Topic 4: Mix Question
You have two computers named Computer1 and Computed that run Windows 10.
Computed has Remote Desktop enabled.
From Computer1, you connect to Computer2 by using Remote Desktop Connection.
You need to ensure that you can access the local drives on Computer1 from within the Remote Desktop session.
What should you do?
A.
From Computer 2, configure the Remote Desktop settings.
B.
From Windows Defender Firewall on Computer 1, allow Remote Desktop
C.
From Windows Defender Firewall on Computer 2, allow File and Printer Sharing.
D.
From Computer1, configure the Remote Desktop Connection settings.
From Computer1, configure the Remote Desktop Connection settings.
You have an Azure AD tenant that contains the devices shown in the following table.
Which devices can be activated by using subscription activation?
A.
Device 1 only
B.
Device1 and Device2 only
C.
Device1 and Device3 only
D.
Device1, Device2. Device3, and Device4
Device1 and Device3 only
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. You have the Windows 11 devices shown in the following table.
You have a Microsoft 365 E5 subscription.
You need to download a report that lists all the devices that are NOT enrolled in Microsoft Intune and are assigned an app protection policy.
What should you select in the Microsoft Endpoint Manager admin center?
A.
Apps. and then App protection policies
B.
Apps. and then Monitor
C.
Devices, and then Monitor
D.
Reports, and the Device compliance
Apps. and then App protection policies
Explanation:
App report: You can search by platform and app, and then this report will provide two different app protection statuses that you can select before generating the report. The statuses can be Protected or Unprotected.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies-monitor
You have a Microsoft 365 E5 subscription.
You create an app protection policy for Android devices named Policy1 as shown in the following exhibit.
You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined Windows devices. All the devices are enrolled in Microsoft Intune. You need to configure Delivery Optimization on the devices to meet the following requirements:
• Allow downloads from the internet and from other computers on the local network.
• Limit the percentage of used bandwidth to 50.
What should you use?
A.
a configuration profile
B.
a Windows Update for Business Group Policy setting
C.
a Microsoft Peer-to-Peer Networking Services Group Policy setting
D.
an Update ring for Windows 10 and later profile
a configuration profile
Explanation: A configuration profile is the correct answer because it allows you to configure Delivery Optimization settings for Windows devices in Intune. You can specify the download mode, bandwidth limit, caching options, and more. A configuration profile is a template that contains one or more settings that you can apply to groups of devices.
References:
Windows 10 Delivery Optimization settings for Intune - Microsoft Intune | Microsoft Learn
Delivery Optimization settings in Microsoft Intune
You have a Microsoft 365 tenant that contains the objects shown in the following table.
In the Microsoft Intune admin center, you are creating a Microsoft 365 Apps app named App1. To which objects can you assign App1?
A.
Group3 and Group4 only
B.
Admin1, Group3, and Group4 only
C.
Group1, Group3, and Group4 only
D.
Group1, Group2, Group3, and Group4 only
E.
Admin1, Group1. Group2, Group3, and Group4
Group1, Group3, and Group4 only
Explanation: In the Microsoft Intune admin center, you can assign apps to users or devices. Users can be assigned to apps by using user groups or individual user accounts. Devices can be assigned to apps by using device groups. In this scenario, the objects shown in the table are as follows:
Admin1 is an individual user account that belongs to the Global administrators role group.
Group1 is a user group that contains 100 users.
Group2 is a device group that contains 50 devices.
Group3 is a user group that contains 200 users.
Group4 is a device group that contains 150 devices.
Since App1 is a Microsoft 365 Apps app, it can only be assigned to users, not devices. Therefore, Group2 and Group4 are not valid objects for app assignment. Admin1 is also not a valid object for app assignment, because individual user accounts can only be used for testing purposes, not for production deployment. Therefore, the only valid objects for app assignment are Group1 and Group3, which are user groups.
You have a Microsoft 365 subscription that contains 1,000 Android devices enrolled in Microsoft Intune. You create an app configuration policy that contains the following settings:
• Device enrollment type: Managed devices
• Profile Type: All Profile Types
• Platform: Android Enterprise
Which two types of apps can be associated with the policy? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A.
Built-in Android app
B.
Managed Google Play store app
C.
Web link
D.
Android Enterprise system app
E.
Android store app
Managed Google Play store app
Android Enterprise system app
You have an Azure AD group named Group1. Group! contains two Windows 10 Enterprise devices named Device1 and Device2. You create a device configuration profile named Profile1. You assign Profile! to Group1. You need to ensure that Profile! applies to Device1 only. What should you modify in Profile 1?
A.
Assignments
B.
Settings
C.
Scope (Tags)
D.
Applicability Rules
Applicability Rules
Explanation: To ensure that Profile1 applies to Device1 only, you need to modify the Applicability Rules in Profile1. You can use applicability rules to filter which devices receive a profile based on criteria such as device model, manufacturer, or operating system version. You can create an applicability rule that matches Device1’s properties and excludes Device2’s properties.
References: https://docs.microsoft.com/enus/mem/intune/configuration/device-profile-assign#applicability-rules
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You create a Conditional Access policy named CAPolicy1 that will block access to Microsoft Exchange Online from iOS devices. You assign CAPolicy1 to Group1.
You discover that User1 can still connect to Exchange Online from an iOS device.
You need to ensure that CAPolicy1 is enforced.
What should you do?
A.
Configure a new terms of use (TOU).
B.
Assign CAPolicy1 to Group2.
C.
Enable CAPolicy1
D.
Add a condition in CAPolicy1 to filter for devices.
Assign CAPolicy1 to Group2.
Explanation:
Common signals that Conditional Access can take in to account when making a policy decision include the following signals:
* User or group membership
Policies can be targeted to specific users and groups giving administrators fine-grained control over access.
* Device
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Use filters for devices to target policies to specific devices like privileged access workstations.
* Etc.
Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditionalaccess/overview
Page 4 out of 24 Pages |
Previous |