Microsoft MD-102 Online Practice Questions and Exam Preparation

Microsoft MD-102 Online Questions & Answers

• Question 121:

  HOTSPOT

  You have a Microsoft 365 subscription.

  You plan to enable Microsoft Intune enrollment for the following types of devices:

  1. Existing Windows 11 devices managed by using Configuration Manager

  2. Personal iOS devices

  The solution must minimize user disruption.

  Which enrollment method should you use for each device type? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Co-management

  Existing Windows 11 devices managed by using Configuration Manager

  Co-management enrollment

  If you use Configuration Manager, and want to continue to use Configuration Manager, then co-management enrollment is for you. Co-management manages Windows 10/11 devices using Configuration Manager and Microsoft Intune together. You cloud-attach your existing Configuration Manager environment to Intune. This enrollment option runs some workloads in Configuration Manager, and other workloads in Intune.

  Box 2: User enrollment

  Personal iOS devices BYOD: User and Device enrollment

  These iOS/iPadOS devices are personal or BYOD (bring your own device) devices that can access organization email, apps, and other data. Starting with iOS 13 and newer, this enrollment option targets users or targets devices. It doesn't require resetting the devices.

  Note: Enroll iOS and iPadOS devices in Microsoft Intune

  Personal and organization-owned devices can be enrolled in Intune. Once they're enrolled, they receive the policies and profiles you create. You have the following options when enrolling iOS/iPadOS devices:

  Automated device enrollment (ADE) Apple Configurator BYOD: User and Device enrollment

  Incorrect:

  * Automated Device Enrollment

  Automated Device Enrollment (ADE) (supervised)

  Previously called Apple Device Enrollment Program (DEP). Use on devices owned by your organization. This option configures settings using Apple Business Manager (ABM) or Apple School Manager (ASM). It enrolls a large number of devices, without you ever touching the devices. These devices are purchased from Apple, have your preconfigured settings, and can be shipped directly to users or schools. You create an enrollment profile in the Intune admin center, and push this profile to the devices.

  * Apple Configurator

  Apple Configurator enrollment

  Use on devices owned by your organization, and includes Direct Enrollment. This option requires you to physically connect iOS/iPadOS devices to a Mac computer using the USB port.

  https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-windows

  https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-ios-ipados

• Question 122:

  You have 25 computers that run Windows 10 Pro.

  You have a Microsoft 365 E5 subscription that uses Microsoft Intune.

  You need to upgrade the computers to Windows 11 Enterprise by using an in-place upgrade. The solution must minimize administrative effort.

  What should you use?

  A. Microsoft Deployment Toolkit (MDT) and a default image of Windows 11 Enterprise
  B. Microsoft Configuration Manager and a custom image of Windows 11 Enterprise
  C. Windows Autopilot
  D. Subscription Activation
  A. Microsoft Deployment Toolkit (MDT) and a default image of Windows 11 Enterprise

  ---

  Explanation

  Autopilot does not upgrade Windows version. The only approach listed to perform upgrade in-place is MDT with DEFAULT image

• Question 123:

  HOTSPOT

  You have groups that use the Dynamic Device membership type as shown in the following table.

  

  You are deploying Microsoft 365 apps.

  You have devices enrolled in Microsoft Intune as shown in the following table.

  

  In the Microsoft Intune admin center, you create a Microsoft 365 Apps app as shown in the exhibit. (Click the Exhibit tab.)

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 124:

  Your company has a wireless access point that uses WPA2-Enterprise.

  You need to configure a computer to connect to the wireless access point.

  What should you do first?

  A. Create a provisioning package in Windows Configuration Designer.
  B. Request a passphrase.
  C. Request and install a certificate.
  D. Create a Connection Manager Administration Kit (CMAK) package.
  B. Request a passphrase.

  ---

  Explanation

  https://support.microsoft.com/en-za/help37/windows-setting-up-wireless-network

• Question 125:

  DRAG DROP

  You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.

  You import a Windows 11 image to DS1.

  You have an executable installer for an application named App1.

  You need to ensure that App1 will be installed for all the task sequences that deploy the image.

  Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  Select and Place:

  

  

  ---

  Step 1: Add App1 to DS1

  First add the application in the MDT console.

  Step 2: Identify the GUID of App1.

  Install an application when deploying Windows

  Step 3: Modify CustomSettings.ini

  It is possible in the CustomSettings.ini file, to check the default program to add the following line:

  ApplicationsXXX ={GUID-APPLICATION} or to force the installation of the application box checked and grayed out:

  MandatoryApplicationsXXX ={GUID-APPLICATION} XXX = numerical value from 000 to 999

  https://rdr-it.com/en/mdt-installation-of-applications-when-deploying-windows/

• Question 126:

  You have a Microsoft 365 subscription.

  You need to provide a user the ability Security defaults and create Conditional Access policies. The solution must use the principle of least privilege.

  Which role should you assign to the user?

  A. Global Administrator
  B. Conditional Access Administrator
  C. Security Administrator
  D. Intune Administrator
  B. Conditional Access Administrator

  ---

  Explanation

  To enable security defaults (or confirm they're already enabled)

  Important

  You must be a Security Administrator, Conditional Access administrator, or Global Administrator to perform this task.

  Note: Turn on multi-factor authentication

  Multi-factor authentication (MFA) is a very important first step in securing your organization. Microsoft 365 Business Premium includes the option to use security defaults or Conditional Access policies to turn on MFA for your admins and user accounts. For most organizations, security defaults offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use Conditional Access policies instead.

  This article provides information about:

  Security defaults (suitable for most businesses)

  Conditional Access (for businesses with more stringent security requirements)

  https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?

• Question 127:

  You need to recommend a solution to monitor update deployments.

  What should you include in the recommendation?

  A. Windows Server Update (WSUS)
  B. the Update Management solution in Azure Automation
  C. the Update Compliance solution in Azure Log Analytics
  D. the Azure Security Center
  C. the Update Compliance solution in Azure Log Analytics

  ---

  Explanation

  https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-monitor

• Question 128:

  HOTSPOT

  You have a Microsoft 365 subscription that includes Microsoft Intune and Microsoft Defender for Endpoint.

  Users have devices that run Windows 11.

  You deploy a connection from Defender for Endpoint to Intune.

  You need to ensure that when a device is enrolled in Intune, the device is onboarded automatically to Defender for Endpoint

  What should you configure, and which portal should you use? To answer, select the appropriate options in the answer area

  NOTE: Each correct selection is worth one point.

  

  

• Question 129:

  You have a Microsoft 365 subscription that includes Microsoft Intune.

  You have an update ring named UpdateRing1 that contains the following settings:

  1. Automatic update behavior: Auto install and restart at a scheduled time

  2. Automatic behavior frequency: First week of the month

  3. Scheduled install day: Tuesday

  4. Scheduled install time: 3 AM

  From the Microsoft Intune admin center, you select Uninstall for the feature updates of UpdateRing1.

  When will devices start to remove the feature updates?

  A. when a user approves the uninstall
  B. as soon as the policy is received
  C. next Tuesday
  D. the first Tuesday of the next month
  B. as soon as the policy is received

  ---

  Explanation

  Update rings for Windows 10 and later policy in Intune

  Uninstall

  An Intune administrator can use Uninstall to uninstall (roll back) the latest feature update or the latest quality update for an active or paused update ring. After uninstalling one type, you can then uninstall the other type. Intune doesn't support or manage the ability of users to uninstall updates.

  Important

  When you use the Uninstall option, Intune passes the uninstall request to devices immediately.

  Windows devices start removal of updates as soon as they receive the change in Intune policy. Update removal isn't limited to maintenance schedules, even when they're configured as part of the update ring.

  If the update removal requires a device restart, the device restarts without offering device users an option to delay.

  https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-update-rings

• Question 130:

  HOTSPOT

  You have the Microsoft Deployment Toolkit (MDT) installed in three sites as shown in the following table.

  

  You use Distributed File System (DFS) Replication to replicate images in a share named Production.

  You configure the following settings in the Bootstrap.ini file.

  

  You plan to deploy Windows 10 to the computers shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.