Microsoft MD-102 Online Practice Questions and Exam Preparation

Microsoft MD-102 Online Questions & Answers

• Question 281:

  HOTSPOT

  You have an Azure Active Directory Premium Plan 2 subscription that contains the users shown in the following table.

  

  You purchase the devices shown in the following table.

  

  You configure automatic mobile device management (MDM) and mobile application management (MAM) enrollment by using the following settings:

  MDM user scope: Group1

  MAM user scope: Group2

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 282:

  You are creating a device configuration profile in Microsoft Intune.

  You need to configure specific OMA-URI settings in the profile.

  Which profile type template should you use?

  A. Device restrictions (Windows 10 Team)
  B. Identity protection
  C. Custom
  D. Device restrictions
  C. Custom

  ---

  Explanation

  Windows client custom profiles use Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings to configure different features. These settings are typically used by mobile device manufacturers to control features on the device.

  https://docs.microsoft.com/en-us/mem/intune/configuration/custom-settings-windows-10

• Question 283:

  HOTSPOT

  You have an Azure AD tenant that contains the users shown in the following table.

  

  You have devices enrolled in Microsoft Intune as shown in the following table.

  

  From Intune, you create and send a custom notification named Notification1 to Group1.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 284:

  You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.

  You plan to perform a security audit of all the apps detected by Cloud Discovery.

  You need to track which apps were audited. The solution must ensure that the list of audited apps can be displayed in the cloud app catalog.

  What should you do?

  A. Apply a custom app tag to each app.
  B. Deploy Conditional Access App Control.
  C. Define each app as a critical asset.
  D. Generate a Cloud Discovery snapshot report.
  E. Enable app governance.
  A. Apply a custom app tag to each app.

  ---

  Explanation

  Filter and query discovered apps in Microsoft Defender for Cloud Apps. When you have a large number of discovered apps, you'll find it useful to filter and query them.

  By applying custom app tags to the apps detected by Cloud Discovery, you can effectively categorize and track those apps within the cloud app catalog. Custom tags can be used to denote the status of apps, including whether they have been audited, allowing for easy identification and reporting.

  https://learn.microsoft.com/en-us/defender-cloud-apps/discovered-app-queries

• Question 285:

  HOTSPOT

  You have a Microsoft 365 subscription.

  All computers are enrolled in Microsoft Intune.

  You have business requirements for securing your Windows 11 environment as shown in the following table.

  

  What should you implement to meet each requirement? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: A conditional access policy

  Box 2: A device compliance policy Compliance policies in Intune:

  Define the rules and settings that users and devices must meet to be compliant.

  Include actions that apply to devices that are noncompliant. Actions for noncompliance can alert users to the conditions of noncompliance and safeguard data on noncompliant devices.

  Can be combined with Conditional Access, which can then block users and devices that don't meet the rules.

  https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

• Question 286:

  Your network contains an Active Directory domain named contoso.com. The domain contains 25 computers that run Windows 11.

  You have a Microsoft 365 subscription

  You have an Azure AD tenant that syncs with contoso.com.

  You configure hybrid Azure AD join and discover that some of the computers have a registered state of Pending.

  You need to ensure that the computers complete the join successfully.

  What should you ensure?

  A. that Windows is activated on all the computers
  B. that the users of the computers are assigned Microsoft 365 licenses
  C. that each computer has a line of sight to a domain controller
  D. that the computers contain the latest quality updates
  C. that each computer has a line of sight to a domain controller

  ---

  Explanation

  Pending devices in Azure Active Directory

  How a device gets stuck in a pending state: There are two scenarios in which a device can be stuck in a pending state.

  Sync a new on-premises domain joined device to Azure AD

  A new on-premises device can get stuck in a pending state if it can't complete the device registration process. This problem can be caused by several factors, such as that the *device can't connect to the registration service*.

  To troubleshoot a device registration problem, see:

  Troubleshooting hybrid Azure Active Directory joined devices

  *-> Test Device Registration Connectivity

  Note: Pending devices are devices that are synced to Azure Active Directory (Azure AD) from your on-premises Active Directory, but haven't completed registration with the Azure AD device registration service. When the registered state of a device is pending, the device can't complete any authorization or authentication requests, such as requesting a Primary Refresh token for single sign-on, or applying device-based Conditional Access policies.

  https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/pending-devices

• Question 287:

  HOTSPOT

  You have a Microsoft 365 E5 subscription.

  You use Microsoft Intune to manage Windows 365 Cloud PC devices.

  You need to deploy a Windows 365 Security Baseline to the Cloud PC devices. The solution must meet the following requirements:

  1. Block data execution prevention.

  2. Enable virtualization-based security (VBS) and Secure Boot.

  What should you configure for the Windows 365 Security Baseline profile? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 288:

  You have a Microsoft 365 E5 subscription.

  All devices are enrolled in Microsoft Intune.

  You need to ensure that devices that have NOT checked in for 30 days are deleted from Intune.

  What should you configure from the Microsoft Intune admin center?

  A. a device limit restriction
  B. automatic enrollment
  C. a device clean-up rule
  D. a configuration profile
  C. a device clean-up rule

• Question 289:

  DRAG DROP

  You have a Microsoft 365 E5 subscription that includes Microsoft Intune.

  The subscription contains Android Enterprise devices that are enrolled in Intune and have personally-owned work profiles. All the Android devices are members of a group named Group1.

  You need to ensure that end users and Intune administrators receive an email message when an Android device does NOT have an up-to-date security provider.

  Which actions should you perform from the Microsoft Intune admin center in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

• Question 290:

  You have a Microsoft 365 tenant that contains the devices shown in the following table.

  

  The devices are managed by using Microsoft Intune.

  You create a compliance policy named Policy1 and assign Policy1 to Group1. Policy1 is configured to mark a device as Compliant only if the device security settings match the settings specified in the policy.

  You discover that devices that are not members of Group1 are shown as Compliant.

  You need to ensure that only devices that are assigned a compliance policy can be shown as Compliant. All other devices must be shown as Not compliant.

  What should you do from the Microsoft Intune admin center?

  A. From Device compliance, configure the Compliance policy settings.
  B. From Endpoint security, configure the Conditional access settings.
  C. From Tenant administration, modify the Diagnostic settings.
  D. From Policy1, modify the actions for noncompliance.
  A. From Device compliance, configure the Compliance policy settings.

  ---

  Explanation

  There are two parts to compliance policies in Intune:

  Compliance policy settings - Tenant-wide settings that are like a built-in compliance policy that every device receives. Compliance policy settings set a baseline for how compliance policy works in your Intune environment, including whether devices that haven't received any device compliance policies are compliant or noncompliant.

  Device compliance policy - Platform-specific rules you configure and deploy to groups of users or devices. These rules define requirements for devices, like minimum operating systems or the use of disk encryption. Devices must meet these rules to be considered compliant.

  https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started