B.4 Microsoft MD-102 Certification Practice Exam (60 Questions)
Which of the following BEST describes Intune policy sets?
A grouping of policies and apps that can be assigned using a single package.
Which of the following BEST describes an Intune device configuration profile?
A profile with features and settings that can be enabled or disabled on the devices in your organization.
Which of the following BEST describes the overall objective of planning application protection using Microsoft Intune?
To ensure critical applications are secured while enabling authorized user to access them.
You need to interactively access Command Prompt on a remote Windows system named WS1 from your Windows workstation. Which command should you use to do this?
psexec \\WS1 cmd
You want to use Windows Remote Management to authenticate to a computer not in your Active Directory domain. Which of the following commands do you need to run to add the name of the remote computer to the TrustedHosts table in order to connect remotely to the computer?
winrm set winrm/config/client @{TrustedHosts="computername"}
You need to be able to execute commands remotely on a Windows workstation named WS1. Which commands can be used to enable remote management on this system? (Select two. Each answer is a complete solution.)
- winrm quickconfig - Enable-PSRemoting
Where in Microsoft Intune can you go to manage and deploy device updates?
Device list
You want to capture your Windows installation as a system image. You need to remove any computer-specific information from the computer prior to capturing the image. What should you do?
Run Sysprep.
Which of the following is the most complete and correct listing of platforms on which you can update and manage Microsoft Intune policies?
Windows, iOS/iPadOS, and Mac.
You have configured a Windows server in your network to provide activation for your Windows workstations using the Key Management Service (KMS). Which of the following are true concerning activation in this network? (Select two.)
- By default, the Windows client systems will attempt to renew their activation status every seven days. - KMS activations are valid for 180 days.
SAML, OpenID, and OAuth 2.0 can be used by which of the following for cloud-based application authentication?
Azure Active Directory
An application has been assigned to be deployed using both a device and a user. How does Intune resolve this deployment conflict?
The device assignment will be used, and the user assignment ignored.
What needs to happen before you can begin managing a device with Intune?
The device needs to be enrolled in Intune.
Which of the following BEST describes Microsoft Intune?
A cloud-based mobile device management (MDM) tool for managing and monitoring Azure, hybrid, and on-premises devices.
From the drop-down list below, select the Microsoft Intune feature that provides applicability rules options for Rule, Property, and Value.
Device Profile
You have decided to deploy an app by user from Intune to all employee Windows laptops. When will the app be installed?
Only when the designated user signs into the laptop.
You have decided to use Windows PowerShell to set up a device in Windows Kiosk mode. From the dropdown list, select the command you need to use to configure the device for Kiosk mode.
Set-AssignedAccess
You're the network administrator for a private college. You've been tasked with developing a new image that will be rolled out to all the computers in the financial aid office. The new image will contain Windows 11 Pro. Because of this, you've decided to use the Microsoft Development Toolkit to create the image. You've finished configuring the task sequence and are now configuring the image rules. You need to change the network configuration information for MDT. Which of the following would you edit?
bootstrap.ini
Which of the following are tasks you can perform with Intune Endpoint Protection? (Select two.)
- Control sensitive data access. - Set compliance requirements.
From the drop-down list, select the item that can provide you with a consistent level of protection for your organization's applications and data, regardless of the device or network being used.
App protection policy
You have created a custom Storage Limits device profile for the laptops on the manufacturing floor of your company. You want to make sure that the profile applies to those laptops and all users on those laptops. Which of the following should you do to meet your requirements?
Assign the profile to a device group.
Which of the following is a benefit offered by Azure Active Directory to application developers?
By using Azure AD, application developers can integrate a user's preexisting credentials into the app for single sign-on authentication.
Which of the following BEST describes Microsoft Intune?
Intune is a tool that focuses on managing a device's lifecycle including updates, threat protection and security monitoring.
Which of the following default Intune device configuration profiles is only available on the macOS platform?
Kernel extensions
Which of the following can you use to create a custom Intune device configuration profile?
Microsoft Endpoint Management
Which of the following are required fields when creating a Microsoft Intune Profile?
Platform, Name, Assignments, Applicability Rules
You're an administrator for a company that uses Azure AD and Microsoft Intune to manage their corporate-owned mobile devices. All devices are registered in Azure AD and enrolled in Intune. You've created several Intune device compliance policies, and you want to be notified by email when a device isn't compliant with the policy rules. Which of the following can you use to set up email notifications?
Policy Actions for noncompliance
All of your company-owned laptops have been enrolled in Intune. One of the laptops has been lost and you want to wipe the laptop. However, you want to preserve the user data on the laptop. What do you need to do before wiping the device from Intune?
Select the Retain enrollment state and user account option.
Which of the following default Intune device configuration profiles is only available on the macOS platform?
- Check to see if the device is online and is communicating with the update server: Device connectivity - Make sure your organization's update policies are configured correctly and applied to the appropriate devices: Update policies - Check for configurations such as date, time, and time zone: Device settings - Make sure the device is compliant with your organization's policies and requirements: Device compliance - Check to see if the update was downloaded, installed, or if it failed to install: Update status
Which of the following are steps you need to complete in order to use app-based conditional access in Intune? (Select three.)
- Define the apps that the policy should apply to. - Define the conditions under which users can access those apps. - Create a conditional access policy.
Which of the following are only available in Windows 10 or higher as default Intune device configuration profiles? (Select two.)
- Delivery optimization - Edition upgrade
Which of the following are tasks you can perform with the Intune Endpoint Manager? (Select two.)
- Duplicate an endpoint security policy. - Resolve non-adherence conflicts.
You are setting up a device for Windows Kiosk mode using Microsoft Intune. Which of the following Kiosk mode settings are available to configure the device? (Select three.)
- Multi-app kiosk - Not configured - Single-app, full-screen kiosk
Mobile device management (MDM) compliance policies using Intune are powerful and have been created to accomplish two main objectives. (Select two.)
- Protect the organization's valuable data and assets. - Empower users to be productive wherever and whenever they want.
Which of the following are examples of what Windows Kiosk mode is designed to do? (Select two.)
- Provide self-registration at a hotel. - Provide self-check out in stores or restaurants.
The hardware in a user's Windows 11 Professional system is configured as follows: - Integrated 1000 Mbps network card - Integrated soundboard - Integrated SATA adapter - 1 TB hard disk drive - Rewritable DVD drive Recently, several capacitors on the system motherboard began leaking, so you replaced them with a newer motherboard with a faster CPU. The system still uses the original hard disk and optical drive. Which of the following are true concerning the activation status of the copy of Windows 11 installed on this system? (Select two.)
- Windows must be reactivated. - The system's hardware ID (HWID) has changed.
You have installed Intune and enrolled your corporate devices. You want to be able to collect information about the traffic that moves between devices on your network. Which of the following Azure Monitor services allows you to collect the data for analysis?
Azure Monitor for Networks
As the network engineer for a large financial institution, you have installed Intune and enrolled your Windows 11 devices in Intune. You would now like to use an Azure tool to provide information about the health, performance, and performance of the connected devices to help you: troubleshoot, optimize device performance, reduce technical support costs, and increase end-user productivity. Which of the following Azure services or tools BEST meets your needs?
Azure Endpoint Analytics
All your users work remotely. One of your users buys a notebook computer with Windows 11 Pro from an online store. The computer is to be used for company business. You need to upgrade the computer to Windows 11 Enterprise and join it to the CorpNet.local domain. You have the proper Microsoft 365 subscription and all other required licenses. What do you do?
Create a provisioning package and email it to the user with instructions on how to run it.
You're a system administrator for an international trading company that uses Azure Active Directory (AD) and Microsoft Intune to manage mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created the following dynamic user groups to manage access to company resources: - Managers: jobTitle = "Manager" - Consultants: jobTitle = "Customer Consultant" ... You've created your first device compliance policy that does the following: - Marks a device enrolled in Intune as Not Compliant if BitLocker isn't installed and running on a managed Windows 11 device. ... SOLUTION: You check the OfficeAdmin group and notice that the office administrator's user account isn't listed in the group. You add the office administrator's user account to the OfficeAdmin group.
No
You have installed Microsoft Intune and enrolled your company's computing devicYou have installed Microsoft Intune and enrolled your company's computing devices, and you have created a policy for all Windows 11 devices. You have just updated the policy and Intune has notified all targeted devices that the update is available. What is the default setting for the devices to check for policy updates?es, and you have created a policy for all Windows 11 devices. You have just updated the policy and Intune has notified all targeted devices that the update is available. What is the default setting for the devices to check for policy updates?
Every 8 hours
Your company devices are all enrolled in Microsoft Intune, and you are ready to begin planning and configuring app protection policies for those devices. Which of the following is the first step you should complete to help you prepare and implement effective application protection with Microsoft Intune?
Identify applications that need to be protected.
SecurityFirst is a security services company that sells home security devices in California and New York. They hire seasonal sales representatives who work several months and then return home to continue schooling or other jobs. ... You decide to use Windows Autopilot with Microsoft Intune to reset the Windows 10 laptops. You also want to use Autopilot personalization so that returning or new employees see their name is filled in when they turn on the reset laptop for the first time. Before rolling out Windows Autopilot to the entire company, you want to test it on a select group of laptops that represent the currently available systems. The table below lists the computers you want to upgrade. From the details provided in the table below, which company laptops meet the requirements for using Windows Autopilot?
Laptop1 only
In which phase of an Intune update ring do you apply quality updates to ensure that your devices are secure and up-to-date? Select the correct answer from the dropdown list.
Maintenance phase
Which of the following can help you ensure that that only authorized users are accessing your organization's data and applications, and that those users are doing so from secure devices and locations?
Microsoft Intune conditional access policies
You're a system administrator for an international trading company that uses Azure Active Directory (AD) and Microsoft Intune to manage mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created the following dynamic user groups to manage access to company resources: - Managers: jobTitle = "Manager" - Consultants: jobTitle = "Customer Consultant" ... You've created your first device compliance policy that does the following: - Marks a device that's enrolled in Intune as Not Compliant if BitLocker isn't installed and running on a managed Windows 11 device. ... SOLUTION: You check the OfficeAdmin group and notice that the office administrator's user account isn't listed in the group. You add the office administrator's user account to the OfficeAdmin group.
No
You're the systems administrator for a fashion design company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You have 100 company-owned Windows 11 devices that you need to configure the following for: - Apps from the Microsoft store must be blocked from auto-updating. - Non-Microsoft Store Apps must be blocked from being installed. - Employees must be able to use all apps that were pre-installed on the device. - Users must be prevented from changing the installation options that are typically reserved for system administrators. - Users must be prevented from installing apps from the internet. You've created a device restrictions configuration profile and configured the App Store settings as illustrated below.
No
You're the systems administrator for a fashion design company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created a Microsoft App Store device configuration profile named Test that restricts several options for employee management of apps in the Microsoft Store. These setting apply on the employees' managed Windows 11 mobile devices. You've assigned the device profile to the Win11dev device group and saved the assignment. However, when you return to the device profile list, you notice that the Test profile is listed as unassigned (see below). SOLUTION: You return to the device profile assignment page, remove the Win11dev device group assignment, add it again, and save the assignment.
No
You're the systems administrator for an international trading company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created the following dynamic user groups to manage access to company resources: - Managers: jobTitle = "Manager" - Consultants: jobTitle = "Customer Consultant" ... You've created a conditional access policy that: - Includes the SalesReps and Consultants user groups. - Excludes the Managers user group. ... SOLUTION: You check the sales rep's user account and notice that her job title is still set to "Manager." You change the job title to "Sales Representative."
No
You have a computer that runs Windows 10. You want to perform a clean installation of Windows 11 and maintain as many of the application settings, user profile, and user data as possible. Which steps should you perform to complete the migration with the least amount of effort possible?
Run Scanstate in Windows 10. Perform a custom (advanced) installation of Windows 11 to the existing hard drive. Boot into Windows 11 and re-install all applications. Run Loadstate.
Helen has been hired as a sales representative for a security services company for the next 5 months. On the first day of work, the IT system administrator gives her a company laptop configured to use a Windows Autopilot deployment profile. When Helen turns on her laptop, several screens are displayed before Autopilot configures the system and installs several company apps. From the list on the left, drag and drop the displayed screens to the right that Helen will see before Autopilot configures the system. Make sure you list the screens in the order that they appear. Not all screens listed on the left are part of the Autopilot boot process.
Screens displayed before Autopilot configuration begins: 1. Select Region 2. Select Keyboard Layout 3. Add a Second Keyboard 4. Enter Your User ID 5. Enter Your Password 6. Update Your Password 7. Enrollment Status Page
Listen to exam instructions Your company devices are all enrolled in Microsoft Intune, and you have created and rolled out your first app protection policy to the Finances department for an inhouse financial tracking tool. However, some employees in the Marketing department also have access to the tracking tool on their devices. Which of the following steps is the MOST likely step you forgot to complete when preparing and implementing the app protection policy with Microsoft Intune?
Test the protection policy.
You are configuring a provisioning package using the Windows Configuration Designer's Provision desktop devices option. One of the purposes of the package is to give each computer the name TestOut- followed by a random four-digit number. What should you enter for the Device name field?
TestOut-%RAND:4%
You have set up a conditional access policy in Microsoft Intune to limit access to a Customer Data application for use by Marketing employees. A Human Resources employee attempts to access this application. What will happen?
The employee is denied access to the application.
A user contacts you to let you know their Intune-enrolled device has been remotely locked. What would have caused this?
The user's device is non-compliant and was remotely locked.
Your company just installed new wireless access points. The access points use WPA2-Enterpise. The computers you are working with belong to the TestOut workgroup. You are at the point of the process where you need to configure 20 Windows 11 computers to connect to the access point. What should you do?
Use Windows Configuration Designer to create a provisioning package to complete the task. Run the package on each computer.
Your new company business requirements include standardizing Windows 11 Enterprise for both office and work-at-home employees. Some of the work-at-home employees were given permission in the past to purchase their own computers to use for work purposes. All of these computers run Windows 11 Professional. As the company IT systems engineer, you need to recommend a solution that: - Upgrades the computers to Windows 11 Enterprise. - Joins the computers to Microsoft Azure Active Directory. - Installs a set of standard Microsoft apps required by the company. - Preserves any applications already installed by the employees. In addition, you want the solution to require minimum intervention by yourself or the employees. Which of the following is the BEST solution for meeting all your upgrade requirements?
Windows Configuration Designer provisioning package
You're the systems administrator for a fashion design company that uses Azure Active Directory (AD) and Microsoft Intune to manage their mobile devices. All company-owned mobile devices are registered in Azure AD and enrolled in Microsoft Intune. You've created the following Azure AD device groups: - Win11dev: All company-owned Windows 11 mobile devices - iPadProdev: All company-owned iPad Pro tablets ... However, when you test the device profile on a limited number of the Windows 11 mobile devices, you find that the device profile configurations aren't being applied. SOLUTION: You check the assignments for the device profile and notice that there are no assignments currently configured. On the Include tab, you assign the Win11dev device group to the device profile.
Yes
You're the systems administrator for an international sports equipment retail company that uses Azure Active Directory (AD) and Microsoft Intune to their manage mobile devices. All company-owned mobile devices are registered in Azure AD, enrolled in Microsoft Intune, and have BitLocker installed and running. You've created a conditional access policy that: - Includes an assigned Test user group. - Applies the policy to the Microsoft 365, Microsoft Teams, and SharePoint cloud apps. ... After deploying the conditional access policy, you find that the policy isn't being applied to the user accounts in your Test user group. SOLUTION: You check the conditional access policy settings and discover that the Enable policy setting is set to Off. You change the setting to On.
Yes
You're the systems administrator for a large hospital system, which has purchased new computers for the Pediatrics department. You've been tasked with designing and building the image that will be installed on each computer. Before you begin, you need to create your WinPE boot media. You've exported the WinPE files and then run the Deployment and Imaging Tools Environment. Unfortunately, when you attempt to execute the copype command, you receive error messages. What is the MOST likely reason for this issue?
You need to run the Deployment and Imaging Tools Environment as an administrator.