Skip Navigation Links
 

Microsoft - MD-102: Endpoint Administrator

Sample Questions

Question: 260
Measured Skill: Manage, maintain, and protect devices (40–45%)

You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices.

You need to ensure that the startup performance of managed Windows 11 devices is captured and available for review in the Intune admin center.

What should you configure?

AThe Azure Monitor agent
B A device compliance policy
C A Conditional Access policy
D An Intune data collection policy

Correct answer: D

Explanation:

To ensure that the startup performance of managed Windows 11 devices is captured and available for review in the Intune admin center, we should configure an Intune endpoint analytics data collection policy.

Endpoint analytics data collection falls into the optional category. Below are some examples of the optional data collected for devices enrolled in endpoint analytics:

  • Diagnostic, performance, and usage data tied to a user and/or device
    • logOnId
    • bootId: The system boot ID
    • coreBootTimeInMilliseconds: Time for core boot
    • totalBootTimeInMilliseconds: Total boot time
    • updateTimeInMilliseconds: Time for OS updates to complete
    • gpLogonDurationInMilliseconds: Time for Group policies to process
    • desktopShownDurationInMilliseconds: Time for desktop (explorer.exe) to be loaded
    • desktopUsableDurationInMilliseconds: Time for desktop (explorer.exe) to be usable
    • topProcesses: List of processes loaded during boot with name, with cpu usage stats and app details (Name, publisher, version). 

Reference: Endpoint analytics data collection



Question: 261
Measured Skill: Manage, maintain, and protect devices (40–45%)

You have a Microsoft Intune deployment that contains the resources shown in the following table.



You create a policy set named Set1 and add Comply1 to Set1.

Which additional resources can you add to Set1?

AConf1 only
B Comply2 only
C Comply2 and Conf1 only
D CA1, Conf1, and Office1 only
E Comply2, CA1, Conf1, and Office1

Correct answer: C

Explanation:

Policy sets allow you to create a bundle of references to already existing management entities that need to be identified, targeted, and monitored as a single conceptual unit. A policy set is an assignable collection of apps, policies, and other management objects you've created. Creating a policy set enables you to select many different objects at once, and assign them from a single place. As your organization changes, you can revisit a policy set to add or remove its objects and assignments. You can use a policy set to associate and assign existing objects, such as apps, policies, and VPNs in a single package.

Policy sets don't replace existing concepts or objects. You can continue to assign individual objects and you can also reference individual objects as part of a policy set. Therefore, any changes to those individual objects will be reflected in the policy set.

You can use policy sets to:

  • Group objects that need to be assigned together
  • Assign your organization's minimum configuration requirements on all managed devices
  • Assign commonly used or relevant apps to all users

You can include the following management objects in a policy set:

  • Apps
  • App configuration policies
  • App protection policies
  • Device configuration profiles
  • Device compliance policies
  • Windows autopilot deployment profiles
  • Enrollment status page
  • Settings catalog policies

Reference: Use policy sets to group collections of management objects



Question: 262
Measured Skill: Manage identity and compliance (15–20%)

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage Windows 11 devices.

You need to implement passwordless authentication that requires users to use number matching.

Which authentication method should you use?

AMicrosoft Authenticator
B Voice calls
C FIDO2 security keys
D Text messages

Correct answer: A

Explanation:

You can allow your employee's phone to become a passwordless authentication method. You may already be using the Authenticator app as a convenient multi-factor authentication option in addition to a password. You can also use the Authenticator App as a passwordless option.

The Authenticator App turns any iOS or Android phone into a strong, passwordless credential. Users can sign in to any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric (touch or face) or PIN to confirm. 

Passwordless authentication using the Authenticator app follows the same basic pattern as Windows Hello for Business. It's a little more complicated as the user needs to be identified so that Microsoft Entra ID can find the Authenticator app version being used:

  1. The user enters their username.
  2. Microsoft Entra ID detects that the user has a strong credential and starts the Strong Credential flow.
  3. A notification is sent to the app via Apple Push Notification Service (APNS) on iOS devices, or via Firebase Cloud Messaging (FCM) on Android devices.
  4. The user receives the push notification and opens the app.
  5. The app calls Microsoft Entra ID and receives a proof-of-presence challenge and nonce.
  6. The user completes the challenge by entering their biometric or PIN to unlock private key.
  7. The nonce is signed with the private key and sent back to Microsoft Entra ID.
  8. Microsoft Entra ID performs public/private key validation and returns a token.

Reference: Passwordless authentication options for Microsoft Entra ID



Question: 263
Measured Skill: Deploy Windows client (25–30%)

You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.



Group2 has been assigned in the Enrollment Status Page.

You have the devices shown in the following table.



You capture and upload the hardware IDs of the devices in the marketing department. You configure Windows Autopilot.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 can complete the Autopilot process on Device1: Yes
User2 can complete the Autopilot process on Device1: Yes
User3 can view device setup information during the enrollment phase of Device1: Yes
B User1 can complete the Autopilot process on Device1: Yes
User2 can complete the Autopilot process on Device1: Yes
User3 can view device setup information during the enrollment phase of Device1: No
C User1 can complete the Autopilot process on Device1: Yes
User2 can complete the Autopilot process on Device1: No
User3 can view device setup information during the enrollment phase of Device1: Yes
D User1 can complete the Autopilot process on Device1: No
User2 can complete the Autopilot process on Device1: Yes
User3 can view device setup information during the enrollment phase of Device1: No
E User1 can complete the Autopilot process on Device1: No
User2 can complete the Autopilot process on Device1: Yes
User3 can view device setup information during the enrollment phase of Device1: Yes
F User1 can complete the Autopilot process on Device1: No
User2 can complete the Autopilot process on Device1: No
User3 can view device setup information during the enrollment phase of Device1: No

Correct answer: E

Explanation:

Before a device is deployed using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Only the devices of the marketing department (Device1 and Device3) are registered with Autopilot.

Windows Autopilot requires the user to have an Intune license assigned. Intune is included in Microsoft 365 E3 and in Microsoft 365 E5.

The enrollment status page appears during initial device setup and during first user sign in. If enabled, users can see the configuration progress of assigned apps and profiles targeted to their device.

Note: The question states "Group2 has been assigned in the Enrollment Status Page. " The default Enrollment Status page includes all devices and the assignment cannot be changed.

References:

Overview of Windows Autopilot

Windows Autopilot deployment for existing devices

Set up the Enrollment Status Page



Question: 264
Measured Skill: Manage, maintain, and protect devices (40–45%)

You have a Microsoft 365 E5 subscription that uses Microsoft Intune.

Devices are enrolled in Intune as shown in the following table.



The devices are the members of groups as shown in the following table.



You create an iOS/iPadOS update profile as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AIf an iOS update becomes available on Tuesday at 5 AM, the update is installed on Device1 automatically on Wednesday: Yes
If an iPadOS update becomes available on Thursday at 2 AM, the update is installed on Device2 automatically on Thursday: Yes
If an iPadOS update becomes available on Friday at 10 PM, the update is installed on Device3 automatically on Sunday: Yes
B If an iOS update becomes available on Tuesday at 5 AM, the update is installed on Device1 automatically on Wednesday: Yes
If an iPadOS update becomes available on Thursday at 2 AM, the update is installed on Device2 automatically on Thursday: Yes
If an iPadOS update becomes available on Friday at 10 PM, the update is installed on Device3 automatically on Sunday: No
C If an iOS update becomes available on Tuesday at 5 AM, the update is installed on Device1 automatically on Wednesday: Yes
If an iPadOS update becomes available on Thursday at 2 AM, the update is installed on Device2 automatically on Thursday: No
If an iPadOS update becomes available on Friday at 10 PM, the update is installed on Device3 automatically on Sunday: Yes
D If an iOS update becomes available on Tuesday at 5 AM, the update is installed on Device1 automatically on Wednesday: No
If an iPadOS update becomes available on Thursday at 2 AM, the update is installed on Device2 automatically on Thursday: Yes
If an iPadOS update becomes available on Friday at 10 PM, the update is installed on Device3 automatically on Sunday: No
E If an iOS update becomes available on Tuesday at 5 AM, the update is installed on Device1 automatically on Wednesday: No
If an iPadOS update becomes available on Thursday at 2 AM, the update is installed on Device2 automatically on Thursday: No
If an iPadOS update becomes available on Friday at 10 PM, the update is installed on Device3 automatically on Sunday: Yes
F If an iOS update becomes available on Tuesday at 5 AM, the update is installed on Device1 automatically on Wednesday: No
If an iPadOS update becomes available on Thursday at 2 AM, the update is installed on Device2 automatically on Thursday: No
If an iPadOS update becomes available on Friday at 10 PM, the update is installed on Device3 automatically on Sunday: No

Correct answer: C

Explanation:

The device update profile excludes Group2 (Device2) and applies to Device1 and Device3 only.

Updates are installed outside the scheduled time only. This is between Wedndesday 1 PM and Friday 1 AM and between Saturday 11 PM and Monday 1 AM.

By default, devices check in with Intune about every eight hours. If an update is available through an update policy, the device downloads the update. The device then installs the update upon next check-in within your schedule configuration.

Reference: Manage iOS/iPadOS software update policies in Intune





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2024 by cert2brain.com