Skip Navigation Links
 

Microsoft - MD-101: Managing Modern Desktops

Sample Questions

Question: 329
Measured Skill: Manage apps and data (25-30%)

You have a Microsoft 365 subscription.

You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).

You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD.

You need to ensure that the desktop theme, taskbar settings, and Bluetooth settings are available on the new computers.

What should you use?

AFolder Redirection
B The Microsoft SharePoint Migration Tool
C Enterprise State Roaming
D Roaming user profiles

Correct answer: C

Explanation:

With Windows 10, Azure Active Directory (Azure AD) users gain the ability to securely synchronize their user settings and application settings data to the cloud. Enterprise State Roaming provides users with a unified experience across their Windows devices and reduces the time needed for configuring a new device. Enterprise State Roaming operates similar to the standard consumer settings sync that was first introduced in Windows 8. Additionally, Enterprise State Roaming offers:

  • Separation of corporate and consumer data – Organizations are in control of their data, and there is no mixing of corporate data in a consumer cloud account or consumer data in an enterprise cloud account.

  • Enhanced security – Data is automatically encrypted before leaving the user’s Windows 10 device by using Azure Rights Management (Azure RMS), and data stays encrypted at rest in the cloud. All content stays encrypted at rest in the cloud, except for the namespaces, like settings names and Windows app names.

  • Better management and monitoring – Provides control and visibility over who syncs settings in your organization and on which devices through the Azure AD portal integration.
Reference: Enable Enterprise State Roaming in Azure Active Directory

Question: 330
Measured Skill: Manage policies and profiles (35-40%)

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.

You need to create Endpoint security policies to meet the following requirements:
  • Hide the Firewall & network protection area in the Windows Security app.
  • Disable the provisioning of Windows Hello for Business on the devices.
Which two policy types should you use?

(To answer, select the policies in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAntivirus
B Firewall
C Endpoint detection and response
D Attack surface reduction
E Account protection
F Device compliance

Correct answer: A, E

Explanation:

We should use an endpoint security policy of type Antivirus\Windows Security Experience to hide the "Firewall & Network Protection" page in the Windows Security app:



We should use an endpoint security policy of type Account Protection\Account Protection (Preview) to prevent using Windows Hello for Business:



Question: 331
Measured Skill: Manage and protect devices (15-20%)

You have a Microsoft 365 E5 subscription.

You need to download a report that lists all the devices that are NOT enrolled in Microsoft Intune and are assigned an app protection policy.

What should you select in the Microsoft Endpoint Manager admin center?

AApps, and then App protection policies
B Apps, and then Monitor
C Devices, and then Monitor
D Reports, and then Device compliance

Correct answer: B

Explanation:

You can monitor the status of the app protection policies that you've applied to users from the Intune app protection pane in Intune. Additionally, you can find information about the users affected by app protection policies, policy compliance status, and any issues that your users might be experiencing.

Reference: How to monitor app protection policies



Question: 332
Measured Skill: Manage policies and profiles (35-40%)

You have 100 Windows 10 devices enrolled in Microsoft Intune.

You need to configure the devices to retrieve Windows updates from the internet and from other computers on a local network.

Which Delivery Optimization setting should you configure, and which type of Intune object should you create?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ADelivery Optimization setting: Bandwith optimization type
Intune object: Windows 10 quality updates
B Delivery Optimization setting: Bandwith optimization type
Intune object: A configuration profile
C Delivery Optimization setting: Download mode
Intune object: Windows update rings
D Delivery Optimization setting: Download mode
Intune object: A configuration profile
E Delivery Optimization setting: VPN peer caching
Intune object: App configuration policies
F Delivery Optimization setting: VPN peer caching
Intune object: Windows update rings

Correct answer: D

Explanation:

We should create a device configuration profile for Windows 10 and later based on the Delivery Optimization template.

We should set the download mode to HTTP blended with peering behind the same NAT (1) to ensure that clients will get updates from the internet and from other computers on your network that are behind the same Network Address Translation (NAT) IP addresses.

Reference: Delivery Optimization settings for Windows devices in Intune



Question: 333
Measured Skill: Manage and protect devices (15-20%)

You have the devices shown in the following table.



You plan to implement Microsoft Defender for Endpoint.

You need to identify which devices can be onboarded to Microsoft Defender for Endpoint.

What should you identify?

ADevice3 only
B Device1, Device2, and Device3 only
C Device1, Device2, Device3, and Device4
D Device2 and Device3 only
E Device2, Device3, and Device4 only

Correct answer: B

Explanation:

Endpoint Protection can help manage and monitor Microsoft Defender for Endpoint. Microsoft Defender for Endpoint helps enterprises detect, investigate, and respond to advanced attacks on their networks. Configuration Manager policies can help you onboard and monitor Windows 10 or later clients.

Microsoft Defender for Endpoint's cloud-based portal is Microsoft Defender Security Center. By adding and deploying a client onboarding configuration file, Configuration Manager can monitor deployment status and Microsoft Defender for Endpoint agent health.

You can onboard the following operating systems:

  • Windows 8.1
  • Windows 10, version 1607 or later
  • Windows 11
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server Semi-Annual Channel (SAC), version 1803 or later
  • Windows Server 2019
  • Windows Server 2022

Reference: Microsoft Defender for Endpoint





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2022 by cert2brain.com