MS-101 : Microsoft 365 Mobility and Security : Part 01

MS-101 : Microsoft 365 Mobility and Security : Part 01

1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You are deploying Microsoft Endpoint Manager.

   You successfully enroll Windows 10 devices in Endpoint Manager.

   When you try to enroll an iOS device in Endpoint Manager, you get an error.

   You need to ensure that you can enroll the iOS device in Endpoint Manager.

   Solution: You add your user account as a device enrollment manager.

   Does this meet the goal?

   • Yes
   • No

2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You are deploying Microsoft Endpoint Manager.

   You successfully enroll Windows 10 devices in Endpoint Manager.

   When you try to enroll an iOS device in Endpoint Manager, you get an error.

   You need to ensure that you can enroll the iOS device in Endpoint Manager.

   Solution: You configure the Apple MDM Push certificate.

   Does this meet the goal?

   • Yes
   • No

3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You are deploying Microsoft Endpoint Manager.

   You successfully enroll Windows 10 devices in Endpoint Manager.

   When you try to enroll an iOS device in Endpoint Manager, you get an error.

   You need to ensure that you can enroll the iOS device in Endpoint Manager.

   Solution: You create an Apple Configurator enrollment profile.

   Does this meet the goal?

   • Yes
   • No

4. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

   You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

   You configure pilot co-management.

   You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

   You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

   Solution: You create a device configuration profile from the Device Management admin center.

   Does this meet the goal?

   • Yes
   • No

5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

   You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

   You configure pilot co-management.

   You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

   You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

   Solution: You add Device1 to an Active Directory group.

   Does this meet the goal?

   • Yes
   • No

6. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

   You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

   You configure pilot co-management.

   You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

   You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

   Solution: You unjoin Device1 from the Active Directory domain.

   Does this meet the goal?

   • Yes
   • No

7. HOTSPOT

   Your network contains an Active Directory forest named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

   You use Microsoft Endpoint Configuration Manager for device management.

   You have the Windows 10 devices shown in the following table.

    

   

   You configure Endpoint Configuration Manager co-management as follows:

   Automatic enrollment in Intune: Pilot
   Pilot collection for all workloads: Collection2

   You configure co-management workloads as shown in the following exhibit.

    

   

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

    

8. HOTSPOT

   You have three devices enrolled in Microsoft Intune as shown in the following table.

    

   

   The device compliance policies in Intune are configured as shown in the following table.

    

   

   The device compliance policies have the assignments shown in the following table.

   

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

9. You have Windows 10 Pro devices that are joined to an Active Directory domain.

   You plan to create a Microsoft 365 tenant and to upgrade the devices to Windows 10 Enterprise.

   You are evaluating whether to deploy Windows Hello for Business.

   What are two prerequisites of the deployment? Each correct answer presents a complete solution.

   NOTE: Each correct selection is worth one point.

   • Microsoft Endpoint Manager enrollment
   • Microsoft Azure Active Directory (Azure AD)
   • smartcards
   • TPM-enabled devices

10. You have a Microsoft 365 tenant.

    All users are assigned the Enterprise Mobility + Security license.

    You need to ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the device is enrolled in Microsoft Endpoint Manager automatically.

    What should you configure?

    • Enrollment restrictions from the Endpoint Manager admin center
    • device enrollment managers from the Endpoint Manager admin center
    • MAM User scope from the Azure Active Directory admin center
    • MDM User scope from the Azure Active Directory admin center

11. HOTSPOT

    You have several devices enrolled in Microsoft Endpoint Manager.

    You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.

    

    The device type restrictions in Endpoint Manager are configured as shown in the following table.

    

    You add User3 as a device enrollment manager in Endpoint Manager.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1:
    No. User1 is in Group1. The two device type policies that apply to Group1 are Policy3 and the Default (All Users) policy. However, Policy3 has a higher priority than the default policy so Policy3 is the only effective policy. Policy3 allows the enrolment of Android and iOS devices only, not Windows.

    Box 2:
    No. User2 is in Group1 and Group2. The device type policies that apply to Group1 and Group2 are Policy2, Policy3 and the Default (All Users) policy. However, Policy2 has a higher priority than Policy 3 and the default policy so Policy2 is the only effective policy. Policy2 allows the enrolment of Windows devices only, not Android.

    Box 3:
    Yes. User3 is a device enrollment manager. Device restrictions to not apply to a device enrollment manager.

12. HOTSPOT

    You create two device compliance policies for Android devices as shown in the following table.

    

    You have the Android devices shown in the following table.

    

    The users belong to the groups shown in the following table.

    

    The users enroll their device in Microsoft Endpoint Manager.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

13. HOTSPOT

    Your network contains an Active Directory domain named contoso.com. All client devices run Windows 10 and are joined to the domain.

    You update the Windows 10 devices by using Windows Update for Business.

    What is the maximum amount of time you can defer Windows 10 updates? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

14. Your company uses Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to co-manage devices.

    Which two actions can be performed only from Endpoint Manager? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    • Deploy applications to Windows 10 devices.
    • Deploy VPN profiles to iOS devices.
    • Deploy VPN profiles to Windows 10 devices.
    • Publish applications to Android devices.

15. HOTSPOT

    Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).

    You have Windows 10 and Windows 8.1 devices.

    You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.

    What should you do? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

16. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

    You have a Microsoft 365 subscription.

    You need to ensure that administrators can manage the configuration settings for all the Windows 10 devices in your organization.

    What should you configure?

    • the Enrollment restrictions
    • the mobile device management (MDM) authority
    • the Exchange on-premises access settings
    • the Windows enrollment settings

17. You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)

    

    The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)

    

    Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.

    You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.

    What should you do?

    • From the conditional access policy, configure the device state.
    • From the Azure Active Directory admin center, create a custom control.
    • From the Endpoint Manager admin center, create a device compliance policy.
    • From the Azure Active Directory admin center, create a named location.

18. You have computers that run Windows 10 Enterprise and are joined to the domain.

    You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.

    You need to prevent Windows from being updated for the next 30 days.

    Which two Group Policy settings should you configure? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Select when Quality Updates are received
    • Select when Preview Builds and Feature Updates are received
    • Turn off auto-restart for updates during active hours
    • Manage preview builds
    • Automatic updates detection frequency

19. HOTSPOT

    You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.

    

    The device compliance policies in Endpoint Manager are configured as shown in the following table.

    

    The device compliance policies have the assignments shown in the following table.

    

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

20. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

    You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege.

    Which role should you assign to the user?

    • Cloud application administrator
    • Application administrator
    • Global administrator
    • Service administrator