Midterm

Ace your homework & exams now with Quizwiz!

Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10.You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune.You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize administrative effort.What should you use?

A Windows AutoPilot deployment profile.

You are the administrator for an organization that has 100 devices that run Windows 10 Pro. The devices are joined to Azure AD and enrolled in Microsoft Intune. You need to upgrade the computers to Windows 10 Enterprise. What should you configure in Intune?

A device configuration profile

You have computers that run Windows 10 Pro. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You need to upgrade the computers to Windows 10 Enterprise.What should you configure in Intune?

A device configuration profile

You are the new Azure AD Global administrator for your organization. Your company wants to set up a way to integrate their on-site AD with Azure AD. What tool can you use to do this?

Azure AD Connect.

You are the system administrator of a large organization that has recently decided to add an Azure AD subscription. Your boss has asked you about Azure security and making sure that user logins are secure. What feature can you explain to your boss to ease their concerns?

Azure AD Identity Protection

Will has installed Windows 10 on his Windows XP computer. The machine is now a dual-boot computer. He has FAT32 for Windows XP and NTFS for Windows 10. In addition, he boots his computer to Windows XP Professional for testing an application's compatibility with both operating systems. Which of the following file systems will be seen by both operating systems?

Both the FAT32 partition and the NTFS partition will be seen by both operating systems.

Your company has a System Center Configuration Manager deployment that uses hybrid mobile device management (MDM). All Windows 10 devices are Active Directory domain-joined.You plan to migrate from hybrid MDM to Microsoft Intune standalone. You successfully run the Intune Data Importer tool. You need to complete the migration. Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

Change the tenant MDM authority to Intune.

What should you use to meet the technical requirements for Azure DevOps?

Conditional access

What should you upgrade before you can configure the environment to support co-management?

Configuration Manager

You have a Microsoft 365 subscription. A remote user purchases a laptop from a retail store. The laptop is intended for company use and has Windows 10 Pro edition installed. You need to configure the laptop to meet the following requirements:.Modify the layout of the Start menu.Upgrade Windows 10 to Windows 10 Enterprise.Join the laptop to a Microsoft Azure Active Directory (Azure AD) domain named contoso.comWhat should you do?

Create a provisioning package (.ppkg) file and email the file to the user

You are creating a device configuration profile in Microsoft Intune.You need to implement an ADMX-backed policy.Which profile type should you use?

Custom

You have 175 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (AD) and enrolled in Microsoft Intune. You have been asked to enable self-service password reset on the sign-in screen. Which settings should you configure in Microsoft Intune?

Device configuration

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (AD) and enrolled in Microsoft Intune.You need to enable self-service password reset on the sign-in screen.Which settings should you configure from the Microsoft Intune blade?

Device configuration

Your company uses Microsoft Intune. More than 500 Android and iOS devices are enrolled in the Intune tenant.You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.You need to ensure that the policies can target the devices based on their version of Android or iOS.What should you configure first?

Device settings in Microsoft Azure Active Directory (Azure AD)

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD).You have a Microsoft 365 subscription.You create a conditional access policy for Microsoft Exchange Online.You need to configure the policy to prevent access to Exchange Online unless is connecting from a device that is hybrid Azure AD-joined.Which settings should you configure?

Device state

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.You redirect Windows known folders to Microsoft OneDrive for Business.Which folder will be included in the redirection?

Documents

Paige is considering upgrading her basic disk to a dynamic disk on her Windows 10 computer. She asks you to help her understand the function of dynamic disks. Which of the following statements is true of dynamic disks in Windows 10?

Dynamic disks support features such as simple volumes, extended volumes, spanned volumes, mirrored volumes, and striped volumes.

You have a Microsoft 365 subscription. All computers are enrolled in Microsoft Intune. You have business requirements for securing your Windows 10 devices. You need to lock any device that has a high Windows Defender Advanced Threat Protection (Windows Defender ATP) risk score. Which device configuration profile type should you use?

Endpoint protection

Your company has computers that run Windows 10. The company uses Microsoft Intune to manage the computers. You have an app protection policy for Microsoft Edge. You assign the policy to a group. On a computer named Computer1, you open Microsoft Edge.You need to verify whether Microsoft Edge on Computer1 is protected by the app protection policy. Which column should you add in Task Manager?

Enterprise Context

Introductory Info: This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.General Overview -Litware, Inc. is an international manufacturing company that has 3,000 employees. The company has sales, marketing, research, human resources (HR), development, and IT departments.Litware has two main offices in New York and Los Angeles. Litware has five branch offices in Asia.Current Business Model -The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.Litware has a Microsoft System Center 2012 R2 Configuration Manager deployment.During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.Current Environment -The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain isWindows Server 2012 R2. All domain controllers run Windows Server 2012 R2.Litware has the computers shown in the following table.The development department uses projects in Azure DevOps to build applications.Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to a different contractor. Currently, the computers are re-provisioned manually by the IT department.Problem Statements -Litware identifies the following issues on the network:Employees in the Los Angeles office report slow Internet performance when updates are downloading. The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.)Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.Re-provisioning the sales department computers is too time consuming.Requirements -Business Goals -Litware plans to transition to co-management for all the company-owned Windows 10 computers. Whenever possible, Litware wants to minimize hardware and software costs.Device Management Requirements -Litware identifies the following device management requirements:Prevent the sales department employees from forwarding email that contains bank account information.Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.Technical Requirements -Litware identifies the following technical requirements for the planned deployment:Re-provision the sales department computers by using Windows AutoPilot.Ensure that the projects in Azure DevOps can be accessed from the corporate network only.Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.Question: You need to meet the device management requirements for the developers.What should you implement?

Enterprise State Roaming

You have a Microsoft 365 subscription. You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD). You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD.You need to ensure that the desktop background, the favorites, and the browsing history are available on the new computers.What should you use?

Enterprise State Roaming

Your network contains an Active Directory named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10.Folder Redirection is configured for a domain user named User1. The AppData\Roaming folder and the Desktop folder are redirected to a network share.User1 signs in to Computer1 and performs the following tasks:.Configures screen saver to start after five minutes of inactivity.Modifies the default save location for Microsoft Word.Creates a file named File1.docx on the desktop.Modifies the desktop backgroundYou need to identify what will be retained when User1 signs in to Computer2.What should you identify?

File1.docx, the screen saver settings, the desktop background, and the default save location for Word

You have a Microsoft 365 subscription. You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM). You need to deploy the Microsoft Office 365 ProPlus suite to all the computers.What should you do?

From Microsoft Azure Active Directory (Azure AD), add an enterprise application.

You have a computer named Computer1 that runs Windows 10. Computer1 is used by a user named User1. You need to ensure that when User1 opens websites from untrusted locations by using Microsoft Edge, Microsoft Edge runs in an isolated container.What should you do first?

From Windows Features, turn on Windows Defender Application Guard.

You have a Microsoft 365 subscription. You need to deploy Microsoft Office 365 ProPlus applications to Windows 10 devices. What should you do first?

From the Device Management admin center, create an app.

You have 100 devices that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD). You need to prevent users from joining their home computer to Azure AD.What should you do?

From the Device enrollment blade in the Intune admin center, modify the Enrollment restriction settings.

You have Windows 10 devices that are managed by using Microsoft Intune. Intune and the Microsoft Store for Business are integrated. You need to deploy the Remote Desktop modern app as an automatic install to the Windows 10 devices without user interaction.Which three actions should you perform? Each correct answer presents part of the solution.

From the Intune portal, create a Microsoft Store app for the Remote Desktop modern app.

Your company has an internal portal that uses a URL of http://contoso.com (Links to an external site.). The network contains computers that run Windows 10. The default browser on all the computers is Microsoft Edge.You need to ensure that all users only use Internet Explorer to connect to the internal portal. The solution must ensure that Microsoft Edge can be used to connect to all other websites.What should you do from each computer?

From the local policy, configure Enterprise Mode

You want to view your Azure AD directory settings for your Azure AD subscription. What PowerShell command would you use to accomplish this task?

Get-AzureADDirectorySetting

Your company has a Microsoft 365 subscription. A new user named Admin1 is responsible for deploying Windows 10 to computers and joining the computers to Microsoft Azure Active Directory (Azure AD). Admin1 successfully joins computers to Azure AD.Several days later, Admin1 receives the following error message: "This user is not authorized to enroll. You can try to do this again or contact your system administrator with the error code (0x801c0003)."You need to ensure that Admin1 can join computers to Azure AD and follow the principle of least privilege.

Modify the Device settings in Azure AD.

You have a Microsoft Azure Active Directory (Azure AD) tenant. All corporate devices are enrolled in Microsoft Intune. You have a web-based application named App1 that uses Azure AD to authenticate. You need to prompt all users of App1 to agree to the protection of corporate data when they access App1 from both corporate and non-corporate devices.What should you configure?

Terms of use in Conditional access

Your network contains an Active Directory domain. The functional level of the forest and the domain is Windows Server 2012 R2. The domain contains 500 computers that run Windows 10. All the computers are managed by using Microsoft System Center 2012 R2 Configuration Manager.You need to enable co-management.What should you do first?

Upgrade Configuration Manager to Current Branch.

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All users have computers that run Windows 10. The computers are joined to Azure AD and managed by using Microsoft Intune.You need to ensure that you can centrally monitor the computers by using Windows Analytics.What should you create in Intune?

a device configuration profile

Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD). Existing on-premises computers are managed by using Microsoft Endpoint Configuration Manager. You configure contoso.com for co-management.You deploy 100 new devices that run Windows 10. The devices are joined to Azure AD and enrolled in Microsoft Intune. You need to ensure that the devices are co-managed.What should you create in Intune first?

an app for the Endpoint Configuration Manager client

Your company implements Microsoft Azure Active Directory (Azure AD), Microsoft 365, Microsoft Intune, and Azure Information Protection. The company's security policy states the following:• .Personal devices do not need to be enrolled in Intune.• .Users must authenticate by using a PIN before they can access corporate email data.• .Users can use their personal iOS and Android devices to access corporate cloud services.• .Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.You need to configure a solution to enforce the security policy.What should you create?

an app protection policy from the Intune admin center

Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 500 laptops that runWindows 8.1 Professional. The users of the laptops work from home.Your company uses Microsoft Intune, the Microsoft Deployment Toolkit (MDT), and Windows Configuration Designer to manage client computers.The company purchases 500 licenses for Windows 10 Enterprise.You verify that the hardware and applications on the laptops are compatible with Windows 10.The users will bring their laptop to the office, where the IT department will deploy Windows 10 to the laptops while the users wait.You need to recommend a deployment method for the laptops that will retain their installed applications. The solution must minimize how long it takes to perform the deployment.What should you include in the recommendation?

an in-place upgrade


Related study sets

AP Econ - Chapter 7: Consumers, Producers, and the Efficiency of Markets

View Set

Lesson 8: Calculation of Available Fault Current (2023)

View Set

CHAPTER 1: INTRODUCTION TO INFORMATION TECHNOLOGY-HARDWARE, SOFTWARE, AND TELECOMMUNICATIONS

View Set

Anatomy&Physiology Ch 12- Nervous Tissue

View Set

nclex GU, Pediatric GU questions Nclex, renal gu nclex, Renal & GU- NCLEX, GU NCLEX 3500, NCLEX GU

View Set