Microsoft MD-102 Online Practice Questions and Exam Preparation

Microsoft MD-102 Online Questions & Answers

• Question 291:

  HOTSPOT

  You have a Microsoft 365 subscription that includes Microsoft Intune.

  From the Microsoft Intune admin center, you add the apps shown in the following table.

  

  You need to configure the apps to meet the following requirements:

  App1 must automatically install for all users in the marketing department on any Windows 11 device enrolled in Intune. If a user receives a new device, App1 must install automatically.

  App2 must be available for download for any user in the HR department from a personal Android device that is not enrolled in Intune.

  Which assignment should you configure for each app? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: A required assignment to a user group

  App1 must automatically install for all users in the marketing department on any Windows 11 device enrolled in Intune. If a user receives a new device, App1 must install automatically.

  Must automatically install -> Required.

  All users in the marketing department -> User group

  Note: Assign apps to groups with Microsoft Intune

  After you've added an app to Microsoft Intune, you can assign the app to users and devices. It's important to note that you can deploy an app to a device whether or not the device is managed by Intune.

  Box 2: An Available assignment to a user group.

  App2 must be available for download for any user in the HR department from a personal Android device that is not enrolled in Intune.

  Must be available for download -> Available.

  for any user in the HR department -> User group

  Note: In Intune, you can determine who has access to an app by assigning groups of users to include and exclude. Before you assign groups to the app, you must set the assignment type for an app. The assignment type makes the app available, required, or uninstalls the app.

  To set the availability of an app, you include and exclude app assignments to a group of users or devices by using a combination of include and exclude group assignments. This capability can be useful when you make the app available by including a large group, and then narrow the selected users by also excluding a smaller group. The smaller group might be a test group or an executive group.

  https://learn.microsoft.com/en-us/mem/intune/apps/apps-inc-exl-assignments

• Question 292:

  You have a Microsoft 365 E5 subscription that contains a user named User1 and a web app named App1.

  App1 must only accept modern authentication requests.

  You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:

  Assignments

  - Users or workload identities: User1

  - Cloud apps or actions: App1

  Access controls

  - Grant: Block access

  You need to block only legacy authentication requests to App1.

  Which condition should you add to CAPolicy1?

  A. Filter for devices
  B. Device platforms
  C. User risk
  D. Sign-in risk
  E. Client apps
  E. Client apps

  ---

  Explanation

  Create a Conditional Access policy (see step 7 below).

  The following steps will help create a Conditional Access policy to block legacy authentication requests. This policy is put in to Report-only mode to start so administrators can determine the impact they'll have on existing users. When administrators are comfortable that the policy applies as they intend, they can switch to On or stage the deployment by adding specific groups and excluding others.

  Sign in to the Azure portal as a Conditional Access Administrator, Security Administrator, or Global Administrator.

  Browse to Azure Active Directory > Security > Conditional Access.

  Select New policy.

  Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.

  Under Assignments, select Users or workload identities.

  Under Include, select All users.

  Under Exclude, select Users and groups and choose any accounts that must maintain the ability to use legacy authentication. Exclude at least one account to prevent yourself from being locked out. If you don't exclude any account, you won't be able to create this policy.

  6. Under Cloud apps or actions, select All cloud apps.

  7. Under Conditions > Client apps, set Configure to Yes.

  Check only the boxes Exchange ActiveSync clients and Other clients.

  Select Done.

  8. Under Access controls > Grant, select Block access.

  Select Select.

  9. Confirm your settings and set Enable policy to Report-only.

  10. Select Create to create to enable your policy.

  After confirming your settings using report-only mode, an administrator can move the Enable policy toggle from Report-only to On.

  https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy

• Question 293:

  You have 200 computers that run Windows 10 and are joined to an Active Directory domain.

  You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy.

  Which three actions should you perform? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Enable the Allow Remote Shell access setting.
  B. Enable the Allow remote server management through WinRM setting.
  C. Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.
  D. Enable the Windows Defender Firewall: Allow inbound Remote Desktop exceptions setting.
  E. Set the Startup Type of the Remote Registry service to Automatic.
  F. Enable the Windows Defender Firewall: Allow inbound remote administration exception setting.
  B. Enable the Allow remote server management through WinRM setting.
  C. Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.
  F. Enable the Windows Defender Firewall: Allow inbound remote administration exception setting.

• Question 294:

  HOTSPOT

  You have a Microsoft 365 subscription that includes Microsoft Intune.

  You have computers that run Windows 11 as shown in the following table.

  

  You have the groups shown in the following table.

  

  You create and assign the compliance policies shown in the following table.

  

  The next day, you review the compliance status of the computers.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 295:

  You have 500 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.

  You plan to distribute certificates to the computers by using Simple Certificate Enrollment Protocol (SCEP).

  You have the servers shown in the following table.

  

  NDES issues certificates from the subordinate CA.

  You are configuring a device configuration profile as shown in the exhibit. (Click the Exhibit tab.)

  

  You need to complete the SCEP profile.

  On which server is the required root certificate located?

  A. Server1
  B. Server2
  C. Server3
  D. Server4
  C. Server3

• Question 296:

  HOTSPOT

  You have an Azure subscription that is linked to a Microsoft Entra tenant.

  The tenant contains the devices shown in the following table.

  

  You install the Azure Monitor Agent on all supported devices.

  You create a monitored object (MO) and associate the MO to a data collection rule (DCR) named DCR1.

  You configure DCR1 as shown in the following exhibit.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  

  

  ---

  Box 1: No

  No - Azure Monitor collects CPU performance data from Device.

  Device1 is not Entra joined.

  Box 2: Yes

  Device2 is Entra joined.

  Box 3: No

  Device3 is Android.

  Note: Install Azure Monitor agent on Windows client devices using the client installer

  Prerequisites 1. The machine must be running Windows client OS version 10 RS4 or higher.

  2. The machine must be domain joined to a Microsoft Entra tenant (AADj or Hybrid AADj machines), which enables the agent to fetch Microsoft Entra device tokens used to authenticate and fetch data collection rules from Azure.

  3. Etc.

  Supported device types

  Includes Windows 10, 11, but not Android.

  https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-windows-client

• Question 297:

  Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.

  Computer1 has apps that are compatible with Windows 10.

  You need to perform a Windows 10 in-place upgrade on Computer1.

  Solution: You copy the Windows 10 installation media to a network share. You start Computer1 from Windows PE (WinPE), and then you run setup.exe from the network share.

  Does this meet the goal?

  A. Yes
  B. No
  A. Yes

• Question 298:

  HOTSPOT

  You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.

  You need to set a custom image as the wallpaper and sign-in screen.

  Which two settings should you configure in the Device restrictions configuration profile? To answer, select the appropriate settings in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  lock screen Experience > "locked screen picture url" option.

  Personnalization > "Desktop background picture url" option.

• Question 299:

  You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

  You use Microsoft Intune to manage devices.

  You need to review the startup times and restart frequencies of the devices.

  What should you use?

  A. Azure Monitor
  B. Intune Data Warehouse
  C. Microsoft Defender for Endpoint
  D. Endpoint analytics
  D. Endpoint analytics

  ---

  Explanation

  Restart frequency in endpoint analytics.

  In endpoint analytics startup performance, we've provided insights into PC boot times, and how to improve the reboot times of poorly performing devices. Reboot frequency can be just as impactful to the user experience since a device that reboots daily because of Stop errors will have a poor user experience even if the boot times are fast. We've recently added insights into restart frequencies within your organization to help you identify problematic devices.

  Prerequisites

  Devices are enrolled in endpoint analytics.

  Enroll Configuration Manager devices

  Enroll Intune devices

  After enrollment, client devices require a restart to fully enable all analytics.

  Etc.

  https://learn.microsoft.com/en-us/mem/analytics/restart-frequency

• Question 300:

  HOTSPOT

  To which devices do Policy1 and Policy2 apply? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Device 3 only

  Policy1 applies to Device3 (Android)

  Box 2: Device 4 only

  Policy2 applies to Device4 (iOS)

  https://docs.microsoft.com/en-us/intune/device-profile-assign