MD-102 無料問題集「Microsoft Endpoint Administrator」
Hotspot Question
You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 10.
You need to modify the deployment share to meet the following requirements:
- Ensure that the user who performs the installation is prompted to set the local Administrator password.
- Define a rule for how to name computers during the deployment.
The solution must NOT replace the existing WinPE image.
Which file should you modify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 10.
You need to modify the deployment share to meet the following requirements:
- Ensure that the user who performs the installation is prompted to set the local Administrator password.
- Define a rule for how to name computers during the deployment.
The solution must NOT replace the existing WinPE image.
Which file should you modify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: CustomSettings.ini -
You can skip the entire Windows Deployment Wizard by specifying the SkipWizard property in CustomSettings.ini. To skip individual wizard pages, use the following properties:
SkipAdminPassword -
Etc.
Note: The CustomSettings.ini file includes for example:
AdminPassword=pass@word1 -
DomainAdmin=CONTOSO\MDT_JD -
DomainAdminPassword=pass@word1 -
Some properties to use in the MDT Production rules file are as follows:
DomainAdmin. The account to use when joining the machine to the domain.
DomainAdminDomain. The domain for the join domain account.
DomainAdminPassword. The password for the join domain account.
Box 2: CustomSettings.ini -
Example of content in the CustomSettings.ini file:
SkipComputerName=YES -
OSDComputerName=%ComputerName%
Reference:
https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-
10-image-using-mdt
https://docs.microsoft.com/en-us/mem/configmgr/mdt/samples-guide
Case Study 3 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Contoso has a Microsoft 365 E5 subscription.
Environment
Network Environment
The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table.
Contoso has a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The contoso.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices
Contoso has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.
The Compliance policy settings are shown in the following exhibit.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA
MAM user scope: GroupB
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1
Folder protection: Enable
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
- Included groups: Group2, GroupB
Windows Autopilot Configuration
Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Window Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune.
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD
joined.
Deploy a network boundary configuration profile that will have the following settings:
- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- - Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the
following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- - Included groups: Group1, Group2, GroupA
- - Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- - Included groups: GroupA
- - Excluded groups: GroupB
Purchase an app named App1 that is available in Microsoft Store for Business and to assign the
app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Contoso has a Microsoft 365 E5 subscription.
Environment
Network Environment
The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table.
Contoso has a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The contoso.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices
Contoso has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.
The Compliance policy settings are shown in the following exhibit.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA
MAM user scope: GroupB
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1
Folder protection: Enable
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
- Included groups: Group2, GroupB
Windows Autopilot Configuration
Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Window Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune.
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD
joined.
Deploy a network boundary configuration profile that will have the following settings:
- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- - Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the
following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- - Included groups: Group1, Group2, GroupA
- - Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- - Included groups: GroupA
- - Excluded groups: GroupB
Purchase an app named App1 that is available in Microsoft Store for Business and to assign the
app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You add Windows 10 startup and install images to a Windows Deployment Services (WDS) server. You start Computer1 by using WDS and PXE, and then you initiate the Windows
10 installation.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You add Windows 10 startup and install images to a Windows Deployment Services (WDS) server. You start Computer1 by using WDS and PXE, and then you initiate the Windows
10 installation.
Does this meet the goal?
正解:B
解答を投票する
Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. The subscription contains the resources shown in the following table.
User1 is the owner of Device1.
You deploy Microsoft 365 Apps Windows 10 and later app types to Intune as shown in the following table.
The next day you review the results of the app deployments.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. The subscription contains the resources shown in the following table.
User1 is the owner of Device1.
You deploy Microsoft 365 Apps Windows 10 and later app types to Intune as shown in the following table.
The next day you review the results of the app deployments.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that feature and quality updates install automatically during a maintenance window.
Solution: In Group policy, from the Maintenance Scheduler settings, you configure Automatic Maintenance Random Delay.
Does this meet the goal?
You need to ensure that feature and quality updates install automatically during a maintenance window.
Solution: In Group policy, from the Maintenance Scheduler settings, you configure Automatic Maintenance Random Delay.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have a Microsoft 365 E5 subscription and 100 unmanaged iPad devices.
You need to deploy a specific iOS update to the devices. Users must be prevented from manually installing a more recent version of iOS.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to deploy a specific iOS update to the devices. Users must be prevented from manually installing a more recent version of iOS.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:D、E
解答を投票する
Your company has a Microsoft 365 subscription.
The company uses Microsoft Intune to manage all devices. The company uses conditional access to restrict access to Microsoft 365 services for devices that do not comply with the company's security policies.
You need to identify which devices will be prevented from accessing Microsoft 365 services.
What should you use?
The company uses Microsoft Intune to manage all devices. The company uses conditional access to restrict access to Microsoft 365 services for devices that do not comply with the company's security policies.
You need to identify which devices will be prevented from accessing Microsoft 365 services.
What should you use?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Hotspot Question
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Intune to manage devices.
You need to assess device performance during startup and identify any device models that take longer than average to start.
What should you use to assess the device performance, and which portal should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Intune to manage devices.
You need to assess device performance during startup and identify any device models that take longer than average to start.
What should you use to assess the device performance, and which portal should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You have the Microsoft Deployment Toolkit (MDT) installed.
You install and customize Windows 11 on a reference computer.
You need to capture an image of the reference computer and ensure that the image can be deployed to multiple computers.
Which command should you run before you capture the image?
You install and customize Windows 11 on a reference computer.
You need to capture an image of the reference computer and ensure that the image can be deployed to multiple computers.
Which command should you run before you capture the image?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Hotspot Question
You have a Microsoft 365 E5 subscription.
You need to review and implement Microsoft 365 Defender device onboarding. The solution must meet the following requirements:
- View onboarded devices that have the Chromium-based version for
Microsoft Edge installed.
- Download an onboarding package for a Windows 11 device.
- Minimize administrative effort.
Which two settings should you use in the Microsoft 365 Defender portal? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription.
You need to review and implement Microsoft 365 Defender device onboarding. The solution must meet the following requirements:
- View onboarded devices that have the Chromium-based version for
Microsoft Edge installed.
- Download an onboarding package for a Windows 11 device.
- Minimize administrative effort.
Which two settings should you use in the Microsoft 365 Defender portal? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Hotspot Question
You have a Microsoft 365 E5 subscription and use Microsoft Intune.
You purchase 50 Windows devices.
You configure automatic enrollment to Intune for Microsoft Entra joined devices.
You need to use a provisioning package to join the devices to Microsoft Entra.
What should you use to create the provisioning package, and what is the maximum amount of time you can use the package for bulk enrollment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription and use Microsoft Intune.
You purchase 50 Windows devices.
You configure automatic enrollment to Intune for Microsoft Entra joined devices.
You need to use a provisioning package to join the devices to Microsoft Entra.
What should you use to create the provisioning package, and what is the maximum amount of time you can use the package for bulk enrollment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Hotspot Question
You have 100 computers that run Windows 10. You have no servers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).
The computers have different update settings, and some computers are configured for manual updates.
You need to configure Windows Update. The solution must meet the following requirements:
- The configuration must be managed from a central location.
- Internet traffic must be minimized.
- Costs must be minimized.
How should you configure Windows Update? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have 100 computers that run Windows 10. You have no servers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).
The computers have different update settings, and some computers are configured for manual updates.
You need to configure Windows Update. The solution must meet the following requirements:
- The configuration must be managed from a central location.
- Internet traffic must be minimized.
- Costs must be minimized.
How should you configure Windows Update? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that feature and quality updates install automatically during a maintenance window.
Solution: In Group policy, from the Windows Update settings, you enable Configure Automatic Updates, select 4-Auto download and schedule the install, and then enter a time.
Does this meet the goal?
You need to ensure that feature and quality updates install automatically during a maintenance window.
Solution: In Group policy, from the Windows Update settings, you enable Configure Automatic Updates, select 4-Auto download and schedule the install, and then enter a time.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Case Study 2 - Contoso Ltd
Overview
Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
Contoso has the users and computers shown in the following table.
The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.
Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.
The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.
Existing Environment
The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).
All member servers run Windows Server 2016. All laptops and desktop computers run Windows
10 Enterprise.
The computers are managed by using Microsoft System Center Configuration Manager. The mobile devices are managed by using Microsoft Intune.
The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.
Each department has an organization unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.
Intune Configuration
The domain has the users shown in the following table.
User2 is a device enrollment manager (DEM) in Intune.
The devices enrolled in Intune are shown in the following table.
The device compliance policies in Intune are configured as shown in the following table.
The device compliance policies have the assignments shown in the following table.
The device limit restrictions in Intune are configured as shown in the following table.
Requirements
Planned Changes
Contoso plans to implement the following changes:
- Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.
- Start using a free Microsoft Store for Business app named App1.
- mplement co-management for the computers.
Technical Requirements
Contoso must meet the following technical requirements:
- Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.
- Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.
- Monitor the computers in the LEG department by using Windows Analytics.
- Create a provisioning package for new computers in the HR department.
- Block iOS devices from sending diagnostic and usage telemetry data.
- Use the principle of least privilege whenever possible.
- Enable the users in the MKG department to use App1.
- Pilot co-management for the IT department.
You need to meet the requirements for the MKG department users.
What should you do?
Overview
Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
Contoso has the users and computers shown in the following table.
The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.
Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.
The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.
Existing Environment
The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).
All member servers run Windows Server 2016. All laptops and desktop computers run Windows
10 Enterprise.
The computers are managed by using Microsoft System Center Configuration Manager. The mobile devices are managed by using Microsoft Intune.
The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.
Each department has an organization unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.
Intune Configuration
The domain has the users shown in the following table.
User2 is a device enrollment manager (DEM) in Intune.
The devices enrolled in Intune are shown in the following table.
The device compliance policies in Intune are configured as shown in the following table.
The device compliance policies have the assignments shown in the following table.
The device limit restrictions in Intune are configured as shown in the following table.
Requirements
Planned Changes
Contoso plans to implement the following changes:
- Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.
- Start using a free Microsoft Store for Business app named App1.
- mplement co-management for the computers.
Technical Requirements
Contoso must meet the following technical requirements:
- Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.
- Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.
- Monitor the computers in the LEG department by using Windows Analytics.
- Create a provisioning package for new computers in the HR department.
- Block iOS devices from sending diagnostic and usage telemetry data.
- Use the principle of least privilege whenever possible.
- Enable the users in the MKG department to use App1.
- Pilot co-management for the IT department.
You need to meet the requirements for the MKG department users.
What should you do?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Case Study 3 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Contoso has a Microsoft 365 E5 subscription.
Environment
Network Environment
The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table.
Contoso has a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The contoso.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices
Contoso has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.
The Compliance policy settings are shown in the following exhibit.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA
MAM user scope: GroupB
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1
Folder protection: Enable
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
- Included groups: Group2, GroupB
Windows Autopilot Configuration
Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Window Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune.
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD
joined.
Deploy a network boundary configuration profile that will have the following settings:
- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- - Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the
following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- - Included groups: Group1, Group2, GroupA
- - Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- - Included groups: GroupA
- - Excluded groups: GroupB
Purchase an app named App1 that is available in Microsoft Store for Business and to assign the
app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Contoso has a Microsoft 365 E5 subscription.
Environment
Network Environment
The network contains an on-premises Active Directory domain named contoso.com. The domain contains the servers shown in the following table.
Contoso has a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The contoso.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.
Devices
Contoso has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.
The Compliance policy settings are shown in the following exhibit.
The Automatic Enrollment settings have the following configurations:
MDM user scope: GroupA
MAM user scope: GroupB
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
Name: Protection1
Folder protection: Enable
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:
- Included groups: Group2, GroupB
Windows Autopilot Configuration
Contoso has a Windows Autopilot deployment profile configured as shown in the following exhibit.
Currently, there are no devices deployed by using Window Autopilot.
The Intune connector for Active Directory is installed on Server1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune.
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD
joined.
Deploy a network boundary configuration profile that will have the following settings:
- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- - Included groups: Group1, Group2
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the
following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- - Included groups: Group1, Group2, GroupA
- - Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- - Included groups: GroupA
- - Excluded groups: GroupB
Purchase an app named App1 that is available in Microsoft Store for Business and to assign the
app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
In the Microsoft 365 Apps admin center, you create a Microsoft Office customization.
Which users can download the Office customization file from the admin center?
In the Microsoft 365 Apps admin center, you create a Microsoft Office customization.
Which users can download the Office customization file from the admin center?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)