Microsoft MD-102 Online Practice Questions and Exam Preparation

Microsoft MD-102 Online Questions & Answers

• Question 211:

  You have a Microsoft 365 subscription that contains 1,000 iOS devices and includes Microsoft Intune.

  You need to prevent the printing of corporate data from managed apps on the devices.

  What should you configure?

  A. an app configuration policy
  B. a security baseline
  C. an app protection policy
  D. an iOS app provisioning profile
  C. an app protection policy

  ---

  Explanation

  iOS app protection policy settings.

  The policy settings that are described can be configured for an app protection policy on the Settings pane in the portal when you make a new policy.

  Policy settings include:

  * Printing Org data

  Select Block to prevent the app from printing work or school data. If you leave this setting to Allow, the default value, users will be able to export and print all Org data.

  https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios

• Question 212:

  HOTSPOT

  You have a Microsoft 365 subscription that contains devices enrolled in Microsoft Intune as shown in the following table.

  

  You plan to use the following remote actions on the devices:

  1. Collect diagnostics

  2. Locate device

  3. Remote lock

  Which remote actions does each device support? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Collection diagnostics, Locate device, and Remote lock Device1 Windows

  Box 2: Locate device and Remote lock only

  Device2 iOS Box 3: Locate device and Remote lock only

  Device3 macOS Note: Available remote actions

  The available device actions depend on the device platform and the device configuration. Not all actions are available for all devices.

  The following list includes some common device actions:

  * Collect diagnostics

  Collects diagnostic logs from a device and uploads the logs to Intune.

  Windows 10

  * Locate device

  Shows the approximate location of a device on a map.

  - Android

  - iOS/iPadOS

  - Windows

  * Remote lock

  Locks a device and resets its password.

  - Android

  - iOS/iPadOS

  - macOS Reference:

  https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-management

• Question 213:

  You have a Microsoft 365 E5 subscription that contains devices enrolled in Microsoft Intune.

  You need to review security tasks in the Microsoft Intune admin center.

  What should you do first?

  A. Integrate Intune with Microsoft Defender for Endpoint.
  B. Implement the ServiceNow connector.
  C. Implement the Mobile Threat Defense connector.
  D. Deploy an attack surface reduction (ASR) policy.
  E. Deploy an Intune security baseline for Microsoft Defender for Endpoint.
  A. Integrate Intune with Microsoft Defender for Endpoint.

  ---

  Explanation

  Use Microsoft Intune security tasks to remediate device vulnerabilities identified by Microsoft Defender for endpoint

  When you integrate Microsoft Defender for Endpoint with Microsoft Intune, you can leverage Defender's threat and vulnerability management through Intune security tasks. These tasks help Intune admins understand and address current vulnerabilities based on guidance from Defender for Endpoint. This integration enhances the discovery and prioritization of vulnerabilities, improving remediation response times across your environment.

  How integration works

  After you integrate Intune with Microsoft Defender for Endpoint, Defender for Endpoint receives threat and vulnerability details from Intune-managed devices. These details are visible to security admins in the Microsoft Defender Security Center console.

  https://learn.microsoft.com/en-us/mem/intune/protect/atp-manage-vulnerabilities

• Question 214:

  DRAG DROP

  Your company has a Microsoft 365 E5 tenant.

  All the devices of the company are enrolled in Microsoft Intune.

  You need to create advanced reports by using custom queries and visualizations from raw Microsoft Intune data.

  Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  Select and Place:

  

  

  ---

  Step 1: Purchase an Azure subscription.

  Complex reporting functionality require an Azure subscription.

  Step 2: Create a Log Analytics workspace.

  Each Azure resource requires its own diagnostic setting. The diagnostic setting defines the following for a resource: * One or more destinations to send the logs. Current destinations include Log Analytics workspace, Event Hubs, and Azure Storage.

  * Categories of logs and metric data sent to the destinations defined in the setting. The available categories will vary for different resource types.

  * Retention policy for data stored in Azure Storage.

  Step 3: Add diagnostic settings.

  You can create and view custom reports using the following steps:

  1. Sign in to the Microsoft Endpoint Manager admin center.

  2. Select Reports > Diagnostic settings add a diagnostic setting.

  3. Etc.

  https://docs.microsoft.com/en-us/mem/intune/fundamentals/reports

• Question 215:

  Your network contains an Active Directory domain named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10.

  On Computer1, you need to run the Invoke-Command cmdlet to execute several PowerShell commands on Computer2.

  What should you do first?

  A. On Computer2, run the Enable-PSRemoting cmdlet.
  B. On Computer2, add Computer1 to the Remote Management Users group.
  C. From Active Directory, configure the Trusted for Delegation setting for the computer account of Computer2.
  D. On Computer1, run the New-PSSession cmdlet.
  A. On Computer2, run the Enable-PSRemoting cmdlet.

  ---

  Explanation

  https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting

• Question 216:

  HOTSPOT

  You have a Microsoft 365 tenant and an internal certification authority (CA).

  You need to use Microsoft Intune to deploy the root CA certificate to managed devices.

  Which type of Intune policy and profile type template should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Configuration profile

  Create a trusted certificate profile.

  Box 2: Trusted certificate

  When using Intune to provision devices with certificates to access your corporate resources and network, use a trusted certificate profile to deploy the trusted root certificate to those devices. Trusted root certificates establish a trust from the device to your root or intermediate (issuing) CA from which the other certificates are issued.

  https://docs.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root

• Question 217:

  You have a Microsoft 365 tenant that uses Microsoft Intune.

  You use the Company Portal app to access and install published apps to enrolled devices.

  From the Microsoft Intune admin center, you add a Microsoft Store app.

  Which two App information types are visible in the Company Portal?

  NOTE: Each correct selection is worth one point.

  A. Privacy URL
  B. Information URL
  C. Developer
  D. Owner
  A. Privacy URL
  B. Information URL

  ---

  Explanation

  In the Microsoft Store App information page available through Microsoft Endpoint Manager admin center, the app details include: *

  Privacy URL: Optionally, enter the URL of a website that contains privacy information for this app. The URL is displayed to users in the company portal.

  * Developer: Optionally, enter the name of the app developer.

  Information URL or Owner are not included.

  https://docs.microsoft.com/en-us/mem/intune/apps/store-apps-windows

• Question 218:

  HOTSPOT

  You have a server named Server1 and computers that run Windows 10. Server1 has the Microsoft Deployment Toolkit (MDT) installed.

  You plan to upgrade the Windows 10 computers to Windows 11 by using the MDT deployment wizard.

  You need create a deployment share on Server1.

  What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 219:

  You have a Microsoft 365 E5 subscription.

  You need to create a dynamic device group that will contain any device that has the word Marketing in its name.

  Which device membership rule should you use?

  A. (device.displayName -in "'Marketing'")
  B. (device.displayName -contains "'Marketing'")
  C. (device.displayName -in "Marketing")
  D. (device.displayName -contains "Marketing")
  D. (device.displayName -contains "Marketing")

• Question 220:

  HOTSPOT

  Your network contains an on-premises Active Directory domain that contains the locations shown in the following table.

  

  In Microsoft Intune, you enroll the Windows 10 devices shown in the following table.

  

  You have a Delivery Optimization device configuration profile applied to all the devices. The profile is configured as shown in the following exhibit.

  

  From which devices can Device1 and Device2 get updates? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  https://garvis.ca/2021/06/01/delivery-optimization-know-your-options/