Question
click below
click below
Question
Normal Size Small Size show me how
MS-102 Exam
MS-102: Microsoft 365 Administrator Practice questions
Question | Answer |
---|---|
You need to ensure that all the devices have the latest updates installed.What tool can you use to manage Windows Updates on all devices? | Microsoft Intune |
You need to ensure that all devices meet the compliance requirements. What tool can you use to monitor and manage device compliance? | Microsoft Intune |
You are a modern desktop administrator for a small business organization. The organization needs to purchase new devices and install Windows on them. Which Windows Edition is the most suitable choice for the organization, considering its size and budget? | Windows 10 Pro |
You are a desktop administrator for a large enterprise organization. The organization has a mix of devices are running the latest version of Windows and receive regular updates. Which Windows edition allows you to manage Windows updates on all devices? | Windows 10 Enterprise |
You need to manage user accounts and access to Microsoft 365 services. Which service can you use for user and access management? | Azure Active Directory (Azure AD) |
You need to ensure that all devices are joined to a domain and users are authenticated using multi-factor authentication (MFA). Which Azure AD features can you use to meet the requirements? | Azure AD Conditional Access |
You need to ensure that only authorized users can access sensitive data and applications. Which Azure AD features can you use to manage access to resources? | Azure AD Identity Protection |
You need to ensure that all employees can access Microsoft 365 services using their corporate credentials. Which Azure AD features can you use to enable single sign-on (SSO) for Microsoft 365 services? | Azure AD Connect |
Your org is implementing a bring-your-own-device (BYOD) policy. You need to ensure that these devices are enrolled in the org's mobile device management (MDM) solution and meet security/compliance policies. Which enrollment method should you recommend? | user-driven enrollment |
You need to enroll Windows devices in the MDM solution using Configuration Manager. Which of the following Configuration Manager features should you use for device enrollment? | Configuration Manager enrollment profile |
You need to enroll Windows devices in Intune using the Autopilot method. Which of the following is required for Autopilot enrollment? | Azure AD Account |
You need to enroll iOS devices in Intune using the Apple Device Enrollment Program (DEP). Which of the following is a benefit of using DEP for device enrollment? | Allows for automatic device registration in Intune |
You need to configure a device profile for all Windows 10 devices that prevents users from using USB storage devices. Which type of device profile should you configure in Intune? | Device restrictions |
You need to ensure that all devices have a device profile applied that enforces a PIN requirement for device access. Which Intune feature should you use to monitor compliance with this requirement? | Device compliance policy |
You need to ensure that a user's profile settings are backed up and restored to their device after a device reset. Which Intune feature should you use to the accomplish this? | User state migration tool (USMT) |
You need to ensure that users can only access corporate data through approved applications. Which Intune feature should you use to accomplish this? | Intune app protection policies |
You need to ensure that users can install and use only approved applications on their devices. Which Intune feature should you use to accomplish this? | Intune mobile application management policies |
You need to ensure that the latest version of a critical application is available on all company devices. Which of the following deployment methods would you choose to achieve this goal? | Required deployment |
You need to deploy a new application to a group of users but want to ensure that they can only install it if their device meets certain requirements. Which of the following features should you use to achieve this? | App protection policies |
You need to ensure that users have access to the required applications, but you also want to limit their access to only the necessary apps. Which of the following features should you use to achieve this? | Mobile application management policies |
You need to ensure that users have access to the latest versions of the applications. Which of the following features should you use to achieve this? | Update policies |
Your organization wants to ensure that users' passwords meet complexity requirements and are changed regularly. Which of the following features should you use to achieve this in Azure Active Directory? | Password policies |
Your organization is concerned about the risk of compromised credentials and wants to implement an additional layer of authentication for accessing sensitive data. Which of the following features should you use to achieve this in Azure Active Directory? | Multi-factor authentication |
As an endpoint administrator using Azure AD for ID management, you are configuring access to sensitive business apps for new employees. This group should only have access during business hours on company devices. Which solution would you recommend? | Configure Conditional Access Policies |
You need to ensure that all devices comply with the company's security policies before they are allowed to access company resources. Which of the following Intune features should you use to accomplish this? | Compliance policies |
You have configured a compliance policy that requires devices to have the latest security updates installed. Several devices are still non-compliant. What is the most likely cause of the issue? | The security updates are not yet available for the devices. |
You have configured a compliance policy that requires devices to have a passcode set. You receive a report that some devices are non-compliant even though they have a passcode set. What is the most likely cause of the issue? | The devices have a weak passcode |
You are tasked with generating compliance reports using Microsoft Endpoint Manager. What is the correct way to generate these reports? | Use the Compliance Policies dashboard to generating the reports |
Your organization has implemented a device compliance policy that requires devices to have a passcode of a certain length. You have received a report that some devices are not compliant. What is the correct action to take? | Re-evaluate the compliance policy to ensure it is configured correctly |
You need to ensure that all devices have encryption enabled to protect the data. Which solution should you use to meet this requirement? | BitLocker |
You want to ensure that users cannot copy company data to an external USB drive. Which solution should you use to meet this requirement? | Windows Information Protection (WIP) |
A user reports suspicious email with a link they clicked on. Their device may have been compromised. What action should you take to investigate the incident using Microsoft Defender for Endpoint? | Initiate a device investigation to gather evidence and determine the extent of the compromise. |
What action should you take to deploy the latest version of Microsoft Defencer for Endpoint to all devices in your organization? | Use Microsoft Endpoint Configuration Manager to deploy the latest version of Microsoft Defender for Endpoint |
One of your colleagues reports that their Windows device is infected with malware. What steps should you take to manage MS Defender in the Windows client to help remediate this issue? | Run a quick scan in MS Defender |
You need to configure MS Defender in Windows client to exclude a specific file or folder from scanning. What steps should you take? | Open MS Defender, click on "Settings", then click on "Exclusions" and select "Add or remove exclusions". |
You need to ensure that all cloud app activities are monitored for security purposes. Which tools should you use to achieve this goal? | Microsoft Cloud App Security |
You want to enable your users to securely share files while maintaining control over who can access them. Which of the following tools would you use to achieve this goal? | Microsoft Information Protection |
What tool can you use to assess Windows 10 endpoints' compatibility with Windows Autopilot deployment? | Windows Autopilot for existing devices |
Which tool can you use to inventory the software and hardware configurations of Windows-based computers in your organiation? | Configuration Manager |
You need to deploy Windows 10 on 50 devices in your organization, which tool will you use to create a custom Windows 10 image that includes your company's specific settings and applications? | Microsoft Deployment Toolkit (MDT) |
You are planning to deploy Windows 10 using Microsoft Deployment Toolkit (MDT) Which of the following steps is not part of the deployment process? a. Create deployment share b. Importing an O/S c. Create bootable media d. Deploying image | Creating a bootable media |
You need to deploy a software update to a group of Windows 10 devices in your organization. Which step should you perform in MS Config Manager to achieve this? | Create a device collection, add the devices to it, and then deploy the software update to the collection. |
You want to deploy an O/S image to a new device using MS Config Manager. Which of the following components is required to perform this task? a. Windows Deployment Services (WDS) b. MS Deployment Toolkit (MDT) c/d. Config Manager Client/Server Package | Windows Deployment Services (WDS) |
Your organization is planning to deploy new devices for remote workers. You want to ensure the devices are configured with the necessary settings and applications before being shipped to the end users. Which tool should you use to accomplish this goal? | Windows Autopilot |
Your organization has recently adopted a new cloud-based device deployment strategy. You need to choose a method that can dynamically manage and update device configurations based on user and group memberships. Which deployment method should you choose? | Intune Autopilot |
Your company is planning to transition to modern endpoint management using MS Endpoint Manager. You need to plan the transition process. What is the first step you should take in this process? | Review your existing policies and procedures to ensure that they align with modern endpoint management best practices. |
You are an endpoint administrator at a company that has recently adopted Windows 365. You need to manage the Windows 365 deployments for your organization. Name one task that can be performed using the Windows 365 admin center. | Create and configure device profiles |
You are an Endpoint Admin and your organization wants to provide secure and reliable remote desktop access to its employees using Azure Virtual Desktop. You need to configure the necessary resources for this. What is the first step you should take? | Create a virtual network and subnet for the VM |
A company has recently deployed Windows 10 on all the desktop computers in their organization. They have asked you to recommend an upgrade method for their current Windows 7 laptops. What is one of the better options to achieve this? | Use Microsoft Deployment toolkit to deploy a custom image of Windows 10 to the laptops. |
A company has recently implemented MS Endpoint Manager (MEM) and is planning to use it to manage their Windows 10 devices. They want to enable automatic enrollment of devices into MEM. Which of the following is required to enable automatic enrollment? | Azure AD Premium P1 license |
You are a system admin who needs to choose an appropriate edition of Windows for an enterprise environment. Which Windows edition should you choose if you need to support running virtual machines on a workstation? | Windows 10 Enterprise |
As an Endpoint Admin, you need to deploy a Windows-based kiosk device that runs a single application and has limited access to the O/S. Which Windows editions should you choose for this scenario? | Windows 10 in S mode |
You have received a request from your manager to disable a user account that is no longer required in the organization. What is the correct sequence of steps to follow in order to disable the user account in Azure AD? | Search for the user account-->Click on More-->Click on Block sign-in-->Confirm the action |
You have received a request from your manager to create a new user account in Azure AD. Which of the following is the correct sequence of steps that you should follow to create the new user account in Azure AD? | Click on Users --> Click on New User --> Enter the user details -->Click on Save |
Directory for ID Management. You need to configure the self-service password reset policy. You want to ensure that users are prompted to register their mobile phone number while signing up for password reset. What authentication method should be used? | SMS authentication |
You need to provide access to a group of users to a specific application in Azure. However, you do not want these users to have access to other applications in Azure. Which type of access management should you configure? | Role-based access control (RBAC) |
What is the most secure authentication method that should be used for device enrollment in Microsoft Endpoint Manager? | Certificate-based authentication |
You want to enroll a new device in Configuration Manager using the "Bring Your Own Device" (BYOD) method. Which of the following is a requirement for this type of enrollment? | The device must have a valid PKI certificate. |
Only authorized users can enroll devices using their credentials. How do you ensure this? a. Specific Azure AD group members can enroll devices b. Any user can enroll devices c. User with one-time enrollment token d. Require cert for device enrollment | Allow only users who are members of a specific Azure AD group to enroll devices |
To ensure that devices are automatically enrolled into Intune when they are joined to Azure AD, what options should you configure in Azure? a. Auto enrollment b. Conditional Access c. Device Compliance Policies d. Mobile Device Management Authority | Automatic Enrollment |
You want to configure a device profile that allows users to access corporate resources but limits their ability to download or install apps. Which device profile should you create? | Device Restriction Profile |
You need to configure a device profile to prevent users from accessing the camera on their company-owned devices. Which profile settings should you use? | Device Security --> Camera --> Block |
As an IT Admin, you configure a profile for a group of users requiring access to specific apps and settings on their devices. Which type of profile should you use? a. User b. Device c. Shared device configuration d. Endpoint protection | User profile |
To configure an app protection policy for the company's sensitive data, what option should you select? a. Block screen capture b. Allow app transfer to other users c. Allow app to transfer data to other apps d. Allow jailbroken or rooted devices | Block screen capture |
The company has a custom app that they want to deploy to their devices. What is the maximum size of the app that can be deployed via Microsoft Intune? | 100 MB |
Using MS Endpoint Configuration Manager, you deploy an application requiring a specific version of .NET framework. What is the best way to ensure the required version is installed on devices prior to deployment? | Use a detection method to check if the required version of .NET Framework is installed on the devices. |
When deploying new versions of apps to devices, they require a newer version of a DLL file that is not on some devices. Using MS Endpoint Configuration Manager to deploy. How can you ensure that the required DLL file is isntalled prior to deployment? | Include the DLL file in the application package. |
You are the Endpoint Admin using MS Endpoint Config Manager for app management. A new application needs to be installed to all managed devices. It is a large file, and you want to minimize the impact on the network. Which deployment method should you use? | Microsoft Endpoint Configuration manager Distribution Point |
You are responsible for managing endpoint apps with a strict security policy. To ensure that only approved apps can be installed, which feature should you use? | Microsoft Store for Business |
You have been tasked with configuring password policies to ensure IDs are protected. What is true regarding pwd policies? a. Can be set to never expire b. Must be changed every 180 days c. Can be set using simple words d. Can be set to use only # | Passwords must be changed every 180 days |
When implementing multi-factor authentication (MFA) for all user accounts, which method is valid for MFA in Azure Active Directory? a. Phone call verification b. Captcha verification c. SMS verification d. Email verification | Phone call verification |
After adopting Zero Trust security models to ensure security across all devices, you need to ensure authentication before granting access to company resources. Which authentication method should you use? a. Passwords b. Biometric Authentication c. MFA | Multi-factor authentication (MFA) |
You need to ensure that temporary contractors have access to specific resources only. To regulate their access, which Azure AD feature should you use? a. Conditional Access b. Privileged ID Management c. Azure AD ID Protection d. Azure AD B2B collab | Azure AD B2B collaboration |
To ensure that all mobile devices that access company data requires encryption, which action should you take? | Create a device compliance policy with the required encryption setting and assign it to all mobile devices |
To ensure that all Windows 10 devices are compliant with the Bitlocker enabled requirement which method should you use to check compliance? | Check the Device Security dashboard in the Microsoft Endpoint Manager admin center |
To generate a compliance report for Windows 10 devices that include the status of all updates, patches, and security features, which tool would you use? a. MS Endpoint Config Manager b. MS Intune c. Windows Analytics | Windows Analytics |
To generate a report that shows the software installed on all devices managed by MEM in your organization, which report should you generate? a. Software inventory b. Hardware Inventory c. Compliance d. Configuration Manager Dashboard | Software inventory report |
To deploy data protection to all devices in the organization to prevent leakage, which of the following solutions should you choose? a. BitLocker Drive Encryption b. Windows Defender Firewall c. Windows Defender Antivirus d. MS Defender for Endpoint | BitLocker Drive Encryption |
To ensure that all remote laptops are protected against unauthorized access in case of theft or loss, which solution should you use? a. Windows Defender Firewall b. MS Defender for Endpoint c. BitLocker Drive Encryption d. Windows Hello | BitLocker Drive Encryption |
A User reports that their computer is running slowly and suspects malware. Using the company's MS Defender for Endpoint, what is the first step to take? | Check device history in MS Defender Security Center |
Using MS Defender for Endpoint: To attack surface reduction rules to protect against various types of attacks, what is a feature of attack surface reduction rules that would assist with this issue? | They block potentially unwanted applications from running. |
MS Defender Antivirus: You want to exclude a specific folder on all Windows client devices. What option available in MS Defender Antivirus allows you to achieve this? | Use MS Intune to deploy a policy that configures exclusions for the specific folder on all Windows client devices. |
MS Defender for Endpoint: To configure the detection and response to a specific type of threat, which option should you use to achieve this? | Use MS Intune to deploy a policy that configures the threat detection and response settings on all Windows client devices. |
MS Defender for Cloud Apps: To manage security policies for cloud apps, which process should be used to create a new security policy? | Open MS 365 Defender portal and click on Security Policy. Select Cloud App and click create policy. |
MS Defender for Cloud Apps: To protect your organization's cloud apps, which type of policy can you configure? | Cloud app security policies |
Organizational Deployment Readiness Assessment: What tools can you use to figure out which computers in your network support the latest version of Windows 10? | Microsoft Assessment and Planning (MAP) Toolkit |
Organizational Deployment Readiness Assessment: What tools can you use to find computers in your network that are compatible with Windows 10? | Windows Assessment and Deployment Kit (ADK) |
MS Deployment Toolkit: Your organization mandates MS Office 365 be pre-installed. To deploy Windows 10 to a select few computers in your organization what is the correct sequence of steps to achieve this? | Create a task sequence that includes the Windows 10 installation and Office 365 installation, and then deploy the task sequence to the target devices. |
MS Deployment Toolkit: To deploy Windows 10 to multiple devices, you need to ensure efficiency, and that updates include the latest software and security patches. What is the sequence of steps to achieve this? | Create a task sequence that includes the Windows 10 installation and then use Windows Server Update Services (WSUS) to manage software updates and security patches. |
MS Configuration Manager: To ensure that clients have the required dependencies prior to deploying a package, which feature should you use? | Baseline configuration |
MS Configuration Manager: To ensure that applications are installed only if the computer meets specific requirements (processor speed, RAM or HD Space) What feature should you use to achieve this? | Requirements |
EPM Admin Role: Using Windows Autopilot for deployments, you prep your devices and have uploaded their information to the MS EPM Admin Center. What is the next step to complete the deployment process? | Assign profiles to the devices |
EPM Admin Role: To deploy Windows 10 devices using Autopilot, you implement a dynamic method to make the process more efficient. Which option would you choose to achieve this? | Windows Autopilot for white glove deployment |
Transition to Modern EPM using MS SCCM: When planning the transition, which option should you consider for the transition? | Continue to use SCCM and Intune in a hybrid configuration |
Windows 365 Deployment: To ensure that security requirements are met, which security feature is not supported in W 365? a. Windows Hello for business b. Bitlocker Drive Encryption c. Device Guard d. Credential Guard | Credential Guard |
Azure Virtual Desktop as Sys Admin: To ensure that apps are only accessible to specific users, which step do you perform to achieve this? a. Assign app to app group and grant access to users b. Install the app on each user's device individually | Assign app to app group and grant access to users |
With Windows 10 Enterprise: To configure the Windows 10 Start menu for all users, which method do you use? a. Group Policy Object (GPO) b. Registry Editor c. Windows PowerShell d. all of the above | All of the above |
With Windows 10 Enterprise: To configure Windows update settings for all devices to ensure automatic security updates without restart, which option should you select? a. Automatic (recommended) b. Notify to schedule restart c. Never check for updates | Notify to schedule restart |
EPM Admin with multiple editions of Windows: To deploy new version of Windows to all devices and ensure compatibility, which tool will help to determine compatibility? a. Windows Assessment and Deployment Kit (ADK) b. Windows Upgrade Analytics | Windows Upgrade Analytics |
EPM Admin using WIndows 10 Pro: To upgrade all devices to Windows 10 Enterprise using Windows Configuration Designer to create an upgrade package, which step should you take before creating the upgrade package? | Check if the devices meet the hardware requirements for Windows 10 Enterprise |
Azure Active Directory (Azure AD) implementation: OS installs include Windows 10, MacOS and iOS devices. Which authentication method is recommend for iOS devices? a. Password hash synchronization b. Certificate-based authentication | Certificate based authentication |
With a recent migration using on-prem Active Directory (AD) ingrastructure to Azure AD, how can you use to enforce the 90 day password renewal policy? a. Password writeback b. Password Hash Sync c. Azure AD Connect Health d. Azure AD ID Protection | Password writeback |
As an EPM Admin managing Azure Active Directory, to ensure that users from both merged organizations can access necessary resources and the appropriate level of access. Using AAD to manage access, which group types should you use? | Dynamic Groups |
As an EPM Admin managing ids in Azure AD, to ensure that users can access Azure resources, when using role-based access control to manage permissions, what is the order of steps to implement this? | Create a resource group>Create a Custom role>Define the scope of the role>Assign the role to a user or group |
As an EPM Admin managing device authentication, to ensure that enrolled devices use secure authentication, what method would you choose for device enrollment? | Certificate-based authentication |
As an EPM Admin enrolling devices on your network, using MS Configuration Manager, what can you enroll? | Both Windows and non-Windows devices |
While enrolling a new device in MS Intune, you notice it has an unsupported OS. What action would you take to remedy this? | Install the supported OS on the device and then enroll it in InTune |
While enrolling a new device in MS Intune, you want to ensure auto-enrollment and correct device configuration. Which of the following actions would you take? a. Assign the device to a user b. Configure the enrollment restrictions for the device. | Configure the enrollment restrictions for the device |
As an EPM Admin implementing new security policies for Windows 10, you are requiring all devices to have BitLocker encryption enabled (256 bit minimum). Which profile type would you use to ensure encryption configuration and deployment? | Device Configuration profile type, deployed to all devices using an enrollment restriction policy. |
As an EPM Admin using InTune for management, you need to ensure that all devices have a specific set of Wi-Fi profiles configured. To configure and enforce these profiles, which action should you perform? | Configure a device profile in Intune that includes the required Wi-Fi profiles and assign it to all devices. |
As an EPM Admin using InTune for management, you need to ensure that users can securely access resources from their devices. What is the best solution for configuring user profiles? | Use the Microsoft Endpoint Manager admin center to create and deploy user profiles. |
Using Microsoft InTune for Mobile Device Management, when deploying new apps to a group, what deployment type should you use to ensure that the installation cannot be uninstalled? | Required |
Using Microsoft InTune for Mobile Device Management, you hear that some users are unable to install a recently deployed app. To troubleshoot the issue, which InTune report should you use to check installation status? | Mobile app devices status |
As an EPM Admin, what deployment method should you use to deploy an app to a group of users with Windows 10 devices? | Microsoft Installer Package |
As an EPM Admin, what method should you use to update applications on Windows 10 devices when the file format is an EXE file? | Microsoft Installer Package |
A user reports that one of their apps is malfunctioning. You suspect it is related to the apps configuration settings. What step should you take to resolve this issue? | Check the application's configuration settings on the user's device. |
While deploying new apps to user groups, you want to ensure the app does not interfere with other apps currently installed on their devices. Which deployment method should you use? | Required Installation |
Using Azure Active Directory, you need to ensure that user's identities are protected and that security policies are being followed. Which Azure AD feature should you enable? | Conditional Access |
After a data breach, you are investigating to find out which users were affected. Which Azure AD feature can you use to view sign-in logs and audit logs for user accounts? | Azure AD Identity Protection |
As an EPM Admin in a large organization using MS 365, you need to enable access for users for specific apps and services in Azure AD. Which access policies should you use to achieve this? | Conditional Access |
As an EPM Admin for a small organization that uses MS 365, to enable secure access to your org's data and resources from outside the corporate network, which of the following features should you use to achieve this? | Azure AD Application Proxy |
Your Windows 10 devices require passwords of at least 8 characters, including upper and lowercase letters and special characters. To enforce this policy, you create a device compliance policy in Microsoft InTune. Which settings should you configure? | Minimum password length and password type |
To ensure that all employees are following the company's Bring your own device (BYOD) policy, requiring users to enroll them in Microsoft Intune, how can you block these devices from accessing corporate data? | Device health |
As an EPM Admin, to ensure all devices are compliant with your company's security policy, what report can you run to get the information you need to monitor and manage device compliance? | InTune Device Compliance report |
As an EPM Admin, what tools can you use to generate detailed inventory reports for all devices? | Configuration Manager |
As an EPM manager of Windows 10 devices, what is the best option to deploy device data protection to ensure that data is protected? | Implement BitLocker drive encryption |
As an EPM Security manager for Windows 10 devices, what is the best way to ensure device compliance with company security policies? | Iimplement conditional access policies |
As an EPM manager of security for organizational devices, what action would you take to configure Microsoft Defender for Endpoint to protect against advanced threats | Configure Endpoint Detection and Response (EDR) capabilities |
As an EPM manager for device security in your organization, what action would you take to configure Microsoft Defender for Endpoint to protect against malware and viruses. | Configure antivirus protection policies |
As an EPM Admin, you want to configure Windows Defender Antivirus to perform periodic full scans. what option would you use to configure MS Defender Endpoint | Local Group Policy Editor |
As the EPM Admin, what option would you use to configure Microsoft Defender Application Guard for specific websites? | Microsoft Endpoint Manager |
The IT Team wants to ensure that their cloud apps are protected from security breaches. What tasks can be performed using Microsoft Defender for Cloud Apps for MS 365 for cloud app management? | Monitoring app usage analytics |
The IT team wants to protect their cloud environment from potential threats using MS Defender for cloud apps. Which feature helps to secure an organization's cloud environment? | Real-time notifications for suspicious activities |
As an EPM Admin, you want to assess the deployment readiness of endpoints prior to initiating deployment. What tool should you use to asses deployment readiness for Windows 10 implementation? | Microsoft Assessment and Planning (MAP) Toolkit |
As an EPM Admin, for Windows 10 deployments, you are using MS Deployment Toolkit (MDT). What is a benefit of using MDT for deployments? | MDT can create custom Windows images that include updates, drivers and applications. |
As an IT Admin, you are deploying Windows 10 on a large number of devices using the Microsoft Deployment Toolkit (MDT). What is a benefit of using MDT for deployments in this situation? | MDT can customize deployment images based on hardware specifications. |
As an IT Admin, you have created a custom deployment image to test prior to deploying to a large number of devices using Microsoft Deployment Toolkit (MDT). What is the correct method to test the deployment image using MDT? | Use the MDT Deployment Workbench to create a task sequence and deploy the image to a test device. |
As an EPM, you have created a task sequence and specified the OS image to use for Windows 10 deployment to several devices using MS Configuration Manager. What should you do to specify the device drivers for each device? | Create a driver package and specify it in the task sequence |
As an EPM Admin, you need to ensure that devices meet minimum hardware requirements for the OS. What should you do to deploy Windows 10 to several devices using MS Configuration Manager and meet these requirements? | Use the System Center Configuration Manager hardware inventory feature to collect hardware information from each device. |
A new employee needs to be added to the system. After his device is added to newly added autopilot deployment profile and is assigned to their user account in Azure Active Directory (AAD), the user reports that apps are missing. What could be the cause? | The autopilot profile is not configured correctly. |
As an EPM Admin, you are investigating the use of dynamic deployment methods while ensuring that users have the latest updates and apps using MS EPM. What dynamic deployment method should you use? | Windows Update for Business |
As an EPM Admin for an organization with both Windows and Mac OS devices, you need to plan a deployment strategy for the Windows 10 devices. Which approach is recommended for this? | Use the Windows Autopilot deployment profile and leverage Azure Active Directory join. |
As an EPM Admin, you are migrating to Windows 365 and want to ensure that devices can access Windows 365 efficiently. What is the most appropriate action to take? | Verify that the company's devices meet the Windows 365 hardware and software requirements |
As an EPM Admin, you are planning on deploying Azure Virtual Desktop . What is a prerequisite for setting up Azure Virtual Desktop? | A virtual machine running Windows Server 2019 with the Remote Desktop Services (RDS) role installed. |
The IT team is considering different desktop management solutions for your organization, including MS Intune and System Center Configuration Manager (SCCM). After the IT team has completed research and testing, they recommend MS Intune. Do you agree? | Agree |
The IT Team has been asked to find a new solution to replace your current 3rd EPM tool. They believe that MS EPM is the best solution. Do you agree? | Agree |
A new business app that requires Windows 10 Enterprise means that all current devices will have to be upgraded to the same OS. Using Win10 upgrade paths and Enterprise ISO file or VLC for product keys. Do you agree with this solution? | Agree |
To upgrade devices from Windows 7 and 8.1 Pro, the IT team is planning on using the Win 10 upgrade assistant to download all necessary updates and drivers while preserving user data and apps. Do you agree with this approach? | Agree |
As an EPM Admin, you must manage devices using Azure Active Directory (Azure AD). A colleague suggests using group based licensing for end users to simplify the process. Do you agree? | Agree |
The IT team wants to implement Azure Active Directory (AAD) to manage user identities and provide SSO to cloud based applications. Some team members suggest using the built in AAD IDs or external ID providers (Google, Facebook). Do you agree? | Disagree |
To ensure that only authorized devices are allowed to enroll in the org's MS Intune service, you are thinking about using a Group Policy Object to configure the Device Registration Service. Is this a good solution? | Agree |
A company plans to enroll devices using MS Config Mngr using auto enrollment for all devices. The admin believes this will save time and effort and avoid the need for manual enrollment. Is this a good solution? | Disagree |
As an EP Admin using MS Intune, you need to enroll all devices in the company network without user intervention. You decide to use the device enrollment manager in Intune to do this. Is this a good solution? | Disagree |
To ensure security and consistency, you need to configure device profiles on new Windows 10 devices. You decide to create a profile to enforce a strong password policy. However, some users report that their devices are not asking for a password. Why? | There may be some conflicting policies between the group policy and the profile. |
As an EP Admin you are reviewing a device profile that specifies mandatory proxy server for all devices. Some users can't access certain websites and applications using this server. Is it a good idea to disable the mandatory proxy server for these users? | Disagree |
When deploying mobile apps using MS Intune, one app requires a specific version of iOS not supported by some company devices. Should you block the application from being installed? | Agree |
Using MS EP Config Mngr, you are deploying a new app to all windows 10 devices. The app requires a specific version of the .NET framework that is not installed on some devices. Should you deploy the framework using PowerShell script prior to pushing apps? | Agree |
As the EP Admin, you hear that some users cannot access updated versions of applications that were deploying using MS Intune. The versions in question have been successfully deployed in Intune. What might be the issue and the solution? | Devices are not receiving updated policies from Intune. You can perform a manual policy refresh or configure more frequent policy refreshes. |
Users are reporting application update fails on their devices after a recent push of application updates using MS EP Config Mngr. What might be the issue and the solution? | There may be conflicts between the new application update and existing applications on the devices. Create a dependency rule for the new app update and the existing apps. |
Users are reporting that they cannot install a newly deployed line-of-business application on their devices. This app was deployed through MS Store for Business. The apps meet the minimum device requirements. What might be the issue and the solution? | Check user group membership for app installations. If they are not members, add them to the authorized group |
Users are reporting issues with a recently deployed application, and are unable to use it. What might be the issue and the solution? | Verify the application's compatibility with the O/S and install the latest updates |
Using Azure AD for authentication to enable passwordless auth for users, the company decides to implement Windows Hello for business. Is this a good solution? | Agree |
Using Azure AD as ID provider to ensure user compliance with security policies, the company has decided to restrict access sensitive data based on user location using conditional access policies. Is this a good solution? | Agree |
Using Azure AD for ID Management and Authentication, they want to give external partners conditional access to sensitive data. What would be a good solution? | Create guest accounts in Azure AD for each external partner and assign them appropriate permissions. |
Concerned about EP security and industry regulation compliance, the company decides to implement conditional access policies that require multi-factor authentication for all users/devices accessing corporate resources. Is this a good solution? | Agree |
Users are reporting issues with their devices not being compliant, even though they are compliant with the recently implemented policies. Should the compliance policies be adjusted to resolve this issue? | Agree |
Users are reporting issues with their devices not being able to encrypt data after a recent policy implementation requiring encryption to access company resources. Should users be provided with new devices that support encryption? | Disagree |
To ensure that devices are up to date with the latest security patches and policies, you need to generate a report of all non-compliant devices in your organization. Would configuring compliance policies in MS Intune solve the issue without reporting? | Agree |
To ensure device updates are current for security and policy, you have configured compliance policies in MS Intune to enforce device compliance. Is this a good solution? | Agree |
To protect Windows 10 device data, Bitlocker encryption has been implemented on all devices. To prevent users from disabling this or using weak encryption methods, they propose deploying MS Defender for Endpoint to enforce encryption. Will this work? | Agree |
Your organization is concerned about the security of devices that are shared by multiple users, such as kiosk devices. Would implementing Windows Hello for Business with Dynamic Lock to automatically lock the device when unused work as a solution? | Agree |
Some devices are not receiving security updates, and this raises concerns about security breaches. Using Microsoft Defender for Windows client, how can you ensure that all devices are up to date on security? | Deploy the latest Windows Update and security patches using Windows update for business |
Some devices are showing high levels of CPU usage, affecting performance, potentially due to the real-time protection feature of Microsoft Defender. Would excluding certain files and folders from real-time protection be a good solution? | Agree |
To ensure that all cloud app traffic is monitored and protected against security threats, you propose using Microsoft Defender for Cloud Apps to secure cloud app traffic. Is this a good solution? | Agree |
After a data breach from an insecure cloud app, you need to take immediate action to prevent future breaches. Would using Microsoft Defender for Cloud Apps to ID and remediate vulnerabilities in cloud app security? Is this a good solution? | Agree |
During Windows 10 device deployments using Windows Autopilot, some devices are failing to enroll in Azure Active Directory, and not being auto configured with apps and policies. What is a good solution for this? | After verifying registration and configuration with AAD, check for connectivity issues and service disruptions. Remediate any issues found. |
To implement dynamic deployment methods for a large organization with various devices and groups, which methods would be the most effective? How would you approach this solution? | First, assess specific organizational needs; Microsoft Intune is good for an org with a large number of remote or mobile users. MS EP Mngr is good if there is a mix of Windows and non-Windows devices. |
While transitioning a company to modern endpoint management, you have identified some legacy apps that may not work in the new environment. How would you approach this solution? | Assess compatibility for legacy apps in the new environment. For apps that are incompatible, research options to bridge needs, such as compatibility shims, upgrading to a newer version of the app, or using virtualization techniques. |