최신 MD-102 무료덤프 - Microsoft Endpoint Administrator
Drag and Drop Question
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You need to configure the Microsoft Edge settings for each device.
What should you use? To answer, drag the appropriate Intune features to the correct devices.
Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You need to configure the Microsoft Edge settings for each device.
What should you use? To answer, drag the appropriate Intune features to the correct devices.
Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
Auto-enrollment in Intune is configured.
You have 100 Windows 11 devices in a workgroup.
You need to connect the devices to the corporate wireless network and enroll 100 new Windows
11 devices in Intune.
What should you use?
You use Microsoft Intune to manage devices.
Auto-enrollment in Intune is configured.
You have 100 Windows 11 devices in a workgroup.
You need to connect the devices to the corporate wireless network and enroll 100 new Windows
11 devices in Intune.
What should you use?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
Your company has computers that run Windows 10 and are Microsoft Azure Active Directory (Azure AD)-joined.
The company purchases an Azure subscription.
You need to collect Windows events from the Windows 10 computers in Azure. The solution must enable you to create alerts based on the collected events.
What should you create in Azure and what should you configure on the computers? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company has computers that run Windows 10 and are Microsoft Azure Active Directory (Azure AD)-joined.
The company purchases an Azure subscription.
You need to collect Windows events from the Windows 10 computers in Azure. The solution must enable you to create alerts based on the collected events.
What should you create in Azure and what should you configure on the computers? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager and sends collected data to your Log Analytics workspace in Azure Monitor.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent
You have Windows 10 devices that are managed by using Microsoft Intune. Intune and the Microsoft Store for Business are integrated.
You need to deploy the Remote Desktop modern app as an automatic install to the Windows 10 devices without user interaction.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to deploy the Remote Desktop modern app as an automatic install to the Windows 10 devices without user interaction.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
정답: B,E,F
설명: (DumpTOP 회원만 볼 수 있음)
Case Study 1 - Litware inc
General Overview
Litware, Inc. is an international manufacturing company that has 3,000 employees. The company has sales, marketing, research, human resources (HR), development, and IT departments.
Litware has two main offices in New York and Los Angeles. Litware has five branch offices in Asia.
Existing Environment
Current Business Model
The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.
Litware has a Microsoft Endpoint Configuration Manager deployment.
During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.
Current Environment
The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain is Windows Server 2012 R2. All domain controllers run Windows Server 2012 R2.
Litware has the computers shown in the following table.
The development department uses projects in Azure DevOps to build applications. Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to different contractor.
Currently, the computers are re-provisioned manually by the IT department.
Problem Statements
Litware identifies the following issues on the network:
- Employees in the Los Angeles office report slow Internet performance when updates are downloading. The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.)
- Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.
- Re-provisioning the sales department computers is too time consuming.
Requirements
Business Goals
Litware plans to transition to co-management for all the company-owned Windows 10 computers.
Whenever possible, Litware wants to minimize hardware and software costs.
Device Management Requirements
Litware identifies the following device management requirements:
- Prevent the sales department employees from forwarding email that contains bank account information.
- Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.
- Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.
Technical Requirements
Litware identifies the following technical requirements for the planned deployment:
- Re-provision the sales department computers by using Windows AutoPilot.
- Ensure that the projects in Azure DevOps can be accessed from the corporate network only.
- Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.
- Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.
Hotspot Question
You need to resolve the performance issues in the Los Angeles office.
How should you configure the update settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
General Overview
Litware, Inc. is an international manufacturing company that has 3,000 employees. The company has sales, marketing, research, human resources (HR), development, and IT departments.
Litware has two main offices in New York and Los Angeles. Litware has five branch offices in Asia.
Existing Environment
Current Business Model
The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.
Litware has a Microsoft Endpoint Configuration Manager deployment.
During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.
Current Environment
The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain is Windows Server 2012 R2. All domain controllers run Windows Server 2012 R2.
Litware has the computers shown in the following table.
The development department uses projects in Azure DevOps to build applications. Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to different contractor.
Currently, the computers are re-provisioned manually by the IT department.
Problem Statements
Litware identifies the following issues on the network:
- Employees in the Los Angeles office report slow Internet performance when updates are downloading. The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.)
- Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.
- Re-provisioning the sales department computers is too time consuming.
Requirements
Business Goals
Litware plans to transition to co-management for all the company-owned Windows 10 computers.
Whenever possible, Litware wants to minimize hardware and software costs.
Device Management Requirements
Litware identifies the following device management requirements:
- Prevent the sales department employees from forwarding email that contains bank account information.
- Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.
- Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.
Technical Requirements
Litware identifies the following technical requirements for the planned deployment:
- Re-provision the sales department computers by using Windows AutoPilot.
- Ensure that the projects in Azure DevOps can be accessed from the corporate network only.
- Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.
- Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.
Hotspot Question
You need to resolve the performance issues in the Los Angeles office.
How should you configure the update settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.
You have a Microsot Entra tenant named contoso.com.
You have a workgroup computer named Computer1 that runs Windows 11.
You need to add Computer1 to contoso.com.
What should you use?
You have a workgroup computer named Computer1 that runs Windows 11.
You need to add Computer1 to contoso.com.
What should you use?
정답: A
Hotspot Question
Your network contains an Active Directory forest named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).
You use Microsoft Endpoint Configuration Manager for device management.
You have the Windows 10 devices shown in the following table.
You configure Endpoint Configuration Manager co-management as follows:
- Automatic enrollment in Intune: Pilot
- Pilot collection for all workloads: Collection2
You configure co-management workloads as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Your network contains an Active Directory forest named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).
You use Microsoft Endpoint Configuration Manager for device management.
You have the Windows 10 devices shown in the following table.
You configure Endpoint Configuration Manager co-management as follows:
- Automatic enrollment in Intune: Pilot
- Pilot collection for all workloads: Collection2
You configure co-management workloads as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: No
The Pilot Group does not include Device1.
Box 2: Yes
Device1 is not in the collection 2.
Box 3: Yes
The Pilot Group includes Device3.
Reference:
https://docs.microsoft.com/en-us/mem/configmgr/comanage/how-to-enable
You have a Windows 11 capable device named Device1 that runs the 64-bit version of Windows
10 Enterprise and has Microsoft Office 2019 installed.
You have the Windows 11 Enterprise images shown in the following table.
Which images can be used to perform an in-place upgrade of Device1?
10 Enterprise and has Microsoft Office 2019 installed.
You have the Windows 11 Enterprise images shown in the following table.
Which images can be used to perform an in-place upgrade of Device1?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
Your company has computers that run Windows 8.1, Windows 10, or macOS.
The company uses Microsoft Intune to manage the computers.
You need to create an Intune profile to configure Windows Hello for Business on the computers that support it.
Which platform type and profile type should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company has computers that run Windows 8.1, Windows 10, or macOS.
The company uses Microsoft Intune to manage the computers.
You need to create an Intune profile to configure Windows Hello for Business on the computers that support it.
Which platform type and profile type should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: Windows 10 and later
Windows Hello for Business is a method for signing in to Windows devices by replacing passwords, smart cards, and virtual smart cards. Intune includes built-in settings so Administrators can configure and use Windows Hello for Business. For example, you can use these settings to:
- Enable Windows Hello for Business for devices and users
- Set device PIN requirements, including a minimum or maximum PIN length
- Allow gestures, such as a fingerprint, that users can (or can't use) to sign in to devices Box 2: Identity protection Create the device profile -
1. Sign in to the Microsoft Endpoint Manager admin center.
2. Select Devices > Configuration profiles > Create profile.
3. Enter the following properties:
4. Platform: Select Windows 10 and later.
5. Profile: Select Templates > Identity protection.
6. Etc
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/identity-protection-configure
Hotspot Question
You have a Microsoft 365 tenant.
You have a Windows 10 update ring named Policy1 as shown in the following exhibit.
A Windows 10 Feature update deployment named Policy2 is configured as shown in the following exhibit.
You have devices enrolled in Microsoft Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 tenant.
You have a Windows 10 update ring named Policy1 as shown in the following exhibit.
A Windows 10 Feature update deployment named Policy2 is configured as shown in the following exhibit.
You have devices enrolled in Microsoft Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: Yes
Box 2: No
Device2 already has feature update 20H2.
Box 3: No
Device3 has a higher build than 2004.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/windows-10-update-rings
You have an Azure AD tenant named contoso.com.
You need to ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com.
What should you configure?
You need to ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com.
What should you configure?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.
In the Out-of-Box Drivers node, you create folders that contain drivers for different hardware models.
You need to configure the Inject Drivers MDT task to use PnP detection to install the drivers for one of the hardware models.
What should you do first?
In the Out-of-Box Drivers node, you create folders that contain drivers for different hardware models.
You need to configure the Inject Drivers MDT task to use PnP detection to install the drivers for one of the hardware models.
What should you do first?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Case Study 3 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Contoso has a Microsoft 365 E5 subscription.
Environment
Network Environment
The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table.
Contoso has a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The contoso.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices
Contoso has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.
The Compliance policy settings are shown in the following exhibit.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA
MAM user scope: GroupB
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1
Folder protection: Enable
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
- Included groups: Group2, GroupB
Windows Autopilot Configuration
Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Window Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune.
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD
joined.
Deploy a network boundary configuration profile that will have the following settings:
- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- - Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the
following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- - Included groups: Group1, Group2, GroupA
- - Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- - Included groups: GroupA
- - Excluded groups: GroupB
Purchase an app named App1 that is available in Microsoft Store for Business and to assign the
app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Contoso has a Microsoft 365 E5 subscription.
Environment
Network Environment
The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table.
Contoso has a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The contoso.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices
Contoso has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.
The Compliance policy settings are shown in the following exhibit.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA
MAM user scope: GroupB
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1
Folder protection: Enable
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
- Included groups: Group2, GroupB
Windows Autopilot Configuration
Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Window Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune.
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD
joined.
Deploy a network boundary configuration profile that will have the following settings:
- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- - Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the
following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- - Included groups: Group1, Group2, GroupA
- - Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- - Included groups: GroupA
- - Excluded groups: GroupB
Purchase an app named App1 that is available in Microsoft Store for Business and to assign the
app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: No
User1 - GroupA and not using AppA.exe
Box 2: Yes
User2 - GroupB and Azure AD joined device local administrator. Users with this role become local machine administrators on all Windows 10 devices that are joined to Azure Active Directory.
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#azure-ad- joined-device-local-administrator Box 2: Yes User3 - The Desktop folder is not protected.
Hotspot Question
You have an Azure AD Premium P2 subscription that contains the users shown in the following table.
You purchase the devices shown in the following table.
You configure automatic mobile device management (MDM) and mobile application management (MAM) enrollment by using the following settings:
- MDM user scope: Group1
- MAM user scope: Group2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure AD Premium P2 subscription that contains the users shown in the following table.
You purchase the devices shown in the following table.
You configure automatic mobile device management (MDM) and mobile application management (MAM) enrollment by using the following settings:
- MDM user scope: Group1
- MAM user scope: Group2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Hotspot Question
Your network contains an Active Directory domain.
The domain contains four computers named Computer1, Computer2, Computer3, and Computer4 that run Windows 10.
You perform the following actions:
- On Computer1, you install Windows Admin Center and configure Windows
Defender Firewall to allow incoming communication over TCP ports
80,443, and 6516.
- On Computer2, you run the Enable-PSRemoting cmdlet.
- On Computer3, you configure Windows Defender Firewall to allow
Windows Remote Management (WinRM) traffic.
- On Computer4, you run the winrm quickconfig command.
You need to manage the computers remotely by using Windows Admin Center.
From which computers can you connect to Windows Admin Center, and which computers can you manage by using Windows Admin Center? To answer, select the appropriate options in the answer are.
NOTE: Each correct selection is worth one point.
Your network contains an Active Directory domain.
The domain contains four computers named Computer1, Computer2, Computer3, and Computer4 that run Windows 10.
You perform the following actions:
- On Computer1, you install Windows Admin Center and configure Windows
Defender Firewall to allow incoming communication over TCP ports
80,443, and 6516.
- On Computer2, you run the Enable-PSRemoting cmdlet.
- On Computer3, you configure Windows Defender Firewall to allow
Windows Remote Management (WinRM) traffic.
- On Computer4, you run the winrm quickconfig command.
You need to manage the computers remotely by using Windows Admin Center.
From which computers can you connect to Windows Admin Center, and which computers can you manage by using Windows Admin Center? To answer, select the appropriate options in the answer are.
NOTE: Each correct selection is worth one point.
정답:
Hotspot Question
You have an Azure AD tenant named contoso.com that contains the users shown in the following table.
For contoso.com, the Mobility (MDM and MAM) settings have the following configurations:
- MDM user scope: Group1
- MAM user scope: Group2
You purchase the devices shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You have an Azure AD tenant named contoso.com that contains the users shown in the following table.
For contoso.com, the Mobility (MDM and MAM) settings have the following configurations:
- MDM user scope: Group1
- MAM user scope: Group2
You purchase the devices shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
정답:
