MS-101
Free trial
Verified
Question 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are deploying Microsoft Endpoint Manager.
You successfully enroll Windows 10 devices in Endpoint Manager.
When you try to enroll an iOS device in Endpoint Manager, you get an error.
You need to ensure that you can enroll the iOS device in Endpoint Manager.
Solution: You add your user account as a device enrollment manager.
Does this meet the goal?
- A: Yes
- B: No
Question 2
You have a Microsoft 365 tenant.
All users are assigned the Enterprise Mobility + Security license.
You need to ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the device is enrolled in Microsoft Endpoint Manager automatically.
What should you configure?
- A: Enrollment restrictions from the Endpoint Manager admin center
- B: device enrollment managers from the Endpoint Manager admin center
- C: MAM User scope from the Azure Active Directory admin center
- D: MDM User scope from the Azure Active Directory admin center
Question 3
You have a Microsoft 365 E5 subscription. The subscription contains users that have the following types of devices:
• Windows 10
• Android
• iOS
On which devices can you configure the Endpoint DLP policies?
- A: Windows 10 only
- B: Windows 10 and Android only
- C: Windows 10 and iOS only
- D: Windows 10, Android, and iOS
Question 4
DRAG DROP
You have a Microsoft 365 E5 subscription and an on-premises server named Server1.
You plan to configure automatic log upload for continuous reports in Microsoft Defender for Cloud Apps.
You download a Docker log collector image to Server1.
You need integrate Defender for Cloud Apps with the log collector.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Question 5
HOTSPOT
You have a Microsoft 365 subscription that contains an Endpoint data loss prevention (Endpoint DLP) policy named Policy1 and the devices shown in the following table.
For Policy1, the Audit or restrict activities on devices settings are configured as shown in the Activities exhibit. (Click the Activities tab.)
For Policy1, the Allow override from Endpoint devices settings are configured as shown in the Devices exhibit. (Click the Devices tab.)
Test users discover that they cannot copy data to their network shares while working remotely.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 6
You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service.
You are migrating the on-premises infrastructure to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?
- A: Azure Active Directory (Azure AD) B2C
- B: Active Directory Domain Services (AD DS)
- C: Azure Active Directory (Azure AD)
- D: Azure Active Directory Domain Services (Azure AD DS)
Question 7
HOTSPOT
You have a hybrid cloud infrastructure.
You plan to deploy the Azure applications shown in the following table.
What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 8
HOTSPOT
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You have the Azure AD security groups shown in the following table.
You have the Windows 10 devices shown in the following table.
You deploy Microsoft 365 Apps for enterprise as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 9
You have an Azure AD tenant.
You have 1,000 computers that run Windows 10 Pro and are joined to Azure AD.
You purchase a Microsoft 365 E3 subscription.
You need to deploy Windows 10 Enterprise to the computers. The solution must minimize administrative effort.
What should you do?
- A: From the Microsoft Endpoint Manager admin center, create a Windows Autopilot deployment profile. Assign the profile to all the computers. Instruct users to restart their computer and perform a network restart.
- B: Enroll the computers in Microsoft Intune. Create a configuration profile by using the Edition upgrade and mode switch template. From the Microsoft Endpoint Manager admin center, assign the profile to all the computers and instruct users to restart their computer.
- C: From Windows Configuration Designer, create a provisioning package that has an EditionUpgrade configuration and upload the package to a Microsoft SharePoint Online site. Instruct users to run the provisioning package from SharePoint Online.
- D: From the Azure Active Directory admin center, create a security group that has dynamic device membership. Assign licenses to the group and instruct users to sign in to their computer.
Question 10
You have a Microsoft 365 E5 subscription that contains 500 users. Two hundred users have personal devices that run either Android, Windows 10, or macOS. Three hundred users have corporate-owned devices that run either Windows 10 or macOS.
You plan to configure device enrollment.
You need to ensure that you can apply separate policies to the corporate-owned devices and the personal devices. The solution must minimize administrative effort.
What should you create first?
- A: a dynamic device group
- B: a dynamic user group
- C: a deployment package
- D: a Microsoft 365 group
Question 11
HOTSPOT
You have a Microsoft 365 E5 subscription that uses Microsoft Intune. The subscription contains the resources shown in the following table.
User1 is the owner of Device1.
You add Microsoft 365 Apps Windows 10 and later app types to Intune as shown in the following table.
On Thursday, you review the results of the app deployments.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 12
You have a Microsoft 365 tenant.
You plan to implement device configuration profiles in Microsoft Intune.
Which platform can you manage by using the profiles?
- A: Windows 8.1
- B: CentOS Linux
- C: Windows 10
- D: Android Enterprise
Question 13
HOTSPOT -
You have several devices enrolled in Microsoft Endpoint Manager.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.
The device type restrictions in Endpoint Manager are configured as shown in the following table.
You add User3 as a device enrollment manager in Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Question 14
You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.
The devices are managed by using Microsoft Intune.
You plan to use a configuration profile to assign the Delivery Optimization settings.
Which devices will support the settings?
- A: Device1 only
- B: Device1 and Device4
- C: Device1, Device3, and Device4
- D: Device1, Device2, Device3, and Device4
Question 15
HOTSPOT
You have a Microsoft 365 E5 subscription that uses device management in Microsoft Endpoint Manager.
You purchase five new Android devices and five new macOS devices.
You need to enroll the new devices in Microsoft Intune.
What should you use to enroll each device type? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 16
HOTSPOT
You use Microsoft Endpoint Configuration Manager for device management.
The domain contains the Windows 11 devices shown in the following table.
You enable co-management in Configuration Manager as shown in the Enablement exhibit. (Click the Enablement tab.)
You configure the Workloads settings for co-management as shown in the Workloads exhibit. (Click the Workloads tab.)
You configure the Staging settings for co-management as shown in the Staging exhibit. (Click the Staging tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 17
DRAG DROP
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You install Microsoft Word on all the devices.
You plan to configure policies to meet the following requirements:
• Word files created by using Windows devices must be encrypted automatically.
• If an Android device becomes jailbroken, access to corporate data must be blocked from Word.
• For iOS devices, users must be prevented from using native or third-party mail clients to connect to Microsoft 365.
Which type of policy should you configure for each device? To answer, drag the appropriate policy types to the correct devices. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Question 18
HOTSPOT -
You create two device compliance policies for Android devices as shown in the following table.
You have the Android devices shown in the following table.
The users belong to the groups shown in the following table.
The users enroll their device in Microsoft Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Question 19
HOTSPOT -
Your network contains an Active Directory domain named contoso.com. All client devices run Windows 10 and are joined to the domain.
You update the Windows 10 devices by using Windows Update for Business.
What is the maximum amount of time you can defer Windows 10 updates? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Question 20
Your company uses Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to co-manage devices.
Which two actions can be performed only from Endpoint Manager? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A: Deploy applications to Windows 10 devices.
- B: Deploy VPN profiles to iOS devices.
- C: Deploy VPN profiles to Windows 10 devices.
- D: Publish applications to Android devices.
Question 21
HOTSPOT -
Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).
You have Windows 10 and Windows 8.1 devices.
You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Question 22
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You have a Microsoft 365 subscription.
You need to ensure that administrators can manage the configuration settings for all the Windows 10 devices in your organization.
What should you configure?
- A: the Enrollment restrictions
- B: the mobile device management (MDM) authority
- C: the Exchange on-premises access settings
- D: the Windows enrollment settings
Question 23
You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)
The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)
Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.
You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.
What should you do?
- A: From the conditional access policy, configure the device state.
- B: From the Azure Active Directory admin center, create a custom control.
- C: From the Endpoint Manager admin center, create a device compliance policy.
- D: From the Azure Active Directory admin center, create a named location.
Question 24
You have computers that run Windows 10 Enterprise and are joined to the domain.
You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.
You need to prevent Windows from being updated for the next 30 days.
Which two Group Policy settings should you configure? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A: Select when Quality Updates are received
- B: Select when Preview Builds and Feature Updates are received
- C: Turn off auto-restart for updates during active hours
- D: Manage preview builds
- E: Automatic updates detection frequency
Question 25
HOTSPOT -
You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.
The device compliance policies in Endpoint Manager are configured as shown in the following table.
The device compliance policies have the assignments shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!