Free MD-102 Sample Questions — Endpoint Administrator

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant named contoso.com. You need to deploy 100 Windows 11 devices to contoso.com. The solution must meet the following requirements: • Ensure that from the devices, users can access shares on an on-premises file server without being prompted for credentials. • Minimize reliance on the on-premises infrastructure for device identity management. Which join type should you use?

• A. Active Directory domain-joined
• B. Microsoft Entra hybrid joined
• C. Microsoft Entra joined
• D. Microsoft Entra registered

You have a Microsoft Azure subscription that contains an Azure Log Analytics workspace. You deploy a new computer named Computer1 that runs Windows 10. Computer1 is in a workgroup. You need to ensure that you can use Log Analytics to query events from Computer1. What should you do on Computer1?

• A. Join Azure AD
• B. Configure Windows Defender Firewall
• C. Create an event subscription
• D. Install the Azure Monitor Agent

You have a Microsoft 365 E5 subscription and 100 computers that run Windows 10. You need to deploy Microsoft Office Professional Plus 2019 to the computers by using Microsoft Office Deployment Tool (ODT). What should you use to create a customization file for ODT?

• A. the Microsoft 365 admin center
• B. the Microsoft Intune admin center
• C. the Microsoft Purview compliance portal
• D. the Microsoft 365 Apps admin center

You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace. Which three types of data can you collect from the computers by using Log Analytics? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. failure events from the Security log
• B. the list of processes and their execution times
• C. the average processor utilization
• D. error events from the System log
• E. third-party application logs stored as text files

You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune. You need to deploy a custom line-of-business (LOB) app to the devices by using Intune. Which extension should you select for the app package file?

• A. intunemac
• B. ipa
• C. apk
• D. appx

You have a Microsoft 365 E5 subscription that contains the following types of devices: • Windows 11 • Android • iOS All the devices are enrolled in Microsoft Intune. You need to use Intune to deploy apps from the Enterprise App Catalog. To which device types can you deploy the apps?

• A. Windows 11 only
• B. Windows 11 and Android only
• C. Windows 11 and is only
• D. Android and iOS only
• E. Windows 11, Android, and iOS

You have a Microsoft 365 E5 subscription that contains Windows 11 devices. All the devices are onboarded to Microsoft Defender for Endpoint. You need to compare the configuration of the devices against industry standard benchmarks. What should you use?

• A. Attack surface map
• B. Events
• C. Security baselines assessment
• D. Initiatives

You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Intune to manage all devise. Users have iOS devices with Microsoft apps installed. You need to prevent users from cutting, copying, and pasting data between Microsoft Excel and other apps installed on the devices. What should you configure?

• A. an app protection policy
• B. an app configuration policy
• C. an iOS app provisioning profile
• D. policies for Microsoft Office apps

You have a Microsoft 365 E5 subscription. You need to ensure that when a Windows device is joined to the Microsoft Entra tenant, the device is enrolled automatically in Microsoft Intune. What should you configure?

• A. the Windows Information Protection (WIP) user scope
• B. the Enterprise State Roaming settings
• C. the Microsoft Entra join and registration settings
• D. the mobile device management (MDM) user scope

You have a Microsoft Entra tenant that contains a device named Device1. Device1 is Microsoft Entra joined. You need to validate the Microsoft Entra ID primary refresh token (PRT) for Device1. Which command should you run?

• A. klist tgt
• B. dsregcmd /status
• C. query session
• D. sc.exe query state=all

Your company standardizes on Windows 10 Enterprise for all users. Some users purchase their own computer from a retail store. The computers run Windows 10 Pro. You need to recommend a solution to upgrade the computers to Windows 10 Enterprise, join the computers to Azure AD, and install several Microsoft Store apps. The solution must meet the following requirements: Ensure that any applications installed by the users are retained. Minimize user intervention. What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

• A. Windows Autopilot
• B. Microsoft Deployment Toolkit (MDT)
• C. a Windows Configuration Designer provisioning package
• D. Windows Deployment Services (WDS)

You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Azure AD joined and are enrolled in Microsoft Intune. You plan to manage Microsoft Defender Antivirus on the computers. You need to prevent users from disabling Microsoft Defender Antivirus. What should you do?

• A. From the Microsoft Intune admin center, create a security baseline
• B. From the Microsoft 365 Defender portal, enable tamper protection
• C. From the Microsoft Intune admin center, create an account protection policy
• D. From the Microsoft Intune admin center, create an endpoint detection and response (EDR) policy

You have a Microsoft 365 subscription. You plan to use Windows Autopilot to provision 25 Windows 11 devices. You need to configure the Out-of-box experience (OOBE) settings. What should you create in the Microsoft Intune admin center?

• A. an enrollment status page (ESP)
• B. a deployment profile
• C. a compliance policy
• D. a PowerShell script
• E. a configuration profile

You have a Windows 10 device named Computer1 enrolled in Microsoft Intune. You need to configure Computer1 as a public workstation that will run a single customer-facing, full-screen application. Which configuration profile type template should you use in Microsoft Intune admin center?

• A. Shared multi-user device
• B. Device restrictions
• C. Kiosk
• D. Endpoint protection

You have a Microsoft 365 subscription that uses Microsoft Intune. You need to ensure that you can deploy apps to Android Enterprise devices. What should you do first?

• A. Create a configuration profile
• B. Add a certificate connector
• C. Configure the Partner device management settings
• D. Link your managed Google Play account to Intune

You have a Microsoft 365 subscription. Each user is assigned a Windows 365 Enterprise license. You need to deploy Cloud PCs that will be Microsoft Entra hybrid joined. What should you do first?

• A. Create an Azure network connection (ANC)
• B. Create a provisioning policy
• C. Create a configuration profile in Microsoft Intune
• D. Upload a custom image

You have a Microsoft 365 E5 subscription. You need to enroll Android Enterprise devices in Microsoft Intune by using zero-touch enrollment. What should you do first?

• A. From the Microsoft Intune admin center, configure enrollment restrictions
• B. From the Microsoft Intune admin center, create a zero-touch configuration
• C. From the Microsoft Intune admin center, link a Managed Google Play account
• D. From the zero-touch enrollment portal, create a zero-touch configuration

You use Microsoft Defender for Endpoint to protect computers that run Windows 10. You need to assess the differences between the configuration of Microsoft Defender for Endpoint and the Microsoft-recommended configuration baseline. Which tool should you use?

• A. Microsoft Defender for Endpoint Power BI app
• B. Microsoft Secure Score
• C. Endpoint Analytics
• D. Microsoft 365 Defender portal

You have a Microsoft 365 subscription. You need to provide a user the ability Security defaults and create Conditional Access policies. The solution must use the principle of least privilege. Which role should you assign to the user?

• A. Global Administrator
• B. Conditional Access Administrator
• C. Security Administrator
• D. Intune Administrator

You have computers that run Windows 11 Pro. The computers are joined to Azure AD and enrolled in Microsoft Intune. You need to upgrade the computers to Windows 11 Enterprise. What should you configure in Intune?

• A. a device compliance policy
• B. a device cleanup rule
• C. a device enrollment policy
• D. a device configuration profile