MD-102 Online Practice Questions and Answers

Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection.

The company's security policy states the following:

1.

Personal devices do not need to be enrolled in Intune.

2.

Users must authenticate by using a PIN before they can access corporate email data.

3.

Users can use their personal iOS and Android devices to access corporate cloud services.

4.

Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.

You need to configure a solution to enforce the security policy.

What should you create?

A. a device configuration profile from the Microsoft Intune admin center

B. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal

C. an insider risk management policy from the Microsoft Purview compliance portal

D. an app protection policy from the Microsoft Intune admin center

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.

You plan to use Endpoint analytics.

You need to create baseline metrics.

What should you do first?

A. Modify the Baseline regression threshold.

B. Onboard 10 devices to Endpoint analytics.

C. Create a Log Analytics workspace.

D. Create an Azure Monitor workbook.

Your company uses Microsoft Intune.

More than 500 Android and iOS devices are enrolled in the Intune tenant.

You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.

You need to ensure that the policies can target the devices based on their version of Android or iOS.

What should you configure first?

A. groups that have dynamic membership rules in Azure AD

B. Device categories in Intune

C. Corporate device identifiers in Intune

D. Device settings in Azure AD

You have several computers that run Windows 10. The computers are in a workgroup.

You need to prevent users from using Microsoft Store apps on their computer.

What are two possible ways to achieve the goal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. From Security Settings in the local Group Policy, configure Security Options.

B. From Administrative Templates in the local Group Policy, configure the Store settings.

C. From Security Settings in the local Group Policy, configure Software Restriction Policies.

D. From Security Settings in the local Group Policy, configure Application Control Policies.

An employee reports that she must perform a BitLocker recovery on her laptop. The employee does not have her BitLocker recovery key but does have a Windows 10 desktop computer. What should you instruct the employee to do from the desktop computer?

A. Run the manage-bde.exe “status command

B. From BitLocker Recovery Password Viewer, view the computer object of the laptop

C. Go to https://account.activedirectory.windowsazure.com and view the user account profile

D. Run the Enable-BitLockerAutoUnlock cmdlet

Your network contains an on-premises Active Directory domain. The domain contains two computers named Computer1 and Computer2 that run Windows 10.

You install Windows Admin Center on Computer1.

You need to manage Computer2 from Computer1 by using Windows Admin Center.

What should you do on Computer2?

A. Update the TrustedHosts list.

B. Run the Enable-PSRemoting cmdlet.

C. Allow Windows Remote Management (WinRM) through the Microsoft Defender firewall.

D. Add an inbound Microsoft Defender Firewall rule.

You have the devices shown in the following table.

You plan to implement Microsoft Defender for Endpoint.

You need to identify which devices can be onboarded to Microsoft Defender for Endpoint.

What should you identify?

A. Device1 only

B. Device2 only

C. Device1, Device2 only

D. Device1, Device2, and Device3 only

E. Device1, Device2, Device3, and Device4

You have a Microsoft 365 subscription that includes Microsoft Intune.

You plan to use Windows Autopilot to deploy Windows 11 devices.

You need to meet the following requirements during Autopilot provisioning:

1.

Display the app and profile configuration progress.

2.

Block users from using the devices until all apps and profiles are installed What should you configure?

A. an app configuration policy

B. an app protection policy

C. an enrollment device platform restriction

D. an enrollment status page

You have a Microsoft 365 ES subscription.

You use Microsoft Intune to manage all devices.

You need to prepare a Win32 app named Appl.exe for deployment.

What should you do first?

A. From the Microsoft Intune admin center, create an app configuration policy.

B. Change App1.exe to the INIUNEW1N format.

C. Change App1.exe to the INIUNEW1N format.

D. Upload App1 exe to Azure Blob Storage.

HOTSPOT

Your network contains an Active Directory domain named adatum.com, a workgroup, and computers that run Windows 10. The computers are configured as shown in the following table.

The local Administrator accounts on Computer1, Computer2, and Computer3 have the same user name and password. On Computer1, Windows Defender Firewall is configured as shown in the following exhibit.

The services on Computer1 have the following states.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.

You need to create Endpoint security policies to meet the following requirements:

1.

Hide the Firewall and network protection area in the Windows Security app.

2.

Disable the provisioning of Windows Hello for Business on the devices.

Which two policy types should you use? To answer, select the policies in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have devices that are not rooted enrolled in Microsoft Intune as shown in the following table.

The devices are members of a group named Group1.

In Intune, you create a device compliance location that has the following configurations:

1.

Name: Network1

2.

IPv4 range: 192.168.0.0/16

In Intune, you create a device compliance policy for the Android platform. The policy has the following configurations:

1.

Name: Policy1

2.

Device health: Rooted devices: Block

3.

Locations: Location: Network1

4.

Mark device noncompliant: Immediately

5.

Assigned: Group1

The Intune device compliance policy has the following configurations:

1.

Mark devices with no compliance policy assigned as: Compliant

2.

Enhanced jailbreak detection: Enabled

3.

Compliance status validity period (days): 20

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have a Microsoft 365 subscription that contains two security groups named Group1 and Group2. Microsoft 365 uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You need to assign roles in Intune to meet the following requirements:

1.

The members of Group1 must manage Intune roles and assignments.

2.

The members of Group2 must assign existing apps and policies to users and devices.

The solution must follow the principle of least privilege.

Which role should you assign to each group? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have devices enrolled in Microsoft Intune as shown in the following table.

Intune includes the device compliance policies shown in the following table.

The device compliance policies has the assignments shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have a Microsoft 365 subscription that contains a user named User1. The subscription contains devices enrolled in Microsoft Intune as shown in the following table.

Microsoft Edge is available on all the devices.

Intune has the device compliance policies shown in the following table.

The Compliance policy settings are configured as shown in the exhibit. (Click the Exhibit tab.)

You create the following Conditional Access policy:

Name: Policy1 Assignments

-Users and groups: User1

-Cloud apps or actions: Office 365 SharePoint Online Access controls

-Grant: Require device to be marked as compliant Enable policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area: