Last Updated on November 5, 2022 by InfraExam

MD-101 : Managing Modern Desktops : Part 02

  1. Your company plans to deploy tablets to 50 meeting rooms.

    The tablets run Windows 10 and are managed by using Microsoft Intune. The tablets have an application named App1.

    You need to configure the tablets so that any user can use App1 without having to sign in. Users must be prevented from using other applications on the tablets.

    Which device configuration profile type should you use?

    • Kiosk
    • Endpoint protection
    • Identity protection
    • Device restrictions
  2. All of your company’s devices are managed via Microsoft Intune.

    conditional access is used to prevent devices that are not compliant with company security policies, from accessing Microsoft 365 services.

    You need to access Device compliance to view the non-compliant devices.

    Where should you access Device compliance from?

    • System Center Configuration Manager
    • Windows Defender Security Center.
    • The Intune admin center.
    • The Azure Active Directory admin center.
  3. You manage a large number of Windows 10 computers.

    You have been tasked with creating a provisioning package that will allow you to remove the Microsoft News and the Xbox Microsoft Store apps, as well as add a VPN connection to the company network.

    Which of the following are the customization settings you should configure?

    • Connections and Personalization
    • ConnectivityProfiles and Policies
    • Connections and Policies
    • ConnectivityProfiles and Personalization
  4. All users at your company have Azure AD joined Windows 10 workstations that are managed via Microsoft Intune.

    You have been tasked with making sure that Windows Analytics is used to monitor the workstations centrally.

    Which of the following actions should you take?

    • You should create a device configuration profile via Intune.
    • You should create a device compliance policy via Intune.
    • You should create a Windows AutoPilot deployment profile via Intune.
    • You should create an app configuration policy via Intune.
  5. Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft Intune.

    You are creating a device configuration profile for the workstations. You have been informed that a custom image should be displayed on the sign-in screen.

    Which of the following is a Device restriction setting that should be configured?

    • Locked screen experience
    • Personalization
    • Display
    • General

    Explanation: 
    Sign-in screen, or Locked screen, image is set under Locked screen experience

  6. Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft Intune.

    You are creating a device configuration profile for the workstations. You have been informed that a custom image should be displayed as the Desktop background picture.

    Which of the following is a Device restriction setting that should be configured?

    • Locked screen experience
    • Personalization
    • Display
    • General
    Explanation: 
    Wallpaper image, or Desktop background picture, URL is set under Personalization
  7. Your company has a large number of Windows 10 workstations that are managed via Microsoft Intune.

    Delivery Optimization is not being used for Windows updates at present.

    You want to make sure that Delivery Optimization is configured for all of the workstations.

    Which of the following actions should you take?

    • You should create a device configuration profile via Intune.
    • You should create a device compliance policy via Intune.
    • You should create a Windows AutoPilot deployment profile via Intune.
    • You should create a conditional access policy via Intune.
  8. Your company’s environment includes the following:

    – Microsoft Azure Active Directory (Azure AD)
    – Microsoft 365
    – Microsoft Intune
    – Azure Information Protection.

    A new security policy declares that enrollment for private devices in Intune is not required. However, to access corporate email information, users have to make use of a PIN for authentication purposes. Also, users are able to access corporate cloud services from their private iOS and Android devices. Furthermore, the copying corporate email information to a cloud storage service should not be allowed, unless users are copying the information to Microsoft OneDrive for Business.

    You have to make sure that security policy is enforced.

    Which of the following actions should you take?

    • You should create a data loss prevention (DLP) policy.
    • You should create a device enrollment policy.
    • You should create an app protection policy.
    • You should create a Windows AutoPilot deployment profile.
  9. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

    Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft Intune.

    You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted.

    Solution: You make use of Windows Defender Antivirus.

    Does the solution meet the goal?

    • Yes
    • No
  10. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

    Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft Intune.

    You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted.

    Solution: You make use of Windows Defender SmartScreen.

    Does the solution meet the goal?

    • Yes
    • No
  11. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

    Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft Intune.

    You have been tasked with making sure that the workstations are only able to run applications that you have explicitly permitted.

    Solution: You make use of Windows Defender Application Guard.

    Does the solution meet the goal?

    • Yes
    • No
  12. You are currently making use of the Antimalware Assessment solution in Microsoft Azure Log Analytics.

    You have accessed the Protection Status dashboard and find that there is a device that has no real time protection.

    Which of the following could be a reason for this occurring?

    • Windows Defender has been disabled.
    • You need to install the Azure Diagnostic extension.
    • Windows Defender Credential Guard is incorrectly configured.
    • Windows Defender System Guard is incorrectly configured.
  13. You are currently making use of the Antimalware Assessment solution in Microsoft Azure Log Analytics.

    You have accessed the Protection Status dashboard and find that there is a device that is not reporting.

    Which of the following could be a reason for this occurring?

    • Windows Defender System Guard is incorrectly configured.
    • You need to install the Azure Diagnostic extension.
    • Windows Defender Application Guard is incorrectly configured.
    • The Microsoft Malicious Software Removal tool is installed.
  14. You need to consider the underlined segment to establish whether it is accurate.

    To enable Windows Defender Credential Guard on Windows 10 computers, the computers must have Hyper-V installed.

    Select “No adjustment required” if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

    What should you install on the computers?

    • No adjustment required.
    • Windows Defender Smartscreen
    • a virtual machine
    • a container cluster
  15. You manage one hundred Microsoft Azure Active Directory (Azure AD) joined Windows 10 devices.

    You want to make sure that users are unable to join their home PC’s to Azure AD.

    Which of the following actions should you take?

    • You should configure the Enrollment restriction settings via the Device enrollment blade in the Intune admin center.
    • You should configure the Enrollment restriction settings via the Security & Compliance admin center.
    • You should configure the Enrollment restriction settings via the Azure Active Directory admin center.
    • You should configure the Enrollment restriction settings via the Windows Defender Security Center.
  16. You need to consider the underlined segment to establish whether it is accurate.

    To enable sideloading in Windows 10, you should navigate to the For developers setting via Update & Security in the Settings app.

    Select “No adjustment required” if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

    • No adjustment required.
    • Widows Insider
    • Delivery Optimization
    • Activation
  17. You need to consider the underlined segment to establish whether it is accurate.

    To enable sideload a LOB application in Windows 10, you should run the Install-Package cmdlet.

    Select “No adjustment required” if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

    • No adjustment required.
    • Install-PackageProvider
    • Save-Package
    • Add-AppxPackage
  18. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

    Your company’s environment includes a Microsoft 365 subscription.

    Users in the company’s sales division have personal iOS or Android devices that are enrolled in Microsoft Intune. New users are added to the sales division on a monthly basis.

    After a mobile application is created for users in the sales division, you are instructed to make sure that the application can only be downloaded by the sales division users

    Solution: You start by adding the application to Microsoft Store for Business.

    Does the solution meet the goal?

    • Yes
    • No
  19. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

    Your company’s environment includes a Microsoft 365 subscription.

    Users in the company’s sales division have personal iOS or Android devices that are enrolled in Microsoft Intune. New users are added to the sales division on a monthly basis.

    After a mobile application is created for users in the sales division, you are instructed to make sure that the application can only be downloaded by the sales division users

    Solution: You start by assigning the application to a group.

    Does the solution meet the goal?

    • Yes
    • No
  20. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

    Your company’s environment includes a Microsoft 365 subscription.

    Users in the company’s sales division have personal iOS or Android devices that are enrolled in Microsoft Intune. New users are added to the sales division on a monthly basis.

    After a mobile application is created for users in the sales division, you are instructed to make sure that the application can only be downloaded by the sales division users.

    Solution: You start by adding the application to Intune.

    Does the solution meet the goal?

    • Yes
    • No