automatically generated\ \ On January 4, you create the following two device compliance policies:\ \ Name: Policy1\ Platform: Windows 10 and later\ Require BitLocker: Require\ Mark device noncompliant: 5 days after noncompliance\ Scope (Tags): Tag1\ \ Name: Policy2\ Platform: Windows 10 and later\ Firewall: Require\ Mark device noncompliant: Immediately\ Scope (Tags): Tag2\ \ On January 5, you assign Policy1 and Policy2 to Group1.\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image96.png) 106\. HOTSPOT\ -\ \ You have a Microsoft 365 subscription that includes Microsoft Intune.\ \ You have computers that run Windows 11 as shown in the following table.\ \ A screen shot of a computer Description automatically generated\ \ You have the groups shown in the following table.\ \ ![A close-up of a computer Description automatically generated](media/image98.png)\ \ You create and assign the compliance policies shown in the following table.\ \ A close-up of a message Description automatically generated\ \ The next day, you review the compliance status of the computers.\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ ![A white background with black text Description automatically generated](media/image100.png) 107\. Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.\ \ When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.\ \ You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.\ \ Solution: From the Microsoft Entra admin center, you configure the Authentication methods.\ \ Does this meet the goal? - A. Yes - B. No 108\. You have a Microsoft 365 tenant that contains the objects shown in the following table.\ \ A table with text on it Description automatically generated\ \ You are creating a compliance policy named Compliance1.\ \ Which objects can you specify in Compliance1 as additional recipients of noncompliance notifications? - A. Group3 and Group4 only - B. Group3, Group4, and Admin1 only - C. Group1, Group2, and Group3 only - D. Group1, Group2, Group3, and Group4 only - E. Group1, Group2, Group3, Group4, and Admin1 109.\ You have an Azure AD tenant named contoso.com that contains a user named User1. User1 has a user principal name (UPN) of user1\@contoso.com.\ \ You join a Windows 11 device named Client1 to contoso.com.\ \ You need to add User1 to the local Administrators group of Client1.\ \ How should you complete the command? To answer, select the appropriate options in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image102.png) 110\. You have a Microsoft 365 subscription.\ \ You need to provide a user the ability Security defaults and create Conditional Access policies. The solution must use the principle of least privilege.\ \ Which role should you assign to the user? - A. Global Administrator - B. Conditional Access Administrator - C. Security Administrator - D. Intune Administrator 111\. HOTSPOT\ -\ In Microsoft Intune, you have the device compliance policies shown in the following table.\ \ \ \ The Intune compliance policy settings are configured as shown in the following exhibit.\ \ ![A screenshot of a computer Description automatically generated](media/image104.png)\ \ On June 1, you enroll Windows 10 devices in Intune as shown in the following table.\ \ A close-up of a sign Description automatically generated\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ ![A screenshot of a survey Description automatically generated](media/image106.png) 112\. You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite.\ \ You use Microsoft Intune to manage devices that run Windows 11.\ \ User provides remote support for 75 devices in the marketing department.\ \ You need to add User1 to the Remote Desktop Users group on each marketing department device.\ \ What should you configure? - A. an app configuration policy - B. a device compliance policy - C. an account protection policy - D. a device configuration profile 113\. HOTSPOT\ -\ \ You have an Azure AD tenant named contoso.com that contains the users shown in the following table.\ \ A number of numbers on a white background Description automatically generated\ \ For contoso.com, the Mobility (MDM and MAM) settings have the following configurations:\ \ MDM user scope: Group1\ MAM user scope: Group2\ \ You purchase the devices shown in the following table:\ \ ![A table with text and images Description automatically generated with medium confidence](media/image108.png)\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ A screenshot of a computer Description automatically generated 114\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ \ You use Microsoft Intune to deploy and manage Windows devices.\ \ You have 100 devices from users that left your company.\ \ You need to repurpose the devices for new users by removing all the data and applications installed by the previous users. The solution must minimize administrative effort.\ \ What should you do? - A. Deploy a new configuration profile to the devices. - B. Perform a Windows Autopilot reset on the devices. - C. Perform an in-place upgrade on the devices. - D. Perform a clean installation of Windows 11 on the devices. 115\. HOTSPOT\ -\ \ You create a Windows Autopilot deployment profile.\ \ You need to configure the profile settings to meet the following requirements:\ \ Automatically enroll new devices and provision system apps without requiring end-user authentication\ Include the hardware serial number in the computer name.\ \ Which two settings should you configure? To answer, select the appropriate settings in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image110.png) 116\. You have a computer named Computer1 that runs Windows 11.\ \ A user named User1 plans to use Remote Desktop to connect to Computer1.\ \ You need to ensure that the device of User1 is authenticated before the Remote Desktop connection is established and the sign in page appears.\ \ What should you do on Computer1? - A. Turn on Reputation-based protection - B. Enable Network Level Authentication (NLA) - C. Turn on Network Discovery - D. Configure the Remote Desktop Configuration service 117\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ \ You use Microsoft Intune to manage devices.\ \ You have the devices shown in the following table.\ \ A white and black text Description automatically generated with medium confidence\ \ Which devices can be changed to Windows 11 Enterprise by using subscription activation? - A. Device3 only - B. Device2 and Device3 only - C. Device1 and Device2 only - D. Device1, Device2, and Device3 118\. HOTSPOT\ -\ \ Your network contains an Active Directory domain named adatum.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10. Remote Desktop is enabled on Computer2.\ \ The domain contains the user accounts shown in the following table.\ \ ![A list of domain names Description automatically generated](media/image112.png)\ \ Computer2 contains the local groups shown in the following table.\ \ A table with text on it Description automatically generated\ \ The relevant user rights assignments for Computer2 are shown in the following table.\ \ ![A screenshot of a computer Description automatically generated](media/image114.png)\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ A screenshot of a computer Description automatically generated 120\. You have a Microsoft 365 subscription that uses Microsoft Intune.\ \ You have five new Windows 11 Pro devices.\ \ You need to prepare the devices for corporate use. The solution must meet the following requirements:\ Install Windows 11 Enterprise on each device.\ Install a Windows Installer (MSI) package named App1 on each device.\ Add a certificate named Certificate1 that is required by App1.\ Join each device to Azure AD.\ \ Which three provisioning options can you use? Each correct answer presents a complete solution.\ \ NOTE: Each correct selection is worth one point. - A. subscription activation - B. a custom Windows image - C. an in-place upgrade - D. Windows Autopilot - E. provisioning packages 122\. HOTSPOT\ -\ \ You have the devices shown in the following table.\ \ ![A white rectangular sign with black text Description automatically generated](media/image116.png)\ \ You need to migrate app data from Device1 to Device2. The data must be encrypted and stored on Server1 during the migration.\ \ Which command should you run on each device? To answer, select the appropriate options in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ A screenshot of a computer Description automatically generated 123\. You have a Microsoft 365 subscription.\ \ You plan to use Windows Autopilot to provision 25 Windows 11 devices.\ \ You need to configure the Out-of-box experience (OOBE) settings.\ \ What should you create in the Microsoft Intune admin center? - A. an enrollment status page (ESP) - B. a deployment profile - C. a compliance policy - D. a PowerShell script - E. a configuration profile **124.** You have an Azure AD tenant that contains the devices shown in the following table.\ \ ![A list of software programs Description automatically generated with medium confidence](media/image118.png)\ \ You purchase Windows 11 Enterprise E5 licenses.\ \ Which devices can use Subscription Activation to upgrade to Windows 11 Enterprise? - A. Device1 only - B. Device1 and Device2 only - C. Device1 and Device3 only - D. Device1, Device2, Device3, and Device4 **125.** You have a Microsoft 365 Subscription that uses Microsoft Intune.\ \ You add apps to Intune as shown in the following table.\ \ A list of androids Description automatically generated with medium confidence\ \ You need to create an app configuration policy named Policy1 for the Android Enterprise platform.\ \ Which apps can you manage by using Policy1? - A. App2 only - B. App3 only - C. App1 and App3 only - D. App2 and App3 only - E. App1, App2, and App3 **126.** You have a Microsoft 365 subscription that uses Microsoft Intune.\ \ You need to ensure that you can deploy apps to Android Enterprise devices.\ \ What should you do first? - A. Create a configuration profile. - B. Add a certificate connector. - C. Configure the Partner device management settings. - D. Link your managed Google Play account to Intune. **128.** HOTSPOT\ -\ \ You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.\ \ You need to set a custom image as the wallpaper and sign-in screen.\ \ Which two settings should you configure in the Device restrictions configuration profile? To answer, select the appropriate settings in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image120.png) 129\. You have computers that run Windows 11 Pro. The computers are joined to Azure AD and enrolled in Microsoft Intune.\ \ You need to upgrade the computers to Windows 11 Enterprise.\ \ What should you configure in Intune? - A. a device compliance policy - B. a device cleanup rule - C. a device enrollment policy - D. a device configuration profile 130\. You have computers that run Windows 10 and are managed by using Microsoft Intune.\ \ Users store their files in a folder named D:\\Folder1.\ \ You need to ensure that only a trusted list of applications is granted write access to D:\\Folder1.\ \ What should you configure in the device configuration profile? - A. Microsoft Defender Exploit Guard - B. Microsoft Defender Application Guard - C. Microsoft Defender SmartScreen - D. Microsoft Defender Application Control 131\. HOTSPOT\ -\ \ You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.\ \ You need to create Endpoint security policies to meet the following requirements:\ Hide the Firewall & network protection area in the Windows Security app.\ Disable the provisioning of Windows Hello for Business on the devices.\ \ Which two policy types should you use? To answer, select the policies in the answer area.\ \ A screenshot of a computer Description automatically generated 132\. You have a Microsoft 365 subscription that contains 100 devices enrolled in Microsoft Intune.\ \ You need to review the startup processes and how often each device restarts.\ \ What should you use? - A. Endpoint analytics - B. Device Management - C. Azure Monitor - D. Intune Data Warehouse 133\. DRAG DROP\ -\ \ You have a Microsoft 365 subscription that contains devices enrolled in Microsoft Intune.\ \ You need to create Endpoint security policies to enforce the following requirements:\ Computers that run macOS must have FileVault enabled.\ Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.\ Computers that run Windows 10 must have Microsoft Defender Application Control enabled.\ \ Which Endpoint security feature should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.\ \ ![A close-up of a computer screen Description automatically generated](media/image122.png) 134\. Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune.\ \ Currently, Windows updates are downloaded without using Delivery Optimization.\ \ You need to configure the computers to use Delivery Optimization.\ \ What should you create in Intune? - A. a device compliance policy - B. a Windows 10 update ring - C. a device configuration profile - D. an app protection policy 135\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ \ You use Microsoft Intune to manage devices.\ \ Auto-enrollment in Intune is configured.\ \ You have 100 Windows 11 devices in a workgroup.\ \ You need to connect the devices to the corporate wireless network and enroll 100 new Windows 11 devices in Intune.\ \ What should you use? - A. a provisioning package - B. a Group Policy Object (GPO) - C. mobile device management (MDM) automatic enrollment - D. a device configuration policy 136\. HOTSPOT\ -\ \ You have a Microsoft 365 tenant that uses Microsoft Intune to manage personal and corporate devices. The tenant contains Windows 10 devices as shown in the following exhibit.\ \ A screenshot of a phone Description automatically generated\ \ How will Intune classify each device after the devices are enrolled in Intune automatically? To answer, select the appropriate options in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image124.png) 137\. You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ \ You use Microsoft Intune to manage devices. All devices are in the same time zone.\ \ You create an update rings policy and assign the policy to all Windows devices.\ \ On the November 1, you pause the update rings policy.\ \ All devices remain online.\ \ Without further modification to the policy, on which date will the devices next attempt to update? - A. December 1 - B. December 6 - C. November 15 - D. November 22 138\. You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.\ \ A white rectangular table with black text Description automatically generated\ \ All devices have Microsoft Edge installed.\ \ From the Microsoft Intune admin center, you create a Microsoft Edge Baseline profile named Edge1.\ \ You need to apply Edge1 to all the supported devices.\ \ To which devices should you apply Edge1? - A. Device1 only - B. Device1 and Device2 only - C. Device1, Device2, and Device3 only - D. Device1, Device2, and Device4 only - E. Device1, Device2, Device3, and Device4 139\. HOTSPOT\ -\ \ You have a Microsoft 365 subscription that uses Microsoft Intune.\ \ You plan to manage Windows updates by using Intune.\ \ You create an update ring for Windows 10 and later and configure the User experience settings for the ring as shown in the following exhibit.\ \ ![A screenshot of a computer Description automatically generated](media/image126.png)\ \ Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.\ \ NOTE: Each correct selection is worth one point.\ \ A screenshot of a computer Description automatically generated 140\. You have a Microsoft 365 tenant.\ \ You have devices enrolled in Microsoft Intune.\ \ You assign a conditional access policy named Policy1 to a group named Group1. Policy1 restricts devices marked as noncompliant from accessing Microsoft OneDrive for Business.\ \ You need to identify which noncompliant devices attempt to access OneDrive for Business.\ \ What should you do? - A. From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook. - B. From the Microsoft Intune admin center, review Device compliance report. - C. From the Microsoft Intune admin center, review the Noncompliant devices report. - D. From the Microsoft Intune admin center, review the Setting compliance report. 145\. You have following types of devices enrolled in Microsoft Intune:\ Windows 10\ Android\ iOS\ \ For which types of devices can you create VPN profiles in Microsoft Intune admin center? - A. Windows 10 only - B. Windows 10 and Android only - C. Windows 10 and iOS only - D. Android and iOS only - E. Windows 10, Android, and iOS 146\. You are creating a device configuration profile in Microsoft Intune.\ \ You need to configure specific OMA-URI settings in the profile.\ \ Which profile type template should you use? - A. Device restrictions (Windows 10 Team) - B. Identity protection - C. Custom - D. Device restrictions 147\. HOTSPOT\ You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.\ \ ![A table with text on it Description automatically generated](media/image128.png)\ \ You create a policy set named Set1 as shown in the exhibit. (Click the Exhibit tab.)\ \ A screenshot of a computer Description automatically generated\ \ You enroll devices in Intune as shown in the following table.\ \ ![A screenshot of a computer Description automatically generated](media/image130.png)\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ A screenshot of a computer Description automatically generated 148\. HOTSPOT\ -\ \ You have a Microsoft 365 subscription that contains 1,000 iOS devices. The devices are enrolled in Microsoft Intune as follows:\ Two hundred devices are enrolled by using the Intune Company Portal.\ Eight hundred devices are enrolled by using Apple Automated Device Enrollment (ADE).\ \ You create an iOS/iPadOS software updates policy named Policy1 that is configured to install iOS/iPadOS 15.5.\ \ How many iOS devices will Policy1 update, and what should you configure to ensure that only iOS/iPadOS 15.5 is installed? To answer, select the appropriate options in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image132.png) 149-152. Case study\ -\ \ \ Overview\ -\ \ ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.\ \ ADatum has a Microsoft 365 E5 subscription.\ \ \ Environment\ -\ \ \ Network Environment\ -\ \ The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.\ \ A group of black text Description automatically generated\ \ ADatum has a hybrid Azure AD tenant named adatum.com.\ \ \ Users and Groups\ -\ \ The adatum.com tenant contains the users shown in the following table.\ \ ![A screenshot of a computer Description automatically generated](media/image2.png)\ \ All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.\ \ Enterprise State Roaming is enabled for Group1 and GroupA.\ \ Group1 and Group2 have a Membership type of Assigned.\ \ \ Devices\ -\ \ ADatum has the Windows 10 devices shown in the following table.\ \ A group of people in a group Description automatically generated\ \ The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.\ \ The Windows 10 devices are configured as shown in the following table.\ \ ![A white rectangular box with black text Description automatically generated](media/image4.png)\ \ All the Azure AD joined devices have an executable file named C:\\AppA.exe and a folder named D:\\Folder1.\ \ \ Microsoft Intune Configuration\ -\ \ Microsoft Intune has the compliance policies shown in the following table.\ \ A close up of a sign Description automatically generated\ \ ![A screenshot of a computer Description automatically generated](media/image6.png)\ \ The Automatic Enrollment settings have the following configurations:\ \ MDM user scope: GroupA\ MAM user scope: GroupB\ \ You have an Endpoint protection configuration profile that has the following Controlled folder access settings:\ \ Name: Protection1\ Folder protection: Enable\ List of apps that have access to protected folders: C:\\\*\\AppA.exe\ List of additional folders that need to be protected: D:\\Folder1\ Assignments:\ - Included groups: Group2, GroupB\ \ Windows Autopilot Configuration\ \ ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.\ \ A screenshot of a computer Description automatically generated\ \ Currently, there are no devices deployed by using Windows Autopilot.\ \ The Intune connector for Active Directory is installed on Server1.\ \ \ Requirements\ -\ \ \ Planned Changes\ -\ \ ADatum plans to implement the following changes:\ \ Purchase a new Windows 10 device named Device6 and enroll the device in Intune\ New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.\ Deployed a network boundary configuration profile that will have the following settings:\ - Name: Boundary1\ - Network boundary: 192.168.1.0/24\ - Scope tags: Tag1\ - Assignments:\ - Included groups: Group1, Group2\ Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:\ - Name: Connection1\ - Connection name: VPN1\ - Connection type: L2TP\ - Assignments:\ - Included groups: Group1, Group2, GroupA\ - Excluded groups: \--\ - Name: Connection2\ - Connection name: VPN2\ - Connection type: IKEv2\ - Assignments:\ - Included groups: GroupA\ - Excluded groups: GroupB\ \ \ Technical Requirements\ -\ \ ADatum must meet the following technical requirements:\ Users in GroupA must be able to deploy new computers.\ Administrative effort must be minimized. 149\. For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image133.png) 150\. You need to ensure that computer objects can be created as part of the Windows Autopilot deployment. The solution must meet the technical requirements.\ \ To what should you grant the right to create the computer objects? - A. Server1 - B. DC1 - C. GroupA - D. Server2 151\. A screenshot of a computer Description automatically generated 152\. Which user can enroll Device6 in Intune? - A. User4 and User1 only - B. User4 and User2 only - C. User4, User1, and User2 only - D. User1, User2, User3, and User4 153\. You have a Microsoft 365 subscription that contains 1,000 iOS devices and includes Microsoft Intune.\ \ You need to prevent the printing of corporate data from managed apps on the devices.\ \ What should you configure? - A. an app configuration policy - B. a security baseline - C. an app protection policy - D. an iOS app provisioning profile 154\. You have a Microsoft 365 E5 subscription that contains the users shown in the following table.\ \ ![A table with text on it Description automatically generated](media/image135.png)\ \ In the Microsoft 365 Apps admin center, you create a Microsoft Office customization.\ \ Which users can download the Office customization file from the admin center? - A. Admin3 only - B. Admin1 and Admin3 only - C. Admin3 and Admin4 only - D. Admin1, Admin2, and Admin3 only - E. Admin1, Admin2, Admin3, Admin4 155\. You have a Microsoft 365 E5 subscription.\ \ You need to download a report that lists all the devices that are NOT enrolled in Microsoft Intune and are assigned an app protection policy.\ \ What should you select in the Microsoft Intune admin center? - A. Reports, and then Device compliance - B. Apps, and then App protection policies - C. Devices, and then Monitor - D. Apps, and then Monitor 156\. You have a Microsoft 365 tenant that contains the objects shown in the following table.\ \ A table with text on it Description automatically generated\ \ In the Microsoft Intune admin center, you are creating a Microsoft 365 Apps app named App1.\ \ To which objects can you assign App1? - A. Group3 and Group4 only - B. Admin1, Group3, and Group4 only - C. Group1, Group3, and Group4 only - D. Group1, Group2, Group3, and Group4 only - E. Admin1, Group1, Group2, Group3, and Group4 157\. HOTSPOT\ -\ \ You have a Microsoft 365 E5 subscription.\ \ You create an app protection policy for Android device named Policy1 as shown in the following exhibit.\ \ ![A screenshot of a computer Description automatically generated](media/image137.png)\ \ Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.\ \ NOTE: Each correct selection is worth one point.\ \ A screenshot of a computer Description automatically generated 158\. You have a Microsoft 365 subscription that includes Microsoft Intune.\ \ You have 500 corporate-owned Android devices enrolled as fully managed devices.\ \ You need to prepare an app named App1 for deployment to the devices.\ \ Which two actions should you perform? Each correct answer presents part of the solution.\ \ NOTE: Each correct selection is worth one point. - A. From the Intune Company Portal, download App1. - B. Sync App1 with Intune. - C. From the Managed Google Play Store, approve App1. - D. Create an OEMConfig profile. 159\. You have the Windows 10 devices shown in the following table.\ \ ![A white background with black text Description automatically generated](media/image139.png)\ \ You plan to upgrade the devices to Windows 11 Enterprise.\ \ On which devices can you perform a direct in-place upgrade to Windows 11 Enterprise? - A. Device3 only - B. Device3 and Device 4 only - C. Device2, Device3, and Device4 only - D. Device1, Device3, and Device4 only - E. Device1, Device2, Device3, and Device4 only 160\. HOTSPOT\ -\ \ Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure AD.\ \ A user named User1 uses the domain-joined devices shown in the following table.\ \ A white rectangular box with black text Description automatically generated\ \ In the Microsoft Entra admin center, you assign a Windows 11 Enterprise E5 license to User1.\ \ You need to identify what will occur when User1 next signs in to the devices.\ \ What should you identify for each device? To answer, select the appropriate options in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image141.png) 161\. HOTSPOT\ You have a Microsoft Deployment Toolkit (MDT) deployment share named Share1.\ \ You add Windows 10 images to Share1 as shown in the following table.\ \ A screenshot of a computer Description automatically generated\ \ Which images can be used in the Standard Client Task Sequence, and which images can be used in the Standard Client Upgrade Task Sequence?\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a task sequence Description automatically generated](media/image143.png) 162\. You have a Microsoft 365 subscription that uses Microsoft Intune.\ \ You plan to use Windows Autopilot to provision 25 Windows 11 devices.\ \ You need to meet the following requirements during device provisioning:\ Display the progress of app and profile deployments.\ Join the devices to Azure AD.\ \ What should you configure to meet each requirement? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.\ \ A screenshot of a questionnaire Description automatically generated 164\. You have a Microsoft Deployment Toolkit (MDT) deployment share.\ \ You plan to deploy Windows 11 by using the Standard Client Task Sequence template.\ \ You need to modify the task sequence to perform the following actions:\ Format disks to support Unified Extensible Firmware Interface (UEFI).\ Create a recovery partition.\ \ Which phase of the task sequence should you modify? - A. Preinstall - B. PostInstall - C. Install - D. Initialization 165\. DRAG DROP\ -\ \ Your network contains an Active Directory domain.\ \ You install the Microsoft Deployment Toolkit (MDT) on a server.\ \ You have a custom image of Windows 11.\ \ You need to deploy the image to 100 devices by using MDT.\ \ Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.\ \ ![A screenshot of a computer Description automatically generated](media/image145.png) 166\. You have the Microsoft Deployment Toolkit (MDT) installed.\ \ You install and customize Windows 11 on a reference computer.\ \ You need to capture an image of the reference computer and ensure that the image can be deployed to multiple computers.\ \ Which command should you run before you capture the image? - A. dism - B. wpeinit - C. sysprep - D. bcdedit 168\. HOTSPOT\ -\ \ You have a hybrid Azure AD tenant.\ \ You configure a Windows Autopilot deployment profile as shown in the following exhibit.\ \ A screenshot of a computer Description automatically generated\ \ Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.\ \ NOTE: Each correct selection is worth one point.\ \ ![A screenshot of a computer Description automatically generated](media/image147.png) 169\. HOTSPOT\ -\ \ You have a Microsoft 365 subscription that uses Microsoft Intune Suite.\ \ You use Microsoft Intune to manage devices.\ \ You plan to create Windows 11 device builds for the marketing and research departments. The solution must meet the requirements:\ Marketing department devices must support Windows Update for Business.\ Research department devices must have support for feature update versions for up to 36 months from release.\ \ What is the minimum Windows 11 edition required for each department? To answer, select the appropriate options in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ A screenshot of a computer Description automatically generated 170\. You have an Azure AD tenant named contoso.com.\ \ You plan to use Windows Autopilot to configure the Windows 10 devices shown in the following table.\ \ ![A close up of a memory card Description automatically generated](media/image149.png)\ \ Which devices can be configured by using Windows Autopilot self-deploying mode? - A. Device2 only - B. Device3 only - C. Device1 and Device3 only - D. Device1, Device2, and Device3 171\. HOTSPOT\ -\ \ Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant.\ \ You have a Microsoft 365 subscription.\ \ You plan to use Windows Autopilot to deploy new Windows devices.\ \ You plan to create a deployment profile.\ \ You need to ensure that the deployment meets the following requirements:\ \ Devices must be joined to AD DS regardless of their current working location.\ Users in the marketing department must have a line-of-business (LOB) app installed during the deployment.\ \ The solution must minimize administrative effort.\ \ What should you do for each requirement? To answer, select the appropriate options in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ A screenshot of a computer Description automatically generated 172\. You have 200 computers that run Windows 10 and are joined to an Active Directory domain.\ \ You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy.\ \ Which three actions should you perform? Each correct answer presents part of the solution.\ \ NOTE: Each correct selection is worth one point. - A. Enable the Allow Remote Shell access setting. - B. Enable the Allow remote server management through WinRM setting. - C. Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic. - D. Enable the Windows Defender Firewall: Allow inbound Remote Desktop exceptions setting. - E. Set the Startup Type of the Remote Registry service to Automatic - F. Enable the Windows Defender Firewall: Allow inbound remote administration exception setting. 174\. You have devices that are not rooted enrolled in Microsoft Intune as shown in the following table.\ \ ![A white rectangular box with black text Description automatically generated](media/image151.png)\ \ The devices are members of a group named Group1.\ \ In Intune, you create a device compliance location that has the following configurations:\ \ Name: Network1\ IPv4 range: 192.168.0.0/16\ \ In Intune, you create a device compliance policy for the Android platform. The policy has the following configurations:\ \ Name: Policy1\ Device health: Rooted devices: Block\ Locations: Location: Network1\ Mark device noncompliant: Immediately\ Assigned: Group1\ \ The Intune device compliance policy has the following configurations:\ \ Mark devices with no compliance policy assigned as: Compliant\ Enhanced jailbreak detection: Enabled\ Compliance status validity period (days): 20\ \ For each of the following statements, select Yes if the statement is true. Otherwise, select No.\ \ NOTE: Each correct selection is worth one point.\ \ A questionnaire with black text Description automatically generated 175\. You need to implement mobile device management (MDM) for personal devices that run Windows 11. The solution must meet the following requirements:\ \ Ensure that you can manage the personal devices by using Microsoft Intune.\ Ensure that users can access company data seamlessly from their personal devices.\ Ensure that users can only sign in to their personal devices by using their personal account.\ \ What should you use to add the devices to Azure AD? - A. Azure AD registered - B. hybrid Azure AD join - C. Azure AD joined 176\. You have a Microsoft 365 subscription.\ \ All computers are enrolled in Microsoft Intune.\ \ You have business requirements for securing your Windows 11 environment as shown in the following table.\ \ ![A screen shot of a computer error Description automatically generated](media/image153.png)\ \ What should you implement to meet each requirement? To answer, select the appropriate options in the answer area.\ \ NOTE: Each correct selection is worth one point.\ \ A screenshot of a computer Description automatically generated 177\. You have a M

MD-102 Questions - IT Exam Questions

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue