Real IT Certification Exams Questions & Dumps | Get Certified with CertQuestionsBank.com

Question#1

You have a Microsoft 365 subscription that contains 500 Android Enterprise devices.
All the devices are enrolled in Microsoft Intune.
You need to deliver bookmarks to the Chrome browser on the devices.
What should you create?

A. a compliance policy

B. a configuration profile

C. an app protection policy

D. an app configuration policy

Question#2

You have a Microsoft 365 subscription that contains a user named User1. User1 is assigned a Windows 10/11 Enterprise E3 license.
You use Microsoft Intune Suite to manage devices.
User1 activates the following devices:
• Device1: Windows 11 Enterprise
• Device2: Windows 10 Enterprise
• Device3: Windows 11 Enterprise
How many more devices can User1 activate?

A. 2

B. 3

C. 7

D. 8

Explanation:
When you purchase Windows 10/11 Enterprise E3 via a partner, you get the following benefits:
* Deploy on up to five devices. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
* Etc.
Reference: https://learn.microsoft.com/en-us/windows/deployment/windows-10-enterprise-e3-overview

Question#3

Your network contains an Active Directory domain named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10.
On Computer1, you need to run the Invoke-Command cmdlet to execute several PowerShell commands on Computer2.
What should you do first?

A. On Computer2, run the Enable-PSRemoting cmdlet.

B. On Computer2, add Computer1 to the Remote Management Users group.

C. From Active Directory, configure the Trusted for Delegation setting for the computer account of Computer2.

D. On Computer1, run the New-PSSession cmdlet.

Explanation:
Reference: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting

Question#4

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
Auto-enrollment in Intune is configured.
You have 100 Windows 11 devices in a workgroup.
You need to connect the devices to the corporate wireless network and enroll 100 new Windows 11 devices in Intune.
What should you use?

A. a provisioning package

B. a Group Policy Object (GPO)

C. mobile device management (MDM) automatic enrollment

D. a device configuration policy

Explanation:
Set up automatic enrollment for Windows 10/11 devices
You can set up Microsoft Intune to automatically enroll corporate owned or user owned devices. You can scope automatic enrollment to some Azure AD users, all users, or none.
You can configure MDM enrollment settings so that both corporate and bring-your- own-devices can be automatically enrolled in Intune. If your intent is to enable automatic enrollment for Windows BYOD devices to an MDM, configure the MDM user scope to All (or Some, and specify a group) and configure the MAM user scope to None (or Some, and specify a group, ensuring that users are not members of a group targeted by both MDM and MAM user scopes). For corporate devices, the MDM user scope takes precedence if both MDM and MAM user scopes are enabled. The device will be automatically enrolled in the configured MDM.
Reference: https://learn.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment

Question#5

DRAG DROP
You have a Microsoft 365 subscription that contains devices enrolled in Microsoft Intune.
You need to create Endpoint security policies to enforce the following requirements:
• Computers that run macOS must have FileVault enabled.
• Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.
• Computers that run Windows 10 must have Microsoft Defender Application Control enabled.
Which Endpoint security feature should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

A.

Explanation:
Box 1: Disk encryption
Computers that run macOS must have FileVault enabled.
Intune supports macOS FileVault disk encryption. FileVault is a whole-disk encryption program that is included with macOS. You can use Intune to configure FileVault on devices that run macOS 10.13 or later.
Box 2: Attack surface reduction (ASR)
Computers that run Windows 10 must have Microsoft Defender Application Control enabled.
Attack surface reduction profiles include:
* Application control - Application control settings can help mitigate security threats by restricting the applications that users can run and the code that runs in the System Core (kernel). Manage settings that can block unsigned scripts and MSIs, and restrict Windows PowerShell to run in Constrained Language Mode.
Note: Attack surface reduction rules target certain software behaviors, such as:
Launching executable files and scripts that attempt to download or run files
Running obfuscated or otherwise suspicious scripts
Performing behaviors that apps don't usually initiate during normal day-to-day work
Box 3: Account protection
Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.
The account protection policy is focused on settings for Windows Hello and Credential Guard, which is part of Windows identity and access management.
Note: Microsoft Defender Credential Guard protects against credential theft attacks. It isolates secrets so that only privileged system software can access them.
Reference:
https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices-filevault
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy

MD-102 Online Practice Questions

Question#1

Question#2

Question#3

Question#4

Question#5

Top 20 Exams

Important Links

Know Us

Follow Us