Topic 4: Mix Question
You have a Microsoft 365 tenant that contains the objects shown in the following table.
In the Microsoft Intune admin center, you are creating a Microsoft 365 Apps app named App1. To which objects can you assign App1?
A.
Group3 and Group4 only
B.
Admin1, Group3, and Group4 only
C.
Group1, Group3, and Group4 only
D.
Group1, Group2, Group3, and Group4 only
E.
Admin1, Group1. Group2, Group3, and Group4
Group1, Group3, and Group4 only
Explanation: In the Microsoft Intune admin center, you can assign apps to users or devices. Users can be assigned to apps by using user groups or individual user accounts. Devices can be assigned to apps by using device groups. In this scenario, the objects shown in the table are as follows:
Admin1 is an individual user account that belongs to the Global administrators role group.
Group1 is a user group that contains 100 users.
Group2 is a device group that contains 50 devices.
Group3 is a user group that contains 200 users.
Group4 is a device group that contains 150 devices.
Since App1 is a Microsoft 365 Apps app, it can only be assigned to users, not devices. Therefore, Group2 and Group4 are not valid objects for app assignment. Admin1 is also not a valid object for app assignment, because individual user accounts can only be used for testing purposes, not for production deployment. Therefore, the only valid objects for app assignment are Group1 and Group3, which are user groups.
You have a Microsoft 365 subscription that contains 1,000 Android devices enrolled in Microsoft Intune. You create an app configuration policy that contains the following settings:
• Device enrollment type: Managed devices
• Profile Type: All Profile Types
• Platform: Android Enterprise
Which two types of apps can be associated with the policy? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A.
Built-in Android app
B.
Managed Google Play store app
C.
Web link
D.
Android Enterprise system app
E.
Android store app
Managed Google Play store app
Android Enterprise system app
You have an Azure AD group named Group1. Group! contains two Windows 10 Enterprise devices named Device1 and Device2. You create a device configuration profile named Profile1. You assign Profile! to Group1. You need to ensure that Profile! applies to Device1 only. What should you modify in Profile 1?
A.
Assignments
B.
Settings
C.
Scope (Tags)
D.
Applicability Rules
Applicability Rules
Explanation: To ensure that Profile1 applies to Device1 only, you need to modify the Applicability Rules in Profile1. You can use applicability rules to filter which devices receive a profile based on criteria such as device model, manufacturer, or operating system version. You can create an applicability rule that matches Device1’s properties and excludes Device2’s properties.
References: https://docs.microsoft.com/enus/mem/intune/configuration/device-profile-assign#applicability-rules
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You create a Conditional Access policy named CAPolicy1 that will block access to Microsoft Exchange Online from iOS devices. You assign CAPolicy1 to Group1.
You discover that User1 can still connect to Exchange Online from an iOS device.
You need to ensure that CAPolicy1 is enforced.
What should you do?
A.
Configure a new terms of use (TOU).
B.
Assign CAPolicy1 to Group2.
C.
Enable CAPolicy1
D.
Add a condition in CAPolicy1 to filter for devices.
Assign CAPolicy1 to Group2.
Explanation:
Common signals that Conditional Access can take in to account when making a policy decision include the following signals:
* User or group membership
Policies can be targeted to specific users and groups giving administrators fine-grained control over access.
* Device
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Use filters for devices to target policies to specific devices like privileged access workstations.
* Etc.
Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditionalaccess/overview
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a network share. You start Computer1 from Windows PE (WinPE), and then you run setup.exe from the network share.
Does this meet the goal?
A.
Yes
B.
No
No
You have a Microsoft 365 tenant that contains the objects shown in the following table.
You are creating a compliance policy named Compliance1.
Which objects can you specify in Compliance1 as additional recipients of noncompliance notifications?
A.
Group3 and Group4 only
B.
Group3, Group4, and Admin1 only
C.
Group1, Group2, and Group3 only
D.
Group1, Group2, Group3, and Group4 only
E.
Group1, Group2, Group3, Group4, and Admin1
Group1, Group2, and Group3 only
Reference:
https://www.ravenswoodtechnology.com/microsoft-intune-compliance-notifications/
https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/comparegroups?view=o365-worldwide
Your network contains an on-premises Active Directory domain. The domain contains two computers named Computer1 and Computer? that run Windows 10.
You install Windows Admin Center on Computer1.
You need to manage Computer2 from Computer1 by using Windows Admin Center.
What should you do on Computed?
A.
Update the TrustedHosts list
B.
Run the Enable-PSRemoting cmdlet
C.
Allow Windows Remote Management (WinRM) through the Microsoft Defender firewall.
D.
Add an inbound Microsoft Defender Firewall rule.
Run the Enable-PSRemoting cmdlet
Explanation: To manage a remote computer from Windows Admin Center, you need to enable PowerShell remoting on the remote computer. You can do this by running the Enable-PSRemoting cmdlet, which configures the WinRM service, creates a listener, and allows inbound firewall rules for PowerShell remoting. The other options are not sufficient or necessary for this task. References: Installation and configuration for Windows Remote Management.
You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft Intune.
You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize administrative effort.
What should you do?
A.
From the Microsoft Endpoint Manager admin center, create a configuration profile.
B.
From the Microsoft Endpoint Manager admin center, create a security baseline.
C.
Onboard the macOS devices to the Microsoft 365 compliance center.
D.
Install Defender for Endpoint on the macOS devices.
Install Defender for Endpoint on the macOS devices.
Explanation:
Just install, and use Defender for Endpoint on Mac.
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defenderendpoint/microsoft-defender-endpoint-mac
Your network contains an Active Directory domain named adatum.com, a workgroup, and computers that run Windows 10. The computers are configured as shown in the following table.
You have an on-premises Active Directory domain that syncs to Azure AD tenant. The tenant contains computers that run Windows 10. The computers are hybrid Azure AD joined and enrolled in Microsoft Intune. The Microsoft Office settings on the computers are configured by using an Group Policy Object (GPO).
You need to migrate the GPO to Intune.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you modify the User settings and the Device settings.
Does this meet the goal?
A.
Yes
B.
No
No
Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10. You implement hybrid Azure AD and Microsoft Intune.
You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize administrative effort.
What should you use?
A.
an Autodiscover address record
B.
a Group Policy object (GPO)
C.
an Autodiscover service connection point (SCP)
D.
a Windows Autopilot deployment profile
a Group Policy object (GPO)
| Page 4 out of 27 Pages |
| Previous |