최신 MD-102 무료덤프 - Microsoft Endpoint Administrator

Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. You have the Windows 11 devices shown in the following table.

You deploy the device compliance policy shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 tenant that contains the Windows 10 devices shown in the following table.

You enable Enterprise State Roaming.
You need to ensure that User1 can sync Windows settings across the devices.
What should you do?

Case Study 3 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Contoso has a Microsoft 365 E5 subscription.
Environment
Network Environment
The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table.

Contoso has a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The contoso.com tenant contains the users shown in the following table.

All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices
Contoso has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.

All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.

The Compliance policy settings are shown in the following exhibit.

The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA

MAM user scope: GroupB

You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1

Folder protection: Enable

List of apps that have access to protected folders: C:\*\AppA.exe

List of additional folders that need to be protected: D:\Folder1

Assignments:

- Included groups: Group2, GroupB
Windows Autopilot Configuration
Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.

Currently, there are no devices deployed by using Window Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune.

New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD

joined.
Deploy a network boundary configuration profile that will have the following settings:

- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- - Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the

following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- - Included groups: Group1, Group2, GroupA
- - Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- - Included groups: GroupA
- - Excluded groups: GroupB
Purchase an app named App1 that is available in Microsoft Store for Business and to assign the

app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.

Administrative effort must be minimized.

You need to ensure that computer objects can be created as part of the Windows Autopilot deployment. The solution must meet the technical requirements.
To what should you grant the right to create the computer objects?

Case Study 3 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Contoso has a Microsoft 365 E5 subscription.
Environment
Network Environment
The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table.

Contoso has a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The contoso.com tenant contains the users shown in the following table.

All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices
Contoso has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.

All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.

The Compliance policy settings are shown in the following exhibit.

The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA

MAM user scope: GroupB

You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1

Folder protection: Enable

List of apps that have access to protected folders: C:\*\AppA.exe

List of additional folders that need to be protected: D:\Folder1

Assignments:

- Included groups: Group2, GroupB
Windows Autopilot Configuration
Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.

Currently, there are no devices deployed by using Window Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune.

New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD

joined.
Deploy a network boundary configuration profile that will have the following settings:

- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- - Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the

following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- - Included groups: Group1, Group2, GroupA
- - Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- - Included groups: GroupA
- - Excluded groups: GroupB
Purchase an app named App1 that is available in Microsoft Store for Business and to assign the

app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.

Administrative effort must be minimized.

Hotspot Question
You implement the planned changes for Connection1 and Connection2.
How many VPN connections will there be for User1 when the user signs in to Device1 and Device2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains a user named User1 and a web app named App1.
App1 must only accept modern authentication requests.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
- Assignments
- Users or workload identities: User1
- Cloud apps or actions: App1
- Access controls
- Grant: Block access
You need to block only legacy authentication requests to App1.
Which condition should you add to CAPolicy1?

Drag and Drop Question
You use the Antimalware Assessment solution in Microsoft Azure Log Analytics. From the Protection Status dashboard, you discover the computers shown in the following table.

You verify that both computers are connected to the network and running.
What is a possible cause of the issue on each computer? To answer, drag the appropriate causes to the correct computers. Each cause may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You have the devices shown in the following table.

You plan to implement Microsoft Defender for Endpoint.
You need to identify which devices can be onboarded to Microsoft Defender for Endpoint.
What should you identify?

Your network contains an Active Directory domain. The functional level of the forest and the domain is Windows Server 2012 R2.
The domain contains 500 computers that run Windows 10. All the computers are managed by using Microsoft System Center 2012 R2 Configuration Manager.
You need to enable co-management.
What should you do first?

You have a computer named Computer5 that has Windows 10 installed.
You create a Windows PowerShell script named config.ps1.
You need to ensure that config.ps1 runs after feature updates are installed on Computer5.
Which file should you modify on Computer5?

Your company has a Microsoft Azure Active Directory (Azure AD) tenant. All users in the company are licensed for Microsoft Intune.
You need to ensure that the users enroll their iOS device in Intune.
What should you configure first?

You have an Azure AD tenant that contains the devices shown in the following table.

You purchase Windows 11 Enterprise E5 licenses.
Which devices can use Subscription Activation to upgrade to Windows 11 Enterprise?

Your company has a Microsoft 365 tenant.
Users sign in to Windows 10 devices by using their Microsoft 365 account.
On a computer, you open Sync your settings as shown in the exhibit.

You need to set Sync settings to On.
What should you do?

You use Microsoft Intune to manage client computers. The computers run one of the following operating systems:
- Windows 8.1
- Windows 10 Pro
- Windows 10 Enterprise
- Windows 10 Enterprise LTSC
You plan to manage Windows updates on the computers by using update rings.
Which operating systems support update rings?

You have a Microsoft 365 tenant that contains the devices shown in the following table.

The devices are managed by using Microsoft Intune.
You create a compliance policy named Policy1 and assign Policy1 to Group1. Policy1 is configured to mark a device as Compliant only if the device security settings match the settings specified in the policy.
You discover that devices that are not members of Group1 are shown as Compliant.
You need to ensure that only devices that are assigned a compliance policy can be shown as Compliant. All other devices must be shown as Not compliant.
What should you do?

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage Windows 11 devices.
You create a new policy set named Set and add five device configuration profiles for Windows 10 and later.
You create a device compliance policy named Policy1.
You need to ensure that when users are assigned the device configuration profiles in Set1, they are always assigned Policy1 also.
What should you configure?

Hotspot Question
You have a Microsoft 365 subscription.
You need to configure access to Microsoft Office 365 for unmanaged devices. The solution must meet the following requirements:
- Allow only the Microsoft Intune Managed Browser to access Office 365
web interfaces.
- Ensure that when users use the Intune Managed Browser to access
Office 365 web interfaces, they can only copy data to applications that are managed by the company.
Which two settings should you configure from the Microsoft Intune blade? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.