Microsoft MD-102 Exam Practice Test Instant Access

Question 1

Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection. The company's security policy states the following:

* Personal devices do not need to be enrolled in Intune.

* Users must authenticate by using a PIN before they can access corporate email data.

* Users can use their personal iOS and Android devices to access corporate cloud services.

* Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.

You need to configure a solution to enforce the security policy.

What should you create?

Aa device configuration profile from the Microsoft Intune admin center

Ba data loss prevention (DIP) policy from the Microsoft Purview compliance portal

Can insider risk management policy from the Microsoft Purview compliance portal

Dan app protection policy from the Microsoft Intune admin center

Answer : B

Question 2

You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Azure AD joined and are enrolled in Microsoft Intune.

You plan to manage Microsoft Defender Antivirus on the computers.

You need to prevent users from disabling Microsoft Defender Antivirus,

What should you do?

AFrom the Microsoft Intune admin center, create a security baseline.

BFrom the Microsoft 365 Defender portal, enable tamper protection.

CFrom the Microsoft Intune admin center, create an account protection policy.

DFrom the Microsoft Intune admin center, create an endpoint detection and response (EDR) policy.

Answer : B

Tamper protection is a feature of Microsoft Defender Antivirus that prevents users or malicious software from disabling or modifying the antivirus settings. Tamper protection can be enabled from the Microsoft 365 Defender portal for devices that are Azure AD joined and enrolled in Microsoft Intune. This will prevent users from turning off Microsoft Defender Antivirus or changing its configuration through Windows Security, PowerShell, Registry, or Group Policy.Reference:[Enable tamper protection]

Question 3

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You need to ensure that the startup performance of managed Windows 11 devices is captured and available for review in the Intune admin center.

What should you configure?

Athe Azure Monitor agent

Ba device compliance policy

Ca Conditional Access policy

Dan Intune data collection policy

Answer : D

Question 4

Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune. Currently, Windows updates are downloaded without using Delivery Optimization. You need to configure the computers to use Delivery Optimization. What should you create in Intune?

Aa device compliance policy

Ba Windows 10 update ring

Ca device configuration profile

Dan app protection policy

Answer : C

Question 5

You have a Microsoft 365 E5 subscription.

You use Microsoft Intune to manage all Windows 11 devices.

You create an attack surface reduction (ASR) policy named Profile1 based on the Attack Surface Reduction Rules profile and assign Profile! to all the devices.

A user reports that an Adobe Reader plug-in is now blocked.

You need to ensure that the plug-in is unblocked.

What should you do?

ACreate an Endpoint Privilege Management policy and assign the policy to all the devices.

BAdd a scope tag to Profile1.

CConfigure ASR Only Per Rule Exclusions in Profile1.

DCreate a device compliance policy and assign the policy to all the devices.

Answer : C

Question 6

You have a Hyper-V host that contains the virtual machines shown in the following table.

On which virtual machines can you install Windows 11?

AVM1 only

BVM3only

CVM1 and VM2 only

DVM2 and VM3 only

EVM1, VM2, and VM3

Answer : E

Question 7

You have a Microsoft 365 E5 subscription.

All devices are enrolled in Microsoft Intune.

You need to ensure that devices that have NOT checked in for 30 days are deleted from intune.

What should you configure from the Microsoft Intune admin center?

Aa device limit restriction

Bautomatic enrollment

Ca device clean-up rule

Da configuration profile

Answer : C

Microsoft MD-102 Endpoint Administrator Exam Practice Test