Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Microsoft > Microsoft 365 Certified: Endpoint Administrator Associate > MD-102

MD-102 Endpoint Administrator Question and Answers

Question # 4

You have a Microsoft 365 subscription.

You have devices enrolled in Microsoft Intune as shown in the following table.

To which devices can you deploy apps by using Intune?

A.

Device1 only

B.

Device1 and Device2 only

C.

Device1 and Device3 only

D.

Device1, Device2, and Device3 only

E.

Device1, Device2, Device3, and Device4

Full Access
Question # 5

You have a Microsoft 365 subscription. The subscription contains 500 computers that run Windows 11 and are enrolled in Microsoft Intune. You need to manage the deployment of monthly security updates. The solution must meet the following requirements:

• Updates must be deployed to a group of test computers for quality assurance.

• Updates must be deployed automatically 15 days after the quality assurance testing.

What should you create in the Microsoft Intune admin center?

A.

a device Configuration profile

B.

an update ring

C.

a feature update policy

D.

a security baseline

Full Access
Question # 6

You have a Microsoft 365 E5 subscription. All Windows devices are enrolled in Microsoft Intune.

You need to create an app protection policy named Policy1 and apply Policy1 to the devices. What can you protect by using Policy1?

A.

Microsoft Outlook

B.

Microsoft OneDrive

C.

Microsoft Teams

D.

Microsoft Edge

Full Access
Question # 7

You have a Microsoft 365 subscription and use the Microsoft Intune Suite. You have the devices shown in the following table.

All the devices are enrolled in Intune.

Which devices can you query by using Device query?

A.

Device1 only

B.

Device1 and Device2 only

C.

Device1, Device2, and Device3 only

D.

Device1, Device2. and Device4 only

E.

Device1, Device2. Device3, and Device4

Full Access
Question # 8

Your company has a Remote Desktop Gateway (RD Gateway).

You have a server named Server1 that is accessible by using Remote Desktop Services (RDS) through the RD Gateway.

You need to configure a Remote Desktop connection to connect through the gateway.

Which setting should you configure?

A.

Connect from anywhere

B.

Server authentication

C.

Connection settings

D.

Local devices and resources

Full Access
Question # 9

You have a Microsoft 365 E5 subscription. You purchase the following types of devices:

• Windows

• Android

• iOS

You plan to enroll the devices in Microsoft Intune. You need to configure enrollment restrictions.

For which device types can you configure device manufacturer restrictions?

A.

Android only

B.

Windows only

C.

Android and iOS only

D.

Windows and iOS only

E.

Windows. Android, and iOS

Full Access
Question # 10

You have an Azure AD tenant that contains the users shown in the following table.

You have the devices shown in the following table.

You have a Conditional Access policy named CAPolicy1 that has the following settings:

• Assignments

o Users or workload identities: User 1. User1

o Cloud apps or actions: Office 365 Exchange Online

o Conditions: Device platforms: Windows, iOS

• Access controls

o Grant Require multi-factor authentication

You have a Conditional Access policy named CAPolicy2 that has the following settings:

Assignments

o Users or workload identities: Used, User2

o Cloud apps or actions: Office 365 Exch

o Conditions

â–  Device platforms: Android, iOS

â–  Filter for devices

â–  Device matching the rule: Exclude filtered devices from policy

â–  Rule syntax: device. displayName- contains " 1 "

â–  Access controls

â–  Grant Block access

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 11

You have computers that run Windows 10 and are configured by using Windows AutoPilot.

A user performs the following tasks on a computer named Computer1:

Creates a VPN connection to the corporate network

Installs a Microsoft Store app named App1

Connects to a Wi-Fi network

You perform a Windows AutoPilot Reset on Computer1.

What will be the state of the computer when the user signs in? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 12

You have a server named Server1 and computers that run Windows 8.1. Server1 has the Microsoft Deployment Toolkit (MDT) installed.

You plan to upgrade the Windows 8.1 computers to Windows 10 by using the MDT deployment wizard.

You need to create a deployment share on Server1.

What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 13

You use a Microsoft Intune subscription to manage iOS devices.

You configure a device compliance policy that blocks jailbroken iOS devices.

You need to enable Enhanced jailbreak detection.

What should you configure?

A.

the Compliance policy settings

B.

the device compliance policy

C.

a network location

D.

a configuration profile

Full Access
Question # 14

You need to implement mobile device management (MDM) for personal devices that run Windows 11. The solution must meet the following requirements:

• Ensure that you can manage the personal devices by using Microsoft Intune.

• Ensure that users can access company data seamlessly from their personal devices.

• Ensure that users can only sign in to their personal devices by using their personal account

What should you use to add the devices to Azure AD?

A.

hybrid Microsoft Entra join

B.

Microsoft Entra joined

C.

Microsoft Entra registered

Full Access
Question # 15

You have a Microsoft 365 subscription.

You need to enable passwordless authentication for all users. The solution must meet the following requirements:

• Users in the research department cannot use mobile devices and must authenticate from unmanaged Linux devices by using an alternative method.

• To access services, users in the sales department must authenticate by using their mobile phone.

• Administrative effort must be minimized.

Which authentication method should you use for each department? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 16

You have a Microsoft 365 tenant that contains the objects shown in the following table.

You are creating a compliance policy named Compliance1.

Which objects can you specify in Compliance1 as additional recipients of noncompliance notifications?

A.

Group3 and Group4 only

B.

Group3, Group4, and Admin1 only

C.

Group1, Group2, and Group3 only

D.

Group1, Group2, Group3, and Group4 only

E.

Group1, Group2, Group3, Group4, and Admin1

Full Access
Question # 17

You have a Microsoft Entra tenant named contoso.com that contains the users shown in the following table.

You purchase the devices shown in the following table.

Administrators perform the following actions:

• Join Device1 to contoso.com by using the credentials of Admin1.

• Register Device2 in contoso.com by using the credentials of Admin2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 18

You have a Microsoft Intune subscription associated to an Azure AD tenant named contoso.com.

Users use one of the following three suffixes when they sign in to the tenant: us.contoso.com, eu.contoso.com, or contoso.com.

You need to ensure that the users are NOT required to specify the mobile device management (MDM) enrollment URL as part of the enrollment process. The solution must minimize the number of changes.

Which DNS records do you need?

A.

three CNAME records

B.

one CNAME record only

C.

three TXT records

D.

one TXT record only

Full Access
Question # 19

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

The domain syncs to a Microsoft Entra tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)

User2 fails to authenticate to the Microsoft Entra tenant when signing in as user2@fabrikam.com.

You need to ensure that User2 can access the resources in Microsoft Entra ID.

Solution: From the on-premises Active Directory domain, you set the UPN suffix for User2 to @contosoxom. You instruct User2 to sign in as user2@contoso.com.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 20

You have a Microsoft 365 E5 subscription that contains devices enrolled in Microsoft Intune. You need to review security tasks in the Microsoft Intune admin center. What should you do first?

A.

Implement the Mobile Threat Defense connector.

B.

Integrate Intune with Microsoft Defender for Endpoint.

C.

Deploy an attack surface reduction (ASR) policy.

D.

Implement the ServiceNow connector.

E.

Deploy an Intune security baseline for Microsoft Defender for Endpoint.

Full Access
Question # 21

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You plan to deploy two apps named App1 and App2 to all Windows devices. App1 must be installed before App2.

From the Intune admin center, you create and deploy two Windows app (Win32) apps.

You need to ensure that App1 is installed before App2 on every device.

What should you configure?

A.

the App1 deployment configurations

B.

a dynamic device group

C.

a detection rule

D.

the App2 deployment configurations

Full Access
Question # 22

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1. User1 has a user principal name (UPN) of user1 @contoso.com.

You join a Windows 10 device named Client1 to contoso.com.

You need to add User1 to the local Administrators group of Client1.

How should you complete the command? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 23

You have a Microsoft 365 tenant that uses Microsoft Intune to manage personal and corporate devices. The tenant contains three Windows 10 devices as shown in the following exhibit.

How will Intune classify each device after the devices are enrolled in Intune automatically? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 24

You have a Microsoft 365 subscription that uses Microsoft Intune.

You plan to manage Windows updates by using Intune.

You create an update ring for Windows 10 and later and configure the User experience settings for the ring as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Full Access
Question # 25

You have a Microsoft 365 E5 subscription. You are implementing Microsoft Defender for Cloud Apps. You need to ensure that you can create OAuth app policies-Solution: You configure Conditional Access app control. Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 26

You have a Microsoft 365 subscription that contains the devices shown in the following table.

You plan to enroll the devices in Microsoft Intune.

How often will the compliance policy check-ins run after each device is enrolled in Intune? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 27

You have the device configuration profile shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Full Access
Question # 28

You have a Microsoft 365 subscription that contains 1,000 iOS devices. The devices are enrolled in Microsoft Intune as follows:

• Two hundred devices are enrolled by using the Intune Company Portal.

• Eight hundred devices are enrolled by using Apple Automated Device Enrollment (ADE).

You create an iOS/iPadOS software updates policy named Policy 1 that is configured to install iOS/iPadOS 15.5.

How many iOS devices will Policy1 update, and what should you configure to ensure that only iOS/iPadOS 15.5 is installed? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 29

You have a Hyper-V host. The host contains virtual machines that run Windows 10 as shown in following table.

Which virtual machines can be upgraded to Windows 11?

A.

VM1 only

B.

VM2 only

C.

VM2 and VM3 only

D.

VM1.VM2. andVM3

Full Access
Question # 30

Your network contains an Active Directory domain. The domain contains 10 computers that run Windows 10. Users in the finance department use the computers.

You have a computer named Computer1 that runs Windows 10.

From Computer1, you plan to run a script that executes Windows PowerShell commands on the finance department computers.

You need to ensure that you can run the PowerShell commands on the finance department computers from Computer.

What should you do on the finance department computers?

A.

From Windows PowerShell, run the Enable-MMAgent cmdlet.

B.

From the local Group Policy, enable the Allow Remote Shell Access setting.

C.

From Windows PowerShell, run the Enable-PSRemoting cmdlet.

D.

From the local Group Policy, enable the Turn on Script Execution setting.

Full Access
Question # 31

You are evaluating which devices are compliant.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 32

You need a new conditional access policy that has an assignment for Office 365 Exchange Online.

You need to configure the policy to meet the technical requirements for Group4.

Which two settings should you configure in the policy? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 33

What is the maximum number of devices that User1 and User2 can enroll in Intune? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 34

You need to meet the technical requirements for the IT department.

What should you do first?

A.

From the Azure Active Directory blade in the Azure portal, enable Seamless single sign-on.

B.

From the Configuration Manager console, add an Intune subscription.

C.

From the Azure Active Directory blade in the Azure portal, configure the Mobility (MDM and MAM) settings.

D.

From the Microsoft Intune blade in the Azure portal, configure the Windows enrollment settings.

Full Access
Question # 35

To which devices do Policy1 and Policy2 apply? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 36

You need to meet the technical requirements for the new HR department computers.

How should you configure the provisioning package? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 37

You need to meet the requirements for the MKG department users.

What should you do?

A.

Assign the MKG department users the Purchaser role in Microsoft Store for Business

B.

Download the APPX file for App1 from Microsoft Store for Business

C.

Add App1 to the private store

D.

Assign the MKG department users the Basic Purchaser role in Microsoft Store for Business

E.

Acquire App1 from Microsoft Store for Business

Full Access
Question # 38

You need to prepare for the deployment of the Phoenix office computers.

What should you do first?

A.

Extract the hardware ID information of each computer to a CSV file and upload the file from the Devices settings in Microsoft Store for Business.

B.

Generalize the computers and configure the Mobility (MDM and MAM) settings from the Azure ActiveDirectory blade in the Azure portal.

C.

Generalize the computers and configure the Device settings from the Azure Active Directory blade in the Azure portal.

D.

Extract the hardware ID information of each computer to an XLSX file and upload the file from the Devices settings in Microsoft Store for Business.

Full Access
Question # 39

You need to meet the technical requirements for the iOS devices.

Which object should you create in Intune?

A.

A compliance policy

B.

An app protection policy

C.

A Deployment profile

D.

A device configuration profile

Full Access
Question # 40

You need to prepare for the deployment of the Phoenix office computers.

What should you do first?

A.

Generalize the computers and configure the Mobility (MDM and MAM) settings from the Azure Active Directory admin center.

B.

Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Intune blade in the Azure portal.

C.

Extract the hardware ID information of each computer to an XML file and upload the file from the Devices settings in Microsoft Store for Business.

D.

Extract the serial number information of each computer to a CSV file and upload the file from the Microsoft Intune blade in the Azure portal.

Full Access
Question # 41

You need to meet the technical requirements for the LEG department computers.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 42

You need to meet the OOBE requirements for Windows AutoPilot.

Which two settings should you configure from the Azure Active Directory blade? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 43

You need to recommend a solution to meet the device management requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 44

You need to meet the device management requirements for the developers.

What should you implement?

A.

folder redirection

B.

Enterprise State Roaming

C.

home folders

D.

known folder redirection in Microsoft OneDrive

Full Access
Question # 45

You need to meet the technical requirements for Windows AutoPilot.

Which two settings should you configure from the Azure Active Directory blade? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 46

What should you use to meet the technical requirements for Azure DevOps?

A.

An app protection policy

B.

Windows Information Protection (WIP)

C.

Conditional access

D.

A device configuration profile

Full Access
Question # 47

You need to resolve the performance issues in the Los Angeles office.

How should you configure the update settings? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 48

What should you configure to meet the technical requirements for the Azure AD-joined computers?

A.

Windows Hello for Business from the Microsoft Intune blade in the Azure portal.

B.

The Accounts options in an endpoint protection profile.

C.

The Password Policy settings in a Group Policy object (GPO).

D.

A password policy from the Microsoft Office 365 portal.

Full Access
Question # 49

What should you upgrade before you can configure the environment to support co-management?

A.

the domain functional level

B.

Configuration Manager

C.

the domain controllers

D.

Windows Server Update Services (WSUS)

Full Access
Question # 50

You need to capture the required information for the sales department computers to meet the technical

requirements.

Which Windows PowerShell command should you run first?

A.

Install-Module WindowsAutoPilotIntune

B.

Install-Script Get-WindowsAutoPilotInfo

C.

Import-AutoPilotCSV

D.

Get-WindowsAutoPilotInfo

Full Access
Question # 51

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 52

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Full Access
Question # 53

Which devices are registered by using the Windows Autopilot deployment service?

A.

Device1 only

B.

Device3 only

C.

Device1 and Device3 only

D.

Device1, Device2, and Device3

Full Access
Question # 54

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 55

Which user can enroll Device6 in Intune?

A.

User4 and User2 only

B.

User4 and User 1 only

C.

User1, User2, User3, and User4

D.

User4. User Land User2 only

Full Access
Question # 56

Which users can purchase and assign App1?

A.

User3 only

B.

User1 and User3 only

C.

User1, User2, User3, and User4

D.

User1, User3, and User4 only

E.

User3 and User4 only

Full Access
Question # 57

You implement Boundary1 based on the planned changes.

Which devices have a network boundary of 192.168.1.0/24 applied?

A.

Device2 only

B.

Device3 only

C.

Device 1. Device2. and Device5 only

D.

Device 1, Device2, Device3, and Device4 only

Full Access
Question # 58

You implement the planned changes for Connection1 and Connection2

How many VPN connections will there be for User1 when the user signs in to Device 1 and Devke2? To answer select the appropriate options in the answer area.

NOTE; Each correct selection is worth one point.

Full Access
Question # 59

User1 and User2 plan to use Sync your settings.

On which devices can the users use Sync your settings? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 60

You need to ensure that computer objects can be created as part of the Windows Autopilot deployment. The solution must meet the technical requirements.

To what should you grant the right to create the computer objects?

A.

Server2

B.

Server1

C.

GroupA

D.

DC1

Full Access