Microsoft MD-102 Online Practice Questions and Exam Preparation

Microsoft MD-102 Online Questions & Answers

• Question 301:

  You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

  You use Microsoft Intune to manage devices.

  You plan to deploy two apps named App1 and App2 to all Windows devices. App1 must be installed before App2.

  From the Intune admin center, you create and deploy two Windows app (Win32) apps.

  You need to ensure that App1 is installed before App2 on every device.

  What should you configure?

  A. the App1 deployment configurations
  B. a dynamic device group
  C. a detection rule
  D. the App2 deployment configurations
  D. the App2 deployment configurations

  ---

  Explanation

  Detection rules in Win32 apps are telling Intune how to tell if the application has been installed or not. Configure a dependency in the win32 app deployment screen even has this wording: "Software dependencies are applications that must be installed before this application can be installed"

  Configure App1 first so that it'll be selectable in the dependencies section

• Question 302:

  HOTSPOT

  You have a Microsoft 365 E5 subscription.

  You create an app protection policy for Android device named Policy1 as shown in the following exhibit.

  

  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Install the Company Portal app on the device

  On Android, Android devices will prompt to install the Intune Company Portal app regardless of which Device Management type is chosen. For example, if you select 'Android Enterprise' then users with unmanaged Android devices will still be prompted.

  Box 2: device only

  App protection policies can apply to apps running on devices that may or may not be managed by Intune.

  Important

  It can take time for app protection policies to apply to existing devices. End users will see a notification on the device when the app protection policy is applied. Apply your app protection policies to devices before applying condidtional access rules.

  https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policies#app-protection-policies-for-iosipados-and-android-apps

• Question 303:

  Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

  After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

  You have a Microsoft Entra tenant named contoso.com.

  You purchase an Android device named Device1.

  You need to register Device1 in contoso.com.

  Solution: You use the Microsoft Authenticator app.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  Correct:

  * You use the Microsoft Intune Company Portal app.

  Incorrect:

  * You use Microsoft Entra Connect.

  * You use the Google Chrome app.

  * You use the Microsoft Authenticator app.

  Note:

  Correct:

  * You use the Microsoft Intune Company Portal app.

  The Microsoft Intune Company Portal app is the correct solution for registering an Android device in the Microsoft Entra tenant. The Company Portal app is designed for users to enroll their devices into Microsoft Intune, which will then register the device with the Microsoft Entra tenant. This app allows users to manage their device registrations, access corporate resources, and apply policies.

  Incorrect:

  * You use the Microsoft Authenticator app.

  The Microsoft Authenticator app is used primarily for multi-factor authentication (MFA) and passwordless authentication. While it can be used for identity verification, it is not intended for registering devices in a Microsoft Entra tenant. The Company Portal app is required for device registration and management.

  * You use Microsoft Entra Connect.

  Microsoft Entra Connect is a tool used to synchronize on-premises Active Directory with Microsoft Entra ID (Azure AD). It is not used for registering mobile devices. Microsoft Entra Connect does not handle device enrollment or registration for mobile devices such as Android.

  https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-device-android-company-portal

• Question 304:

  DRAG DROP

  You have a Microsoft 365 subscription that contains the devices shown in the following table.

  

  You need to ensure that only devices running trusted firmware or operating system builds can access network resources.

  Which compliance policy setting should you configure for each device? To answer, drag the appropriate settings to the correct devices. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  Box 1: Require Secure Boot to be enabled on the device Windows 10

  Require Secure Boot to be enabled on the device:

  Not configured (default) - This setting isn't evaluated for compliance or non-compliance.

  Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.

  Box 2: Prevent jailbroken devices from having corporate access. iOS

  Device Compliance settings for iOS/iPadOS in Intune

  As part of your mobile device management (MDM) solution, use these settings to require an email, mark rooted (jailbroken) devices as not compliant, set an allowed threat level, set passwords to expire, and more.

  This feature applies to:

  iOS

  iPadOS

  Device Health

  Jailbroken devices

  Supported for iOS 8.0 and later

  Not configured (default) - This setting isn't evaluated for compliance or non-compliance.

  Block - Mark rooted (jailbroken) devices as not compliant.

  Box 3: Prevent rooted devices from having corporate access Android Enterprise

  Device compliance settings for Android Enterprise in Intune

  As part of your mobile device management (MDM) solution, use these settings to mark rooted devices as not compliant, set an allowed threat level, enable Google Play Protect, and more.

  This feature applies to:

  Android Enterprise

  Device Health

  Jailbroken devices

  Supported for iOS 8.0 and later

  Not configured (default) - This setting isn't evaluated for compliance or non-compliance.

  Block - Mark rooted (jailbroken) devices as not compliant.

  https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows

  https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios

• Question 305:

  You have a Microsoft 365 subscription and use Microsoft Intune Suite.

  The subscription contains devices enrolled in Intune as shown in the following table.

  

  Which devices support Device query?

  A. Device1 only
  B. Device2 only
  C. Device1 and Device2 only
  D. Device1, Device2, Device3, and Device4
  C. Device1 and Device2 only

• Question 306:

  You have a Microsoft Deployment Toolkit (MDT) deployment share.

  You plan to deploy Windows 11 by using the Standard Client Task Sequence template.

  You need to modify the task sequence to perform the following actions:

  1. Format disks to support Unified Extensible Firmware Interface (UEFI).

  2. Create a recovery partition.

  Which phase of the task sequence should you modify?

  A. Preinstall
  B. PostInstall
  C. Install
  D. Initialization
  A. Preinstall

  ---

  Explanation

  Create Extra Partition in MDT

  We will create a new task sequence for a machine that doesn't have an extra partition.

  1. On the Select Template page, click the drop-down and select Standard Client Task Sequence. Complete the remaining steps.

  2. Edit the task sequence and click the New Computer only step. Within that step, click Format and Partition Disk(BIOS) step and edit it.

  Etc.

  https://www.prajwaldesai.com/create-extra-partition-in-mdt/

• Question 307:

  HOTSPOT

  You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.

  

  All devices contain an app named App1 and are enrolled in Microsoft Intune.

  You need to prevent users from copying data from App1 and pasting the data into other apps.

  Which type of policy and how many policies should you create in Intune? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 308:

  You have an Azure AD tenant named contoso.com.

  You plan to purchase 25 computers that run Windows 11. You plan to deliver the computers directly to users.

  You need to ensure that during the out-of-box experience (OBE), users are prompted to sign in, and then the computers are configured to use Microsoft Intune.

  Which two components should you configure? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. a provisioning package
  B. automatic enrollment
  C. an unattend.xml answer file
  D. a Windows Autopilot deployment profile for self-deploying mode
  E. a Windows Autopilot deployment profile for user-driven mode
  B. automatic enrollment
  E. a Windows Autopilot deployment profile for user-driven mode

  ---

  Explanation

  https://learn.microsoft.com/en-us/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal

  https://learn.microsoft.com/en-us/autopilot/user-driven

• Question 309:

  HOTSPOT

  You have a Microsoft Deployment Toolkit (MDT) solution that is used to manage Windows 11 deployment tasks.

  MDT contains the operating system images shown in the following table.

  

  You need to perform a Windows 11-place upgrade on several computers that run Windows 10.

  From the Deployment Workbench, you open the New Task Sequence Wizard.

  You need to identify which task sequence template and which operating system image to use for the task sequence. The solution must minimize administrative effort.

  What should you identify? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1:

  Standard Client Upgrade Task Sequence Use Template: Standard Client Upgrade Task Sequence

  In-place upgrade is the preferred method to use when migrating from Windows 10/11 to a later release of Windows 10/11, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple.

  Box 2: Install.wim

  In-place upgrade differs from computer refresh in that you cannot use a custom image to perform the in-place upgrade.

  https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit

• Question 310:

  You have a Microsoft 365 subscription that uses Microsoft Intune.

  You have five new Windows 11 Pro devices.

  You need to prepare the devices for corporate use. The solution must meet the following requirements:

  1. Install Windows 11 Enterprise on each device.

  2. Install a Windows Installer (MSI) package named App1 on each device.

  3. Add a certificate named Certificate1 that is required by App1.

  4. Join each device to Azure AD.

  Which three provisioning options can you use? Each correct answer presents a complete solution.

  NOTE: Each correct selection is worth one point.

  A. subscription activation
  B. a custom Windows image
  C. an in-place upgrade
  D. Windows Autopilot
  E. provisioning packages
  B. a custom Windows image
  D. Windows Autopilot
  E. provisioning packages

  ---

  Explanation

  https://learn.microsoft.com/en-us/mem/autopilot/pre-provision

  https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-bulk-enroll

  https://learn.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-packages