module 8 practice questions

You share the D:\Reports folder on your Windows system using a share name of Reports. You need to configure permissions on the shared folder as follows: Members of the Accounting group should be able to view files, but not modify them. Phil, a member of the Accounting group, needs to be able to open and edit files in the shared folder. No one else should be allowed access. How can you assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer?

Add the Accounting group and assign the Read permission. Add the Phil user account and assign the Read/Write permission.

You are an administrator with 200 Windows 10 devices that are both personal and corporate-owned. You have implemented mobile device management (MDM) as well as mobile application management (MAM) via Intune. While configuring auto-enrollment, you configured the MDM user scope to All and the MAM user scope to All. You are now ready for auto-enrollment. Which statements describe what will happen in your environment as these devices auto-enroll? (Select two.)

For personal devices, MAM user scope takes precedence over the MDM user scope. The device is not enrolled in Intune. For corporate-owned devices, MDM user scope always takes precedence over the MAM user scope. The device is enrolled into Intune.

Which PowerShell cmdlet would you use to find how a specified printer has been set up on a computer?

Get-PrintConfiguration

As an administrator, you are configuring a compliance policy in Intune. Place the following in the correct order to properly configure this policy.

Give the policy a unique name Identify an OS platform: iOS, Android, or Windows Configure one or more settings to enforce Assign the policy to one or more user groups or device groups

You have a folder on your Windows desktop system that you would like to share with members of your product management team. Your team needs to be able to view and edit any file in the shared folder. To accomplish this, you configure advanced sharing and gave give each team member Full Control share permissions. The team is doing some competitive analysis that needs to remain confidential. Unfortunately, you learn that people outside of your team are able to see and read the documents your team is creating. After looking into this issue, you learn that sharing a resource using advanced sharing gives the Everyone group the Read share permission by default. You remedy the issue by removing Everyone from the Share Permissions list. Which of the following is a permissions management best practice that, if followed at the domain level, would have prevented this issue from arising in the first place?

Grant Everyone the Full Control share permission, but configure NTFS permissions to be more restrictive.

Your Windows system has a folder named D:\SalesDept. The D: drive is formatted with FAT32. You need to allow network access to the folder as follows: Members of the Sales group should have read-only access to the content in the folder. Members of the SalesAdmin group should be able to open, edit, and add new files to the folder. No other users should have access. Members of the SalesAdmin group are also members of the Sales group. You want to assign as few permissions as possible. When sharing the D:\SalesDept, what should you do?

Grant the Read permission to the Sales group and the Change permission to the SalesAdmin group. Remove the Everyone group from the access control list.

You have been put in charge of providing a VPN solution for employees who work remotely. When these employees change locations, they lose their VPN connection. You want them to automatically reconnect if the VPN connection is lost or disconnected. Which VPN security protocol supports the VPN Reconnect functionality?

IKEv2

You have Windows 10 devices in Azure AD, and they are enrolled in Intune. What must you do in order to also co-manage the devices using Configuration Manager?

Install the Configuration Manager client on each device.

Match the following paths in order to move forward with modern management:

Install the Intune Client Only using Config Manager Balance and migrate workloads Using Config Manager with Intune Use Intune for management Not using Config Manager

Which cloud-based Microsoft modern management tool would you use to remotely restart a mobile device?

Intune

What does the File and printer sharing setting do?

It allows other computers to access the shares created on the host computer.

Which Microsoft tool would you download to help you migrate your group policies to MDM policies?

MMAT (MDM Migration Analysis Tool)

You need to set up and pre-configure new Windows 10 devices to get them ready for use and distribution to users. Which Microsoft cloud-based tool would you use to accomplish this?

Microsoft Autopilot

Which cloud-based Microsoft tool would you use to reset, repurpose, and recover devices?

Windows Autopilot

You are an administrator with 550 devices to enroll into Intune. You choose to bulk enroll them. Which other software will you need to build the package necessary to bulk enroll the devices via USB or network location?

Windows Configuration Designer (WCD)

You would like to utilize a Device Enrollment Manager (DEM) Azure AD account to enroll your devices into Intune. What is the maximum number of devices a DEM account can enroll?

1,000

You would like to utilize a device enrollment manager (DEM) Azure AD account to enroll your devices into Intune. What is the maximum number of devices a DEM account can enroll?

1,000

Match each printer management feature on the left with the appropriate description on the right.

A color printing sub-system that provides support for inkjet printers that use more than the standard four color ink cartridges. Windows Color System When enabled in Windows 10, this will be automatically set to the last printer a print job was sent to. Default Printer Defines the content and appearance of documents and creates a document every time a print job is sent from applications running on Windows. XML Paper Specification Forces print jobs to be spooled on the client machine in order to reduce print processing times. Client-Side Rendering

As an added security measure, you'd like to implement network fencing using Intune for your mobile device management (MDM). Select option that best describes network fencing.

Admins can keep devices outside their corporate network from accessing enterprise resources.

You would like to get your devices enrolled into Intune. However, your users have a mixture of iOS, MacOS, Android, Windows 10, and Windows 8.1 in your environment. What are the platform requirements for each OS to get the devices enrolled into Intune?

Android Download the Company Portal app from Play Store on each device. Windows 10 Use direct enrollment if available. Windows 8.1 Install the Intune Company Portal app on each device. iOS and MacOS iOS devices with iOS 7 or later and Mac computers with OS X Mavericks 10.9 or later.

Which Android enrollment options would you choose in order to keep work data and personal data separate on your Android devices?

Android Enterprise work profile

Your remote users run a Universal Windows Platform (UWP) application that requires access to certain files on a network share each time it runs. What would you implement in order for your remote users to make sure that network resources are always available when they run that application?

Application trigger

You manage a Windows system with an attached printer. You share the printer using a share name of Printer1. You want to allow the user named Chad to pause, restart, and delete print jobs on the printer. Chad should not be allowed to delete the printer or change its properties. Chad is a member of the Sales group. Currently, the group named Everyone has the Print permission for this printer. Which permission should you assign to allow only Chad to perform the specified print actions?

Assign Chad the Manage Documents permission to the printer.

You manage a Windows system with a printer that is used by the Sales department. The sales manager has asked you to restrict access to the printer as follows: Sally needs to connect to a printer, print documents, and have the ability to pause and resume her own print jobs. Damien needs to pause and resume documents for all users, but does not need to change printer properties. You want to assign the most restrictive permissions that meet the sales manager's requirements. What should you do? (Select two. Each answer is part of the complete solution.)

Assign Sally the Print permission. Assign Damien the Manage Documents permission.

You share the D:\Apps folder on your Windows system using a share name of Apps. You need to configure permissions to the share as follows: Members of the Appusers group should be able to open and view files in the shared folder. User JohnS should not have any access to files in the shared folder. JohnS is a member of the Appusers group. How can you assign the necessary permissions without assigning extra permissions beyond what is required and without affecting other access that might already be configured on the computer?

Assign the Allow Read permission to Appusers, and assign Deny Read permission to JohnS.

You are creating a new device profile. You want it to apply to all users except the domain administrators. How would you accomplish this?

Assign the profile to the AllUsers group and exclude the DomainAdmins group.

On your Windows computer, you share the D:\Promo folder using a share name of Promo. The share has been assigned the following permissions: User/Group Permission Telesales group Allow Read Training group Deny Full Control Managers group Allow Change Mary user Allow Change The Mary user account is a member of the Training group. NTFS permissions allow all access. Mary needs to be able to edit documents in the shared folder, but cannot. You need to modify the share permissions to allow her the necessary access. What should you do? (Select two. Each answer is a complete solution.)

Change the Training group permission to allow Read. Remove the Mary user account from the Training group.

You connect your Windows laptop to the network at work to allow an associate to copy files from your computer. Other computers on the network are not able to discover your computer. You open the Network and Sharing Center and see the information shown in the image. How can you make your computer visible to other computers on the network?

Change the network type to Private

How is conditional access a benefit of implementing co-management?

Conditional access allows you to control which devices and apps can connect to your organization.

Which of the following statements best describes Configuration Manager? (Select two.)

Configuration Manager is also known as System Center Configuration Manager (SCCM). Configuration Manager has been around for many years and is a powerful, on-premises, traditional management tool.

You use a VPN connection on your Windows desktop system to access resources on a corporate intranet. In addition to accessing the intranet resources, you need to access the internet while the VPN connection is active. How can you prevent internet traffic from going through the VPN connection?

Configure the Advanced TCP/IP Settings of the VPN connection.

You have all Windows 10 devices in your cloud-based Intune environment. You want to set up Always On VPN on each device to utilize the built-in VPN client in Windows 10. What is the fastest way for you to configure all your devices?

Create an Always On VPN configuration profile in Intune and assign it to the AllUsers group.

While working from home, you prepared to share a project folder with your team at work. When you arrived at the office, you told your team about the folder, but they couldn't find it on the network. You're sure you remember correctly configuring your sharing options by turning on Network discovery and File and printer sharing. Click on the network profile you should open to make sure these options are turned on for your team at work to access the folder.

Domain

What are the profile choices when sharing folders? (Select three.)

Domain Guest or Public Private

How are Enterprise State Roaming (ESR) profiles different from other traditional user profiles? (Select two.)

ESR syncs user and app settings on their Windows 10 devices to the cloud. ESR keeps corporate and personal data separate. In this manner, corporate data is always protected.

You have a small network set up at home. Each member of the family has their own computer. You would like to share files on your computer, such as pictures, videos, and music, with other members of your family. Your mother should be able to modify any of these files, while everyone else should only have read-only access. You want to use the simplest method to make these files available while providing the level of access specified. What should you do?

Enable file and printer sharing in the Network and Sharing Center. Share specific folders and configure the necessary permissions.

You have a user remotely connecting to the corporate network from a client location. They can connect to the corporate network file server. But they cannot access files and folders they need on the client LAN in order to work on their project. What would you enable in order to allow the user to access resources on both networks while the VPN is connected?

Enable split tunneling

Your company has several office locations that you travel to frequently. You want to configure your Windows 10 laptop to easily switch the default printer as you move from one location to another. Which printer configuration setting will allow your laptop to set the last used printer as your default printer?

Enable the Let Windows manage my default printer option.

As an administrator, you would like your users to initiate the enrollment of their Windows 10 devices into Intune. Which of the following can users choose to accomplish this task? (Select four.)

Enroll in MDM only Perform an Azure AD join during OOBE (Out of Box Experience) Add a work or school account Use Windows Autopilot

You have a folder on your Windows desktop system that you would like to share with members of your development team. Users need to be able to view and edit any file in the shared folder. You share the folder and give the Everyone Full Control permission to the shared folder. Users connect to the shared folder and report that they can open the files, but they cannot modify any of the files. What should you do?

Modify the NTFS permissions on the folder.

What setting allows the computer hosting the share to be located by a remote system?

Network Discovery

The sales reps in your organization use a VPN connection on their Windows notebook systems to access the corporate network while traveling. You are concerned that a sales rep has configured his VPN connection to automatically remember his credentials for accessing the VPN server. This violates your organization's security policy. Click the option in the VPN Connection Properties dialog you would use to disable this functionality.

Options

You have a folder on your Windows system that you would like members of your development team to access. You want to restrict network and local access to only specific users. All other users must not be able to view or modify the files in the folder. What should you do? (Select two.)

Place the files on an NTFS partition. Configure both share and NTFS permissions.

After configuring device enrollment settings, you must enable device enrollment. How you enable this enrollment varies depending on the devices you wish to enroll. There are several methods to enroll devices depending on ownership, platform, or management requirements. Match each of the items on the left with the appropriate group name on the right.

Platform iOS, Windows, or Android Management Requirements Resets, affinity, and locking Ownership Personal or corporate

Mobile device management (MDM) policies using Intune are powerful and have been created to accomplish two main objectives. (Select two.)

Protect the organization's valuable data and assets. Empower users to be productive wherever and whenever they want.

NTFS permissions include which of the following? (Select three.)

Read and Execute Full control Special Permissions

You manage a Windows system with an attached printer. You share the printer using a share name of Printer1. You assign the Print permission for the printer to the Sales group. Then you discover that users who are not members of this group can print to the printer. How do you configure permissions so that only members of the Sales group to print to Printer1?

Remove the Everyone group from the printer's access control list.

You have a Windows system that you use at home on a small network shared by members of your family. You want to share the contents of a folder with other users over your network. Most users should have read-only access, but you want to explicitly deny access to other users. How can you configure the permissions using the least amount of effort possible?

Right-click the folder and click Properties. On the Sharing tab, configure Advanced Sharing.

You are wondering which type of user profiles to implement in your enterprise environment. After doing some research on profiles, you notice many differences. Match the definitions on the left with the profile type on the right.

Roaming Profile Stored out on the network; user can change settings. Compulsory aka Super-Mandatory Locked-down profile. User is required to use it and cannot make changes. If profile is unavailable, user will not be able to log on. Temporary Profile The profile the user will get if their local, roaming, or mandatory profile is unavailable. Local Profile Stored on just one device; user can change settings. Mandatory Profile Can be stored locally or on the network; user cannot make setting changes.

You need to implement a solution for the sales reps who complain that they are unable to establish VPN connections when they travel because the hotel or airport firewalls block the necessary VPN ports. Which VPN security protocol can you use to resolve this issue?

SSTP

You manage a Windows system with an attached printer. You share the printer using a share name of Printer1. You have completed the following steps: From the Settings app, select Devices. Selected Printers & scanners. Selected Printer1. Clicked Manage. Selected Printer properties. Which tab would you select next to modify the permissions for network users?

Security

You need to make sure the Users group only has the List folder contents and Read permissions on the TestOut folder. Click on the tab that allows you to verify the permissions the Users group has to this folder.

Security tab

You are setting up a cloud-based Intune deployment. You have created accounts for your users, and you have defined the policies you need to manage your organization's mobile devices. You are ready to enroll mobile devices. Which task must you perform before you can complete mobile devices enrollments?

Set Intune as your mobile device management authority.

Once you have opened Printer Management, you can right-click on a printer. From there, which of the following tasks can you perform? (Select two.)

Set Printing Defaults Open Printer Queue

Your Windows system has a folder named D:\SalesDocs. The folder has been shared with the share name of SalesDocs. The D: drive is formatted with NTFS. The following permissions have been configured for the folder: NTFS permissions Share permissions Users group = Allow-ReadSales group = Allow-Modify Users group = Allow-ReadSales group = Allow-Change Sally is a member of both the Users and Sales groups. She needs to be able to read and modify all files in the SalesDocs shared folder except for the StyleGuide.doc file. How can you set permissions so that Sally is able to read StyleGuide.doc, but not modify it?

Set Sally's NTFS permission for StyleGuide.docto Deny Write.

You need to configure your Windows 10 laptop to use a VPN connection to the company VPN server. Click the link you would use to configure the VPN connection.

Set up a new network or connection

You are a new system administrator, and your company has just mandated that users need to work from home and connect to files and folders on the network. Which option will allow users to connect to the corporate network remotely and securely?

Set up a virtual private network (VPN) on the server side and install the client on each remote user's laptop.

As a system administrator, you manage hundreds of Windows 10 devices using Configuration Manager. Now you would like to co-manage these devices with cloud-based Azure tools. What should you do to achieve co-management?

Set up hybrid Azure Active Directory and then enroll the Windows 10 devices into Intune.

You are configuring an application trigger and split tunneling on your VPN connections for your users. Match each command with its description.

Set up the app trigger Add-VpnConnectionTriggerApplication -Name %Name of VPN% -ApplicationID %Path to Application% Enable split tunneling Set-VpnConnection -Name %Name of VPN% -SplitTunneling $True Set the idle disconnect time Set-VpnConnection -Name $vpn -IdleDisconnectSeconds 5 Remove auto-trigger Remove-VpnConnectionTriggerApplication -Name $vpn -ApplicationID $app Confirm auto-trigger settings Get-VpnConnectionTrigger -Name $vpn

Your Windows system hosts the shared printer displayed in the example image. This printer is heavily used by workgroup users in your department. Click the tab you would use in the Printer Properties dialog to enable client-side rendering and reduce the load on your local system.

Sharing tab

You need to deploy a new cloud-based Windows Intune deployment to manage mobile devices in your organization. Arrange the deployment configuration tasks in proper order on the right. Not all tasks will be used.

Step 1 Sign up for an Intune account. Step 2 Create Intune user accounts. Step 3 Define Intune policies. Step 4 Enroll mobile devices.

Your Windows system has a shared folder named Reorg. The folder contains sensitive information about planned changes in the personnel structure. You configure permissions on the folder to deny access to unauthorized users. You want to prevent users from seeing this share when they browse the computers on the network. You still need to allow access to users who are authorized to use the share. What should you do?

Stop sharing the folder. Share the folder again as Reorg$ with the same permissions as before.

You have created several Intune MDM policies. You would like to assign them to manage your mobile devices and users. You can assign the MDM policies to either user groups or device groups. If you select user groups, what will happen?

The MDM policies will apply to every device the user uses.

You've enabled Enterprise State Roaming (ESR) in Azure AD. However, some of your Windows 10 users are calling support because some of their app and user settings are not syncing properly between their Windows 10 devices. You check all your ESR settings, and it looks to be set up correctly. What else could be causing some Windows 10 users to have problems and others not with ESR? (Choose two.)

The device has not been restarted since enabling ESR. ESR requires Windows 10 version 1511 or later.

A user contacts you to let you know their Intune-enrolled device has been remotely locked. What would have caused this?

The user's device is non-compliant and was remotely locked.

A user calls and complains that she cannot access important company files from her personal device. You confirm that Intune policies are properly set up and assigned to her. What could be the issue that is blocking her from accessing the files?

The user's device is rooted or jailbroken.

You have a folder on your Windows desktop system that you would like to share with members of your development team. Your team needs to be able to view and edit any file in the shared folder. You share the folder and give each member of your team the Full Control permission to the shared folder. Your team reports, however, that they cannot see the shared folder on the network. Which of the following must be done in order for your team members to see the shared folder on the network? (Select three.)

Turn on Network discovery in the Domain network profile on your team member's computers. Turn on File and printer sharing in the Domain network profile on your computer. Turn on Network discovery in the Domain network profile on your computer.

You are preparing to share a project folder with your team. You are all on the same network domain. Which sharing options must you select to make sure the team can see the project folder? (Select two. Both are required for a complete solution.)

Turn on network discovery Turn on file and printer sharing

The Windows 10 Pro and Enterprise editions let you manage your printers using the Printer Management app. Which of the following are tasks that can be managed from the Print Management console? (Select three.)

View and manage printer queues. View all printers and print servers. Deploy printers using Group Policy.

Why are many organizations implementing co-management today?

Windows 10 devices are cloud-managed while previous versions are managed using Configuration Manager.