Skip Navigation Links
 

Microsoft - MD-101: Managing Modern Desktops

Sample Questions

Question: 91
Measured Skill: Manage and protect devices (15-20%)

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.

You need to configure an Intune device configuration profile to meet the following requirements:
  • Prevent Microsoft Office applications from launching child processes.
  • Block users from transferring files over FTP.
Which two settings should you configure in Endpoint protection?

(To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AWindows Defender Application Guard
B Windows Defender Firewall
C Windows Defender Smart Screen
D Windows Defender Exploit Guard
E Windows Defender Application Control
F Windows Defender Security Center

Correct answer: B, D

Explanation:

The Windows Defender Firewall settings allow to block the File Transfer Protocol (FTP):



The Windows Defender Exploit Guard settings allow to block Office apps from launching child processes:



Question: 92
Measured Skill: Deploy and update operating systems (15-20%)

You are an administrator for a company. Your company uses Microsoft Intune and has multiple Computers registered for Windows Autopilot.

You need to assign the same deployment profile to all the computers that are configured by using Windows Autopilot.

Which two actions should you perform?

(Each correct answer presents part of the solution. NOTE: each correct selection is worth one point.)

AJoin the computers to Microsoft Azure Active Directory (Azure AD).
B Assign a Windows AutoPilot deployment profile to a group.
C Join the computers to an on-premises Active Directory domain.
D Create a Microsoft Azure Active Directory (Azure AD) group that has dynamic membership rules and uses the operatingSystem tag.
E Create a Group Policy object (GPO) that is linked to a domain.
F Create a Microsoft Azure Active Directory (Azure AD) group that has dynamic membership rules and uses the ZTDID tag.

Correct answer: B, F

Explanation:

You can create a dynamic group in Intune that automatically includes all devices registered for Windows AutoPilot as members.

The exhibit shows the rule of such a group:



References: Create an Autopilot device group

Question: 93
Measured Skill: Manage and protect devices (15-20%)

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All users have computers that run Windows 10. The computers are joined to Azure AD and managed by using Microsoft Intune.

You need to ensure that you can centrally monitor the computers by using Windows Analytics.

What should you create in Intune?

AA device configuration profile
B A conditional access policy
C A device compliance policy
D An update policy

Correct answer: A

Explanation:

Use an Intune Device Configuration Profile to configure the sharing of diagnostic data for Microsoft 365 Analytics:



See also: Reporting and telemetry

Question: 94
Measured Skill: Deploy and update operating systems (15-20%)

Your company has a System Center Configuration Manager deployment that uses hybrid mobile device management (MDM). All Windows 10 devices are Active Directory domain-joined.

You plan to migrate from hybrid MDM to Microsoft Intune standalone.

You successfully run the Intune Data Importer tool.

You need to complete the migration.

Which two actions should you perform?

(Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.)

AIn Intune, add a device enrollment manager (DEM).
B Change the tenant MDM authority to Intune.
C Assign all users Intune licenses.
D Create a new Intune tenant.

Correct answer: B, C

Explanation:

We need to change the tenant-level MDM authority from Configuration Manager to Intune and assign Intune licenses to all users.

Reference: Migrate hybrid MDM users and devices to Intune standalone

Question: 95
Measured Skill: Deploy and update operating systems (15-20%)

You are an administrator for a company. You use Microsoft Intune to manage Windows updates.

You have computers that run Windows 10. The computers are in a workgroup and are enrolled in Intune. The computers are configured as shown in the following table.



On each computer, the Select when Quality Updates are received Group Policy setting is configured as shown in the following table.



You have Windows 10 update rings in Intune as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AOn Computer1, quality updates will be deferred for two days: Yes
On Computer2, quality updates will be deferred for seven days: Yes
On Computer3, quality updates will be deferred for 14 days: Yes
B On Computer1, quality updates will be deferred for two days: Yes
On Computer2, quality updates will be deferred for seven days: No
On Computer3, quality updates will be deferred for 14 days: Yes
C On Computer1, quality updates will be deferred for two days: No
On Computer2, quality updates will be deferred for seven days: Yes
On Computer3, quality updates will be deferred for 14 days: No
D On Computer1, quality updates will be deferred for two days: Yes
On Computer2, quality updates will be deferred for seven days: Yes
On Computer3, quality updates will be deferred for 14 days: No
E On Computer1, quality updates will be deferred for two days: No
On Computer2, quality updates will be deferred for seven days: No
On Computer3, quality updates will be deferred for 14 days: Yes
F On Computer1, quality updates will be deferred for two days: No
On Computer2, quality updates will be deferred for seven days: No
On Computer3, quality updates will be deferred for 14 days: No

Correct answer: B

Explanation:

Update rings specify how and when Windows as a Service updates your Windows 10 devices. Update rings are policies that you assign to groups of devices. By using update rings, you can create an update strategy that mirrors your business needs.

Computer1 is a member of Group1. Ring1 is assigned to Group1 and configures a quality update deferral for 2 days.

Computer2 is a member of Group2. Ring2 is assigned to Group2 and configures a quality update deferral for 7 days. The GPO setting on Computer2 configures a quality update deferral for 5 days. By default, Group Policy settings have higher precedence over Intune policies when there is a setting conflict.

Computer3 is a member of Group3. Ring3 is assigned to Group3 and configures a quality update deferral for 14 days.

Note: Roles determine what access admins have to which objects. Scope tags determine which objects admins can see. The scope tags have no effect on the assignments.

Group Policy setting: Select when Quality Updates are received
Enable this policy to specify when to receive quality updates.

You can defer receiving quality updates for up to 30 days.

To prevent quality updates from being received on their scheduled time, you can temporarily pause quality updates. The pause will remain in effect for 35 days or until you clear the start date field.

To resume receiving Quality Updates which are paused, clear the start date field.

If you disable or do not configure this policy, Windows Update will not alter its behavior.

References:

Windows 10 Group Policy Vs Intune Policy Who wins

Use role-based access control (RBAC) and scope tags for distributed IT

Configure Windows Update for Business



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2019 by cert2brain.com