1 - Explore endpoint management Flashcards
What tool allows you to prevent access to Microsoft Teams from a Windows 10 device that lacks a compliant antivirus application?
A) A compliance policy in Intune B) A conditional access policy in Azure AD C) An app configuration policy in Intune D) An app protection policy in Intune
B) A conditional access policy in Azure AD (7)
What action is required to automatically enroll Windows 10 devices in Microsoft Intune?
A) Create a device compliance policy B) Assign a configuration profile C) Configure automatic enrollment in Intune D) Deploy a provisioning package
C) Configure automatic enrollment in Intune (5)
How can you ensure that only explicitly allowed applications can run on devices managed by Intune?
A) Windows Defender Credential Guard B) Windows Defender Application Control C) Windows Defender Exploit Guard D) Microsoft Defender Application Guard
B) Windows Defender Application Control (6)
Which configuration profile should you create to enforce application restrictions on Windows 10 devices in Intune?
A) Device compliance profile B) App configuration profile C) Conditional Access profile D) Endpoint security profile
B) App configuration profile (5)
Which Azure AD feature should you use to allow users to manage their own credentials with minimal privileges?
A) User administrator role B) Password administrator role C) Identity Governance administrator role D) Global administrator role
B) Password administrator role (5)
What is the first step to enroll iOS devices in Intune?
A) Configure an Apple MDM Push certificate B) Create a Device Enrollment Program (DEP) token C) Assign a device compliance policy D) Create a device configuration profile
A) Configure an Apple MDM Push certificate (6)
Which policy should you configure to ensure startup performance data for managed Windows 11 devices is captured and available in the Intune admin center?
A) Azure Monitor agent B) Device compliance policy C) Conditional Access policy D) Intune data collection policy
D) Intune data collection policy (7)
What feature should you configure to ensure that a user’s desktop background, favorites, and browsing history are available on a new device after they sign in?
A) Roaming user profiles B) Enterprise State Roaming C) Azure AD Join D) Device enrollment profile
B) Enterprise State Roaming (6)
You need to deploy an MSI application to both Configuration Manager-managed and Intune-managed computers. What should you use?
A) Deploy from Configuration Manager and Intune separately B) Use Intune for both C) Use Configuration Manager for both D) Use the Microsoft 365 admin center
A) Deploy from Configuration Manager and Intune separately (7)
What can you use in Intune to deploy Microsoft 365 Apps as part of a Windows Autopilot deployment?
A) Microsoft Office Deployment Tool (ODT) B) Office Customization Tool (OCT) C) Microsoft Endpoint Configuration Manager D) Windows Autopilot profile
A) Microsoft Office Deployment Tool (ODT) (6)
You need to monitor the versions of Windows 10 used by your users in the finance department. Which tool should you use?
A) Device compliance B) Workspaces C) Endpoint security D) Reports
D) Reports (5)
What must you configure to capture and analyze event logs from computers to Azure?
A) Microsoft Monitoring Agent B) Azure AD Connect C) Intune data collection policy D) Endpoint protection policy
A) Microsoft Monitoring Agent (6)
Which policy should you configure to restrict access to corporate resources based on device compliance status?
A) Device compliance policy B) Conditional access policy C) App protection policy D) App configuration policy
B) Conditional access policy (6)
You need to perform bulk remote actions on devices managed by Intune, such as syncing, restarting, or wiping. Where do you configure these actions?
A) Device compliance policies B) Endpoint security policies C) Devices pane in Intune D) Azure AD Conditional Access
C) Devices pane in Intune (6)
Which technology allows for the deployment of a device name template during a Windows Autopilot deployment?
A) Microsoft Endpoint Configuration Manager B) Windows Deployment Services (WDS) C) Azure Active Directory D) Windows Autopilot profile
D) Windows Autopilot profile (5)
What method should you use to enroll 1,000 iOS devices in Intune and assign them to specific users automatically?
A) Apple Configurator B) Device Enrollment Program (DEP) C) Apple School Manager D) Manual enrollment
B) Device Enrollment Program (DEP) (7)
What is required to use Log Analytics to query events from a Windows 10 computer?
A) Install the Microsoft Monitoring Agent B) Configure the commercial ID C) Join Azure Active Directory D) Create an event subscription
A) Install the Microsoft Monitoring Agent (5)
Which configuration in Microsoft Endpoint Manager can you use to ensure that users in a specific department are using a supported version of Windows 10?
A) Device compliance B) Workspaces C) Endpoint security D) Reports
D) Reports (6)
Which profile should you use to configure and enable Endpoint Privilege Management on devices managed by Intune?
A) Device compliance policy B) Device configuration profile C) Device enrollment profile D) Conditional Access policy
B) Device configuration profile (6)
You need to ensure that all new user accounts created in your on-premises Active Directory domain are synchronized to Azure AD as quickly as possible. What should you do?
A) Modify directory synchronization settings in the Azure portal B) Customize synchronization options in Azure AD Connect C) Modify user account properties in Active Directory Users and Computers D) Run the Start-ADSyncSyncCycle cmdlet in PowerShell
D) Run the Start-ADSyncSyncCycle cmdlet in PowerShell (7)
Which policy should be used to restrict users from running non-approved applications on their Windows 10 devices?
A) App configuration policy in Intune B) Windows Defender Application Control policy C) Conditional access policy D) Device compliance policy
B) Windows Defender Application Control policy (6)
You need to ensure that Windows Defender policies are updated across all devices managed by Intune. What action should you take?
A) Create an update ring B) Configure a device compliance policy C) Deploy a Windows Autopilot profile D) Create a device configuration profile
D) Create a device configuration profile (5)
Which configuration profile should be used to ensure BitLocker encryption is enabled on all Windows 10 devices managed by Intune?
A) Device compliance profile B) Device configuration profile C) Endpoint protection profile D) Conditional access policy
B) Device configuration profile (6)
Which component of Microsoft Endpoint Manager allows you to view the status of Windows 10 version updates?
A) Software updates B) Device compliance C) Reports D) Endpoint security
C) Reports (5)
You need to rotate BitLocker recovery keys on a set of devices managed by Intune. Which action should you take?
A) Sync devices in Intune B) Perform a device wipe C) Perform a remote action to rotate BitLocker recovery keys D) Deploy a device compliance policy
C) Perform a remote action to rotate BitLocker recovery keys (7)
You need to implement Endpoint Privilege Management (EPM) on Windows 10 devices. What should you create?
A) A device compliance policy B) A device configuration profile C) A device enrollment profile D) A conditional access policy
B) A device configuration profile (6)
What feature can you use in Intune to prevent users from accessing corporate data on devices that are not compliant with your organization’s policies?
A) App protection policies B) Compliance policies C) Conditional Access policies D) Device compliance profiles
C) Conditional Access policies (7)
Which report should you use to monitor the compliance status of devices in Intune?
A) Compliance policy report B) Endpoint security report C) Device configuration profile report D) App protection policy report
A) Compliance policy report (5)
Which Intune policy should you use to configure Microsoft Edge settings across all managed devices?
A) Device compliance policy B) Device configuration policy C) App protection policy D) Conditional access policy
B) Device configuration policy (6)
What should you use to deploy an app to all iOS devices enrolled in Intune?
A) Device compliance policy B) App configuration policy C) Line-of-business app D) Managed Google Play
C) Line-of-business app (7)
Which policy should you configure in Intune to restrict the usage of non-compliant apps on Android devices?
A) Device configuration policy B) App protection policy C) App configuration policy D) Conditional access policy
B) App protection policy (6)
What feature in Intune can you use to ensure that devices are enrolled in Microsoft Defender for Endpoint?
A) Device compliance policy B) Endpoint protection policy C) Conditional access policy D) Onboarding policies
D) Onboarding policies (7)
You need to enforce the use of Windows Hello for Business on all Windows 10 devices managed by Intune. What should you configure?
A) A device configuration profile B) A device compliance policy C) An endpoint protection policy D) A conditional access policy
A) A device configuration profile (7)
Which tool should you use to deploy updates to all devices in a specific department using Intune?
A) Update rings B) Device compliance policy C) Windows Autopilot D) Endpoint security
A) Update rings (7)
Which report in Intune provides details on device health and compliance?
A) Endpoint security report B) Compliance policy report C) Device configuration profile report D) App protection policy report
B) Compliance policy report (6)
How can you automate the synchronization of Azure AD user accounts for faster updates in Intune?
A) Use Azure AD Connect's scheduled task B) Modify synchronization options in Azure AD Connect C) Manually sync Azure AD Connect D) Use a PowerShell script to force synchronization
D) Use a PowerShell script to force synchronization (7)
You need to enforce encryption on iOS devices managed by Intune. Which policy should you configure?
A) Device compliance policy B) Device configuration policy C) Endpoint protection policy D) Conditional access policy
A) Device compliance policy (7)
Which feature in Intune allows you to enforce application control on Windows 10 devices?
A) App protection policy B) Conditional access policy C) Windows Defender Application Control D) Endpoint protection policy
C) Windows Defender Application Control (7)
You need to deploy an application to a set of Windows 10 devices using Intune. The app should be automatically updated whenever a new version is available. What should you do?
A) Deploy the app as a required installation B) Use Microsoft 365 Apps for Enterprise C) Use Windows Store for Business D) Deploy the app as an available installation
A) Deploy the app as a required installation (7)
What is the first step in configuring a Windows Autopilot deployment profile in Intune?
A) Assign the profile to a device group B) Import the device hardware ID C) Configure the deployment profile settings D) Create an Autopilot profile in Intune
B) Import the device hardware ID (6)
Which policy should be configured in Intune to enforce firewall settings on all Windows 10 devices?
A) Device compliance policy B) Endpoint protection policy C) Conditional access policy D) App protection policy
B) Endpoint protection policy (7)
You are deploying Windows 10 to a group of devices using Windows Autopilot. Which setting must be configured to display the organization logo during the Out of Box Experience (OOBE)?
A) Enrollment status page B) Deployment profile C) Device configuration profile D) Company branding
B) Deployment profile (7)
Which action is needed to onboard Windows 10 devices to Microsoft Defender for Endpoint through Intune?
A) Create a device configuration profile B) Create a device compliance policy C) Configure an onboarding policy D) Deploy a Windows Autopilot profile
C) Configure an onboarding policy (6)
You need to enforce specific security baselines across all devices in an organization. Which Intune feature should you use?
A) Device compliance policies B) Security baselines C) Device configuration profiles D) Endpoint protection policies
B) Security baselines (6)
Which policy should be used to restrict access to corporate resources from devices that do not meet compliance requirements?
A) App protection policy B) Device compliance policy C) Conditional access policy D) Endpoint protection policy
C) Conditional access policy (7)
How can you ensure that devices are automatically enrolled into Intune when they are joined to Azure AD?
A) Configure automatic enrollment in Azure AD B) Create a device configuration profile C) Use Windows Autopilot D) Configure a device compliance policy
A) Configure automatic enrollment in Azure AD (6)
You need to configure Intune to deploy a custom wallpaper on all managed Windows 10 devices. What should you create?
A) A device compliance policy B) A device configuration profile C) A Windows Autopilot profile D) An endpoint protection policy
B) A device configuration profile (7)
What tool in Intune allows you to monitor which Windows 10 versions are currently supported across the organization?
A) Device compliance B) Workspaces C) Endpoint security D) Reports
D) Reports (5)
Which Intune feature allows you to enforce the use of multifactor authentication (MFA) before accessing company resources?
A) App protection policies B) Conditional access policies C) Device compliance policies D) Endpoint protection policies
B) Conditional access policies (6)
Which Intune policy should you configure to ensure that Windows updates are installed automatically on all managed devices?
A) Device compliance policy B) Device configuration profile C) Windows Update rings D) Endpoint protection policy
C) Windows Update rings (7)
Which Intune feature should you use to assign apps to specific groups of users or devices?
A) App configuration policy B) App protection policy C) App assignment D) Device compliance policy
C) App assignment (6)
Which configuration profile should you use in Intune to enforce a specific Wi-Fi network configuration on iOS devices?
A) Device configuration profile B) Wi-Fi profile C) Device compliance policy D) Endpoint protection policy
B) Wi-Fi profile (6)
How can you deploy a VPN configuration to all managed devices in Intune?
A) Create a device compliance policy B) Deploy a device configuration profile C) Use Windows Autopilot D) Create an endpoint protection policy
B) Deploy a device configuration profile (6)
You need to ensure that only corporate-owned devices can access company data. Which Intune feature should you configure?
A) Conditional access policies B) App protection policies C) Device compliance policies D) Device enrollment restrictions
A) Conditional access policies (7)
Which policy should you use in Intune to enforce application restrictions on Android devices?
A) Device compliance policy B) App protection policy C) App configuration policy D) Conditional access policy
B) App protection policy (6)
You need to restrict access to a corporate Wi-Fi network based on device compliance status. What should you configure in Intune?
A) Wi-Fi profile B) Conditional access policy C) Device compliance policy D) Endpoint protection policy
B) Conditional access policy (7)
