Microsoft Microsoft Certifications MD-102 Questions & Answers
Question 131:
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. You have the groups shown in the following table.
Which groups can you add to Group4?
A. Group2 only
B. Group1 and Group2 only
C. Group2 and Group3 only
D. Group1, Group2, and Group3
Correct Answer: A
A similar question was on the learn.microsoft.com website.
"You can add only domain security groups as members to Windows local groups. You cannot nest local Windows groups, and you cannot add domain distribution groups as members of local Windows groups. "
Group 4 is a local group therefore Universal Distribution Groups cannot be nested.
Group 4 is a local group therefore other local Groups cannot be nested.
Question 132:
Your network contains an Active Directory domain. The domain contains a user named Admin1. All computers run Windows 10.
You enable Windows PowerShell remoting on the computers.
You need to ensure that Admin1 can establish remote PowerShell connections to the computers. The solution must use the principle of least privilege.
To which group should you add Admin1?
A. Access Control Assistance Operators
B. Remote Desktop Users
C. Power Users
D. Remote Management Users
Correct Answer: D
Remote Management Users Group provides the effective rights for PS remote/remote connection. Remote Desktop Users doesn't, would also require also having local Administrator permission, not least privilege having two roles where one defined role will do.
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_requirements?view=powershell-7.3 User permissions - To create remote sessions and run remote commands, by default, the current user must be a member of the Administrators group on the remote computer or provide the credentials of an administrator. Otherwise, the command fails.
Question 133:
You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined Windows devices. All the devices are enrolled in Microsoft Intune. You need to configure Delivery Optimization on the devices to meet the following requirements:
1.
Allow downloads from the internet and from other computers on the local network.
2.
Limit the percentage of used bandwidth to 50. What should you use?
A. a configuration profile
B. a Windows Update for Business Group Policy setting
C. a Microsoft Peer-to-Peer Networking Services Group Policy setting
D. an Update ring for Windows 10 and later profile
Correct Answer: A
Delivery Optimisation through Configuration Profile in Intune
Question 134:
You have a Microsoft 365 E5 subscription and 25 Apple iPads.
You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollment method.
What should you do first?
A. Configure an Apply MDM push certificate.
B. Add your user account as a device enrollment manager (DEM).
C. Modify the enrollment restrictions.
D. Upload a file that has the device identifiers for each iPad.
Correct Answer: A
Set up iOS/iPadOS device enrollment with Apple Configurator
Prerequisites
Physical access to iOS/iPadOS devices
Set MDM authority
An Apple MDM push certificate
Device serial numbers (Setup Assistant enrollment only)
USB connection cables
macOS computer running Apple Configurator 2.0
Note:
Upload and renew your Apple MDM push certificates in Microsoft Intune. An Apple MDM Push certificate is required to manage iOS/iPadOS and macOS devices in Microsoft Intune, and enables devices to enroll via:
The Intune Company Portal app.
Apple bulk enrollment methods, such as the Device Enrollment Program, Apple School Manager, and Apple Configurator.
You use Microsoft Intune and Intune Data Warehouse.
You need to create a device inventory report that includes the data stored in the data warehouse.
What should you use to create the report?
A. the Company Portal app
B. Endpoint analytics
C. the Azure portal app
D. Microsoft Power BI
Correct Answer: D
Super easy start with reporting and the Intune Data Warehouse
Method 1: Load data using OData URL
The first method is loading data by using the OData URL.
Method 2: Load data and reports using Power BI file (pbix)
The second method is loading data and prebuilt reports using a downloaded Power BI file (pbix). That file contains the connection information for the tenant and contains a set of prebuilt reports based on the Intune Data Warehouse data
Your company uses Microsoft Intune to manage devices.
You need to ensure that only Android devices that use Android work profiles can enroll in Intune.
Which two configurations should you perform in the device enrollment restrictions? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From Platform Settings, set Android device administrator Personally Owned to Block.
B. From Platform Settings, set Android Enterprise (work profile) to Allow.
C. From Platform Settings, set Android device administrator Personally Owned to Allow.
D. From Platform Settings, set Android device administrator to Block.
Correct Answer: BD
Set up enrollment of Android Enterprise personally-owned work profile devices
Set up enrollment for bring-your-own-device (BYOD) and personal device scenarios using the Android Enterprise personally-owned work profile management solution. During enrollment, a work profile is created on the device to house work
apps and work data. The work profile can be managed by Microsoft Intune policies. Personal apps and data stay separate in another part of the device and remain unaffected by Intune.
Set up enrollment
Complete these steps to set up enrollment for Android Enterprise devices in BYOD scenarios.
1.
Sign in to the Microsoft Intune admin center.
2.
Go to Devices > Enrollment device platform restrictions to set up enrollment restrictions. By default, Android Enterprise work profile is marked as allowed for personal devices enrolling in Intune. You can allow or block enrollment in device platform restrictions. Your options:
Block: Personal devices that enroll will use the Android device administrator management solution, unless device administrator enrollment is also blocked.
Allow (set by default): Personal devices that support the work profile management solution will enroll with a work profile. Android devices that don't support Android Enterprise are enrolled using the Android device administrator solution, unless device administrator enrollment is blocked.
Any device that supports Android Enterprise personal work profiles also supports the Android device administrator management solution, so if you don't want Android device administrator to be a part of enrollments, make sure to block the platform.
You have a Microsoft 365 E5 subscription. The subscription contains 25 computers that run Windows 11 and are enrolled in Microsoft Intune.
You need to onboard the devices to Microsoft Defender for Endpoint.
What should you create in the Microsoft Intune admin center?
A. an attack surface reduction (ASR) policy
B. a security baseline
C. an endpoint detection and response (EDR) policy
D. an account protection policy
E. an antivirus policy
Correct Answer: C
Onboard Windows devices to Defender for Endpoint using Intune
Enable Microsoft Defender for Endpoint in Intune
The first step you take is to set up the service-to-service connection between Intune and Microsoft Defender for Endpoint. Set up requires administrative access to both the Microsoft Defender Security Center, and to Intune.
Onboard Windows devices
(After you connect Intune and Microsoft Defender for Endpoint, Intune receives an onboarding configuration package from Microsoft Defender for Endpoint. You use a device configuration profile for Microsoft Defender for Endpoint to deploy
the package to your Windows devices.
The configuration package configures devices to communicate with Microsoft Defender for Endpoint services to scan files and detect threats. The device also reports its risk level to Microsoft Defender for Endpoint based on your compliance
policies.
After onboarding a device using the configuration package, you don't need to do it again.)
You can also onboard devices using:
*-> Endpoint detection and response (EDR) policy. Intune EDR policy is part of endpoint security in Intune. Use EDR policies to configure device security without the overhead of the larger body of settings found in device configuration profiles.
You can also use EDR policy with tenant attached devices, which are devices you manage with Configuration Manager.
You have devices enrolled in Microsoft Intune as shown in the following table.
To which devices can you deploy apps by using Intune?
A. Device1 only
B. Device1 and Device2 only
C. Device1 and Device3 only
D. Device1, Device2, and Device3 only
E. Device1, Device2, Device3, and Device4
Correct Answer: D
Question 139:
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a network share. You start Computer1 from Windows PE (WinPE), and then you run setup.exe from the network share.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Question 140:
You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace.
Which three types of data can you collect from the computers by using Log Analytics? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. failure events from the Security log
B. the list of processes and their execution times
C. the average processor utilization
D. error events from the System log
E. third-party application logs stored as text files
Correct Answer: CDE
E: The Custom Logs data source for the Log Analytics agent in Azure Monitor allows you to collect events from text files on both Windows and Linux computers. Many applications log information to text files instead of standard logging services, such as Windows Event log or Syslog. After the data is collected, you can either parse it into individual fields in your queries or extract it during collection to individual fields.
D: Collect Windows event log data sources with Log Analytics agent Windows event logs are one of the most common data sources for Log Analytics agents on Windows virtual machines because many applications write to the Windows event log. You can collect events from standard logs, such as System and Application, and any custom logs created by applications you need to monitor.
C: Summary of data sources The following table lists the agent data sources that are currently available with the Log Analytics agent. Each agent data source links to an article that provides information for that data source. It also provides information on their method and frequency of collection.
*
Performance counters Performance counters in Windows and Linux provide insight into the performance of hardware components, operating systems, and applications. Azure Monitor can collect performance counters from Log Analytics agents at frequent intervals for near real time analysis. Azure Monitor can also aggregate performance data for longer-term analysis and reporting.
*
Etc.
Log queries with performance records The following table provides different examples of log queries that retrieve performance records. Example, CPU utilization across all computers Query: Perf | where ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total" | summarize AVGCPU = avg(CounterValue) by Computer Average
B: The following table lists the objects and counters that you can specify in the configuration file. More counters are available for certain applications.
*
Processor, % Processor Time
*
Processor, % User Time
*
Etc.
Incorrect:
Not A: Not from the Security log.
Important
You can't configure collection of security events from the workspace by using the Log Analytics agent. You must use Microsoft Defender for Cloud or Microsoft Sentinel to collect security events. The Azure Monitor agent can also be used to
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your MD-102 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
