Topic 4: Mix Question
You have an Azure AD tenant that contains the devices shown in the following table.
You purchase Windows 11 Enterprise E5 licenses.
Which devices can use Subscription Activation to upgrade to Windows 11 Enterprise?
A.
Device1 only
B.
Device1 and Device2 only
C.
Device1 and Device3 only
D.
Device1, Device2, Device3, and Device4
Device1 and Device2 only
You have 100 computers that run Windows 10. You have no servers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).
The computers have different update settings, and some computers are configured for manual updates.
You need to configure Windows Update. The solution must meet the following requirements:
The configuration must be managed from a central location.
Internet traffic must be minimized.
Costs must be minimized.
How should you configure Windows Update? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a hybrid Azure AD tenant.
You configure a Windows Autopilot deployment profile as shown in the following exhibit.
Your company standardizes on Windows 10 Enterprise for all users.
Some users purchase their own computer from a retail store. The computers run Windows 10 Pro.
You need to recommend a solution to upgrade the computers to Windows 10 Enterprise, join the computers to Azure AD, and install several Microsoft Store apps. The solution must meet the following requirements:
• Ensure that any applications installed by the users are retained.
• Minimize user intervention.
What is the best recommendation to achieve the goal?
More than one answer choice may achieve the goal.
Select the BEST answer.
A.
Windows Autopilot
B.
Microsoft Deployment Toolkit (MDT)
C.
a Windows Configuration Designer provisioning package
D.
Windows Deployment Services (WDS)
Windows Autopilot
You have a Windows 11 capable device named Device1 that runs the 64-bit version of Windows 10 Enterprise and has Microsoft Office 2019 installed. You have the Windows 11 Enterprise images shown in the following table.
Which images can be used to perform an in-place upgrade of Device1?
A.
image1 only
B.
lmage2only
C.
Image1 and Image2
lmage2only
You have a Microsoft 365 subscription that contains two security groups named Group1 and Group2. Microsoft 365 uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to assign roles in Intune to meet the following requirements:
• The members of Group1 must manage Intune roles and assignments.
• The members of Group2 must assign existing apps and policies to users and devices.
The solution must follow the principle of least privilege.
Which role should you assign to each group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your network contains an Active Directory domain.
You install the Microsoft Deployment Toolkit (MDT) on a server.
You have a custom image of Windows 11.
You need to deploy the image to 100 devices by using MDT.
Which three actions should you perform in sequence? To answer, move answer area and arrange them in the correct order.
Your network contains an on-premises Active Directory Domain Services {AD DS) domain that syncs with an Azure AD tenant by using Azure AD Connect.
You use Microsoft Intune and Configuration Manager to manage devices.
You need to recommend a deployment plan for new Windows 11 devices. The solution must meet the following requirements:
• Devices for the marketing department must be joined to the AD DS domain only. The IT department will install complex applications on the devices at build time, before giving the devices to the marketing department users.
• Devices for The sales department must be Azure AD joined. The devices will be shipped directly from the manufacturer to The homes of the sales department users.
• Administrative effort must be minimized.
Which deployment method should you recommend for each department? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that contains a user named User1. The subscription contains devices enrolled in Microsoft intune as shown in the following table.
You have a Microsoft 365 E5 subscription that contains a group named Group1.
You create a Conditional Access policy named CAPolicy1 and assign CAPolicy1 to Group1.
You need to configure CAPolicy1 to require the members of Group1 to reauthenticate
every eight hours when they connect to Microsoft Exchange Online.
What should you configure?
A.
Session access controls
B.
an assignment that uses a User risk condition
C.
an assignment that uses a Sign-in risk condition
D.
Grant access controls
Session access controls
User sign-in frequency
Sign-in frequency defines the time period before a user is asked to sign in again when attempting to access a resource.
The Azure Active Directory (Azure AD) default configuration for user sign-in frequency is a rolling window of 90 days.
Sign-in frequency control
Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
Browse to Azure Active Directory > Security > Conditional Access.
Select New policy.
Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
Choose all required conditions for customer’s environment, including the target cloud apps.
Under Access controls > Session.
Select Sign-in frequency.
Choose Periodic reauthentication and enter a value of hours or days or select Every time.
Save your policy.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditionalaccess/howto-conditional-access-session-lifetime
Page 6 out of 24 Pages |
Previous |