Skip Navigation Links
 

Microsoft - MD-102: Endpoint Administrator

Sample Questions

Question: 306
Measured Skill: Manage, maintain, and protect devices (40–45%)

You have a Microsoft 365 subscription.

You have 25 Microsoft Surface Hub devices that you plan to manage by using Microsoft Intune.

You need to configure the devices to meet the following requirements:
  • Enable Windows Hello for Business.
  • Configure Microsoft Defender SmartScreen to block users from running unverified files.
Which profile type template should you use for each requirement?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AWindows Hello for Business: Device restrictions
Microsoft Defender SmartScreen: Device restrictions (Windows 10 Team)
B Windows Hello for Business: Device restrictions (Windows 10 Team)
Microsoft Defender SmartScreen: Microsoft Defender for Endpoint (Desktop devices running Windows 10 or later)
C Windows Hello for Business: Endpoint protection
Microsoft Defender SmartScreen: Identity Protection
D Windows Hello for Business: Endpoint protection
Microsoft Defender SmartScreen: Endpoint Protection
E Windows Hello for Business: Identity protection
Microsoft Defender SmartScreen: Endpoint Protection
F Windows Hello for Business: Microsoft Defender for Endpoint (Desktop devices running Windows 10 or later)
Microsoft Defender SmartScreen: Windows health monitoring

Correct answer: E

Explanation:

Surface Hub allows IT administrators to manage settings and policies using a mobile device management (MDM) provider such as Microsoft Intune. Surface Hub has a built-in management component to communicate with the management server. There is no need to install additional clients on the device.

To enable Windows Hello for Business we need a device configuration profile of type Identity protection:

To configure Microsoft Defender SmartScreen we need a profile of type Endpoint protection:

Reference: Manage Surface Hub with an MDM provider



Question: 307
Measured Skill: Manage, maintain, and protect devices (40–45%)

You have devices enrolled in Microsoft Intune as shown in the following table.



For which devices can you manage updates by using Intune?

ADevice1 only
B Device1 and Device2 only
C Device1 and Device3 only
D Device1, Device3, and Device4 only
E Device1, Device2, Device3, and Device4

Correct answer: E

Explanation:

You can use Microsoft Intune to manage the install of Windows 10/11 security and feature updates.

You can use Microsoft Intune to manage software updates on the following Android Enterprise devices:

  • Fully Managed
  • Dedicated
  • Corporate-Owned Work Profile devices

You can use Microsoft Intune device configuration profiles to manage software updates for iOS/iPad devices and for macOS devices that are enrolled as supervised devices.

A supervised device is a device that enrolls through one of Apple's Automated Device Enrollment (ADE) options. Devices enrolled through ADE support management control through a mobile device management solution like Intune. 

References:

Manage Windows 10 and Windows 11 software updates in Intune

Android FOTA Updates

Manage iOS/iPadOS software update policies in Intune

Manage macOS software update policies in Intune



Question: 308
Measured Skill: Manage, maintain, and protect devices (40–45%)

You have 100 computers that run Windows 11. The computers are joined to a Microsoft Entra ID tenant and enrolled in Microsoft Intune.

You need to configure the following device restrictions:
  • Block users from browsing to suspicious websites.
  • Scan all scripts loaded into Microsoft Edge.
Which two settings should you configure from the Device restrictions profile?

(To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AGeneral
B Per-app privacy exceptions
C Personalization
D Start
E Windows Defender SmartScreen
F Windows Defender Antivirus

Correct answer: E, F

Explanation:

Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files.

We need to require Windows Defender SmartScreen and block users from ignoring the Windows Defender SmartScreen Filter warnings.

Also we need to configure Windows Defender Antivirus to scan scripts loaded in Microsoft web browsers.



Question: 309
Measured Skill: Manage applications (10–15%)

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Intune to manage all devices.

Users have iOS devices with Microsoft apps installed.

You need to prevent users from cutting, copying, and pasting data between Microsoft Excel and other apps installed on the devices.

What should you configure?

AAn app protection policy
B An app configuration policy
C An iOS app provisioning profile
D Policies for Microsoft Office apps

Correct answer: A

Explanation:

Intune app protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. These policies allow you to control how data is accessed and shared by apps on mobile devices. A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app in Intune is a protected app that has Intune app protection policies applied to it and is managed by Intune.

There are several benefits of using Intune app protection policies, including protecting corporate data on mobile devices without requiring device enrollment and controlling how data is accessed and shared by apps on mobile devices.

Examples of using app protection policies with Microsoft Intune include:

  • Requiring a PIN or fingerprint to access corporate email on a mobile device
  • Preventing users from copying and pasting corporate data into personal apps
  • Restricting access to corporate data to only approved apps

Reference: App protection policies overview



Question: 310
Measured Skill: Manage, maintain, and protect devices (40–45%)

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Intune to manage devices.

You need to review details about device wipes initiated through Intune.

Which report should you review?

ANoncompliant devices
B Device assignment status
C Windows device health attestation
D Device actions

Correct answer: D

Explanation:

Microsoft Intune reports allow you to more effectively and proactively monitor the health and activity of endpoints across your organization, and also provides other reporting data across Intune. For example, you'll be able to see reports about device compliance, device health, and device trends. In addition, you can create custom reports to obtain more specific data.

You can view a list of requested device actions and their statuses including initiated device wipes using the Device actions report.

You can view the Device actions report using the following steps:

  1. Sign in to the Microsoft Intune admin center.
  2. Select Devices Monitor Device actions.

Reference: Intune reports





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2024 by cert2brain.com