Endpoint Administrator Questions and Answers
You have SOO Windows 10 devices enrolled in Microsoft Intune.
You plan to use Exploit protection in Microsoft Intune to enable the following system settings on the devices:
• Data Execution Prevention (DEP)
• Force randomization for images (Mandatory ASlR)
You need to configure a Windows 10 device that will be used to create a template file.
Which protection areas on the device should you configure in the Windows Security app before you create the template file? To answer, drag the appropriate protection areas to the correct settings. Each protection area may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have a Hyper-V host. The host contains virtual machines that run Windows 10 as shown in following table.
Which virtual machines can be upgraded to Windows 11?
You have a Microsoft 365 E5 subscription. The subscription contains devices that are Microsoft Entra joined and enrolled in Microsoft Intune.
You create a user named User1.
You need to ensure that User1 can rotate Bitlocker recovery keys by using Intune.
Solution: From the Microsoft Intune admin center, you assign the Endpoint Security Manager role to User1.
Does this meet the goal?
You have devices enrolled in Microsoft Intune as shown in the following table.
Intune includes the device compliance policies shown in the following table.
The device compliance policies have the assignments shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have two computers named Computer1 and Computed that run Windows 10. Computed has Remote Desktop enabled.
From Computer1, you connect to Computer2 by using Remote Desktop Connection.
You need to ensure that you can access the local drives on Computer1 from within the Remote Desktop session.
What should you do?
You have a Microsoft 365 subscription that uses Microsoft Intune.
You have five new Windows 11 Pro devices.
You need to prepare the devices for corporate use. The solution must meet the following requirements:
• Install Windows 11 Enterprise on each device.
• Install a Windows Installer (MSI) package named App1 on each device.
• Add a certificate named Certificate1 that is required by App1.
• Join each device to Azure AD.
Which three provisioning options can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Microsoft Intune.
You need to ensure that you can deploy apps to Android Enterprise devices.
What should you do first?
You use Microsoft Intune and Intune Data Warehouse.
You need to create a device inventory report that includes the data stored in the data warehouse.
What should you use to create the report?
Your company uses Microsoft Intune.
More than 500 Android and iOS devices are enrolled in the Intune tenant.
You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.
You need to ensure that the policies can target the devices based on their version of Android or iOS.
What should you configure first?
You have a Microsoft 365 tenant that contains the devices shown in the following table.
The devices are managed by using Microsoft Intune.
You create a compliance policy named Policy1 and assign Policy1 to Group1. Policy1 is configured to mark a device as Compliant only if the device security settings match the settings specified in the policy.
You discover that devices that are not members of Group1 are shown as Compliant.
You need to ensure that only devices that are assigned a compliance policy can be shown as Compliant. All other devices must be shown as Not compliant.
What should you do from the Microsoft Intune admin center?
You have groups that use the Dynamic Device membership type as shown in the following table.
You are deploying Microsoft 365 apps.
You have devices enrolled in Microsoft Intune as shown in the following table.
In the Microsoft Endpoint Manager admin center, you create a Microsoft 365 Apps app as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure AD tenant named contoso.com.
You plan to purchase 25 computers that run Windows 11. You plan to deliver the computers directly to users.
You need to ensure that during the out-of-box experience (OBE), users are prompted to sign in, and then the computers are configured to use Microsoft Intune.
Which two components should you configure? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that includes Microsoft Intune.
You have 500 corporate-owned Android devices enrolled as fully managed devices.
You need to prepare an app named App1 for deployment to the devices.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point,
You have a Microsoft 365 E5 subscription that contains a user named User! and a web app named Appl.
App1 must only accept modern authentication requests.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
• Assignments
° Users or workload identities: User1
° Cloud apps or actions: App1
• Access controls
° Grant: Block access
You need to block only legacy authentication requests to Appl. Which condition should you add to CAPolicy1?
You use a Microsoft Intune subscription to manage iOS devices.
You configure a device compliance policy that blocks jailbroken iOS devices.
You need to enable Enhanced jailbreak detection.
What should you configure?
Your network contains an Active Directory domain named contoso.com. The domain contains 25 computers that run Windows 11-
You have a Microsoft 365 subscription
You have an Azure AD tenant that syncs with contoso.com.
You configure hybrid Azure AD join and discover that some of the computers have a registered state of Pending.
You need to ensure that the computers complete the join successfully.
What should you ensure?
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a network share. You start Computer1 from Windows PE (WinPE), and then you run setup.exe from the network share.
Does this meet the goal?
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices. All devices are in the same time zone.
You create an update rings policy and assign the policy to all Windows devices.
On the November 1, you pause the update rings policy.
All devices remain online.
Without further modification to the policy, on which date will the devices next attempt to update?
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
Auto-enrollment in Intune is configured.
You have 100 Windows 11 devices in a workgroup.
You need to connect the devices to the corporate wireless network and enroll 100 new Windows devices in Intune.
What should you use?
Your company uses Microsoft Defender for Endpoint Microsoft Defender for Endpoint includes the device groups shown in the following table.
You onboard a computer to Microsoft Defender for Endpoint as shown in the following exhibit.
What is the effect of the Microsoft Defender for Endpoint configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.
in the Out-of-Box Drivers node, you create folders that contain drivers for different hardware models.
You need to configure the Inject Drivers MDT task to use PnP detection to install the drivers for one of the hardware models.
What should you do first?
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You have the devices shown in the following table.
Which devices can be changed to Windows 11 Enterprise by using subscription activation?
You have a Microsoft 365 subscription.
You use Microsoft Intune to manage devices.
You need to assess device performance during startup and identify any device models that take longer than average to start.
What should you use to assess the device performance, and which portal should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant named contoso.com that contains a Windows 11 device named Device1 and a user named User1 User! registers Device1 in contoso.com.
Which capability is available to Device1 after registering in contoso.com.
To which devices do Policy1 and Policy2 apply? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the technical requirements for the IT department.
What should you do first?
You need to meet the requirements for the MKG department users.
What should you do?
You need to meet the technical requirements for the LEG department computers.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to meet the technical requirements for the iOS devices.
Which object should you create in Intune?
You need a new conditional access policy that has an assignment for Office 365 Exchange Online.
You need to configure the policy to meet the technical requirements for Group4.
Which two settings should you configure in the policy? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
You need to prepare for the deployment of the Phoenix office computers.
What should you do first?
You need to prepare for the deployment of the Phoenix office computers.
What should you do first?
What is the maximum number of devices that User1 and User2 can enroll in Intune? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are evaluating which devices are compliant.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to meet the technical requirements for the new HR department computers.
How should you configure the provisioning package? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you configure to meet the technical requirements for the Azure AD-joined computers?
You need to meet the technical requirements for Windows AutoPilot.
Which two settings should you configure from the Azure Active Directory blade? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
You need to capture the required information for the sales department computers to meet the technical
requirements.
Which Windows PowerShell command should you run first?
You need to recommend a solution to meet the device management requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you use to meet the technical requirements for Azure DevOps?
You need to resolve the performance issues in the Los Angeles office.
How should you configure the update settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the device management requirements for the developers.
What should you implement?
You need to meet the OOBE requirements for Windows AutoPilot.
Which two settings should you configure from the Azure Active Directory blade? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
What should you upgrade before you can configure the environment to support co-management?
You implement the planned changes for Connection1 and Connection2
How many VPN connections will there be for User1 when the user signs in to Device 1 and Devke2? To answer select the appropriate options in the answer area.
NOTE; Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
User1 and User2 plan to use Sync your settings.
On which devices can the users use Sync your settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
