1 - Explore endpoint management Flashcards

1
Q

What tool allows you to prevent access to Microsoft Teams from a Windows 10 device that lacks a compliant antivirus application?

A) A compliance policy in Intune
B) A conditional access policy in Azure AD
C) An app configuration policy in Intune
D) An app protection policy in Intune

Source

A

B) A conditional access policy in Azure AD (7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What action is required to automatically enroll Windows 10 devices in Microsoft Intune?

A) Create a device compliance policy
B) Assign a configuration profile
C) Configure automatic enrollment in Intune
D) Deploy a provisioning package

Source

A

C) Configure automatic enrollment in Intune (5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can you ensure that only explicitly allowed applications can run on devices managed by Intune?

A) Windows Defender Credential Guard
B) Windows Defender Application Control
C) Windows Defender Exploit Guard
D) Microsoft Defender Application Guard

Source

A

B) Windows Defender Application Control (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which configuration profile should you create to enforce application restrictions on Windows 10 devices in Intune?

A) Device compliance profile
B) App configuration profile
C) Conditional Access profile
D) Endpoint security profile

Source

A

B) App configuration profile (5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which Azure AD feature should you use to allow users to manage their own credentials with minimal privileges?

A) User administrator role
B) Password administrator role
C) Identity Governance administrator role
D) Global administrator role

Source

A

B) Password administrator role (5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the first step to enroll iOS devices in Intune?

A) Configure an Apple MDM Push certificate
B) Create a Device Enrollment Program (DEP) token
C) Assign a device compliance policy
D) Create a device configuration profile

Source

A

A) Configure an Apple MDM Push certificate (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which policy should you configure to ensure startup performance data for managed Windows 11 devices is captured and available in the Intune admin center?

A) Azure Monitor agent
B) Device compliance policy
C) Conditional Access policy
D) Intune data collection policy

Source

A

D) Intune data collection policy (7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What feature should you configure to ensure that a user’s desktop background, favorites, and browsing history are available on a new device after they sign in?

A) Roaming user profiles
B) Enterprise State Roaming
C) Azure AD Join
D) Device enrollment profile

Source

A

B) Enterprise State Roaming (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You need to deploy an MSI application to both Configuration Manager-managed and Intune-managed computers. What should you use?

A) Deploy from Configuration Manager and Intune separately
B) Use Intune for both
C) Use Configuration Manager for both
D) Use the Microsoft 365 admin center

Source

A

A) Deploy from Configuration Manager and Intune separately (7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What can you use in Intune to deploy Microsoft 365 Apps as part of a Windows Autopilot deployment?

A) Microsoft Office Deployment Tool (ODT)
B) Office Customization Tool (OCT)
C) Microsoft Endpoint Configuration Manager
D) Windows Autopilot profile

Source

A

A) Microsoft Office Deployment Tool (ODT) (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You need to monitor the versions of Windows 10 used by your users in the finance department. Which tool should you use?

A) Device compliance
B) Workspaces
C) Endpoint security
D) Reports

Source

A

D) Reports (5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What must you configure to capture and analyze event logs from computers to Azure?

A) Microsoft Monitoring Agent
B) Azure AD Connect
C) Intune data collection policy
D) Endpoint protection policy

Source

A

A) Microsoft Monitoring Agent (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which policy should you configure to restrict access to corporate resources based on device compliance status?

A) Device compliance policy
B) Conditional access policy
C) App protection policy
D) App configuration policy

Source

A

B) Conditional access policy (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You need to perform bulk remote actions on devices managed by Intune, such as syncing, restarting, or wiping. Where do you configure these actions?

A) Device compliance policies
B) Endpoint security policies
C) Devices pane in Intune
D) Azure AD Conditional Access

Source

A

C) Devices pane in Intune (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which technology allows for the deployment of a device name template during a Windows Autopilot deployment?

A) Microsoft Endpoint Configuration Manager
B) Windows Deployment Services (WDS)
C) Azure Active Directory
D) Windows Autopilot profile

Source

A

D) Windows Autopilot profile (5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What method should you use to enroll 1,000 iOS devices in Intune and assign them to specific users automatically?

A) Apple Configurator
B) Device Enrollment Program (DEP)
C) Apple School Manager
D) Manual enrollment

Source

A

B) Device Enrollment Program (DEP) (7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is required to use Log Analytics to query events from a Windows 10 computer?

A) Install the Microsoft Monitoring Agent
B) Configure the commercial ID
C) Join Azure Active Directory
D) Create an event subscription

Source

A

A) Install the Microsoft Monitoring Agent (5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which configuration in Microsoft Endpoint Manager can you use to ensure that users in a specific department are using a supported version of Windows 10?

A) Device compliance
B) Workspaces
C) Endpoint security
D) Reports

Source

A

D) Reports (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which profile should you use to configure and enable Endpoint Privilege Management on devices managed by Intune?

A) Device compliance policy
B) Device configuration profile
C) Device enrollment profile
D) Conditional Access policy

Source

A

B) Device configuration profile (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You need to ensure that all new user accounts created in your on-premises Active Directory domain are synchronized to Azure AD as quickly as possible. What should you do?

A) Modify directory synchronization settings in the Azure portal
B) Customize synchronization options in Azure AD Connect
C) Modify user account properties in Active Directory Users and Computers
D) Run the Start-ADSyncSyncCycle cmdlet in PowerShell

Source

A

D) Run the Start-ADSyncSyncCycle cmdlet in PowerShell (7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which policy should be used to restrict users from running non-approved applications on their Windows 10 devices?

A) App configuration policy in Intune
B) Windows Defender Application Control policy
C) Conditional access policy
D) Device compliance policy

Source

A

B) Windows Defender Application Control policy (6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You need to ensure that Windows Defender policies are updated across all devices managed by Intune. What action should you take?

A) Create an update ring
B) Configure a device compliance policy
C) Deploy a Windows Autopilot profile
D) Create a device configuration profile

Source

A

D) Create a device configuration profile (5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which configuration profile should be used to ensure BitLocker encryption is enabled on all Windows 10 devices managed by Intune?

A) Device compliance profile
B) Device configuration profile
C) Endpoint protection profile
D) Conditional access policy

Source

A

B) Device configuration profile (6)

24
Q

Which component of Microsoft Endpoint Manager allows you to view the status of Windows 10 version updates?

A) Software updates
B) Device compliance
C) Reports
D) Endpoint security

Source

A

C) Reports (5)

25
Q

You need to rotate BitLocker recovery keys on a set of devices managed by Intune. Which action should you take?

A) Sync devices in Intune
B) Perform a device wipe
C) Perform a remote action to rotate BitLocker recovery keys
D) Deploy a device compliance policy

Source

A

C) Perform a remote action to rotate BitLocker recovery keys (7)

26
Q

You need to implement Endpoint Privilege Management (EPM) on Windows 10 devices. What should you create?

A) A device compliance policy
B) A device configuration profile
C) A device enrollment profile
D) A conditional access policy

Source

A

B) A device configuration profile (6)

27
Q

What feature can you use in Intune to prevent users from accessing corporate data on devices that are not compliant with your organization’s policies?

A) App protection policies
B) Compliance policies
C) Conditional Access policies
D) Device compliance profiles

Source

A

C) Conditional Access policies (7)

28
Q

Which report should you use to monitor the compliance status of devices in Intune?

A) Compliance policy report
B) Endpoint security report
C) Device configuration profile report
D) App protection policy report

Source

A

A) Compliance policy report (5)

29
Q

Which Intune policy should you use to configure Microsoft Edge settings across all managed devices?

A) Device compliance policy
B) Device configuration policy
C) App protection policy
D) Conditional access policy

Source

A

B) Device configuration policy (6)

30
Q

What should you use to deploy an app to all iOS devices enrolled in Intune?

A) Device compliance policy
B) App configuration policy
C) Line-of-business app
D) Managed Google Play

Source

A

C) Line-of-business app (7)

31
Q

Which policy should you configure in Intune to restrict the usage of non-compliant apps on Android devices?

A) Device configuration policy
B) App protection policy
C) App configuration policy
D) Conditional access policy

Source

A

B) App protection policy (6)

32
Q

What feature in Intune can you use to ensure that devices are enrolled in Microsoft Defender for Endpoint?

A) Device compliance policy
B) Endpoint protection policy
C) Conditional access policy
D) Onboarding policies

Source

A

D) Onboarding policies (7)

33
Q

You need to enforce the use of Windows Hello for Business on all Windows 10 devices managed by Intune. What should you configure?

A) A device configuration profile
B) A device compliance policy
C) An endpoint protection policy
D) A conditional access policy

Source

A

A) A device configuration profile (7)

34
Q

Which tool should you use to deploy updates to all devices in a specific department using Intune?

A) Update rings
B) Device compliance policy
C) Windows Autopilot
D) Endpoint security

Source

A

A) Update rings (7)

35
Q

Which report in Intune provides details on device health and compliance?

A) Endpoint security report
B) Compliance policy report
C) Device configuration profile report
D) App protection policy report

Source

A

B) Compliance policy report (6)

36
Q

How can you automate the synchronization of Azure AD user accounts for faster updates in Intune?

A) Use Azure AD Connect's scheduled task
B) Modify synchronization options in Azure AD Connect
C) Manually sync Azure AD Connect
D) Use a PowerShell script to force synchronization

Source

A

D) Use a PowerShell script to force synchronization (7)

37
Q

You need to enforce encryption on iOS devices managed by Intune. Which policy should you configure?

A) Device compliance policy
B) Device configuration policy
C) Endpoint protection policy
D) Conditional access policy

Source

A

A) Device compliance policy (7)

38
Q

Which feature in Intune allows you to enforce application control on Windows 10 devices?

A) App protection policy
B) Conditional access policy
C) Windows Defender Application Control
D) Endpoint protection policy

Source

A

C) Windows Defender Application Control (7)

39
Q

You need to deploy an application to a set of Windows 10 devices using Intune. The app should be automatically updated whenever a new version is available. What should you do?

A) Deploy the app as a required installation
B) Use Microsoft 365 Apps for Enterprise
C) Use Windows Store for Business
D) Deploy the app as an available installation

Source

A

A) Deploy the app as a required installation (7)

40
Q

What is the first step in configuring a Windows Autopilot deployment profile in Intune?

A) Assign the profile to a device group
B) Import the device hardware ID
C) Configure the deployment profile settings
D) Create an Autopilot profile in Intune

Source

A

B) Import the device hardware ID (6)

41
Q

Which policy should be configured in Intune to enforce firewall settings on all Windows 10 devices?

A) Device compliance policy
B) Endpoint protection policy
C) Conditional access policy
D) App protection policy

Source

A

B) Endpoint protection policy (7)

42
Q

You are deploying Windows 10 to a group of devices using Windows Autopilot. Which setting must be configured to display the organization logo during the Out of Box Experience (OOBE)?

A) Enrollment status page
B) Deployment profile
C) Device configuration profile
D) Company branding

Source

A

B) Deployment profile (7)

43
Q

Which action is needed to onboard Windows 10 devices to Microsoft Defender for Endpoint through Intune?

A) Create a device configuration profile
B) Create a device compliance policy
C) Configure an onboarding policy
D) Deploy a Windows Autopilot profile

Source

A

C) Configure an onboarding policy (6)

44
Q

You need to enforce specific security baselines across all devices in an organization. Which Intune feature should you use?

A) Device compliance policies
B) Security baselines
C) Device configuration profiles
D) Endpoint protection policies

Source

A

B) Security baselines (6)

45
Q

Which policy should be used to restrict access to corporate resources from devices that do not meet compliance requirements?

A) App protection policy
B) Device compliance policy
C) Conditional access policy
D) Endpoint protection policy

Source

A

C) Conditional access policy (7)

46
Q

How can you ensure that devices are automatically enrolled into Intune when they are joined to Azure AD?

A) Configure automatic enrollment in Azure AD
B) Create a device configuration profile
C) Use Windows Autopilot
D) Configure a device compliance policy

Source

A

A) Configure automatic enrollment in Azure AD (6)

47
Q

You need to configure Intune to deploy a custom wallpaper on all managed Windows 10 devices. What should you create?

A) A device compliance policy
B) A device configuration profile
C) A Windows Autopilot profile
D) An endpoint protection policy

Source

A

B) A device configuration profile (7)

48
Q

What tool in Intune allows you to monitor which Windows 10 versions are currently supported across the organization?

A) Device compliance
B) Workspaces
C) Endpoint security
D) Reports

Source

A

D) Reports (5)

49
Q

Which Intune feature allows you to enforce the use of multifactor authentication (MFA) before accessing company resources?

A) App protection policies
B) Conditional access policies
C) Device compliance policies
D) Endpoint protection policies

Source

A

B) Conditional access policies (6)

50
Q

Which Intune policy should you configure to ensure that Windows updates are installed automatically on all managed devices?

A) Device compliance policy
B) Device configuration profile
C) Windows Update rings
D) Endpoint protection policy

Source

A

C) Windows Update rings (7)

51
Q

Which Intune feature should you use to assign apps to specific groups of users or devices?

A) App configuration policy
B) App protection policy
C) App assignment
D) Device compliance policy

Source

A

C) App assignment (6)

52
Q

Which configuration profile should you use in Intune to enforce a specific Wi-Fi network configuration on iOS devices?

A) Device configuration profile
B) Wi-Fi profile
C) Device compliance policy
D) Endpoint protection policy

Source

A

B) Wi-Fi profile (6)

53
Q

How can you deploy a VPN configuration to all managed devices in Intune?

A) Create a device compliance policy
B) Deploy a device configuration profile
C) Use Windows Autopilot
D) Create an endpoint protection policy

Source

A

B) Deploy a device configuration profile (6)

54
Q

You need to ensure that only corporate-owned devices can access company data. Which Intune feature should you configure?

A) Conditional access policies
B) App protection policies
C) Device compliance policies
D) Device enrollment restrictions

Source

A

A) Conditional access policies (7)

55
Q

Which policy should you use in Intune to enforce application restrictions on Android devices?

A) Device compliance policy
B) App protection policy
C) App configuration policy
D) Conditional access policy

Source

A

B) App protection policy (6)

56
Q

You need to restrict access to a corporate Wi-Fi network based on device compliance status. What should you configure in Intune?

A) Wi-Fi profile
B) Conditional access policy
C) Device compliance policy
D) Endpoint protection policy

Source

A

B) Conditional access policy (7)