MD-102
You are a domain admin for the Verigon Company. Your company currently uses two Windows Server 2019 virtual machines to host its on-premises Active Directory environment. You need to deploy Windows 10 Pro to eight existing machines and join them to your domain. The company does not utilize Configuration Manager. Which of the following includes the steps necessary to achieve this objective?
Use the Windows Configuration Designer tool to create a provisioning package and deploy it using one or more USB drives
You are the administrator for the Metroil Corporation. Your company has purchased 30 new laptops that run Windows 11. You pian to give the 30 laptoos to employees who have been promoted. You also plan on hiring 30 new employees. The old laptops from the promoted employees wil be reallocated to the new employees. These laptops run legacy Windows operating systems. All new and existing laptops will have Windows 11 installed Which command should you run only on the old computers to obtain the user accounts and settings?
scanstate [scanstate.exe]
You have recently joined the Nutex Corporation as the Microsoft Intune Administrator. Microsoft Intune manages the email accounts and apps on the employees' mobile devices. Some employees use Android Enterprise licenses, while new hires do not have these licenses. All mobile devices are managed by Intune. After a new app was made available through a Managed Google Play account and an app assignment, existing and new employees cannot find it on their mobile devices. You are tasked with investigating the cause of the issue and recommending a suitable fix. Which of the following are the probable causes of this issue? (choose all that apply)
- App has new permissions that are not yet configured as part of the app configuration policy - App assignment is set to uninstall - App assignment is not yet configured for the new users
You are a system administrator for Verigon Inc. Your organization has an Azure environment that includes 20 Windows Server 2022 and 1,000 Windows 11 devices. You plan to configure an attack surface reduction (ASR) policy for the following requirements: • Block users from ignoring Windows SmartScreen warnings. • Block credential-stealing from the Windows local security authority subsystem (Isass.exe). To meet the above requirements, which profile types should you use while configuring the ASR policy? (Choose all that apply.)
- Attack surface reduction rules - Application control
You have been managing the Nutex Corporation's computers and mobile devices using Intune for quite some time. You need an overview of the Windows 10 computer devices you have in use. How might you be able to view the most recent Intune device inventory?
- Browse the list of enrolled devices in Intune using Devices > All Devices > - Use the Azure portal and graph APIs to provide data reports
You have recently joined the Nutex Corporation as the Microsoft intune administrator. Microsoft intune is used to manage the office email accounts and apps on the employees mobile devices. Some employees use Android Enterprise licenses, but new hires do not have these licenses. You are asked to develop a plan to implement app configuration policies for all employees. Which of the following statements about app configuration policies available with Microsoft intune are TRUE? (Choose all that apply)
- Configuration settings in an app configuration policy can be overridden by users - App configuration policies allow organizations to adopt apps easily and quickly
Nutex Corporation uses Microsoft Intune as its mobile device management solution. All devices are enrolled using the Hybrid AD Join method. You have been asked to provide regular reports on the health of these devices. What products can give you this information? Choose all that apply.
-Windows Security Center -Azure Monitor Log Analytics -Microsoft Endpoint Manager
You are your company's systems administrator. The network contains fifteen Windows 11 computers in a workgroup. A user named Tom recently left your company, and his user account was disabled. Cathy has been hired as Tom's replacement. You need to ensure that Cathy has access to all of the same resources that Tom accessed. What should you do?
Change the name for Tom's user profile to Cathy, and reenable the profile
You are a system administrator for Nutex Inc. Your organization has an Azure environment that includes 20 Windows Server 2022 servers, 500 Windows 11 devices, and 100 macOS devices. You have created the antivirus profile for the macOS devices and configured Microsoft Defender for Endpoint. Microsoft Defender is configured to share information with Microsoft for any problem it detects. You want to disable this setting. Which of the following settings should you disable for Microsoft Defender for Endpoint?
Cloud-delivered protection
As a Windows 10 administrator for Verigon Corporation, you have been tasked with configuring a few hundred laptops purchased from several resellers. You have chosen to use Windows Autopilot and Intune to simplity configuration. The laptops have not been registered by the resellers. All Autopilot service prerequisites have been configured. What is the first step in deploying these laptops?
Collect the hardware ID from each laptop
Users in the PC Support group in the IT department enroll devices for employees in the Nutex Corporation. When the PC Support group accesses the Microsoft Intune company portal, that text appears at the bottom of the sign-in page. You want to ensure that when the PC Support group visits the sign-in page they view the new legal statement that the HR department has released. Which menu option should you choose to configure this? Click the image to select the correct option.
Company branding
Your company has decided to transition to Office 365. You are using Microsoft Endpoint Manager to deploy the designated applications. You must choose a configuration settings format as indicated by the screenshot below. You want to use the native interface of Microsoft Endpoint Manager to configure all of the required settings.
Configuration Designer
Your organization has a Microsoft Intune subscription. Most of the employees are mobile users and travel frequently for business purposes, using their personal devices to access the corporate email. You have applied app protection policies to the Microsoft Outlook app. You want to add the Microsoft Outlook app to the approved list of apps that can be used while accessing corporate email. What should you do?
Configure an app-based Conditional Access Policy
You have a 60 Android devices and 50 iOS devices enrolled in an Intune tenant. You plan to add a device compliance policy to apply settings depending on the version of the operating system of Android or iOS. What do you need to configure first?
Configure device categories in Intune
You have recently joined the Nutex Corporation as the Microsoft 365 Administrator. Nutex is a growing company in the e-commerce sector with over 100 employees who use Windows 10 endpoints. The IT Administration team at Nutex has recently deployed Microsoft 365 apps using the Microsoft 365 Apps admin center. You are tasked with limiting the service data sent to Microsoft from the apps. You plan to use the Cloud Policy service for Microsoft 365 to accomplish this. Which of the following cloud policy setting should be tweaked?
Connected experiences
Your network contains an Active Directory domain named nutex.com that is synced to Microsoft Azure Active Directory (Azure AD). You have a Microsoft 365 subscription. You have devices that run Android, iOS, and Windows. Devices can connect either in the office or remotely. You want to have a conditional access policy to enforce Microsoft Cloud App Security session control when Android, iOS, or Windows devices are unmanaged and not joined to Azure AD. Which settings should you configure in a conditional access policy?
Filter for device
You are a system administrator for Verigon Inc. Your organization has an Azure Active Directory (Azure AD) environment with a number of departments, including Sales, Finance, and HR. The departments have workstations with different configurations, as shown in the table below. You are planning to configure Windows 11 Enterprise on all of the workstations assigned to these departments. Which of the workstations can be configured using Windows Autopilot self-deploying mode?
Finance and HR workstations
Recently, Josh's computer was the source of a malware attack inside your company. You are concerned about threats affecting other Windows 10 computers in your company. You have the following script run on each computer after hours: Start-MpScan -ScanType FullScan You need to find the threats affecting the computers. Which omdiet will retrieve the history of threats that Microsoft Defender detected on a computer?
Get-MpThreat
You are a Windows deployment specialist for the Nutex Corporation. You will be deploying a Windows 10 image using Microsoft Deployment Toolkit (MDT) as part of a PC refresh cycle. The image will contain the standard applications required by all users. A member of your staff has installed the MDT. Using the options below, list the required steps in the correct order to complete the image deployment operation.
1. Configure Active Directory permissions. 2. Set up the MDT production deployment share. 3. Add a custom image by importing the designated Windows 10 OS. 4. Install any additional applications. 5. Prepare the drivers repository. 6. Create the deployment task sequence. 7. Configure the rules for the MDT production deployment share. 8. Deploy the Windows 10 client image.
You have an Azure Active Directory (Azure AD) tenant named Nutex.com that uses Active Directory Connect to sync to an on-premises Active Directory domain. The tenant contains computers that run Windows 11. The computers are hybrid Azure AD-joined and enrolled in Microsoft Intune. Microsoft Edge settings, Microsoft Office settings, and several computer security settings are configured using a Group Policy Object (GPO) named GPO1. You must migrate GPO1 into Intune and ensure that the settings only apply to Windows 11 devices in the Marketing department. Which three actions should you perform in sequence? Choose the correct actions on the left and drag them into the correct order on the right.
1. Export the GPO to an XML file using the Get-GPOReport cmdlet. 2. Import XML to Intune using Group Policy analytics. 3. Assign the policy to the Marketing Group.
You are a system acmimstator for your organization. They have an Azure AD emironment. All workstations in your organization are turning the Windows 11 operating system and joined to Azure AD, and all devices are registered with Microsoft Intune. You are configuring a compliance policy to protect your organization's resources from devices that are non-compliant with your organization's security policies. You have created a notification message template that will be used to send an email to users when their device is non-complant. While configuring a compliance policy, which of the following Actions of Noncompliance should you configure to remove all company data from the device and remove the device from Intune management?
Retire the noncompliant device
You are a system administrator for Nutex Inc. Your organization has an on-premises and Azure AD environment. Employees use Android Enterprise and IOS devices to access the on-premises resources. You plan to configure Microsoft Tunnel for Intune. You have installed Red Hat (RHEL) 8.4 on the on-premises server and have reviewed and configured the prerequisites for Microsoft Tunnel. What should you do next?
Run the Microsoft Tunnel readiness tool
You have to choose the appropriate Windows 11 edition. You have the following requirements for the client machine: • Run only apps from the Microsoft store • Support Azure AD Domain join • Support on-premises Domain join • Run Firefox as the default browser Match the Windows edition to the appropriate feature. Each edition may support one or more features.
See picture for order
Your organization has a hybrid Active Directory (AD) environment and a Microsoft Intune subscription. Employees in your organization use workstations that run Windows 11 and mobile devices that run Android 9.0. The mobile devices are fully managed, dedicated, and corporate-owned work-profile devices. As the year's end is approaching, you want the Android devices to block all incoming system updates and security patches. How should configure the device restriction policy in Microsoft Intune?
Set Freeze Periods for system updates, under General settings
You manage 100 computers that run Windows 10 for the Nutex Corporation. All of the computers are enrolled in Microsoft Intune. You manage the servicing channel settings of the computers by using Intune. You need to view detailed information on the following: •Device Status for the update ring •User Status for the update ring You need to review the servicing status of a computer. Click the exhibit to choose the correct option that will allow you to do this.
Software Updates
You are a system administrator for Verigon Corporation. Your organization has an Azure AD environment with 10,000 Windows 11 operating system devices. You have been asked to plan device updates for all of the workstations. Which statements are TRUE or FALSE regarding device updating service tools? Move the corresponding value to each statement.
True: • Windows Update (stand-alone) provides limited control over feature updates •With Windows Server Update Services (WSUS), you can differ updates False: •With Windows Update you cannot differ the updates •With Windows Update for Business you have the ability to approve updates •With Microsoft Endpoint Configuration Manager, you cannot defer updates, but can approve
You are a Microsoft 365 administrator in your company. Your organization has an Azure AD Premium subscription and has 10,000 devices registered to Microsoft Intune. You monitor the compliance of the devices using the Intune Device Compliance dashboard which is accessed via Microsoft Endpoint Manager admin center. Which of the followings statements are TRUE or FALSE regarding the monitoring compliance reports?
True: Policy Compliance, Setting Compliance False: Device Compliance Status, the device compliance state is kept only in Azure AD database
You have several Windows 11 computers that are deployed with Microsoft Intune. You finish troubleshooting an issue with a computer in the Sales department using the Troubleshooting + Support option of Microsoft Endpoint Manager admin center. You notice that a Windows 11 computer in the Marketing department shows that the Azure AD compliant status is No. Which of the following should you do to resolve the problem with the Marketing Department computer?
Turn the device on
You want to clear a company laptop to ensure that all data and user settings from the previous user is removed but still manage it in Microsoft Intune for the next user. What option should you use to accomplish this?
Use Fresh Start without selecting Retain user data on this device
You are a system administrator for your organization. They have 15,000 Windows 10 Enterprise workstations. You have been tasked to automate a Windows 11 Enterprise deployment on all workstations. You are planning to use the Microsoft Deployment Kit (MDT) for creating reference images for the operating system deployment. Which of the following MDT task sequence templates should you use to run a User State Migration Tool (USMT) backup and the full Windows Imaging (WIN) backup action?
Standard Client Replace
The Nutex Corporation has multiple branches worldwide. You manage 10,000 workstations that run with a Windows 11 Pro license. You want to upgrade the current icense from Windows 11 Pro to Windows 11 Enterprise with no keys or reboots. Which of the following options should you choose?
Subscription activation
All users in the Engineering deparment use Windowe 10. A MAM polloy was created to protect corporate data when using Excel Onine, PowerPoint Online, and Word Online. The policy is causing problems when Engineering users try to use Excel Onine on mobile devices. What could prevent the MAM policy from working for the Engineening department?
The policy is not configured for Excel Online
You have recently joined the Nutex Corporation as the Microsoft 365 Security Administrator. The employees at Nutex use Windows 11 endpoints, and Microsoft 365 apps are available to all employees. The endpoints and apps are secured using Microsoft Defender. You are tasked with investigating incidents on the endpoints and apps and resolving them. Match Microsoft Defender features (on the left) with their associated facts (on the right).
True Positive : Classification for incidents Analyze : Live response command Exposure and Mitigations : Provides actionable recommendations to increase resilience against threats Full remediate threats automatically : Preset level of automation available with the AIR capability Guided : Threat Hunting mode that features a query builder to construct queries using filters and conditions
Dreamsuites Incorporated wants to ensure that the corporate data stored in Office 365 remains secure when Office 365 is accessed from mobile devices. Not all devices that access Office 365 are company owned. What action could be taken to offer this protection?
Use Intune to create a Mobile Application Management policy
Your network contains an Active Directory domain named nutex.com. The domain contains computers that run Windows 10 and are enrolled in Microsoft Intune. Updates are deployed by using Windows Update for Business and use the Semi-Annual Channel. Users in a group named MarketingGroup must meet the following requirements: • Computers must receive updates for all Microsoft applications • The IT support team must test new Windows features for at least a week before allowing clients to use them • Updates for fixes and improvements to existing Windows functionality must not be delayed • Updates download and are installed automatically during Automatic Maintenance when the device is NOT in use or running on battery power • If a restart is required, the device restarts when not being used. You need to configure the Windows 10 Update Rings in Intune to meet the requirements. Which two settings should you change?
- Feature update deferral period (days) - Automatic Update Behavior
You are a system administrator for Nutex Inc. Your organization has an Azure AD environment. Employees use Windows and Android devices. The Android devices include both corporate-owned fully-managed devices and personally-owned work profile devices. Users with Android devices have access to highly sensitive data. All devices are enrolled in Microsoft Intune. You are creating a device restriction configuration profile for the Android devices. Which of the following security configuration frameworks are recommended for the fully managed and personally owned work profile devices to protect the highly sensitive data? (Choose all that apply.)
- Fully managed enhanced security (Level 2) - Personally owned work profile high security (Level 3)
You are a security administrator for Verigon Inc. Your organization has a Microsoft Intune subscription. You plan to implement an app configuration policy for a business-critical app that employees use. The policy must enforce the following: •Require a minimum password length of 8 characters •Enable data encryption •Restrict the app from accessing the device camera Which of the following are NOT methods used to implement an app configuration policy in Microsoft Intune? (Choose all that apply)
- JAMF Pro - Mobile Application Management (MAM)
You have recently joined the Nutex Corporation as the Security Administrator. Nutex is a growing company in the e-commerce sector. They are planning to start offices in multiple geographical locations. The IT team at Nutex is planning the implementation of Azure AD and Intune to manage the core infrastructure and Windows 11 endpoints. You are tasked with coming up with secure practices for managing endpoints. You plan to implement Local Administrator Password Solution (LAPS). Which of the following statements about LAPS are TRUE? (Choose two.)
- Local administrator account passwords protected with LAPS are tamperproof - LAPS policy can be configured with the reset administrator password if the local administrator account authenticates on an endpoint
You have recently joined the Nute Corporation as the Lead for their Remote Server Administration team. Nutex uses a hybrid cloud with multiple private datacenters across the globe and app development and management done from the Azure cloud. You are to implement measures to remotely manage the datacenter servers, resources on the Azure cloud, and employees' laptops. You plan to implement Windows Admin Center. Which of the following statements about Windows Admin Center ate TRUE? (Choose all that apply)
- Microsoft recommends that you use either Microsoft Edge or Google Chrome when using Windows admin center -Windows admin center functionality can be extended using the Extensions feature
Your company's network consists of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 computers. Several of the Windows 10 computers are used as kiosks by guests and are connected to an isolated network segment, which is the only network that these computers can access. The network segment is named Network2 and is configured as a public network. Recently you have noticed that users are changing the network location type on these computers to Private network. You must ensure that this network is always configured as a public network and prevent users from changing the location type. You decide to implement a Group Policy. On one of the kiosk computers, you open the Computer Configuration / Policies / Windows Settings / Security Settings / Network List Manager Policies section in the local security policy. What should you configure? Click the image to select the correct option.
- Public - User cannot change location
You are a system administrator for Nutex, Inc. Your organization has a Microsoft Intune subscription and a hybrid Azure Active Directory (Azure AD) environment. You are using Windows Autopilot for configuring now devices with Windows 11. The device assigned to User1 is unable to re-enroll using Windows Autopilot self: deployment mode You tried to redeploy the device and it returned the enor code 0x80180014. Which of the following solutions can fix the issue? (Choose all that apply)
- Redeploy the Autopilot deployment profile - Delete the device record in Microsoft Intune - Enable the MDM enrollment incase it is disabled
You plan to implement Microsoft Defender for Endpoint to detect and inve to be able to use the following features of Microsoft Defender for Endpoint: • Attack surface reduction • Identify attacker tools, techniques, and procedures • Generate alerts when attackers are observed Which of the following licensing, hardware, and software requirements are required to onboard devices to Microsoft Defender for Endpoint? Choose all that apply.
- Requires a Windows 10 Enterprise E5 license - Requires a Windows 10 Education A5 license - Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices - Access to Defender for Endpoint is supported through the Chrome browser - Access to Defender for Endpoint is supported through the Microsoft Edge browser
You have recently joined the Nutex Corporation as the Windows Client Administrator. Nutex is a growing company in the e-commerce sector. All employees use Windows 10 endpoints. You are tasked with identifying a suitable Microsoft service for remotely managing and troubleshooting issues on the endpoints. You plan to use Windows Admin Center for this. Which of the following statements about Windows Admin Center are TRUE? (Choose two)
- Shared Connections can be configured to allow all gateway users to manage all endpoints - In Windows Admin Center, extensions can be made available only at the level of a gateway
The following windows 10 computers are being transferred from a sister company to your office. You need to decide which feature of Windows 10 can be used on the computers without a PIN. Which of the following is TRUE? Choose all that apply.
-WKS12 can support BitLocker and Miracast -WKS11 can support BitLocker and Hello
The Sales department at Nutex is planning for a deployment of the newest Microsoft 365 Apps release. They currently use Excel workbooks and Word documents that have some fairly intense macros built into them for their day-to-day work. You decide to use the Readiness Toolkit for Microsoft 365 Apps add-ins and VBA utilty to prepare for this deployment. On a specific user's computer, you execute the following command: ReadinessReportCreator.exe -mru -output \\NutexServ\finance -silent What will this accomplish? (choose all that apply, each option is part of the complete answer)
- This will scan files in the user's Most Recently Used list - This will scan the specified files for macros and make recommendations to fix their compatibility
You are a system administrator for Nutex Inc. Your organization has devices with various operating systems, including Windows 10 Home, Windows 10 Pro, Windows 11 Home, Windows 11 Enterprise, and Windows Holographic for Business. You are creating update rings that will help windows as a service to update your Window's devices. In which of the following Windows operating system versions will you be able to use the update rings feature? Drag the appropriate edition to the answer column.
- Windows 10 Pro - Windows 11 Enterprise
You are the administrator for the Verigon Corporation. Verigon has purchased another company, Metroil, and will integrate the company into the Verigon domain. You have installed Windows 11 on several computers. Windows 7 is stored in the c:|Windows.old directory. You have attached an external drive to each computer. You want to perform an offline migration of all user state settings. You want to make sure that the user settings for all metroil domain users who logged on the computer under the previous version of Windows will NOT appear on the new installation of Windows 11. What commands should you run? (Choose two.)
- scanstate /i:migapp.xml /i:miguser.xml /offlinewindir:c:\windows.old /ue:*\*/ui:* - loadstate /i:migapp.xml /i:miguser.xml /offlinewindir:c:\windows.old /ue:*\*/ui:*
You are planning to implement Microsoft Intune to ensure protection of sensitive corporate materials on unmanaged user devices. As part of your plan you decide to create security groups in Azure Active Directory to aid in assigning appropriate protections. What next steps should be part of the plan to ensure that Nutex Corporation's documents are properly secured when using applications on user devices? (Choose three.)
-Add and deploy apps to Intune -Create and assign App Protection Policies -Assign Intune and Office 365 user licenses appropriately
You manage devices that run Windows 10. You do not have an existing on-premises Active Directory environment. You plan to use Windows Hello for Business on the devices. What should you do? Choose all that apply.
-Configure Azure Active Directory Premium for the devices -Configure a Microsoft account on the device
Verigon Corporation plans to put a large touchscreen in their reception area to assist visitors in finding the correct department. A Windows 10 laptop will run an application created for this purpose. For security purposes, only the touchscreen and keyboard will be accessible. The laptop is not domain-joined. What should you do to ensure that visitors cannot perform any action that is not part of the reception application? Choose all that apply.
-Create a kiosk account -Enable User Account Control on the laptop
As a deployment administrator for the Verigon Corporation, you need to configure 100 laptops for the Austin, TX office. The laptops are off-the-shelf with Windows 10 Professional already installed. Verigon does not have a mobile device management infrastructure (MDM) in place. You must configure some basic desktop settings, such as AD enrollment. You need a streamlined configuration solution that does not require an office network connection. What steps would be required as part of streamlining this process? (Choose all that apply.)
-Create a project using the desktop wizard -Download the Windows Assessment and Deployment Kit (ADK) for Windows 10
You are a system administrator for Nutex Inc. Your organization has an Azure subscription. There are 10,000 Windows 11 devices joined to Azure AD and 200 iOS devices. You need to do the following: •Set a minimum password length and block simple passwords on the Windows devices •Allow mobile users access to AirPrint printers on your network Which of the following setting should you configure in the configuration profiles? Choose all that apply.
-Device features (macOS, iOS, iPadOS) profile -Device restriction profile
Verigon Corporation is transitioning from the traditional configuration manager (SCCM) and local Active Directory (AD) to the new "modern" IT. They plan to ultimately move to Intune and Azure AD. As a migration consultant, you have been asked to suggest the next steps in this co-management goal. All laptops are already running Windows 10 and Office 365. What steps would you recommend to bridge the transition? Choose all that apply.
-Enable co-management in Configuration Manager -Stop managing configuration policies through Group Policy -Use the Windows Update for Business Service component of Windows Analytics -Deploy corporate images using Autopilot
You manage devices that run Windows 10 with Azure Active Directory Premium. You need to enable two-factor authentication on the devices without the use of third-party applications. Users already enter a user ID and password to log in to their devices. What other factor(s) should you use? (Choose all that apply)
-Fingerprint recognition -Facial recognition
Employees at Verigon Corporation use company-provided Windows 10 laptops that are managed with Intune. Verigon has decided to allow some employees to use their personal iPhones to access company email. What steps will be part of the process to allow users to enroll their personal devices? (Choose all that apply)
-Have users install the Intune Company Portal application on their iOS devices -Get an Apple MDM Push certificate
The Nutex Corporation uses Windows Intune to enroll devices. Jane is the device enrollment manager (DEM) in Intune. Joe has several devices that he needs to enroll. Which of the following is true? (Choose two)
-Joe can enroll up to 15 devices -Jane can enroll up to 1,000 devices
50 computers that run Windows 10 will be deployed to Azure Active Directory. These computers will be joined to the Microsoft Azure Active Directory (Azure AD) domain and enrolled in Microsoft Intune. You must configure a device restriction policy for the 50 deployed computers in Azure Active Directory. Which three settings should you configure in Device restrictions? Click the exhibit to select the correct setting.
-Locked Screen Experience -Windows Defender Smart Screen -Windows Defender Antivirus
The Nutex Corporation has an Active Directory domain named nutex.com. This domain has 100 computers that run Windows 10 version 1809. You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune. You need to join several devices to the nutex.com domain with Windows Autopilot. What should you do? Choose the appropriate steps and place them in the correct order.
1. Register the device with Windows Autopilot. 2. Create an Autopilot deployment profile. 3. Specify Hybrid Azure AD as the method. 4. Install the Intune Connector for Active Directory on a computer running Windows Server 2016.
You have computers running Windows 7 that are domain-joined to the on-premises domain named nutex.com. You need to convert these computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot. Choose the appropriate steps and place them in the correct order.
1. Run Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force 2. Run Install-Module AzureAD -Force 3. Run Install-Module WindowsAutopilotIntune -Force 4. Run Connect-AutopilotIntune -user ‹credentials>.onmicrosoft.com 5. Run Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII 6. Create a package containing the JSON file 7. Create a target collection and an Autopilot task sequence 8. Deploy Content to Distribution Points and deploy the OS with Autopilot Task Sequence 9. Run C:\Windows\CCM\SCClient.exe
You are the administrator for a division of the Verigon Company. Each employee in your division has a computer that runs Microsoft Office 2016 and Windows 7. Your request for new computers was denied; however, your request to purchase Windows 11 licenses was granted. Each employee must keep the same computer, but the operating system will be upgraded from Windows 7 to Windows 11. How should you perform this procedure? Drag the correct steps from the left and place them in the correct order on the right. Not all steps may be used.
1. Run the scanstate command on all the computers. 2. Upgrade the computers to Windows 11. 3. Install Microsoft Office on all the computers. 4. Run the loadstate command on all the computers.
You are an administrator for Nutex Corporation. Nutex uses Microsoft Intune as its MDM solution. All company devices were successfully registered last month. Your manager would like a CSV file showing all the registered devices that have the data encrypted as part of a security evaluation. What steps would be required to prepare this information? (Place the correct steps in sequence)
1.) In the Intune console, select Devices 2.) Filter by Hardware Details 3.) Export the data
You want to deploy a customized Start and taskbar layout to users that have Windows 11 devices. You would like to do the following: •Hide videos and music on the Start menu •Block hibernate on the Start menu What should you configure in the Microsoft Intune admin center? (Choose the appropriate four steps and place them in the correct order)
1.) Select Devices > Configuration profiles > Create profile 2.) Choose "Windows 10 and later" as the platform 3.) Choose "Templates" as the profile type 4.) Configure the appropriate settings and assignments
You are a system administrator for your organization, Nutex, Inc. They have several Windows 10 Enterprise devices that are enrolied with Microsoft intune. You are planning to upgrade the Windows 10 devices to Windows 11 Enterprise. To achieve the objective, you have created feature update policies in Microsoft Intune and assigned feature updates for the Windows 10 devices. Some users report issues after the feature update policy is applied and the Windows 10 devices are upgraded to Windows 11. You want to roll back the feature updates for these devices. How many days after the upgrade does Microsoft allow you to roll back feature updates?
10 days
You have been implementing security baselines in Intune for a few weeks. You need to see a report of which computers running Windows 10 are curtenty not meeting the security baselines being enforced. How long does it take to get baseline-related information into the Security Baseline monitoring reports?
6 hours
You are an MDM administrator for the Verigon Corporation. You created several application policies for your Azure AD-joined laptops over a month ago. You now want to find out if users are being affected by these policies as well as the compliance status of the machines. Using Windows Intune app management, click on the tool that will allow you to access this information.
Apps > MONITOR
Verigon Corporation has configured Windows Intune for its Mobile Device Management (MDM) solution. All Windows 10 devices are domain-joined and Azure AD-registered. Verigon has Azure AD Premium. They want these corporate devices to be automatically enrolled in Intune. What would be a step in implementing this solution?
Create a GPO to enable automatic MDM enrollment
You are preparing a PC refresh for 200 computers. You are configuring your MDT server for a Lite Touch deployment strategy due to the large number of client mactures involved. Which of the following types of repository should you use your distribute the necessary setup files and scripts?
Create a deployment share on the MDT server
You are the enterprise admin for the Verigon Corporation. The company has an Employee Choice program that allows employees to choose their own company device. All devices are then enrolled in Microsoft Endpoint Manager. You want to create a policy that will enforce a minimum OS version for both IOS and Windows 10 devices. Which of the following will allow you to achieve this objective using Microsoft Endpoint Manager?
Create a device compliance policy
You are a system administrator for Verigon Corporation. Verigon has an Azure Active Directory environment with 500 workstations running Windows 10 Enterprise. You have been asked to upgrade the workstations to Windows 11 Enterprise and join the workstations to Azure AD. You should ensure that applications and settings installed on the users' workstations are retained and that the upgrade process requires minimal user intervention. Which of the following would be the best solution?
Create a provisioning package using Windows Configuration Designer
You are an enterprise admin for the Verigon Corporation. Your company recently received a shipment of new desktop computers that will be distributed to all your offices onsite. The machines are preloaded with the latest version of Windows 10 Professional Edition and have not yet been configured. You want to bulk enroll them in your MDM solution. Which of the following options will accomplish this objective?
Create a provisioning package with the Windows Configuration Designer app
You are an enterprise admin for the Verigon Corporation. Your company promotes a BYOD program for its employees so that they can work with their mobile device of choice. Since these are personal devices, they cannot be enrolled in the company's MDM. You want to create a policy that will confirm a user's identity when they access a corporate app. Which of the following options will achieve this objective?
Create an Intune app protection policy using Mobile Application Management that requires a PIN to open an app in a work context
You want to secure corporate data on your endpoint MDM-enrolled client devices and prevent users from copying and pasting corporate data when using applications in order to prevent data leakage. Which of the following options will achieve this objective using Microsoft Endpoint Manager?
Create an app protection policy
You are a system administrator for a new startup called the Nutex Corporation. You want to deploy Windows 11 on all of the new workstations with some custom. applications that employees will use for their daily business activities. You are in the process of creating a reference image that will help reduce deployment time and install a standard set of applications on all the workstations. You have set up the Microsoft Deployment Toolkit (MDT), built a lab deployment share, and added the setup files and required applications. What should you do next?
Create the reference image task sequence
You want to configure a Windows 10 computer named NutexLobbyPC, which is connected to a 60-inch screen in the main lobby of the corporate headquarters. It should only run the NutexAnnouncements application whenever the machine is turned on, and it should not allow any other apps to be accessible. What option will NOT accomplish this?
Deploy the application to NutexLobbyPC using Group Policy
You are a Microsoft Intune administrator for the Nutex Corporation, Nutex has its Windows devices joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune. Most Windows devices run Windows 11 Enterprise, but a few computers run Windows 10 Pro. You need to upgrade the Windows 10 Pro computers to Windows 11 Enterprise, Several coworkers offer suggestions: • Jeff suggests that you use subscription activation • Amy suggests that you use a device configuration profile • Michelle suggests upgrading the devices using the Microsoft Software Download site • Stacy suggests you use a device compliance policy Which suggestion should you use to upgrade the Windows 10 pro computers to Windows 11 enterprise with the least amount of effort?
Device configuration profile
You are a system administrator for Nutex Inc. Your organization has a Microsoft Defender for Endpoint subscription. All Windows devices in your environment are onboarded to Microsoft Defender for Endpoint. You are configuring automated investigation and remediation capabilities in Microsoft Defender for Endpoint. Which of the following should you use to configure the automated investigation and remediation capabilities?
Device groups
You are a system administrator for Verigon Inc. Your organization has an Azure Active Directory (Azure AD) subscription with 20,000 Windows 11 devices. All devices are enrolled in Microsoft Intune and joined to Azure AD. You want Microsoft Intune logs to be routed to the Azure monitor service. You have procured an Azure storage account to be used for storing logs. Which of the following Azure monitor features should you enable to route the logs to Azure monitor?
Diagnostic settings
You purchase a Windows Store app that you use for troubleshooting, and install the app on two devices that you will soon add to the domain. You attempt to install the app on another domain user's computer after you log in to the computer using your Windows account. You receive the following error message: "Windows Store is not available on this PC. Contact your system Administrator for more information." You need to be able to install this app on all Windows 10 computers on your organization's network. What should you do?
Disable the "Turn off the Store application" group policy
You are a desktop admin for the Nutex Corporation. The company would like you to implement several shared guest PCs in the corporate lobby. The PCs will host a single application for guests to check in. You will be converting existing domain-joined machines that run the latest version of Windows 10 to do so. Which of the following methods should you use to achieve the objective without reimaging the machines?
Enable kiosk mode from the ACCOUNTS section of the Windows 10 settings
You are a system administrator for Verigon Inc. Your organization has an Azure environment. All devices are Azure AD-joined and enrolled in Microsoft Intune. You are configuring Remote Help for your tenant. What should you do FIRST?
Enable remote help
You plan to manage several servers running Windows Server 2019 that are running robotic software for a manufacturing the factory floor. The servers are not connected to the on-premises domain or Azure Active Directory. You are instating a device. The Windows 11 device is joined to the Azure Active Directory. You perform the following actions: 1. Place the appropriate setting in the gateway's TrustedHosts file 2. Create a firewall rule to make sure the firewall port for WinRM allows inbound traffic on the target machere 3. Verify connectivity between the Windows 11 device and Windows Servers by pinging the FQDN When you attempt to connect to the server with the Windows Admin Center, you receive the following error: (See picture) You determine that the WinRM service is not running on the server. You type the following at the PowerShell prompt on the server to resolve the issue: PS C:\Windows\System32> **fill in bla
Enable-PSRemoting
You are a system administrator for Verigon Inc. Your organization has an Azure environment and has procured a Microsoft Intune subscription. All the devices are enrolled in Microsoft Intune. You want to understand the following metrics: • Average device startup time in seconds. • Average sign-in time to the device in seconds. • Top apps that have been reducing your score in the past 14 days. Which of the following Adoption Score features should you use to analyze the metrics?
Endpoint analytics
You are a system administrator for Verigon Inc. Your organization has acquired the Nutex Corporation, which has 10,000 Windows 10 devices. Most of the Nutex employees work from home. You are planning to upgrade all Windows 10 devices to Windows 11 Pro or Pro for Workstations. You have been tasked with determining requirements and which Windows 11 edition will suit these devices. Match the features with the appropriate edition.
Home Edition : -multi factor authentication -secure boot Pro Edition : -multi factor authentication -WIP -secure boot -Windows Hello for Business Pro for Workstation edition: -multi factor authentication -ReFS -WIP -secure boot -Windows Hello for Business
You are a security administrator for Nutex Inc. Your organization has a Microsoft Intune subscription. Employees use both company-owned and personally owned Windows 11 devices for work purposes. The company-owned devices are enrolled in Microsoft Intune. You want Intune to collect event data and provide recommendations to improve performance on the windows devices. To achieve the above requirement, you are creating a Windows Health Monitoring device configuration profile using the Microsoft Int performed the following steps: 1. Logged in to the Microsoft Intune admin center. 2. Clicked Devices > Configuration profiles > Create profile. 3. Selected Windows 10 and later under Platform. 4. Clicked Templates > Windows Health Monitoring 5. Clicked Create. 6. Entered information in Basics, Name, and Description. 7. Clicked Next. What should be your next step in this scenario?
In Configuration settings, set Health Monitoring to Enable
After implementing an Application Protection Policy in Microsoft Intune, you discover that there are a few iOS users who are still able to violate the policy by saving sensitive corporate documents to their personal devices using Microsoft Office Apps on iOS. You have selected the correct apps and settings for your policy and assigned the correct groups to include. You verify that the users in question are part of the correct groups as specified in the policy assignments. What else could you do to ensure the Application Protection Policy is properly being applied?
Make sure the users have been assigned Microsoft Intune licenses
You are a system administrator for Nutex, Inc. Your organization has an on-premises IT environment with 20,000 devices and workstations. All workstations are running Windows 10. You are planning to deploy Windows 11 on all the workstations. You have completed the readiness assessment for all the workstations. You need to choose the appropriate deployment scenario for Windows 11 deployment based on your requirements. Which of the following Microsoft-recommended deployment scenarios should you choose?
Modern
You are a system administrator for Nutex Inc. Your organization has an on-premises IT environment with 20,000 devices and workstations. All workstations are running Windows 10. Management plans to roll out Windows 11 on all the existing and new workstations and laptops. You have been tasked with identifying the different ways Windows 11 can be deployed in various scenarios. Match the appropriate deployment scenarios with the respective deployment tools or techniques. To match, drag each tool or technique from the left to the correct deployment scenario on the right.
Modern: - Windows Autopilot - In-place Upgrade Dynamic: - Subscription activation - Azure AD/MDM - Provisioning Packages Traditional - Bare Metal - Refresh - Replace
You need to ensure that the Microsoft Office application used on iOS mobile devices by Nutex employees is restricting Save-As and Cut, Copy, Paste to protect sensitive corporate documents from being compromised. You decide to implement an Application Protection Policy in Microsoft Intune. After defining the required data protection settings in the policy for the specific apps you wish to protect, what else must you do to implement this policy?
On the Assignments pane select the Azure AD groups to apply this policy to
Your company has an Active Directory domain named nutex.com. All client computers in the domain run Windows 10. You have a computer named wks1 in your department that is having issues with a sound card. You have ordered a new sound card, but need to disable the existing sound card device. You create the following script on a share on a server to temporarily fix the problem temporarily: Get-Device | where {$_.name -like "Acme Sound*"} | Disable-Device Get-Device | where {s_. name -like " Acme Sound*"} | Enable-Device What should you run on your computer to resolve the issue on the other computer?
On wkst. run the following: Enable-PsRemoting -Force On your computer, enter the following: Enter-PSSession -ComputerName wks1.nutex.com -Credential Nutex\CarlSpackler Invoke-Command -ComputerName wks1.nutex.com -FilePath ||server5\Scripts\MyScript.ps1
Your organization, Nutex Corporation, has 10,000 Windows 11 devices and an Azure Active Directory (Azure AD) environment. You have enrolled all the devices to Microsoft Intune. You have created a configuration profile for the devices. From the Microsoft Endpoint Manager admin center, you are viewing the status of the configuration profile and whether it has been successfully assigned to the devices. You observe that the configuration profile is not assigned to a few devices. Which profile assignment status helps you understand if the device has not checked in to receive the configuration policy?
Pending
You have an Azure Active Directory (Azure AD) tenant named Verigon.com, which contains Windows 10 and Windows 11 devices. All devices include an app called VerigonHR and are envolled in Microsoft Intune. You must ensure that devices are secure and provide protection from attempts by hackers to gain entry locally on the devices. The devices should have the guest account disabled and the administrator account renamed, and each device should have the Secure Boot area hidden. Question A: What should you create in Microsoft Intune to rename the administrator? Question B: What should you create in Microsoft Intune to have the Secure Boot area hidden? Question C: What should you create in Microsoft Intune to ensure the number of days after which a device password must be changed is configured to 28? Drag the correct choice to the appropriate question.
QA) Device Configuration Policy QB) Device Configuration Policy QC) Device Compliance Policy
You have a computer named Win11Sales1 that has Windows 11 installed. You need to ensure that a script called SetupComplete.ps1 will run after installing a Feature Update. Question A: Which file should you modify on Win11Sales1? Question B: Which parameter should you use to deploy the PowerShell script?
QA) SetupConfig.ini QB) POSTOOBE
You have an Azure tenant named Nutex.com. All tenant users are created in Azure AD. You need to elevate a user with the UPN name [email protected] to become a local administrator on a Windows 11 device named Win-Nutex5. You type the following at the command prompt. Drag the missing commands or parameters to the appropriate letter.
net(for A) localgroup administrators /add (for B) "AzureAD\ [email protected]"
A recent audit of the help desk showed that 40% of help desk personnel time was spent dealing with password issues from employees. After implementing smart card readers with employee computers that run Windows 7, your company has decided to replace all the old computers with new computers that run Windows 10. Your company has decided to implement Windows Hello on all the company's Windows 10 computers. All the new computers are equipped with a 3D camera. One of the computers used by an employee, Jack Smith, was stolen by his twin brother who works for a rival company. Jack's twin brother was able to easily access all files on the computer. You must implement a plan to ensure a data theft, like this will not happen again. The solution should cost as little money as possible since the budget has already been exhausted. You also must ensure that users do not have to memorize any passwords or keys. What should you recomm
Require the employees to set up Windows Hello again, and configure the options under Improve Recognition
You have loaded an update to an application on several computers in your domain. The names of the computers are stored in the DomainComputers.txt file. You create the following script to force an immediate reboot of the computers listed in the DomainComputers.txt file. $ComputerNames = Get-Content -Path C:\DomainComputers.txt SCredentials = Get-Credential At the prompt, type of missing PowerShell cmdlet so that the computers listed in the file reboot.
Restart-computer
You must create a Windows 11 reference image using the Microsoft Deployment Toolkit (MDT). Users who use this image should be able to customize the operating system, name the computer, and create user accounts. You want to reset the security IDs (SIDs), remove any system restore points, and erase event logs on the mage. You must type the following at the command prompt: C:\Users\Admin>**BLANK** /generalize /shutdown /oobe Please type the correct command in the text box provided above.
sysprep [sysprep.exe]
Verigon Corporation will be using Microsoft Intune to control access to Office 365 applications for all their locations. You need to ensure that all Finance group members can access Excel Online from their Windows 10 laptops only via Multi-Factor Authentication (MFA). Which required settings in your access policy must you configure? (Choose all that apply.)
View picture
You are a cyber security advisor for Nutex Corporation. Your organization has a Microsoft Defender for Endpoint subscription and has onboarded all Android and Windows devices. You have configured automated response and remediation capabilities in your environment. What should you do in the following scenarios? Map the action to be taken to the correct scenario.
View picture
You are the administrator for the Metroil Corporation. Your company has purchased 40 new laptops. You pen to give the 40 new laptops to Sales employees who have been promoted. You also plan to hire 40 new employees in the Payroll department. The old laptops formerly used by the Sales employees will be reallocated to the new Payroll employees. All new and existing laptops will have Windows 11 installed. You are installing Windows 11 on the new laptops. Which command should you run ONLY on the new computers to restore the user accounts and settings for the Sales employees?
loadstate [loadstate.exe]
You have an Azure tenant named Nutex.com. The tenant users are synchronized from the on-premises Active Directory named Nutex.com. You need to elevate a user with the UPN name [email protected] to become a local administrator on a Windows 11 device named Win-Nutex5. You type the following at the command prompt. Drag the missing commands or parameters to the appropriate letter.
net (for A) localgroup administrators /add (for B) "Nutex\Deborah"