Microsoft Endpoint Administrator - MD-102 Exam Questions
QUESTION NO: 1
You have a Microsoft 365 subscription that includes Microsoft Intune.
You need to deploy a custom app to Android devices. The app uses the APK file format.
Which type of app should you select for the deployment?
You have a Microsoft 365 subscription that includes Microsoft Intune.
You need to deploy a custom app to Android devices. The app uses the APK file format.
Which type of app should you select for the deployment?
Correct Answer: A
QUESTION NO: 2
You have a Microsoft Deployment Toolkit (MDT) solution that is used to manage Windows 11 deployment tasks.
MDT contains the operating system images shown in the following table.
You need to perform a Windows 11 in-place upgrade on several computers that run Windows 10.
From the Deployment Workbench, you open the New Task Sequence Wizard.
You need to identify which task sequence template and which operating system image to use for the task sequence. The solution must minimize administrative effort.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Deployment Toolkit (MDT) solution that is used to manage Windows 11 deployment tasks.
MDT contains the operating system images shown in the following table.
You need to perform a Windows 11 in-place upgrade on several computers that run Windows 10.
From the Deployment Workbench, you open the New Task Sequence Wizard.
You need to identify which task sequence template and which operating system image to use for the task sequence. The solution must minimize administrative effort.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: Standard Client Upgrade Task Sequence
Use Template: Standard Client Upgrade Task Sequence
In-place upgrade is the preferred method to use when migrating from Windows 10 to a later release of Windows 10, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device ' s configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple.
Box 2: Install.wim
In-place upgrade differs from computer refresh in that you cannot use a custom image to perform the in-place upgrade. I Reference: https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/upgrade-to-windows-
10-with-the-microsoft-deployment-toolkit
QUESTION NO: 3
You have a Hyper-V host that contains the virtual machines shown in the following table.
On which virtual machines can you install Windows 11?
You have a Hyper-V host that contains the virtual machines shown in the following table.
On which virtual machines can you install Windows 11?
Correct Answer: C
QUESTION NO: 4
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals.
More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription. The subscription contains devices that are Microsoft Entra joined and enrolled in Microsoft Intune.
You create a user named User1.
You need to ensure that User1 can rotate BitLocker recovery keys by using Intune.
Solution: From the Microsoft Entra admin center, you assign the Cloud Device Administrator role to User1.
Does this meet the goal?
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals.
More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription. The subscription contains devices that are Microsoft Entra joined and enrolled in Microsoft Intune.
You create a user named User1.
You need to ensure that User1 can rotate BitLocker recovery keys by using Intune.
Solution: From the Microsoft Entra admin center, you assign the Cloud Device Administrator role to User1.
Does this meet the goal?
Correct Answer: B
QUESTION NO: 5
You have the on-premises servers shown in the following table.
You have a Microsoft 365 E5 subscription that contains Android and iOS devices. All the devices are managed by using Microsoft Intune.
You need to implement Microsoft Tunnel for Intune. The solution must minimize the number of open firewall ports.
To which server can you deploy a Tunnel Gateway server, and which inbound ports should be allowed on the server to support Microsoft Tunnel connections? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have the on-premises servers shown in the following table.
You have a Microsoft 365 E5 subscription that contains Android and iOS devices. All the devices are managed by using Microsoft Intune.
You need to implement Microsoft Tunnel for Intune. The solution must minimize the number of open firewall ports.
To which server can you deploy a Tunnel Gateway server, and which inbound ports should be allowed on the server to support Microsoft Tunnel connections? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: Server4
Microsoft Tunnel is a VPN gateway solution for Microsoft Intune that runs in a container on Linux and allows access to on-premises resources from iOS/iPadOS and Android Enterprise devices using modern authentication and Conditional Access.
Box 2: TCP 443 and UDP 443 only
Some traffic goes to your public facing IP address for the Tunnel. The VPN channel will use TCP, TLS, UDP, and DTLS over port 443.
By default, port 443 is used for both TCP and UDP, but this can be customized via the Intune Saerver Configuration - Server port setting. If changing the default port (443) ensure your inbound firewall rules are adjusted to the custom port.
Incorrect:
TCP 1723 is not used.
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/microsoft-tunnel-overview
QUESTION NO: 6
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices.
You need to review the startup times and restart frequencies of the devices. What should you use?
You have a Microsoft 365 subscription that uses Microsoft Intune Suite. You use Microsoft Intune to manage devices.
You need to review the startup times and restart frequencies of the devices. What should you use?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 7
You have a Microsoft 365 E5 subscription and 25 Apple iPads.
You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollment method.
What should you do first?
You have a Microsoft 365 E5 subscription and 25 Apple iPads.
You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollment method.
What should you do first?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 8
You have a Microsoft Entra tenant and the devices shown in the following table
Which devices can be Microsoft Entra joined, and which devices can be Microsoft Entra registered? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant and the devices shown in the following table
Which devices can be Microsoft Entra joined, and which devices can be Microsoft Entra registered? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
QUESTION NO: 9
You need a new conditional access policy that has an assignment for Office 365 Exchange Online.
You need to configure the policy to meet the technical requirements for Group4.
Which two settings should you configure in the policy? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
You need a new conditional access policy that has an assignment for Office 365 Exchange Online.
You need to configure the policy to meet the technical requirements for Group4.
Which two settings should you configure in the policy? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
The policy needs to be applied to Group4 so we need to configure Users and Groups.
The Access controls are set to Block access
We therefore need to exclude compliant devices.
From the scenario:
Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.
Note: When a device enrolls in Intune, the device information is updated in Azure AD to include the device compliance status. This compliance status is used by conditional access policies to block or allow access to e- mail and other organization resources.
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions
https://docs.microsoft.com/en-us/intune/device-compliance-get-started
QUESTION NO: 10
You have a Microsoft 365 subscription that includes Microsoft Intune. The subscription contains corporate- owned, fully managed Android Enterprise devices.
You plan to deploy a configuration profile that will have a device restrictions profile type named Profile1.
Profile1 will assign maintenance windows for system updates.
What should you configure from the Configuration settings for Profile1?
You have a Microsoft 365 subscription that includes Microsoft Intune. The subscription contains corporate- owned, fully managed Android Enterprise devices.
You plan to deploy a configuration profile that will have a device restrictions profile type named Profile1.
Profile1 will assign maintenance windows for system updates.
What should you configure from the Configuration settings for Profile1?
Correct Answer: C
QUESTION NO: 11
-
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You need to configure the Microsoft Edge settings for each device.
What should you use? To answer, drag the appropriate Intune features to the correct devices. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
-
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You need to configure the Microsoft Edge settings for each device.
What should you use? To answer, drag the appropriate Intune features to the correct devices. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Windows: https://learn.microsoft.com/en-us/deployedge/configure-edge-with-intune#:~:text=You%20can%
20configure%20Microsoft%20Edge%20policies%20and%20settings%20by%20adding%20a%20device%
20configuration%20profile%20to%20Microsoft%20Intune.
Android: https://developer.android.com/work/managed-configurations
Apple: https://developer.apple.com/library/archive/samplecode/sc2279/Introduction/Intro.html
QUESTION NO: 12
You use Microsoft Intune and Intune Data Warehouse.
You need to create a device inventory report that includes the data stored in the data warehouse.
What should you use to create the report?
You use Microsoft Intune and Intune Data Warehouse.
You need to create a device inventory report that includes the data stored in the data warehouse.
What should you use to create the report?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 13
Your network contains an on-premises Active Directory Domain Services (AD DS) domain.
You have a Microsoft 365 E5 subscription that includes Microsoft Intune and syncs with the AD DS domain.
Windows Local Administrator Password Solution (Windows LAPS) is enabled in Microsoft Entra ID.
The subscription has the custom roles shown in the following table.
Microsoft Entra contains the users shown in the following table.
You have the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory Domain Services (AD DS) domain.
You have a Microsoft 365 E5 subscription that includes Microsoft Intune and syncs with the AD DS domain.
Windows Local Administrator Password Solution (Windows LAPS) is enabled in Microsoft Entra ID.
The subscription has the custom roles shown in the following table.
Microsoft Entra contains the users shown in the following table.
You have the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
