Microsoft Managing Modern Desktops - MD-101무료 덤프문제 풀어보기
You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.
User1 can access her Microsoft Exchange Online mailbox from both Device 1 and Device2.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
* Assignments
* Users or workload identities: User1
* Cloud apps or actions: Office 365 Exchange Online
* Access controls
* Grant: Block access
You need to configure CAPolicy1 to allow mailbox access from Device 1 but block mailbox access from Device2.
Solution: You add a condition that specifies a trusted locations.
Does this meet the goal?
User1 can access her Microsoft Exchange Online mailbox from both Device 1 and Device2.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
* Assignments
* Users or workload identities: User1
* Cloud apps or actions: Office 365 Exchange Online
* Access controls
* Grant: Block access
You need to configure CAPolicy1 to allow mailbox access from Device 1 but block mailbox access from Device2.
Solution: You add a condition that specifies a trusted locations.
Does this meet the goal?
정답: B
설명: (Fast2test 회원만 볼 수 있음)
You have computer that run Windows 10 and connect to an Azure Log Analytics workspace. The workspace is configured to collect all available events from Windows event logs.
The computers have the logged events shown in the following table.
Which events are collected in the Log Analytics workspace?
The computers have the logged events shown in the following table.
Which events are collected in the Log Analytics workspace?
정답: C
You have a Microsoft 365 E5 subscription.
You create an app protection policy for Android devices named Policy1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You create an app protection policy for Android devices named Policy1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Box 1: Install the Intune Company Portal app on the device
On Android, Android devices will prompt to install the Intune Company Portal app regardless of which Device type is chosen.
Bix 2: Devices only
For Android devices, unmanaged devices are devices where Intune MDM management has not been detected.
This includes devices managed by third-party MDM vendors.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies#app-protection-policies-for-iosipados
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a network share. You start Computer1 from Windows PE (WinPE), and then you run setup.exe from the network share.
Does this meet the goal?
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a network share. You start Computer1 from Windows PE (WinPE), and then you run setup.exe from the network share.
Does this meet the goal?
정답: B
Your network contains an Active Directory named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10.
Folder Redirection is configured for a domain user named User1. The AppData\Roaming folder and the Desktop folder are redirected to a network share.
User1 signs in to Computer1 and performs the following tasks:
* Configures screen saver to start after five minutes of inactivity
* Modifies the default save location for Microsoft Word
* Creates a file named File1.docx on the desktop
* Modifies the desktop background
You need to identify what will be retained when User1 signs in to Computer2.
What should you identify?
Folder Redirection is configured for a domain user named User1. The AppData\Roaming folder and the Desktop folder are redirected to a network share.
User1 signs in to Computer1 and performs the following tasks:
* Configures screen saver to start after five minutes of inactivity
* Modifies the default save location for Microsoft Word
* Creates a file named File1.docx on the desktop
* Modifies the desktop background
You need to identify what will be retained when User1 signs in to Computer2.
What should you identify?
정답: C
설명: (Fast2test 회원만 볼 수 있음)
You need to enable Windows Defender Credential Guard on computers that run Windows 10.
What should you install on the computers?
What should you install on the computers?
정답: D
Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). All computers are joined to the domain and registered to Azure AD.
The network contains a Microsoft System Center Configuration Manager (Current Batch) deployment that is configured for co-management with Microsoft Intune.
All the computers in the finance department are managed by using Configuration Manager. All the computers in the marketing department are managed by using Intune.
You install new computers for the users in the marketing department by using the Microsoft Deployment Toolkit (MDT).
You purchase an application named App1 that uses an MSI package.
You need to install App1 on the finance department computers and the marketing department computers.
How should you deploy App1 to each department? To answer, drag the appropriate deployment methods to the correct departments. Each deployment method may be used once, more than once, or not at all. You may need to drag the split bat between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
The network contains a Microsoft System Center Configuration Manager (Current Batch) deployment that is configured for co-management with Microsoft Intune.
All the computers in the finance department are managed by using Configuration Manager. All the computers in the marketing department are managed by using Intune.
You install new computers for the users in the marketing department by using the Microsoft Deployment Toolkit (MDT).
You purchase an application named App1 that uses an MSI package.
You need to install App1 on the finance department computers and the marketing department computers.
How should you deploy App1 to each department? To answer, drag the appropriate deployment methods to the correct departments. Each deployment method may be used once, more than once, or not at all. You may need to drag the split bat between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Reference:
https://docs.microsoft.com/en-us/intune/apps-add
https://docs.microsoft.com/en-us/sccm/apps/get-started/create-and-deploy-an-application
You have a Microsoft 365 subscription that contains devices enrolled in Microsoft Intune.
You need to create Endpoint security policies to enforce the following requirements:
* Computers that run macOS must have FileVault enabled.
* Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.
* Computers that run Windows 10 must have Microsoft Defender Application Control enabled.
Which Endpoint security feature should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to create Endpoint security policies to enforce the following requirements:
* Computers that run macOS must have FileVault enabled.
* Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.
* Computers that run Windows 10 must have Microsoft Defender Application Control enabled.
Which Endpoint security feature should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Box 1: Disk encryption
Computers that run macOS must have FileVault enabled.
Intune supports macOS FileVault disk encryption. FileVault is a whole-disk encryption program that is included with macOS. You can use Intune to configure FileVault on devices that run macOS 10.13 or later.
Box 2: Attack surface reduction (ASR)
Computers that run Windows 10 must have Microsoft Defender Application Control enabled.
Attack surface reduction profiles include:
* Application control - Application control settings can help mitigate security threats by restricting the applications that users can run and the code that runs in the System Core (kernel). Manage settings that can block unsigned scripts and MSIs, and restrict Windows PowerShell to run in Constrained Language Mode.
Note: Attack surface reduction rules target certain software behaviors, such as:
Launching executable files and scripts that attempt to download or run files Running obfuscated or otherwise suspicious scripts Performing behaviors that apps don't usually initiate during normal day-to-day work Box 3: Account protection Computers that run Windows 10 must have Microsoft Defender Credential Guard enabled.
The account protection policy is focused on settings for Windows Hello and Credential Guard, which is part of Windows identity and access management.
Note: Microsoft Defender Credential Guard protects against credential theft attacks. It isolates secrets so that only privileged system software can access them.
Reference: https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices-filevault
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy