CIST 2411 Final Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

You are creating a new device profile. You want it to apply to all users except the domain administrators. How would you accomplish this?

Assign the profile to the AllUsers group and exclude the Domain Admins group

You are getting ready to implement mobile application management (MAM) in your environment. You realize that there are distinct phases of an application life cycle that your apps will take over the course of time. Put the app life cycle phases in order.

Add Deploy Configure Protect Retire

Install the Intune Client

Only using Config Manager

Windows 10

Use direct enrollment if available

You want to set the power scheme using the command line. Which command would you use?

powercfg

Mandatory Profile

Can be stored locally or on the network; user cannot make setting changes.

You have been given a USB drive that has been encrypted with BitLocker To Go. Which of the following options is required before you can access the data from this drive on a Windows 10 computer? (Select two. Each answer is a complete solutions.)

-A smart card -Correct Password

You would like to utilize a device enrollment manager (DEM) Azure AD account to enroll your devices into Intune. What is the maximum number of devices a DEM account can enroll?

1,000

You would like to utilize a Device Enrollment Manager (DEM) Azure AD account to enroll your devices into Intune. What is the maximum number of devices a DEM account can enroll?

1000

As an added security measure, you'd like to implement network fencing using Intune for your mobile device management (MDM). Select option that best describes network fencing.

Admins can keep devices outside their corporate network from accessing enterprise resources.

You are implementing Windows Information Policies (WIP) and would like to prompt users when they are moving sensitive company data on their devices. What WIP mode should you deploy?

Allow Overrides This mode warns employees if they are inappropriately sharing data. It won't stop them, but it will log their actions.

Which Android enrollment options would you choose in order to keep work data and personal data separate on your Android devices?

Android Enterprise work profile.

You would like to set up an app deployment method in Intune that shows users from each department the apps they have rights to so that they can be downloaded. Which deployment method would you use?

App catalog

You have a corporate application that employees must use that includes sensitive company information, including the phone numbers and contact information of employees and clients. You want to secure the app on mobile devices so users must enter a PIN when opening and accessing the app. Which of the following would you implement to meet this objective?

App protection policy

You want to block all Samsung Android devices from accessing corporate resources in your IT environment. Which of the following would you implement?

App protection policy

Your remote users run a Universal Windows Platform (UWP) application that requires access to certain files on a network share each time it runs. What would you implement in order for your remote users to make sure that network resources are always available when they run that application?

Application trigger

As an administrator, you are configuring a compliance policy in Intune. Place the following in the correct order to properly configure this policy. Step 4

Assign the policy to one or more user groups or device groups

As an administrator, you are very concerned with network, application, device, user, and data security. You want to minimize the number of places where an attacker could compromise your devices or networks. Which Defender ATP component would you implement?

Attack Surface Reduction You should choose Attack Surface Reduction. This set of configurations are the front line of defense for any network system. These configuration include: Firewall App controls Network protection Security configurations

Your systems have been hacked! As you try to discover the extent of the breach, you realize that you need help assessing the depth of the attack and amount of damage. Which Defender ATP component would you utilize?

Automated Investigation & Remediation

You are publishing an app in Microsoft Intune that you want deployed to the Intune Company Portal. You want to allow users to decide whether they want to install it on their managed devices or not. Which type of deployment action should you configure using Intune policies?

Available for enrolled devices install You would choose Available for enrolled devices install. This deploys the app to the Intune Company Portal so that users can decide whether they want to install it on their devices or not.

You are looking for a cloud-based solution that helps you classify and protect your company's documents and emails by applying labels and rules to detect sensitive information. You want to track and control how they are used. What Azure-based technology would you implement?

Azure Information Protection policies-- These allow you to classify documents and emails so you can protect sensitive information.

You want to be able to stop working on your Windows notebook system, save battery power, and resume work as quickly as possible. You also want to protect yourself from data loss if your battery fails. What should you do?

Enable Hibernate. Hibernate copies the contents of RAM to a file on the hard disk and then shuts down completely.

You are reviewing your corporate policies for mobile device security. You want to include a policy for letting users bring their own devices (BYOD). Which of the following should be included in a robust BYOD policy? (Choose five.)

BYOD Policy All software must be kept up to date. A method to easily report lost or stolen devices immediately. A PIN or other strong device unlock method must be used. Never connect to a public Wi-Fi network. Backup and device encryption solutions.

You want to protect all the files on the hard drive of your Windows notebook system to prevent unauthorized access. You want to prevent access to any encrypted file on the hard drive, even if the hard drive is moved to another computer. Which feature should you implement?

BitLocker BitLocker protects unauthorized data access on lost or stolen laptops or other compromised systems. BitLocker encrypts the entire contents of the operating system partition, including operating system files, swap files, hibernation files, and all user files. A special BitLocker key is required to access the contents of the encrypted volum

How is conditional access a benefit of implementing co-management?

Conditional access allows you to control which devices and apps can connect to your organization.

Which of the following statements best describes Configuration Manager? (Select two.)

Configuration Manager has been around for many years and is a powerful, on-premises, traditional management tool Configuration Manager is also known as System Center Configuration Manager (SCCM)

You have just installed Windows 10 a new notebook. The notebook does not have a Trusted Platform Module (TPM) chip. You want to configure the computer to use BitLocker to protect the volume used for the operating system and all user data. What should you do? (Select two. Each correct answer is complete solution.)

Configure BitLocker to require a PIN for startup. Configure BitLocker to use a startup key on a USB drive.

You want to use BitLocker on a laptop that belongs to a domain. Your implementation should meet the following requirements: The laptop should start up without requiring a PIN or a USB device. To meet security requirements, USB support must be disabled on the laptop. The computer should automatically generate recovery keys and store them in a central location. How can you implement a solution that meets the stated requirements? (Select two. Each answer is part of the complete solution.)

Configure Group Policy to store recovery keys in Active Directory. Implement BitLocker with a TPM.

As an administrator, you are configuring a compliance policy in Intune. Place the following in the correct order to properly configure this policy. Step 3

Configure one or more settings to enforce

You use a VPN connection on your Windows desktop system to access resources on a corporate intranet. In addition to accessing the intranet resources, you need to access the internet while the VPN connection is active. How can you prevent internet traffic from going through the VPN connection?

Configure the Advanced TCP/IP Settings of the VPN connection. In Advanced TCP/IP Settings, clear the Use default gateway on remote network checkbox to disable routing of internet traffic through the VPN connection.

You manage Windows notebook systems that are members of a domain. You have ten regional salespeople who travel extensively and use these notebooks to access company resources. The users have complained that although they can take copies of important files with them into the field, occasionally, they have been caught with out-of-date documents because no one told them the files had been updated. Additionally, some files they modify need to be distributed to all the other sales staff. What can you do to provide the needed access to these shared files?

Configure the Offline Files feature for the folder that contains these files. The Offline Files feature meets the scenario requirements. Offline Files creates locally cached copies of files stored on the server. It synchronizes changes made to the local copies.

You need to configure the following power options on your Windows notebook system when running on battery power: Put the computer to sleep after 15 minutes of idle time. Have the wireless adapter enter a strict power saving mode. Shut down the computer if you close the lid. What should you do?

Configure the advanced settings of any power plan. The combination of the requirements force you to use the advanced settings of a power plan. Enabling a default power plan does not fulfill all the requirements.

How do you configure your Windows 10 system to require all removable data drives to mount as read-only unless the device is protected with BitLocker To Go?

Configure the local Group Policy. Using the Local Group Policy Editor, enable the Deny write access to removable drives not protected by BitLocker policy in Group Policy to allow write access only to removable drives that use BitLocker.

You need to deploy a new cloud-based Windows Intune deployment to manage mobile devices in your organization. Arrange the deployment configuration tasks in proper order on the right. Not all tasks will be used. Step 2

Create Intune user accounts

You have all Windows 10 devices in your cloud-based Intune environment. You want to set up Always On VPN on each device to utilize the built-in VPN client in Windows 10. What is the fastest way for you to configure all your devices?

Create an Always On VPN configuration profile in Intune and assign it to the AllUsers group.

You are getting ready to install Windows 10 on a new laptop. You would like to configure the laptop to use BitLocker. How can you configure the laptop to start without requiring a PIN or a USB device? (Select two. Each answer is part of the complete solution.)

Create two partitions on the hard disk. Put boot files on the first partition and operating system files and data on the second partition. Enable the TPM.

Android

Download the Company Portal app from Play Store on each device.

Microsoft Defender ATP can be combined with Intune to form a robust and powerful security system for all mobile devices on the network. The organization must meet which of the following three requirements? (Select three.)

Defender ATP Requirements Licensed for Enterprise Mobility + Security Have an Intune account with Azure Active Directory Have Microsoft Defender ATP and access to the Security Portal

You need to deploy a new cloud-based Windows Intune deployment to manage mobile devices in your organization. Arrange the deployment configuration tasks in proper order on the right. Not all tasks will be used. Step 3

Define Intune policies

The users in your organization bring their own mobile devices to the office and want to be able to access the network with them. You want to protect your network from malware threats that might be on these devices. You want to make sure these devices meet certain requirements before they can connect to the network. For example, you want them to meet the following criteria: Hardware and Windows startup components are clean. The kernel is not infected with a rootkit. Boot drivers are clean. Which Windows feature can you use to protect your network from malware threats that might be on your users' mobile devices?

Device Health Attestation (DHA)

How are Enterprise State Roaming (ESR) profiles different from other traditional user profiles? (Select two.)

ESR keeps corporate and personal data separate. In this manner, corporate data is always protected. ESR syncs user and app settings on their Windows 10 devices to the cloud.

You've enabled Enterprise State Roaming (ESR) in Azure AD. However, some of your Windows 10 users are calling support because some of their app and user settings are not syncing properly between their Windows 10 devices. You check all your ESR settings, and it looks to be set up correctly. What else could be causing some Windows 10 users to have problems and others not with ESR? (Choose two.)

ESR requires Windows 10 version 1151 or later The device has not been restarted since enabling ESR

You have a user remotely connecting to the corporate network from a client location. They can connect to the corporate network file server. But they cannot access files and folders they need on the client LAN in order to work on their project. What would you enable in order to allow the user to access resources on both networks while the VPN is connected?

Enable split tunneling You should choose to enable split tunneling. This would save the user time spent having to connect and disconnect the VPN.

You need to deploy a new cloud-based Windows Intune deployment to manage mobile devices in your organization. Arrange the deployment configuration tasks in proper order on the right. Not all tasks will be used. Step 4

Enroll mobile devices

You are an administrator that needs to implement mobile device security. Match the available security options with their descriptions.

Enterprise Mobility Management (EMM) The combination of MDM and MAM solutions in one package, like Intune. Mobile Application Management (MAM) Focuses on managing the applications on a mobile device, not the device itself. Mobile Device Management (MDM) Manages the user's device, including remotely wiping the device.

There is an app available in the Windows Store that users need to complete their day-to-day tasks. You want to deep link this app in Microsoft Intune to make it available on your Company Portal. How should you configure the app to be made available to these devices when publishing the app? (Select two.)

External link & Available install

You are an administrator with 200 Windows 10 devices that are both personal and corporate-owned. You have implemented mobile device management (MDM) as well as mobile application management (MAM) via Intune. While configuring auto-enrollment, you configured the MDM user scope to All and the MAM user scope to All. You are now ready for auto-enrollment. Which statements describe what will happen in your environment as these devices auto-enroll? (Select two.)

For corporate-owned devices, MDM user scope always takes precedence over the MAM user scope. The device is enrolled into Intune For personal devices, MAM user scope takes precedence over the MDM user scope. The device is not enrolled in Intune.

As an administrator, you are configuring a compliance policy in Intune. Place the following in the correct order to properly configure this policy. Step 1

Give the policy a unique name

A mobile broadband connection can be used to provide internet access in areas where no other option exists. Match each broadband connection with its description.

Global System for Mobile Communication (GSM) Most used standard across the world and uses a SIM card. Code Division Multiple Access (CDMA) Mainly used in the United States and Russia; it does not use a SIM card. Long-Term Evolution (LTE) Faster, newer technology that only supports cellular data transmission.

You keep your Windows laptop plugged in most of the time, and you would like to use the full CPU power for a video project you are working on. Click the power plan you would use to provide full CPU power.

High Performance The High performance power plan is best for this project since it sets the Processor power management setting to 100%.

As an administrator, you are configuring a compliance policy in Intune. Place the following in the correct order to properly configure this policy. Step 2

Identify an OS platform: iOS, Android, or Windows

You are about to give a presentation. You have connected your laptop to a multimedia projector. You are concerned about interruptions to your presentation, such as notification balloons and the screen turning black. What should you do?

In the Windows Action Center, enable the Presentation Settings option. Enable the Presentation Settings option in the Windows Action Center. When the Presentation Settings option is turned on, your laptop stays awake, and system notifications are turned off.

You have Windows 10 devices in Azure AD, and they are enrolled in Intune. What must you do in order to also co-manage the devices using Configuration Manager?

Install the Configuration Manager client on each device.

Windows 8.1

Install the Intune Company Portal app on each device.

You have been put in charge of providing a VPN solution for employees who work remotely. When these employees change locations, they lose their VPN connection. You want them to automatically reconnect if the VPN connection is lost or disconnected. Which VPN security protocol supports the VPN Reconnect functionality?

Internet Key Exchange version 2 (IKEv2) is required to use the VPN Reconnect feature.

Which cloud-based Microsoft modern management tool would you use to remotely restart a mobile device?

Intune

You are evaluating Wi-Fi Direct for establishing wireless connections between Windows notebooks and mobile devices such as phones and tablets. Which of the following statements are true regarding Wi-Fi Direct? (Select two.)

It uses WPA2 security. It uses the 802.11n wireless standard.

Compulsory aka Super-Mandatory

Locked-down profile. User is required to use it and cannot make changes. If profile is unavailable, user will not be able to log on.

You have some apps that you would like to manage and secure that are not being managed by Intune. At this point in time, they are being managed by another vendor that provides enterprise mobility management (EMM). Which mobile application management (MAM) configuration would you implement?

MAM-WE, or MAM without enrollment You would implement the MAM-WE configuration because Intune is not managing the devices (without enrollment).

Which Microsoft tool would you download to help you migrate your group policies to MDM policies?

MMAT (MDM Migration Analysis Tool)

You need to set up and pre-configure new Windows 10 devices to get them ready for use and distribution to users. Which Microsoft cloud-based tool would you use to accomplish this?

Microsoft Autopilot

As an administrator, you feel like you are in over your head with some attacks you are experiencing on your devices and network. You feel like you need some help. Which Defender ATP component would you use?

Microsoft Threat Experts This special Microsoft team works with the organization's security administrators to scan and detect vulnerabilities in their systems. They can help to remediate discovered vulnerabilities and threats.

You need to implement a wireless solution to allow Windows notebook systems to send audio and video streams to projectors so employees can give presentations. Which mobile wireless technologies can you use to do this? (Select two. Each answer is part of the complete solution.)

Miracast Wi-Fi Direct

You are researching the hardware components to assist in power management in your users' Windows 10 laptops. Choose the three most common components.

Mobile graphic cards Lower-power hard drives CPUs

Which two pieces of hardware are required to make a connection to a mobile network? (Select two.)

Modem SIM Card

You would like to leverage services like machine learning together with cloud-based technology to provide more security for your organization. Which Defender ATP component would you implement?

Next Generation Protection Next Generation Protection includes: Real-Time Protection Cloud-Based Delivery Dedicated Updates

Use intune for management

Not using Config Manager

You use a Windows notebook system named M400. It is a member of a domain, and it is located in a branch office. A Windows server named Server1 contains a shared folder named Data. The server is located in the main office. You need to configure M400 to cache the files from the Data share so they can be used when M400 is not connected to the network. You want the files in the Data share to automatically synchronize each time M400 connects to the network. The files must be protected by encryption; other files on M400 do not need encryption. What should you do?

On M400, make the Data share available offline and enable encryption of offline files. You should do the following: Make the Data share available offline. When network files are made available offline, the network versions of files and folders are copied to the local hard disk. Protect offline files by encrypting the offline file cache. When the cache is encrypted, a user key is used. Only the user who encrypted the files has access to the files.

You are using your Windows 10 notebook system as you travel to client sites. You are about to board an airplane and decide to switch your notebook to Airplane mode prior to boarding. How do you switch a notebook to Airplane mode? (Select two. Each answer is part of the complete solution.)

Open the Settings app and click Network & Internet. Select Airplane mode to turn wireless communications off.

You work in a branch office and use a desktop system named Comp1. A Windows server named Srv1 is located in the main office. On Srv1, you share a folder named Data using the default caching settings. You use Offline Files in the branch office to make the files in the Data share are available when the WAN link is down. On Comp1, you want to see your synchronization partners and the results of the latest synchronization. You also want to view and resolve any conflicts. What should you do?

Open the Sync Center in Control Panel.

You need to manually synchronize the offline files on your Windows system with the versions of the same files stored on a network share. What should you do?

Open the Sync Center. Although files are automatically synchronized when a system comes online, files might not be continuously synchronized. To force a synchronization, use the Sync Center. You can also right-click the shared folder or file in File Explorer and click Sync > Sync Selected Offline Files. To open the Sync Center, open Control Panel. Type Sync Center into the search field and press Enter.

As an administrator, you would like your users to initiate the enrollment of their Windows 10 devices into Intune. Which of the following can users choose to accomplish this task? (Select four.)

Perform an Azure AD join during OOBE (Out of Box Experience) Add a work or school account Enroll in MDM only Use Windows Autopilot

There are several methods to enroll devices depending on ownership, platform, or management requirements. Match each of the items on the left with the appropriate group name on the right Ownership

Personal or corporate

Which power plan enables your Windows notebook system to save as much battery power as possible?

Power saver power plan

You are following the life cycle of an application in Intune. You want to implement conditional access policies to limit unauthorized exposure to email and company resources. Which phase are you implementing?

Protect phase You would implement the protection phase. This deals with protecting the data in the app. There are two main methods for doing this: conditional access and app protection policies.

Mobile device management (MDM) policies using Intune are powerful and have been created to accomplish two main objectives. (Select two.)

Protect the organization's valuable data and assets Empower users to be productive wherever and whenever they want

You are on an airplane. You are instructed to turn off your Windows notebook system completely and immediately. You have several open windows with critical data that you cannot lose. What should you do?

Put the notebook into hibernation. Hibernation copies contents of RAM to a file on the hard disk and then shuts down completely. Hibernation uses no battery power because the device is off.

You have previously installed Windows 10 on two new computers and configured both computers with BitLocker. Both computers have a TPM installed. Because of a hardware failure, one of the computers will not boot. You replace the failed hardware, but now BitLocker is preventing the system from starting because it has failed the startup system integrity checks. Which of the following options would you use to reconfigure BitLocker so the system will start?

Recovery key

You are publishing an app in Microsoft Intune that you want to be automatically deployed on managed devices using the Intune agent. Which type of deployment action should you configure using Intune policies?

Required install

There is an app available in the Windows Store that users need to complete their day-to-day tasks. You want to deep link this app in Microsoft Intune to automatically install it on managed devices using the Intune agent. How should you configure the software to be made available to these devices when publishing the app? (Select two.)

Required install & External link

There are several methods to enroll devices depending on ownership, platform, or management requirements. Match each of the items on the left with the appropriate group name on the right Management Requirements

Resets, affinity, and locking

Once a user is connected to a Wi-Fi network, Windows 10 saves all the information to a Wi-Fi profile. Which of the following settings are saved? (Select three.)

SSID Security settings Password

You are setting up a cloud-based Intune deployment. You have created accounts for your users, and you have defined the policies you need to manage your organization's mobile devices. You are ready to enroll mobile devices. Which task must you perform before you can complete mobile devices enrollments?

Set Intune as your mobile device management authority

You are setting up Windows Defender ATP with Intune. Put the following steps in the order in which they must be completed.

Set up Defender ATP with Intune as follows: 1. Connect the Intune and Defender ATP systems. 2.Devices in Intune are then configured to communicate with Defender ATP. 3.Configure the security policies in Defender ATP and Intune. 4.Any devices that do not comply with the security policy are blocked.

You are a new system administrator, and your company has just mandated that users need to work from home and connect to files and folders on the network. Which option will allow users to connect to the corporate network remotely and securely?

Set up a virtual private network (VPN) on the server side and install the client on each remote user's laptop.

As a system administrator, you manage hundreds of Windows 10 devices using Configuration Manager. Now you would like to co-manage these devices with cloud-based Azure tools. What should you do to achieve co-management?

Set up hybrid Azure Active Directory and then enroll the Windows 10 devices into Intune.

You are configuring an application trigger and split tunneling on your VPN connections for your users. Match each command with its description.

Set up the app trigger: Add-VpnConnectionTriggerApplication -Name %Name of VPN% -ApplicationID %Path to Application% Enable split tunneling:Set-VpnConnection -Name %Name of VPN% -SplitTunneling $True Set the idle disconnection time:Set-VpnConnection -Name $vpn- IdleDisconnectSeconds 5 Remove auto-trigger from a VPN connection:Remove-VpnConnectionTriggerApplication -Name $vpn -ApplicationID $app Confirm auto-trigger settings:Get-VpnConnectionTrigger -Name $vpn

Wireless networks can also be managed using the Network Shell (Netsh) command line utility. Match the appropriate command with its description.

Shows the list of wireless profiles. netsh wlan show profiles Retrieves the stored key (password) or a wireless network. netsh wlan show profiles name=[profile name] key=clear Deletes a wireless profile. netsh wlan delete profile name=[profile name] Shows all supported capabilities of the wireless adapter. netsh wlan show wirelesscapabilities

You need to deploy a new cloud-based Windows Intune deployment to manage mobile devices in your organization. Arrange the deployment configuration tasks in proper order on the right. Not all tasks will be used. Step1

Sign up for an Intune account.

You are creating an app protection policy. You must choose a Windows Information Protection (WIP) mode. You would like to allow users to relocate data away from protected apps and log when this is done. Which mode should you use?

Silent You should use the Silent mode. This allows your users to relocate data away from protected apps while letting you know when this happens. Allow Overrides prompts the user when relocating data from a protected app to a non-protected app. The action is logged if the user overrides this prompt. Block will block all enterprise data from leaving protected apps. Off also allows the user to relocate data away from a protected app, but it does not log the action.

You are publishing a line of business desktop app in Microsoft Intune that you want deployed to the Intune Company Portal. You want to allow users to install it if they need it. The app is intended to be installed on Windows 10 desktop and notebook managed devices. How should the app be added to be deployed to these devices?

Software installer .MSI You would choose Software installer with an .MSI file. This option is used to publish a traditional desktop application to a managed desktop or notebook system.

Many of your users have iPhones and iPads that they use to complete their day-to-day tasks. You have enrolled these devices with Microsoft Intune. You now need to publish an app from the Apple App Store to these devices. How would you deploy this iOS app to these devices?

Store app type, then search the App Store

Microsoft Intune has four different app categories. Match each description with the associated category.

Store apps Apps installed from the device's app store, such as the Google Play Store for Android Devices. In-house apps Custom-built apps designed for a specific organization. Built-in apps Apps built into iOS or Android devices. Web apps Apps that run on a website and are completely online.

Local Profile

Stored on just one device; user can change settings.

Roaming Profile

Stored out on the network; user can change settings

Which of the following BitLocker modes is the recommended option and provides the highest level of security?

TPM with PIN and startup key TPM with PIN and startup key: Performs system integrity checks Prompts the user to input a PIN before the computer boots Checks for the required startup key on a USB flash device Boots to recovery mode if the USB flash device is unavailable or the wrong PIN is entered Provides the highest level of security and is the recommended option

You have created several Intune MDM policies. You would like to assign them to manage your mobile devices and users. You can assign the MDM policies to either user groups or device groups. If you select user groups, what will happen?

The MDM policies will apply to every device that user uses.

Drag the BitLocker security component on the left to its description on the right. (Components may be used once, more than once, or not at all.)

The only option for systems without a TPM chip. Startup key Provides access to encrypted volumes if there are problems related to BitLocker as the computer boots. Recovery key A user account that can recover encrypted data from BitLocker-protected drives when the password or keys are lost. Data Recovery Agent A copy of this is saved in the TPM. PIN Must be present on a USB flash device during system startup. Startup key Without this, the system can only boot to recovery mode, and the data on the disk cannot be accessed. Recovery key

You are interested in publishing an application in Intune. Arrange the steps on the left in the pane on the right in the order required to publish an application in Intune.

The process for publishing an app in Intune is as follows: Access the Intune Admin console and go to the Apps workspace to add a new app. Launch the Intune Software Publisher and walk through the publishing wizard. During this process, you must decide how the software will be made available to devices. Determine which user or device groups you want to deploy the software to. Only the users or devices who are members of the group(s) specified will be allowed to install the application. Determine the deployment action for the application (available install or required install). You can also configure a deadline for installation. After the application has been published, it is deployed to enrolled devices. The way this happens depends on the type of installation. For required installs, the Intune agent software automatically installs the application in the background. For available installs, the user can access the Company Portal and manually download and install the application.

Temporary Profile

The profile the user will get if their local, roaming, or mandatory profile is unavailable.

A user contacts you to let you know their Intune-enrolled device has been remotely locked. What would have caused this?

The user's device is non-compliant and was remotely locked.

A user calls and complains that she cannot access important company files from her personal device. You confirm that Intune policies are properly set up and assigned to her. What could be the issue that is blocking her from accessing the files?

The user's device is rooted or jailbroken

You have a Windows 10 user that calls from home and alerts you that they cannot connect to Wi-Fi and therefore cannot start the VPN to access company resources and print a document. When they take their laptop to the coffee shop, it connects just fine. What is most likely the cause of their problem?

There is a duplicate SSID in their vicinity.

You are reviewing configuration scores from all your devices in the categories of Application, Network, Accounts, Security Controls, and OS. Which component of Microsoft Defender ATP are you using?

Threat & Vulnerability Management

You are trying to establish a Wi-Fi Direct connection between a Windows desktop system and a Windows tablet device. You have installed an 802.11n wireless adapter in the desktop system. However, you are unable to see the tablet device. Which action must you take to see the tablet device from the desktop?

Update the wireless network adapter driver on the desktop system to one that is compatible with Wi-Fi Direct. The drivers used for your wireless network adapter must be Wi-Fi Direct compatible to establish Wi-Fi Direct connections with other devices. In this scenario, the wireless adapter in the desktop system is the most likely culprit as it is a third-party device that was not installed by the manufacturer.

You need to implement a solution for the sales reps who complain that they are unable to establish VPN connections when they travel because the hotel or airport firewalls block the necessary VPN ports. Which VPN security protocol can you use to resolve this issue? PPTP

Use Secure Socket Tunneling Protocol (SSTP) for the VPN protocol. SSTP uses SSL, which uses port 443. Because SSL is used by many websites for secure transactions, this port is already opened in mos

There are four things users must do or have to implement MAM app protection policies in your environment. Drag the four requirements for MAM to the right.

User Requirements for MAM: Have an Azure AD account Belong to a group with policies assigned Sign into the app with an Azure AD account Have an Intune license

Balance and migrate workloads

Using Config Manager with intune

What happens when you plug a SIM card into your Windows 10 machine? Put the following in order of occurrence.

When the SIM card is inserted in a Windows 10 machine, the following steps happen: The International Mobile Subscriber Identity (IMSI) is read. The Integrated Circuit Card ID is read. The service provider's ID and name are read. Windows uses this information to determine which mobile carrier the SIM card belongs to. Windows automatically downloads and installs the modem and appropriate apps. Once all drivers and apps are installed, Windows can initialize the modem and begin connecting to the network.

You need to implement a wireless solution to connect Windows notebook systems with mobile devices such as tablets and phones. You need to do this without investing in additional technology. Which mobile wireless technology can leverage the existing 802.11n wireless network adapters already installed in your notebook systems?

Wi-Fi Direct Wi-Fi Direct creates a high-bandwidth, point-to-point wireless connection between Wi-Fi Direct compatible devices and a Windows system. Wi-Fi direct uses the 802.11n wireless standard to establish a link between devices.

Why are many organizations implementing co-management today?

Windows 10 devices are cloud-managed while previous versions are managed using Configuration Manager.

Which cloud-based Microsoft tool would you use to reset, repurpose, and recover devices?

Windows Autopilot

You are an administrator with 550 devices to enroll into Intune. You choose to bulk enroll them. Which other software will you need to build the package necessary to bulk enroll the devices via USB or network location?

Windows Configuration Designer (WCD)

You are very concerned that employees or their applications will download sensitive data from your company's SharePoint site, network shares, and intranets using their mobile devices. Which cloud-based technology would you implement in order to encrypt that data?

Windows Information Protection (WIP)

Understanding Windows 10 power options is important as you roll out new devices in your IT enterprise and users become more mobile. Rank the six standard ACPI states in order from highest to lowest power consumption.

Working State Modern Standby Sleep Hibernate Soft off Mechanical off

Before you can manage apps using Intune, which three prerequisites must be met? (Select three.)

You must meet the following three prerequisites before you can manage applications with Intune: The users must have an account in Azure Active Directory. The users must be assigned to groups in Azure Active Directory. The users' devices must be enrolled in Intune.

You need to use command line tools to prepare the default drive on a Windows system for use by BitLocker. The new system partition should be 500 MB in size and should not be assigned a drive letter. Which command should you use?

bdehdcfg -target default -size 500 The bdehdcfg -target default -size 500 command creates a system partition of 500 MB on the default drive. The new system partition is not assigned a drive letter.

iOS and MacOS

iOS devices with iOS 7 or later and Mac computers with X Mavericks 10.9 or later

There are several methods to enroll devices depending on ownership, platform, or management requirements. Match each of the items on the left with the appropriate group name on the right. Platform

iOS, Windows, or Android

The sales reps in your organization use a VPN connection on their Windows notebook systems to access the corporate network while traveling. You are concerned that a sales rep has configured his VPN connection to automatically remember his credentials for accessing the VPN server. This violates your organization's security policy. Click the option in the VPN Connection Properties dialog you would use to disable this functionality.

options

You want to set the power scheme using the command line for power management. What command would you issue in Command Prompt?

powercfg /s guid You should choose powercfg /s guid to set the power scheme.


Conjuntos de estudio relacionados

Pediatric success- growth chapter 2, pediatric success cardiac 2nd ed, Pediatric Success Hematological and Immunological Disorders

View Set

Chapter 7 Federal Tax considerations and Retirement Plans

View Set

Linear Functions Unit Test Review

View Set

Hodder Uni 13-El medio ambiente -- a--(1-74)

View Set

Biology - Chapter 21: Plant Form and Function

View Set

European Colonization in North America: Spanish, French, Dutch, and British Colonies

View Set

OSHA 10 hour Fall protection Module 1 & 2

View Set