Tingnan ang lahat ng mga set ng pag-aaral

MD-101 Exam

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Your company has an infrastructure that has -m365 tenant -ad forest -intune -key management service (kms) server -windows deployment -azure ad premium You purchase 100 w10 pcs. You need to ensure that the new pcs are joined automatically to azure ad by using autopilot. What should you use? Management tool a. azure ad admin center b. intune c. volume activation management tool console d. windows deployment services console Required info a. device serial number and hardware hash b. mac address and computer name c. volume license key and computer name

***FIND ANSWER FOR THIS

You have two pcs that run w10. The pcs are enrolled in intune. pc1 - group1 pc2 - group1,2 W10 update rings as defined in intune ring1 - 3 day deferral, assigned ring2 - 10 day deferral, assigned You assign the update rings ring1 - include group1, exclude group2 ring2 - include group2, exclude group1 What is the effect of the configurations on both pcs? Deferral days: a. 3 b. 7 c. 10 d. 13 e. no effect

***FIND THE ANSWER TO THIS ONE

You have an ad domain that contains 200 w8.1 pcs. You have an azure subscription. You plan to upgrade the computers to w10. You need to generate an upgrade readiness report for the computers. What should you do? In Azure: a. create a migration project and discover machines b. create an azure log analytics workspace and add a solution c. choose the mdm authority and configure windows enrollment On the pcs: a. configure the commercial id b. enroll in the windows insider program c. install the microsoft monitoring agent

****

You need to ensure and quality updates install automatically on a w10 pc during a maintenance window. Which option meets the goal? a. group policy -> maintenance scheduler settings -> configure automatic maintenance random delay b. group policy -> windows update settings -> enable configure automatic updates -> select 4-auto download, schedule the install and enter a time c. group policy -> maintenance scheduler activation boundary d. auto download and notify for install, then enter a time

****

Your company has an azure ad tenant. The company has a volume licensing agreement and uses a product key to activate w10. You plan to deploy 200 w10 pro by using the microsoft deployment toolkit (mdt) and windows deployment services (wds). You need to ensure that the new pcs will be configured to have the correct product key during the installation. What should you configure? a. wds boot image b. mdt task sequence c. device settings in azure ad d. autopilot deployment profile

****

Your company has an sccm deployment that uses hybrid mobile device management (mdm). All w10 devices are joined to an ad domain. You plan to migrate from hybrid mdm to intune standalone. You successfully run the intune data importer tool. You need to complete the migration. Which two actions should you perform? a. add a device enrollment manager (dem) in intune b. change the tenant mdm authority to intune c. assign all users intune licenses d. create a new intune tenant

****

You have a m365 subscription. You have 10 w10 pcs that are enrolled in mobile device management (mdm). You need to deploy the m365 apps for enterprise suite to all the pcs. What should you do? a. endpoint management -> add an app b. azure ad -> add an app registration c. azure ad -> add an enterprise app d. endpoint management -> create a w10 device profile

*****

Your company has a Microsoft Azure subscription. All the users in the marketing department use their own personal devices that run either iOS or Android based systems. All the devices are enrolled in Microsoft Intune. The company has developed a new mobile application named App1 for the Marketing department. You need to ensure that only the Marketing department users can download App1. What should you do first? a.

*****

Your domain is synched to azure ad. You create an azure log analytics workspace and deploy the update compliance solution. Which group policy setting should you configure? a. specify intranet update service location b. allow telemetry c. configure the commercial id d. connected user experiences and telemetry

*****

Your network contains an ad domain with 500 w8.1 pcs. Some of the pcs are used by multiple users. You plan to refresh the os of the pcs to w10. You need to retain the personalization settings to applications before you refresh the computers. The solution must minimize network bandwidth and network storage space. Which command should you run on the pcs? Command: a. dism b. scandisk c. scanstate d. usmtutils Switch a. /encrypt b. /genconfig:file1.xml c. /hardlink d. /localonly

*****

You ad domain syncs to azure ad. It contains 1000 w10 pcs that are managed by sccm (current branch). You need to pilot co-management for only 5 of the pcs. What should you create first? a. ad -> domain local distribution group b. intune connector for ad c. configuration manager -> device collection d. azure ad -> dynamic device group

******

Your network contains an ad domain, xy.com, that syncs with azure ad. Existing pcs are managed by endpoint configuration manager. You configure xy.com for co-management. You deploy 100 w10 pcs that are joined to azure ad and enrolled in intune. You need to ensure that the devices are c-managed. What should you create in intune first? a. conditional access policy b. device compliance policy c. app for endpoint configuration manager client d. device configuration profile

******

Pc1 is going to a new user. You need to redeploy pc1 by using autopilot. What three actions should you perform in sequence? a. upload the file by using intune b. generate a csv file that contains the pc info c. upload the file by running azcopy.exe d. generate a json file that contains the pc info e. reset the computer

****FIND ANSWER TO THIS

Your network contains an ad domain that is synced to azure ad. All pcs are joined to the domain and registered to azure ad. The network contains a sccm deployment that is configured for co-management with intune. All the computers in the finance department are managed by using configuration manager. All the computers in the marketing department are managed by using intune. You install new computers for the users in the marking department by using the microsoft deployment toolkit (mdt). You purchase an application named app1 that uses an msi package. You need to install app1 on the finance and marketing pcs. How should you deploy app1 to each department? a. from intune, add a line-of-business app b. from azure ad, add an application registration c. from configuration manager, add an application d. from microsoft store for business, add an app to the private store

Finance: c Marketing: a

You use Defender Advanced Threat Protection (ATP) to protect W10 pcs. You need to assess the differences between the configuration of Defender ATP and the Microsoft-recommended configuration baseline. Which tool should you use? a. defender security center b. windows analytics c. defender ATP power BI app d. microsoft securescore

You have 200 W10 pcs. The pcs are joined to Azure AD and enrolled in Intune. You need to enable self-service password reset on the sign-in screen. Which setting should you configure from the Intune blade? a. device configuration b. device compliance c. device enrollment d. conditional access

**Your organization implements azure, m365, intune, and azure information protection. You security policy states: -personal devices do not need to be in intune -users must authenticate by using a pin before they can access corporate email data -users can use their personal ios and android devices to access corporate cloud settings -users must be prevented from copying corporate email data to a cloud service other than onedrive. You need to configure a solution to enforce the security policy. What should you create? a. a data loss prevention (dlp) policy from the security and compliance admin center b. a supervision policy from the security and compliance admin center c. an application protection policy from the endpoint management admin center d. a device configuration profile from the endpoint management admin center

**xy.com contains W10 pcs that are joined to an ad domain. The domain is synced to azure ad. You create an azure log analytics workspace and deploy the device health solution. You need to enroll the pcs in windows analytics. Which group policy setting should you configure? a. specify intranet update service location b. allow telemetry c. configure the commercial id d. connected user experiences and telemetry

Pc1 runs w8.1. You plan to perform an in-place upgrade to w10 by using an answer file. What tool should you use to create the answer file? a. system configuration (msconfig.exe) b. windows configuration designer c. windows system image manager (sim) d. windows deployment services (wds)

You are the IT director for a large company that has decided to move to the cloud. The company wants to use azure ad and intune. The company is looking into this because users have been using multiple devices to get their job done. When you users get added to intune and get licensed, how many devices can each user add by default? a. 4 b. 10 c. 15 d. none

You have a public pc (public1) that runs w10. Users use public1 to browse the internet by using edge. You need to view events associated with website phishing attacks on public1. Which event viewer log should you view? **all in applications and services logs -> microsoft -> windows a. device guard -> operation b. security-mitigations -> user mode c. smartscreen -> debug d. microsoft defender -> operational

You have an azure ad group (group1) that contains w10 ent and w10 pro pcs. From intune, you create a device configuration policy (policy1). You need to ensure that profile1 applies to only the w10 ent pcs in group1. Which option meets the goal? a. create an azure ad group for th ew10 ent pcs and then assign profile1 to the new group b. create a scope tag, then add the scope tag to the w10 ent pcs. Then edit the settings of profile1 c. configure an applicability rule for profile1 then assign profile1 to group

You have an azure ad tenant containing w10 devices. When you add w10 devices, users are prompted to set up a 4-digit pin. You need for it to prompt for a 6-digit pin. Which option meets the goal? a. azure ad admin ctr -> configure automatic mdm enrollment ep mgmt -> create and assign a device restrictions profile b. azure ad admin ctr -> modify user and device settings c. azure ad admin ctr -> configure automatic mdm enrollment ep mgmt -> configure the hello for business enrollment options d. azure ad admin ctr -> configure authentication methods

You have an azure ad tenant. All devices are enrolled in intune. You have a web-based app (app1) that uses azure ad to authenticate. You need to prompt all users of app1 to agree to the protection of corporate data when they access app1 from any device. What should you configure? a. notifications in device compliance b. terms and conditions in device enrollment c. terms of use in conditional access d. endpoint protection profile in device configuration

You have devices enrolled in intune: device1, w8.1 device2, w10 device3, android device4, ios On which devices can you apply app configuration policies? a. all b. device2 c. device3,4 d. device2,3,4

You have w10 pcs that are managed by intune. You have an application protection policy for edge. You assign the policy to a group. On pc1, you open edge. You need to verify whether edge on pc1 is protected by the policy. What column should you add in task manager? a. os context b. uas virtualization c. enterprise context d. data execution prevention

You manage a m365 environment that has co-management enabled. All pcs have w10 and are deployed by mdt. You need to recommend a solution to install the latest version of o365 proplus. What is the best tool to use? a. intune b. microsoft deployment toolkit c. office deployment tool d. gpo e. sccm

Your company has several w10 pcs enrolled in intune. You deploy computer1 that runs w10 and is in a workgroup. You need to enroll it in intune. Which option meets the goal? a. settings -> connect to work or school account settings b. sign into portal.manage.microsoft.com -> devices c. mdm enrollment d. company portal app -> devices

Your company is using azure ad and all computers are enrolled in intune with ems. You need to make sure that only approved applications are allowed to run on all of these computers. What should you implement to ensure this? a. credential guard b. exploit guard c. application control d. antivirus

Your network contains an AD domain. The functional level of the forest and the domain is Windows Server 2012 R2. The domain contains 500 W10 pcs. All the pcs are managed by using SCCM 2012 R2. You need to enable co-management. What should you do first? a. deploy the intune client b. raise the forest functional level c. upgrade SCCM to current branch d. raise the domain functional level

Your network contains an ad domain named xy.com that synchs to azure ad. The ad domain contains 200 w8.1 pcs. The pcs are managed by using sccm (current branch). You need to pilot co-management for only five of the pcs. What should you create first? a. a domain local distribution group in ad b. an intune connector for ad c. a device collection in sccm d. a dynamic device group in azure ad

Your network contains an ad domain named xy.com that syncs to azure ad. Existing on-site pcs are managed by using microsoft endpoint configuration manager. You configure xy.com for co-management. You deploy 100 new w10 pcs that are joined to azure ad and enrolled in intune. You need to ensure that the devices are co-managed. What should you create in intune first? a. conditional access policy b. device compliance policy c. an app for the endpoint configuration manager client d. device configuration policy e. application configuration policy

You have an azure ad tenant. All w10 devices are enrolled in intune. You configure the following settings in windows information protection (wip): -protected apps:app1 -exempt apps: app2 -windows information protection mode: silent app1, app2, and app3 use the same file format. You create a file named file1 in app1. You need to identify which apps can open file1. What apps should you identify? Open file1 from: a. app1 b. app1, 2 c. app1, 3 d. all Action logged when you attempt to open from: a. app1 b. app3 c. app1, 2 d. app2, 3 e. all

d d

You have a m365 subscription. You need to deploy m365 apps for enterprise apps to w10 devices. What should you do first? a. azure ad -> create an app registration b. ep mgmt admin center -> create an app c. ep mgmt admin center -> enable store synchronization d. ep mgmt admin center -> create an app config policy e. azure ad -> create an enterprise app

You have 100 pcs that run w8.1. You plan to deploy w10 to the computers by performing a wipe and load installation. You need to recommend a method to retain the user settings and the user data. Which three actions should you recommend be performed in sequence? a. configure known folder redirection in onedrive b. create a system image backup c. enable enterprise state roaming d. deploy w10 e. run loadstate.exe f. run scanstate.exe g. restore a system image backup

f d e

**Your network contains an ad domain named xy.com that is synched to azure ad and enrolled in intune. -computer 1 -> w8.1 -computer2 -> w10 ent without the latest feature update -computer3 -> W10 ent with the latest feature update You are evaluating which intune actions you can use to reset the pcs to run w10 ent with the latest update. Which pcs can you reset by using each action? Fresh Start Action -computer1 -computer2 -computer3 -computer2,3 -computer1,2,3 Wipe action -computer1 -computer2 -computer3 -computer2,3 -computer1,2,3

fresh start: computer2,3 wipe: computer1,2,3

**You have 100 w10 pcs that are joined to azure ad and enrolled in intune. You need to prevent users from joining their home pcs to azure ad. What should you do? a. intune admin center -> device enrollment blade -> modify the enrollment restriction settings b. azure ad admin center -> devices blade -> modify the device settings c. intune admin center -> device enrollment blade -> modify the device enrollment management settings d. azure ad admin center -> mobility (mdm and mam) blade -> modify the intune enrollment settings

**You have a shared w10 pc. The pc is infected with a virus. You discover that a malicious ttf font was used to compromise the computer. You need to prevent this type of threat from happening again? What should you use? a. exploit guard b. application guard c. credential guard d. system guard e. smartscreen

**You have an azure ad tenant named xy.com. All w10 pcs are joined to azure ad and managed by intune. You need to ensure that you can centrally monitor the pcs by using windows analytics. What should you create in intune? a. device configuration profile b. conditional access policy c. device compliance policy d. update policy

**You have an azure log analytics workspace that collects all the event logs from the pcs. pc1 runs w10. You need to view the events collected from pc1. Which query should you run? a. event | where computer = = "pc1" b. etw event | where sourcesystem = = "pc1" c. etw event | where computer = = "pc1" d. event | where sourcesystem = = "pc1"

**You need to enable credential guard on w10 pcs. What should you install on the pcs? a. hyper-v b. application guard c. guarded host d. containers

**Your company has an azure ad tenant. All users in the company are licensed for intune. You need to ensure that the users enroll their ios devices in intune. What should you configure first? a. device enrollment program (dep) token b. intune device configuration profile c. device enrollment manager (dem) account d. an apple mdm push certificate

**Your company plans to deploy tablets to 50 meeting rooms. The tablets run w10 and are managed by intune. App1 is installed on all tablets. You need to configure the tablets so that any user can use app1 without having to sign in. Users must be prevented from using any other apps. Which device configuration profile type should you use? a. kiosk b. endpoint protection c. identity protection d. device restrictions

**Your network contains an ad that is synced to azure ad. The domain contains 500 w8.1 pro pcs. The users work from home. Your company uses intune, mdt, and configuration designer to manage client computers. You purchase 500 w10 ent licenses. You verify that the hardware and software are compatible with w10. You need to recommend a deployment method for the laptops that will retain their apps. The solution must minimize how long it takes to perform the deployment. What should you include in the recommendation? a. in-place upgrade b. clean installation using a windows configuration designer provisioning package c. windows autopilot d. clean installation and the user state migration tool (usmt)

You have a computer named pc1 that runs w10. You save a provisioning package (package1) to c:\folder1. You need to apply package1 to pc1. Which option meets the goal? a. from the settings app, you select access work or school, then add or remove a provisioning package. b. from file explorer, you go to c:\folder1, and double-click package1.ppkg file c. at a command prompt, you change the current folder to a c:\folder1, then run "regsvr32.exe package1.ppkg" command

You have a w10 pc (pc1) used by user1. You need to ensure that when user1 opens websites from untrusted applications by using edge, it runs in an isolated container. What should you do first? a. windows features -> turn on application guard b. windows features -> turn on hyper-v platform c. windows security -> configure the virus and threat protection settings d. windows security -> configure device security settings

You have an azure ad tenant that contains user1. User1 has the device shown: pc1, windows 10.0.18362.0, azure ad registered, no mdm pc2, windows 10.0.18362.30, azure ad registered, intune mgmt pc3, windows 10.0.18362.0, azure ad joined, no mdm pc4, windows 10.0.18362.30, azure ad joined, intune mgmt Enterprise state roaming is configured for user1. User1 signs into pc4 and changes the desktop. You need to identify on which devices user1 will have a changed desktop. Which devices should you identify? a. all b. pc4 c. pc2, 3, 4 d. pc2, 4 e. pc3, 4

You have an azure ad tenant. You create a terms of use (tou) named terms1. You are creating a conditional access policy named policy1 to assign a cloud app (app1) to the users in azure ad. You need to configure policy1 to require the users to accept terms1. What should you configure in policy1? a. grant in the access controls section b. conditions in the assignments section c. cloud apps or actions in assignments d. session in access controls

You have devices enrolled in intune: device1: w10, group1 and group2 device2: android, group2 and group3 device3: w10, group3 device4: w10, group2 device5: w10, group1 You create an app protection policy (policy1): -platform: w10 -protected apps: app1 -exempt apps: app2 -network boundary: cloud resources, ipv4 ranges Which devices will apply policy1? a. device1, 2, 4, 5 b device1, 4, 5 c. device4, 5 d. device1, 3, 4, 5

You have the following pcs: pc1: 32-bit w7, 1gb ram, bitlocker enabled pc2: 64-bit w7, 4gb ram, bitlocker enabled pc3: 32-bit w8.1, 2gb ram, bitlocker enabled pc4: 64-bit w8.1, 4gb ram, bitlocker disabled You plan to perform an in-place upgrade w10 64-bit. Which pcs can you upgrade? a. pc2, pc4 b. pc4 c. pc3, pc4 d. all e. pc2, pc3, pc4

You want cpu utilization, disk utilization, and memory utilization all included in the data collected. How should you accomplish this? a. create a user defined data collector set b. create a custom performance set c. create a trace event d. create a session data collector set

Your company has 200 w10 pcs that are managed by intune. Currently, windows updates are downloaded without using delivery optimization. you need to configure the pcs to use delivery optimization. What should you create in intune? a. device configuration profile b. device compliance policy c. app protection policy d. w10 update ring

Your company has a m365 subscription. All the users in the finance department own personal devices that run ios or android. All the devices are enrolled in intune. The finance department adds new users each month. The company develops a mobile application named app1 for the finance department users. You need to ensure that only the finance department users can download app1. What should you do first? a. add app1 to intune b. add app1 to a microsoft deployment toolkit (mdt) deployment share c. add app1 to microsoft store for business d. add app1 to the vendor stores for ios and android applications

Your company plans to deploy w10 devices that will be configured for english and others for korean. You need to create a single multivariant provisioning package for the planned devices, you create the package. What should you do next to add the language settings to the package? a. modify the customizations.xml file b. create a file named languages.xml that contains a header for korean c. modify the package file d. create a file named languages.xml that contains a header for english

Your network contains an ad domain that syncs to azure ad. The domain contains the users shown in the following table: -user1, windows ad, profile: \\server1.xy.com\users\users1 -user2, azure ad, profile: n/a Enterprise state roaming is enabled for user2. You have computers shown in the following table: -pc1, w10, azure ad -pc2, w8.1, windows ad -pc3, w10, azure ad For each of the following statements, select the correct answer. -if user1 modifies his desktop icons on pc1, the changes will be available when the user signs in to pc2 -if user1 modifies his desktop icons on pc1, the changes will be available when the user signs in to pc3 -if user2 modifies his desktop icons on pc1, the changes will be available when the user signs in to pc3

n n y

Your network contains an ad domain that is synced to an azure ad. The domain contains 500 laptops that run w8.1 pro. The users of the laptops work from home. Your company uses intune, mdt, and configuration designer to manage client computers. The company purchases 500 licenses for w10 ent. You verify that the hardware and applications on the laptops are compatible with w10. The users will bring their laptop to the office, where the IT department will deploy w10 to the laptops while the users wait. You need to recommend a deployment method for the laptops that will retain their installed applications. What should you include? a. an in-place upgrade b. a clean installation by using a windows configuration designer provisioning package c. windows autopilot d. a clean installation and the user state migration tool (usmt)

You have an azure ad tenant that contains these users: -user1, no role -user2, global administrator -user3, cloud device administrator -user4, intune administrator You configure the following device settings for the tenant: -users may join devices to azure ad: user1 -additional local administrators on azure ad joined devices: none You install w10 on a pc named pc1. You need to identify which users can join pc1 to the tenant and which users will be added to the administrators group after joining the tenant. Which users should you identify? Users who can join the pc to the tenant a. user1 b. user1, 2 c. user1, 2, 3 d. user1, 3, 4 e. all Users who will be added to the admin group after joining a. user1 b. user2 c. user1, 2 d. user3, 4 e. user2, 3, 4

a c

Your company purchases new w10 pcs. The pcs have cameras that support windows hello for business. You configure hello group policy settings as shown. -allow enumeration of emulated smart card for all users, not config -turn off smart card emulation, not config. -use PIN recovery, not config. -use a hardware security device, not config. -use biometrics, enabled -configure device unlock factors, no config. -configure dynamic lock factors, enabled -use windows hello for business, enabled -use certificate on-premises authentication, not config. What are two valid methods a user can use to sign in? a. facial recognition b. a smartwatch that is bluetooth-enabled c. a pin d. a usb key

a c

**Your company uses intune to manage devices. You need to ensure that only android devices that use android work profiles can enroll in intune. Which two configurations should you perform in the device enrollment restrictions? a. select platforms -> set android work profile to allow b. configure platforms -> set android personally owned to blocked c. configure platforms -> set android personally owned to allow d. select platforms -> set android to block

a d

**You have 10 w8.1 pcs that are configured with: -a single mbr disk -disabled hardware virtualization -enabled data execution prevention (dep) -a disabled tpm chip -uefi firmware running in bios mode You plan to upgrade the pcs to w10. You need to ensure that the pcs can use secure boot. Which two actions should you perform? a. convert the mbr disk to gpt b. enable the tpm chip c. disable dep d. enable hardware virualization e. convert the firmware from bios to uefi

a e

You have an azure ad tenant and 100 w10 pcs that are managed by intune. You need to configure defender firewall and antivirus on the pcs. What two actions should you perform? a. antivirus: create a device configuration profile -> configurate endpoint protection settings b. firewall: create a device configuration profile -> configurate endpoint protection settings c. firewall: create gpo -> firewall w/ advanced security d. antivirus: create gpo -> antivirus e. antivirus: device configuration profile -> device restrictions f. firewall: device configuration profile -> endpoint protection

a f

Your company has a m365 subscription. Admin1 is responsible for deploying w10 and joining them to azure ad. Several days after joining pcs, admin1 receives an error message "this user is not authorized to enroll...". You need to ensure thatadmin1 can join pcs to azure ad and follow the principle of least privilege. What should you do? a. assign the global admin role to admin1 b. modify the device settings in azure ad c. assign the cloud device admin role to admin1 d. modify the user settings in azure ad

Your company has an internal portal, xy.com. The network contains w10 pcs. Edge is the default browser. You need to ensure that all users only use ie to connect to the internal portal. The solution must ensure that Edge can be used for all other websites. What should you do from each pc? a. ie -> configure the compatibility view settings b. local policy -> configure enterprise mode c. edge -> configure advanced site settings d. settings -> configure the default web browser settings

You have an azure ad tenant containing the following devices: -device1: w10 -device2: android 8.0 -device3: android 9 -device4: ios 11.0 -device5: ios 11.4.1 All devices contain an app named app1 and are enrolled in intune. You need to prevent users from copying data from app1 and pasting the data into other apps. Which type of policy and how many policies should you create in intune? Policy: a. app configuration policy b. app protection policy c. conditional access policy d. device compliance policy Number of policies: a. 1 b. 2 c. 3 d. 4 e. 5

b c

You have w10 pcs that are managed by intune. Intune and the microsoft store for business are integrated. You need to deploy the remote desktop modern app as an automatic install to the pcs. Which 3 actions should you perform? a. create an azure ad group with all the users b. from intune portal, create a store app for the remote desktop modern app c. intune -> assign the app to the azure ad group d. azure ad -> create group for pcs e. store portal -> assign app license to all users f. make the app available in the store

b c d

Your company has pcs that run w8.1, w10, or macOS. The company uses intune to manage the computers. You need to create an intune profile to configure windows hello for business on the computers that support it. Which platform and profile types should you use? Platform a. macOS b. w10 c. w8.1 Profile a. device restrictions b. device restrictions (w10 team) c. endpoint protection d. identity protection

b d

Your company has an azure ad tenant. The company uses intune to manage ios, android, and w10 devices. You plan to purchase 1.000 ios devices. Each device will be assigned to a specific user. You need to ensure that the new ios devices are enrolled automatically in intune when the assigned user signs in for the first time. Which three actions should you prefer in sequence? a. create a device compliance policy b. add a device enrollment program (dep) token c. assign an enrollment profile d. create a device enrollment manager (dem) account e. create an apple enrollment profile

b e c

**You need to assign the same deployment profile to all the pcs that are configured by using autopilot. Which two actions should you perform? a. join pcs to azure ad b. assign an autopilot deployment profile to a group c. join pcs to an on-site ad domain d. create an azure ad group that has dynamic membership rules and uses the operatingsystem tag e. create a gpo that is linked to a domain f. create an azure ad group that has dynamic membership rules and uses the ztdid tag

b f

**You have 200 w10 pcs. The pcs are joined to azure ad and enrolled in intune. You need to ensure that only apps you explicitly allow can run on the pcs. What should you use? a. credential guard b. exploit guard c. application guard d. application control

**You have a m365 subscription. You use intune to manage all devices. You use conditional access to restrict access to m365 services for devices that do not comply with the company's security policies. You need to identify which devices will be prevented from accessing m365 services. What should you use? a. device health solution in windows analytics b. microsoft defender security center c. device compliance blade in intune admin center d. conditional access blade in the azure ad admin center

**You have a pc (pc5) with w10 installed. You create a powershell script named config.ps1. You need to ensure that config.ps1 runs after feature updates are installed on pc5. Which file should you modify? a. unattend.xml b. unattend.bat c. setupconfig.ini d. lifetouch.wsf

**Your company standardizes on w10 ent for all users. Some users purchase their own pcs running w10 pro. You need to recommend a solution to upgrade the pcs to w10 ent, join the pcs to azure ad, and install several store apps. The solution must me the following requirements. - ensure that any apps installed by users are retained - minimize user intervention What is the best recommendation to achieve the goal? a. microsoft deployment toolkit (mdt) b. windows deployment services (wds) c. a windows configuration designer provisioning package d. autopilot

**Your network contains an ad forest. The forest contains a single domain and three sites named site1, site2, and site3. Each site is associated to two subnets. Site1 contains subneta and subnetb. All client computers in the forest run w10. Delivery optimization is enabled. You have a pc named pc1 that is in subneta. From which hosts will pc1 download updates? a. pcs in site1 b. any computer in the domain c. pcs in subneta d. any computer on the network

You use intune to manage windows updates. You have pcs that run w10. The computers are in a workgroup and are enrolled in intune. The pcs are configured as shown: -pc1: no tag, group1 -pc2: tag2, group2 -pc3: tag3, group3 On each computer, the select when quality updates are received group policy setting is configured as shown: -pc1: state not configured, config n/a -pc2: state enabled, deferral period of 5 days -pc3: state disabled, config n/a You have w10 update rings in intune as shown: -ring1: 2 deferral days, scope tag1, group1 -ring2: 7 deferral days, scope tag2, group2 -ring3: 14 deferral days, scope tag3, group3 For each of the following statement, select the correct answer -on pc1, quality updates will be deferred for 2 days -on pc2, quality updates will be deferred for 7 days -on pc3, quality updates will be deferred for 14 days

n y n

You have an azure ad tenant. You plan to use autopilot to configure w10 pcs: device1, 16gb ram, no tpm device2, 8gb ram, tpm v1.2 device3, 4gb ram, tpm v2.0 Which devices can be configured by using autopilot self-deploying mode? a. device2,3 b. device3 c. device2 d. device1,2,3

You have the following devices enrolled in intune. -device1: android 8.1.0 -device2: android 9 -device3: ios 11.4.1 -device4: ios 12.3.1 -device5: ios 12.3.2 App1 is installed on each device. What is the minimum number app configuration policies required to manage app1? a. 1 b. 2 c. 3 d. 4 e. 5

You have w10 pcs managed by intune. Users store their files in d:\folder1. You need to ensure that only a trusted list of apps is granted write access to d:\folder1. What should you configure in the device configuration profile? a. smartscreen b. exploit guard c. application guard d. application control

your company has a SCCM deployment that uses hybrid mobile device management (MDM). All W10 pcs are AD domain-joined. You plan to migrate from hybrid MDM to Intune standalone. You run the Intune Data Importer Tool. You need to complete the migration. Which two actions should you perform? a. Intune-> add device enrollment manager (DEM) b. change the tenant MDM authority to Intune c. assign all users Intune licenses d. create a new Intune tenant

B C

You need to automatically register all the existing computers to the azure ad network and also enroll all of the computers in intune. What should you use? a. use a dns autodiscover address record b. use a windows autopilot deployment profile c. use an autodiscover service connection point (scp) d. set up a gpo

You need to use a microsoft azure monitoring tool to monitor devices and change settings. Which of the following can you use? a. performance monitor b. azure iot central application c. azure performance center d. intune performance center

You have w10 pcs configured by autopilot. A user performs the following tasks on pc1. -creates a vpn connection -installs store app named app1 -connects to a wifi network You perform an autopilot reset on pc1. What will be the state of the pc when the user signs in? Wifi connection: a. removed b. retained and the passphrase will be retained c. retained and the passphrase will be reset App1: a. reinstalled at sign-in b. removed c. retained VPN: a. removed b. retained and the credentials will be cached c. retained but the credentials will be reset

Wifi: b App1: b VPN: a

**You are creating a device configuration profile in intune. You need to implement an admx-backed policy. Which profile type should you use? a. identity protection b. custom c. device restrictions d. device restrictions (w10 team)

**You have a m365 subscription. You have 20 w10 pcs that are joined to azure ad. You plan to replace the pcs running w10. You need to ensure that the desktop background, favorites, and browsing history are available on the new pcs. Which option meets the goal? a. configure roaming user profiles b. configure enterprise state roaming c. folder redirection d. microsoft sharepoint migration tool

**You have intune with more than 500 android and ios devices enrolled. You plan to deploy new intune policies. Different policies will apply depending on the version of software installed on the device. What should you configure first? a. corporate device identifiers in intune b. device settings in azure ad c. device categories in intune d. groups that have dynamic membership rules in azure ad

**You install a feature update on a w10 pc. How many days do you have to roll it back? a. 5 b. 10 c. 14 d. 30

**Your company has an azure ad tenant. The company has a volume licensing agreement and uses a product key to activate w10. You plan to deploy w10 pro to 200 new pcs by using the microsoft deployment toolkit (mdt) and windows deployment services (wds). You need to ensure that the new pcs will be configured to have the correct product key during the install. What should you configure? a. wds boot image b. mdt task sequence c. device settings in azure ad d. autopilot deployment profile

**Your domain contains two pcs (pc1 and pc2). Folder redirection is configured for user1. The appdata\roaming folder and the desktop folder are redirected to a network share. User1 signs into pc1 and performs the following tasks: -configures screen saver to start after five minutes of inactivity -modifies the default save location for word -modifies the desktop background -creates a file named file1.docx on the desktop What will be retained when user1 signs into pc2? a. file1.docx and the desktop background b. all c. file1.docx d. file1.docx, desktop background, and default save location for word

**Your network contains an on-site ad domain. The domain contains 2,000 w10 pcs. You implement hybrid azure ad and intune. You need to automatically register all the existing pcs to azure ad and enroll the pcs in intune. What should you use? a. an autodiscover address record b. an autopilot deployment profile c. an autodiscover service connection point (scp) d. a group policy object (gpo)

An administrator wants to look at an azure ad application policy for your user's applications. What powershell command would you use to accomplish this task? a. add-azureadpolicy b. add-azureadapplicationpolicy c. create-azurepolicy d. install-azureadpolicy

You are the administrator for your organization. Your company wants to setup a way to integrate their on-site ad with azure ad. What tool can you use to do this? a. site-to-site vpn gateway connectors b. azure ad connect c. azure ad replication d. ad replicator

You are the network administrator for a midsize organization. You have a machine with w8, and you need to load w10. You want to make the machine dual-boot. You install w10 on a new partition on the machine. You want the machine to start in w8 by default. How do you accomplish this? a. change the boot.ini file b. edit bcedit.exe with the /default parameter c. delete the w10 boot.ini file d. edit bcedit.exe with the /order parameter

You have a M365 subscription. You need to deploy M365 apps for enterprise apps to W10 pcs. What should you do first? a. Azure AD -> create an app registration b. endpoint mgmt -> create an app c. endpoint mgmt -> create an app configuration policy d. endpoint mgmt -> enable store for business synchronization

You have a m365 subscription. A remote user purchases a laptop. The laptop is intended for company use and has w10 pro installed. You need to configure the laptop to meet the following requirements: -modify the layout of the start menu -upgrade from pro to ent -join the laptop to an azure ad domain What should you do? a. create a custom windows mage (wim) file that contains an image of w10 ent and upload the file b. create a provisioning package file and email it to the user c. create a windows-to-go workspace and ship the workspace to the user d. create a sysprep unattend (.xml) file and email the file to the user

You have an ad domain that contains 2,000 w10 pcs. You implement hybrid azure ad and intune. You need to automatically register all the existing pcs to azure ad and enroll in intune. What should you use? a. autodiscover address record b. windows autopilot deployment profile c. autdiscover service connection point (scp) d. gpo

You have an azure ad tenant named xy.com. All w10 pcs are joined to the azure ad domain and enrolled in intune. You create an azure log analytics workspace and add the device health solution to the workspace. You need to create a custom device configuration profile that will enroll the w10 pcs in device health. Which oma-uri should you add to the profile? **All in ./vendor/msft/mdclient/provider/msdmserver/.... a. push b. commercial id c. management server address list d. channel uri

Your network contains on-site ad that syncs to azure ad. You have the following w10 pcs: -d1, ad joined, ep config mgr not installed, intune enrolled, registered in azure ad -d2, ad not joined, ep config mgr installed, intune enrolled, registered in azure ad -d3, ad not joined, ep config mgr not installed, intune enrolled, azure ad joined -d4, ad joined, ep config mgr installed, intune not enrolled, registered in azure ad -d5, ad not joined, ep config mgr installed, intune not enrolled, azure ad joined -d6, ad joined, ep config mgr installed, intune enrolled, azure ad joined You need to ensure that you can use co-management to manage all the w10 pcs. Which two actions should you perform? a. join d1,2,4 to azure ad b. unjoin d3,5,6 from azure ad, then register the devices in azure ad c. enroll d4,5 in intune d. join d2,3,5 to the domain e. install the ep confg mgr agent on d1,3

c e

**You have w10 pro pcs that are joined to azure ad and enrolled in intune. You need to upgrade the pics to w10 ent. What should you configure in intune? a. device enrollment b. device cleanup rule c. device compliance policy d. device configuration profile

**Your company uses windows update for business. The research dept has several pcs that have specialized hardware and software installed. You need to prevent the video drivers from being updated automatically by using windows update. Which option meets the goal? a. from the device installation and restrictions settings in a gpo, you enable "prevent installation of devices using drivers that match device setup classes" and then enter the device guid b. from the settings app, you clear the "give me updates for other microsoft products when I update windows" check box. c. from the device installation settings in a gpo, you enable "specify search order for a device driver source locations" and then select "do not search windows update" d. from the windows update settings in a gpo, you enable "do not include drivers with updates"

**Your network contains an ad domain that is synced to azure ad. You have a m365 subscription. You create a conditional access policy for microsoft exchange online. You need to configure the policy to prevent access unless a user is connecting from a device that is hybrid azure ad joined. Which setting should you configure? a. locations b. device platforms c. sign-in risk d. device state

An administrator wants to change an azure ad policy for one of their users. What powershell command would you use to accomplish this task? a. new-azureadpolicy b. edit-azureadpolicy c. new-azurepolicy d. get-azureadpolicy

You are the network administrator for an organization that has decided to migrate to w10. Part of your job requires that you are able to complete the following: -collect data from the local or remote w10 pcs on the network. You can collect data from a single computer or multiple computers concurrently. -View data as it is being collected in real time, or historically from collected data Which w10 application can you use to achieve your task? a. event viewer b. computer monitor c. w7 monitor d. performance monitor

You have a m365 subscription. All devices run w10. You need to prevent users from enrolling the devices in the windows insider program. What should you configure from m365 device management? a. w10 security baseline b. app configuration policy c. custom device configuration policy d. w10 update ring e. device restrictions

You have an azure ad group (group1). Group1 contains two w10 pcs (pc1 and pc2). You create a device configuration profile (profile1). You assign profile1 to group1. You ensure that profile1 applies to pc1 only. What should you modify in policy1? a. scope (tags) b. settings c. applicability rules d. assignments

You have an azure ad that contains an azure log analytics workspace. You deploy pc1 that runs w10. pc1 is in a workgroup. You need to ensure that you can use log analytics to query events from pc1. What should you do on pc1? a. configure the commercial id b. join azure ad c. create an event subscription d. install the monitoring agent

You have an azure subscription that contains an azure log analytics workspace. You deploy a new pc (pc1) running w10 that is in a workgroup. You need to ensure that you can use log analytics to query events from pc1. What should you do on pc1? a. configure the commercial id b. join azure ad c. create an event subscription d. install the microsoft monitoring agent

You have pcs that run w10 and are enrolled in intune. You manage the servicing channel settings of the pcs by using intune. You need to review the servicing status of a pc. What should you do? a. device configuration -> profiles -> view the device status b. device compliance -> view the device compliance c. software updates -> view the audit logs d. software updates -> view the per update ring deployment state

You use intune to manage client computers. The computers run one of the following operating systems: -w8.1 -w10 pro -w10 ent -w10 ent ltsc You plan to manage windows updates on the pcs by using update rings. Which operating systems support update rings? a. w10 pro, ent, ent ltsc b. all c. w10 ent and ent ltsc d. w10 pro and ent

Your company has a main office and 6 branch offices. The branch offices connect to the main office by using a WAN link. All offices have a local internet connection and a hyper-v host cluster. You have an endpoint configuration manager deployment. The main office is the primary site. All w10 pcs are managed by both configuration manager and intune. You plan to deploy o365 proplus to all pcs. You need to minimize the amount of network traffic on the company's internet links for the deployment. What should you include in the deployment plan? a. intune -> configure app assignments for o365 proplus. In each office, copy the o365 distribution files to a microsoft deployment toolkit (mdt) deployment share. b. intune -> configure app assignments for o365. In each office, copy files to a configuration manager distribution point c. endpoint configuration manager -> create an app deployment. Copy files to a configuration manager cloud distribution point d. endpoint configuration manager -> create an app deployment. In each office, copy files to a configuration manager distribution point

You have 1,000 w10 pcs that are members of a local ad. You create a workspace in azure log analytics. You need to capture the event logs from the computers to azure. What should you do? Service to provision a. azure storage account b. azure cosmos db c. azure sql db d. log analytics Action to perform on pcs a. create a collector initiated subscription b. install the microsoft monitoring agent c. enroll in intune d. register to azure ad

d b

You have pcs that run w10 as shown: pc1: ad domain joined pc2: azure ad joined pc3: hybrid azure ad joined Pc3 and pc2 are enrolled in intune. In a gpo linked to the domain, you enable the Computer Configuration/Administrative Templates/Windows Components/Search/AllowCortana setting. In an intune device configuration profile that is assigned to an azure ad group that includes pc2 and pc3, you configure the following: -Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP to a value of 1 -Experience/AllowCortana to a value of 0. For each statement, answer yes or no pc1 can use cortana for each pc2 can use cortana for each pc3 can use cortana for each

y n n

You have an azure ad tenant that contains user1. User1 has the devices shown in the following table: -device1, w10, not registered in tenant -device2, android, registered -device3, ios, registered On september 5, 2019, you create and enforce a terms of use (ToU) in the tenant. It has the following settings: -name: terms1 -display name: terms name -require users to expand the terms of use: off -require users to consent on every device: on -expire consents: on -expire starting on: October 10, 2019 -frequency: monthly For each of the following statements, select the correct answer -user1 will be prompted to accept terms1 on device1 -user1 will be prompted to accept terms1 on device2 -user1 will be prompted to accept terms1 on device3

MD-101 Exam

Kaugnay na mga set ng pag-aaral

TestOut 12 System Management

Daoism EACS

microbiology chapters 19-22

The Art of Public Speaking ch. 7 Successful Interviews

bio exam 1

Pharm exam 1 questions

Μάθημα 23

F212: Molecules, Biodiversity, Food and Health

Mgmt 371 - ch.5 test bank

Supply Chain Q4

Irresistible, By Adam Alter

Chapter 9 International Business

Khan academy

Psychology 200 Chapter 6 Quiz

Set 2; Volume 1. Drive Trains

Research Chapter 7 and 8

physical world

From "The American Crisis" by Thomas Paine

SIMULATED EXAMS - MISSED QUESTIONS

Wei Wei Sun PHSC 101 Final part 2