Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Microsoft MD-101

Microsoft MD-101 Exam Practice Questions (P. 3)

  • Full Access (417 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Your company plans to deploy tablets to 50 meeting rooms.
The tablets run Windows 10 and are managed by using Microsoft Intune. The tablets have an application named App1.
You need to configure the tablets so that any user can use App1 without having to sign in. Users must be prevented from using other applications on the tablets.
Which device configuration profile type should you use?
  1. A
    Kiosk
  2. B
    Endpoint protection
  3. C
    Identity protection
  4. D
    Device restrictions

Correct Answer:
A
A single-app kiosk uses the Assigned Access feature to run a single app above the lock screen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
Reference:
https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app

Question #22
All of your company's devices are managed via Microsoft Intune.
Conditional access is used to prevent devices that are not compliant with company security policies, from accessing Microsoft 365 services.
You need to access Device compliance to view the non-compliant devices.
Where should you access Device compliance from?
  1. A
    System Center Configuration Manager
  2. B
    Windows Defender Security Center.
  3. C
    The Intune admin center.
  4. D
    The Azure Active Directory admin center.

Correct Answer:
C
Open the Intune Device compliance dashboard:
1. Sign in to the Microsoft Endpoint Manager admin center.
2. Select Devices > Overview > Compliance status tab.
Important: Devices must be enrolled into Intune to receive device compliance policies.
Note 1: Intune Admin portal URL, Microsoft Endpoint Manager admin center: https://endpoint.microsoft.com
Microsoft Intune, which is a part of Microsoft Endpoint Manager, provides the cloud infrastructure, the cloud-based mobile device management (MDM), cloud- based mobile application management (MAM), and cloud-based PC management for your organization.
Note 2: Compliance reports help you review device compliance and troubleshoot compliance-related issues in your organization. Using these reports, you can view information on:
The overall compliance states of devices
The compliance status for an individual setting
The compliance status for an individual policy
Drill down into individual devices to view specific settings and policies that affect the device
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor https://docs.microsoft.com/en-us/mem/intune/fundamentals/account-sign-up

Question #23
You manage a large number of Windows 10 computers.
You have been tasked with creating a provisioning package that will allow you to remove the Microsoft News and the Xbox Microsoft Store apps, as well as add a
VPN connection to the company network.
Which of the following are the customization settings you should configure?
  1. A
    Connections and Personalization
  2. B
    ConnectivityProfiles and Policies
  3. C
    Connections and Policies
  4. D
    ConnectivityProfiles and Personalization

Correct Answer:
B
The Policy configuration service provider enables the enterprise to configure policies on Windows 10
ConnectivityProfiles is uses to configure profiles that a user will connect with, such as an email account or VPN profile.
Reference:
https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-connectivityprofiles https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions https://docs.microsoft.com/en-us/windows/configuration/wcd/wcd-policies

Question #24
All users at your company have Azure AD joined Windows 10 workstations that are managed via Microsoft Intune.
You have been tasked with making sure that Windows Analytics is used to monitor the workstations centrally.
Which of the following actions should you take?
  1. A
    You should create a device configuration profile via Intune.
  2. B
    You should create a device compliance policy via Intune.
  3. C
    You should create a Windows AutoPilot deployment profile via Intune.
  4. D
    You should create an app configuration policy via Intune.

Correct Answer:
A
To configure the setting go to Device configuration ג€" Profiles > Device Restriction ג€" Properties > Device restrictions > Reporting and Telemetry

Reference:
https://www.scconfigmgr.com/2019/03/27/windows-analytics-onboarding-with-intune/

Question #25
Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft
Intune.
You are creating a device configuration profile for the workstations. You have been informed that a custom image should be displayed on the sign-in screen.
Which of the following is a Device restriction setting that should be configured?
  1. A
    Locked screen experience
  2. B
    Personalization
  3. C
    Display
  4. D
    General

Correct Answer:
A
Sign-in screen, or Locked screen, image is set under Locked screen experience
Reference:
https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10

Question #26
Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft
Intune.
You are creating a device configuration profile for the workstations. You have been informed that a custom image should be displayed as the Desktop background picture.
Which of the following is a Device restriction setting that should be configured?
  1. A
    Locked screen experience
  2. B
    Personalization
  3. C
    Display
  4. D
    General

Correct Answer:
B
Wallpaper image, or Desktop background picture, URL is set under Personalization.
Reference:
https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10

Question #27
Your company has a large number of Windows 10 workstations that are managed via Microsoft Intune.
Delivery Optimization is not being used for Windows updates at present.
You want to make sure that Delivery Optimization is configured for all of the workstations.
Which of the following actions should you take?
  1. A
    You should create a device configuration profile via Intune.
  2. B
    You should create a device compliance policy via Intune.
  3. C
    You should create a Windows AutoPilot deployment profile via Intune.
  4. D
    You should create a conditional access policy via Intune.

Correct Answer:
A
With Intune, use Delivery Optimization settings for your Windows devices to reduce bandwidth consumption when those devices download applications and updates. Configure Delivery Optimization as part of your device configuration profiles.
Reference:
https://docs.microsoft.com/en-us/intune/delivery-optimization-windows

Question #28
Your company's environment includes the following:
✑ Microsoft Azure Active Directory (Azure AD)
✑ Microsoft 365
✑ Microsoft Intune
✑ Azure Information Protection.
A new security policy declares that enrollment for private devices in Intune is not required. However, to access corporate email information, users have to make use of a PIN for authentication purposes. Also, users are able to access corporate cloud services from their private iOS and Android devices. Furthermore, the copying corporate email information to a cloud storage service should not be allowed, unless users are copying the information to Microsoft OneDrive for
Business.
You have to make sure that security policy is enforced.
Which of the following actions should you take?
  1. A
    You should create a data loss prevention (DLP) policy.
  2. B
    You should create a device enrollment policy.
  3. C
    You should create an app protection policy.
  4. D
    You should create a Windows AutoPilot deployment profile.

Correct Answer:
C
App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app is an app that has app protection policies applied to it, and can be managed by Intune.
Reference:
https://docs.microsoft.com/en-us/intune/app-protection-policy

Question #29
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft
Intune.
You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted.
Solution: You make use of Windows Defender Antivirus.
Does the solution meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
B
Instead use Windows Defender Application Control (WDAC).
Windows Defender Application Control and virtualization-based protection of code integrity.
Using WDAC to restrict devices to only authorized apps has these advantages over other solutions:
1. WDAC lets you set application control policy for code that runs in user mode, kernel mode hardware and software drivers, and even code that runs as part of
Windows.
2. WDAC policy is enforced by the Windows kernel itself, and the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run.
3. Etc.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows- defender-application-control

Question #30
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft
Intune.
You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted.
Solution: You make use of Windows Defender SmartScreen.
Does the solution meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
B
Instead use Windows Defender Application Control (WDAC).
Windows Defender Application Control and virtualization-based protection of code integrity.
Using WDAC to restrict devices to only authorized apps has these advantages over other solutions:
1. WDAC lets you set application control policy for code that runs in user mode, kernel mode hardware and software drivers, and even code that runs as part of
Windows.
2. WDAC policy is enforced by the Windows kernel itself, and the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run.
3. Etc.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows- defender-application-control

Previous Questions Next Questions

All Pages