Skip Navigation Links
 

Microsoft - MD-101: Managing Modern Desktops

Sample Questions

Question: 235
Measured Skill: Manage apps and data (25-30%)

Your company has an Azure subscription that contains multiple devices. You have groups that use the Dynamic Device membership type as shown in the following table.



You are deploying Microsoft 365 apps.

You have devices enrolled in Microsoft Intune as shown in the following table.



In the Microsoft Endpoint Manager admin center, you create a Microsoft 365 Apps app as shown in the following exhibit:



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ALT1 will have Microsoft Office 365 installed: Yes
LT2 will have Microsoft Office 365 installed: Yes
LT3 will have Microsoft Office 365 installed: Yes
B LT1 will have Microsoft Office 365 installed: Yes
LT2 will have Microsoft Office 365 installed: Yes
LT3 will have Microsoft Office 365 installed: No
C LT1 will have Microsoft Office 365 installed: Yes
LT2 will have Microsoft Office 365 installed: No
LT3 will have Microsoft Office 365 installed: No
D LT1 will have Microsoft Office 365 installed: No
LT2 will have Microsoft Office 365 installed: Yes
LT3 will have Microsoft Office 365 installed: No
E LT1 will have Microsoft Office 365 installed: No
LT2 will have Microsoft Office 365 installed: No
LT3 will have Microsoft Office 365 installed: Yes
F LT1 will have Microsoft Office 365 installed: No
LT2 will have Microsoft Office 365 installed: No
LT3 will have Microsoft Office 365 installed: No

Correct answer: C

Explanation:

The Microsoft 365 Apps app can be created for either Windows 10 or macOS. "Microsoft 365 Apps for Windows 10" is the default name of the app for Windows 10.

App1 is assigned to Group1. The Windows 10 device LT1 is a member of Group1. Microsoft Office 365 is installed on LT1.

The device LT2 is a personal device and therefore does not comply with the membership rule of Group1 and is accordingly not a member of Group1. Microsoft Office 365 will not be installed on LT1.



Question: 236
Measured Skill: Manage apps and data (25-30%)

Your network contains an Active Directory domain. The domain contains computers that run Windows 8.1 and the users shown in the following table.



You plan to use the Microsoft Assessment and Planning (MAP) Toolkit to collect inventory data. The MAP Toolkit has the following configurations:
  • Inventory scenario: Windows computers
  • Discovery method: Use Active Directory Domain Services (AD DS)
You need to identify which user to use for the MAP Toolkit inventory discovery. The solution must use principle of least privilege.

What should you identify?

AUser3
B User1
C User4
D User2

Correct answer: A

Explanation:

The inventory scenario Windows computers uses the WMI collector to gather hardware, device, and software information from remote Windows-based computers. This collector technology is used for the following inventory scenarios and must be enabled on the remote target computers.

  • Windows computers
  • Active Devices and Users
  • Exchange Server
  • Forefront Endpoint Protection Server
  • Lync Server*
  • SQL Server*
  • SQL Server with Database Details*
  • Windows Azure Platform Migration
  • Oracle
  • Windows Volume Licensing
  • Client Access Tracking for Windows Server 2012
  • Client Access Tracking for SQL Server 2012
  • Client Access Tracking for Configuration Manager
  • Client Access Tracking for SharePoint Server 2013
  • Client Access Tracking for Remote Desktop Services

*This scenario uses a modified WMI collection query that returns a subset of the data gathered by the WMI collector in the other scenarios.

The Inventory and Assessment Wizard will not provide an option to enable WMI: You must enable it through Group Policy settings, logon scripts, or manually on each computer.

  • To connect remotely and perform the inventory, you must provide accounts that are members of the local Administrators group on the computer being inventoried.
  • For most networks, the network administrator will have a domain or local account that is a member of the local Administrators group on all the computers in the environment. These are the accounts you should enter on the Active Directory Credentials page in the Inventory and Assessment Wizard to perform the inventory.
  • By default, in Windows domain environments, the Domain Admins security group is added to the local Administrators group on a computer when it is joined to a domain.

Reference: MAP toolkit: Credentials required



Question: 237
Measured Skill: Manage policies and profiles (35-40%)

You have a hybrid deployment of Azure Active Directory (Azure AD) that contains 50 Windows 10 devices. All the devices are enrolled in Microsoft Endpoint Manager.

You discover that Group Policy settings override the settings configured in Microsoft Endpoint Manager policies.

You need to ensure that the settings configured in Microsoft Endpoint Manager override the Group Policy settings.

What should you do?

AFrom the Microsoft Endpoint Manager admin center, create an Administrative Templates device profile.
B From Group Policy Management Editor, configure the Computer Configuration settings in the Default Domain Policy.
C From the Microsoft Endpoint Manager admin center, create a custom device configuration profile.
D From Group Policy Management Editor, configure the User Configuration settings in the Default Domain Policy.

Correct answer: C

Explanation:

By default Group Policy setting win over Intune settings, when both configuration service providers have different values for the same settings.

With Windows 10, version 1803 Microsoft introduced a Policy CSP called ControlPolicyConflict/MDMWinsOverGP. It uses an integer based data type for which there are two supported values:

  • 0 (default)
  • 1 - The MDM policy is used and the GP policy is blocked.
To enable this policy, we have to create a custom device configuration profile with a custom OMA-URI setting as shown in the screenshot below.



The complete OMA-URI path is:

./Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP

Reference: Policy CSP - ControlPolicyConflict



Question: 238
Measured Skill: Manage and protect devices (15-20%)

You have a Microsoft Intune subscription associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

Users use one of the following three suffixes when they sign in to the tenant:
  • us.contoso.com
  • eu.contoso.com
  • contoso.com
You need to ensure that the users are NOT required to specify the mobile device management (MDM) enrollment URL as part of the enrollment process. The solution must minimize the number of changes.

Which DNS records do you need?

AThree TXT records
B One CNAME record only
C One TXT record only
D Three CNAME records

Correct answer: D

Explanation:

To simplify enrollment, create a domain name server (DNS) alias (CNAME record type) that redirects enrollment requests to Intune servers. Otherwise, users trying to connect to Intune must enter the Intune server name during enrollment.

If the company uses more than one UPN suffix, you need to create one CNAME for each domain name and point each one to EnterpriseEnrollment-s.manage.microsoft.com. For example, users at Contoso use the following formats as their email/UPN:

  • name@contoso.com
  • name@us.contoso.com
  • name@eu.contoso.com

The Contoso DNS admin should create the following CNAMEs:

Reference: Set up enrollment for Windows devices



Question: 239
Measured Skill: Deploy and update operating systems (15-20%)

You are an administrator for a company. You have a Microsoft 365 tenant that contains the users shown in the following table.



You have Windows 10 devices enrolled in Microsoft Intune as shown in the following table.



You create a Windows 10 update ring that has the following settings:

Basics:
  • Name: Ring1
Update ring settings:
  • Active hours start: 8 AM
  • Active hours end: 8 PM
Assignments:
  • Included Groups: All devices
  • Excluded Groups: Group1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AThe active hours on Device1 are from 8 AM to 8 PM: Yes
The active hours on Device2 are from 8 AM to 8 PM: Yes
The active hours on Device3 are from 8 AM to 8 PM: Yes
B The active hours on Device1 are from 8 AM to 8 PM: Yes
The active hours on Device2 are from 8 AM to 8 PM: Yes
The active hours on Device3 are from 8 AM to 8 PM: No
C The active hours on Device1 are from 8 AM to 8 PM: Yes
The active hours on Device2 are from 8 AM to 8 PM: No
The active hours on Device3 are from 8 AM to 8 PM: Yes
D The active hours on Device1 are from 8 AM to 8 PM: No
The active hours on Device2 are from 8 AM to 8 PM: Yes
The active hours on Device3 are from 8 AM to 8 PM: No
E The active hours on Device1 are from 8 AM to 8 PM: No
The active hours on Device2 are from 8 AM to 8 PM: No
The active hours on Device3 are from 8 AM to 8 PM: Yes
F The active hours on Device1 are from 8 AM to 8 PM: No
The active hours on Device2 are from 8 AM to 8 PM: No
The active hours on Device3 are from 8 AM to 8 PM: No

Correct answer: D

Explanation:

Update rings specify how and when Windows as a Service updates your Windows 10 devices with feature and quality updates. With Windows 10, new feature and quality updates include the contents of all previous updates. As long as you've installed the latest update, you know your Windows 10 devices are up to date.

The update ring is only applied to devices whose primary user/owner is not a member of Group1 (all devices minus the devices in Group1). This only applies to Device2.

Reference: Windows 10 update rings policy in Intune





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2021 by cert2brain.com