Real Exam Questions MD-102 Dumps Exam Questions in here [Jan-2024]
Get Latest Jan-2024 Conduct effective penetration tests using MD-102
Microsoft MD-102 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
NEW QUESTION # 141
You need to meet the technical requirements for Windows AutoPilot.
Which two settings should you configure from the Azure Active Directory blade? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset
Topic 2, Contoso, Ltd.
Network Environment
The network contains an on-premises Active domain named Contoso.com. The domain contains the servers shown in the following table.
Contoso has a hybrid Azure Active Directory (Azure AD) tenant named Contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The Contoso.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group and Group have a Membership type of Assign
Devices
Contoso has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder 1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.
The Compliance policy settings are shown in the following exhibit.
The Automatic Enrolment settings have the following configurations:
* MDM user scope GroupA
* MAM user scope: GroupB
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
* Name: Protection1
* Folder protection: Enable
* List of apps that have access to protected folders: CV\AppA.exe
* List of additional folders that need to be protected: D:\Folderi1
* Assignments
Windows Autopilot Configuration
Currently, there are no devices deployed by using Window Autopilot
The Intune connector tor Active Directory is installed on Server 1.
Planned Changes
Contoso plans to implement the following changes:
* Purchase a new Windows 10 device named Device6 and enroll the device in Intune.
* New computers will be deployed by using Windows Autopilot and will be hybrid Azure AO joined.
* Deploy a network boundary configuration profile that will have the following settings:
* Name Boundary 1
* Network boundary 192.168.1.0/24
* Scope tags: Tag 1
* Assignments;
* included groups: Group 1. Group2
* Deploy two VPN configuration profiles named Connection! and Connection that will have the following settings:
* Name: Connection 1
* Connection name: VPNI
* Connection type: L2TP
* Assignments:
* Included groups: Group1. Group2, GroupA
* Excluded groups: -
* Name: Connection
* Connection name: VPN2
* Connection type: IKEv2 i Assignments:
* included groups: GroupA
* Excluded groups: GroupB
* Purchase an app named App1 that is available in Microsoft Store for Business and to assign the app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
* Users in GroupA must be able to deploy new computers.
* Administrative effort must be minimized.
NEW QUESTION # 142
You need to recommend a solution to meet the device management requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://github.com/MicrosoftDocs/IntuneDocs/blob/master/intune/app-protection-policy.md
https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#do-not-forward-option-for
NEW QUESTION # 143
What should you use to meet the technical requirements for Azure DevOps?
- A. A device configuration profile
- B. Windows Information Protection (WIP)
- C. An app protection policy
- D. Conditional access
Answer: D
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/manage-conditional-access?
view=azure-devops
Topic 1, Litware inc
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Existing Environment Current Business Model The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11:00 to 22:00.
Litware has a Microsoft System Center 2012 R2 Configuration Manager deployment. During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.
Current Environment
The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain is Windows Server 2012 R2. All domain controllers run Windows Server 2012 R2.
Litware has the computers shown in the following table.
The development department uses projects in Azure DevOps to build applications.
Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to different contractor. Currently, the computers are re-provisioned manually by the IT department.
Problem Statements
Litware identifies the following issues on the network:
Employees in the Los Angeles office report slow Internet performance when updates are downloading.
The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.) Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.
Re-provisioning the sales department computers is too time consuming.
Requirements
Business Goals
Litware plans to transition to co-management for all the company-owned Windows 10 computers. Whenever possible, Litware wants to minimize hardware and software costs.
Device Management Requirements
Litware identifies the following device management requirements:
Prevent the sales department employees from forwarding email that contains bank account information.
Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.
Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.
Technical Requirements
Litware identifies the following technical requirements for the planned deployment:
Re-provision the sales department computers by using Windows AutoPilot.
Ensure that the projects in Azure DevOps can be accessed from the corporate network only.
Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.
Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.
Exhibits
NEW QUESTION # 144
You have a Microsoft 365 subscription.
Users have iOS devices that are not enrolled in Microsoft 365 Device Management.
You create an app protection policy for the Microsoft Outlook app as shown in the exhibit. (Click the Exhibit tab.)
You need to configure the policy to meet the following requirements:
Prevent the users from using the Outlook app if the operating system version is less than 12.0.0.
Require the users to use an alphanumeric passcode to access the Outlook app.
What should you configure in an app protection policy for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/intune/app-protection-policy-settings-ios
NEW QUESTION # 145
You have a Microsoft 365 subscription that uses Microsoft Intune.
You need to ensure that you can deploy apps to Android Enterprise devices.
What should you do first?
- A. Add a certificate connector.
- B. Link your managed Google Play account to Intune.
- C. Configure the Partner device management settings.
- D. Create a configuration profile.
Answer: B
NEW QUESTION # 146
You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.
AH devices contain an app named App1 and are enrolled in Microsoft Intune.
You need to prevent users from copying data from App1 and pasting the data into other apps.
Which type of policy and how many policies should you create in Intune? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 147
You have a Microsoft 365 subscription.
All users have Microsoft 365 apps deployed.
You need to configure Microsoft 365 apps to meet the following requirements:
* Enable the automatic installation of WebView2 Runtime.
* Prevent users from submitting feedback.
Which two settings should you configure in the Microsoft 365 Apps admin center? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 148
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You create a Conditional Access policy named CAPolicy1 that will block access to Microsoft Exchange Online from iOS devices. You assign CAPolicy1 to Group1.
You discover that User1 can still connect to Exchange Online from an iOS device.
You need to ensure that CAPolicy1 is enforced.
What should you do?
- A. Add a condition in CAPolicy1 to filter for devices.
- B. Assign CAPolicy1 to Group2.
- C. Enable CAPolicy1
- D. Configure a new terms of use (TOU).
Answer: B
Explanation:
Explanation
Common signals that Conditional Access can take in to account when making a policy decision include the following signals:
* User or group membership
Policies can be targeted to specific users and groups giving administrators fine-grained control over access.
* Device
Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
Use filters for devices to target policies to specific devices like privileged access workstations.
* Etc.
Reference: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
NEW QUESTION # 149
You have a Microsoft 365 E5 subscription. The subscription contains 25 computers that run Windows 11 and are enrolled in Microsoft Intune. You need to onboard the devices to Microsoft Defender for Endpoint. What should you create in the Microsoft Intune admin center?
- A. an attack surface reduction (ASR) policy
- B. a security baseline
- C. an antivirus policy
- D. an endpoint detection and response (EDR) policy
- E. an account protection policy
Answer: D
Explanation:
To onboard the devices to Microsoft Defender for Endpoint, you need to create an endpoint detection and response (EDR) policy in the Microsoft Intune admin center. This policy enables EDR capabilities on devices that are enrolled in Intune and allows you to configure various settings for EDR functionality. You can then assign the policy to groups of users or devices. Reference: https://docs.microsoft.com/en-us/mem/intune/protect/edr-windows
NEW QUESTION # 150
You need to meet the technical requirements for the LEG department computers.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
A screenshot of a white box Description automatically generated
Reference:
https://docs.microsoft.com/en-us/windows/deployment/update/windows-analytics-azure-portal
NEW QUESTION # 151
Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active Directory (Azure AD).
There are 500 Active Directory domain-joined computers that run Windows 10 and are enrolled in Microsoft Intune.
You plan to implement Microsoft Defender Exploit Guard.
You need to create a custom Microsoft Defender Exploit Guard policy, and then distribute the policy to all the computers.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A screenshot of a computer Description automatically generated
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/import-export-explo
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-prote
NEW QUESTION # 152
You have a Microsoft Intune subscription.
You are creating a Windows Autopilot deployment profile named Profile1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 153
Your network contains an Active Directory domain. The domain contains 1.000 computers that run Windows
11.
You need to configure the Remote Desktop settings of all the computers. The solution must meet the following requirements:
* Prevent the sharing of clipboard contents.
* Ensure that users authenticate by using Network Level Authentication (NLA).
Which two nodes of the Group Policy Management Editor should you use? To answer, select the appropriate nodes in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 154
Your company uses Microsoft Intune.
More than 500 Android and iOS devices are enrolled in the Intune tenant.
You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.
You need to ensure that the policies can target the devices based on their version of Android or iOS.
What should you configure first?
- A. groups that have dynamic membership rules in Azure AD
- B. Device categories in Intune
- C. Device settings in Azure AD
- D. Corporate device identifiers in Intune
Answer: B
NEW QUESTION # 155
You have a Microsoft 365 subscription.
You use Microsoft Intune Suite to manage devices.
You have the iOS app protection policy shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point,
Answer:
Explanation:
NEW QUESTION # 156
You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace.
Which three types of data can you collect from the computers by using Log Analytics? Each correct answer a complete solution.
NOTE: Each correct selection is worth one point.
- A. failure events from the Security log
- B. third-party application logs stored as text files
- C. error events from the System log
- D. the list of processes and their execution times
- E. the average processor utilization
Answer: B,C,E
Explanation:
You can collect error events from the System log, third-party application logs stored as text files, and the average processor utilization from the computers by using Log Analytics. These are some of the types of data that you can collect by using data sources such as Windows event logs, custom logs, and performance counters. You cannot collect failure events from the Security log or the list of processes and their execution times by using Log Analytics. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-overview
NEW QUESTION # 157
......
Authentic Best resources for MD-102 Online Practice Exam: https://pass4sure.itexamdownload.com/MD-102-valid-questions.html