1 - Explore endpoint management Flashcards
What tool allows you to prevent access to Microsoft Teams from a Windows 10 device that lacks a compliant antivirus application?
A) A compliance policy in Intune B) A conditional access policy in Azure AD C) An app configuration policy in Intune D) An app protection policy in Intune
B) A conditional access policy in Azure AD (7)
What action is required to automatically enroll Windows 10 devices in Microsoft Intune?
A) Create a device compliance policy B) Assign a configuration profile C) Configure automatic enrollment in Intune D) Deploy a provisioning package
C) Configure automatic enrollment in Intune (5)
How can you ensure that only explicitly allowed applications can run on devices managed by Intune?
A) Windows Defender Credential Guard B) Windows Defender Application Control C) Windows Defender Exploit Guard D) Microsoft Defender Application Guard
B) Windows Defender Application Control (6)
Which configuration profile should you create to enforce application restrictions on Windows 10 devices in Intune?
A) Device compliance profile B) App configuration profile C) Conditional Access profile D) Endpoint security profile
B) App configuration profile (5)
Which Azure AD feature should you use to allow users to manage their own credentials with minimal privileges?
A) User administrator role B) Password administrator role C) Identity Governance administrator role D) Global administrator role
B) Password administrator role (5)
What is the first step to enroll iOS devices in Intune?
A) Configure an Apple MDM Push certificate B) Create a Device Enrollment Program (DEP) token C) Assign a device compliance policy D) Create a device configuration profile
A) Configure an Apple MDM Push certificate (6)
Which policy should you configure to ensure startup performance data for managed Windows 11 devices is captured and available in the Intune admin center?
A) Azure Monitor agent B) Device compliance policy C) Conditional Access policy D) Intune data collection policy
D) Intune data collection policy (7)
What feature should you configure to ensure that a user’s desktop background, favorites, and browsing history are available on a new device after they sign in?
A) Roaming user profiles B) Enterprise State Roaming C) Azure AD Join D) Device enrollment profile
B) Enterprise State Roaming (6)
You need to deploy an MSI application to both Configuration Manager-managed and Intune-managed computers. What should you use?
A) Deploy from Configuration Manager and Intune separately B) Use Intune for both C) Use Configuration Manager for both D) Use the Microsoft 365 admin center
A) Deploy from Configuration Manager and Intune separately (7)
What can you use in Intune to deploy Microsoft 365 Apps as part of a Windows Autopilot deployment?
A) Microsoft Office Deployment Tool (ODT) B) Office Customization Tool (OCT) C) Microsoft Endpoint Configuration Manager D) Windows Autopilot profile
A) Microsoft Office Deployment Tool (ODT) (6)
You need to monitor the versions of Windows 10 used by your users in the finance department. Which tool should you use?
A) Device compliance B) Workspaces C) Endpoint security D) Reports
D) Reports (5)
What must you configure to capture and analyze event logs from computers to Azure?
A) Microsoft Monitoring Agent B) Azure AD Connect C) Intune data collection policy D) Endpoint protection policy
A) Microsoft Monitoring Agent (6)
Which policy should you configure to restrict access to corporate resources based on device compliance status?
A) Device compliance policy B) Conditional access policy C) App protection policy D) App configuration policy
B) Conditional access policy (6)
You need to perform bulk remote actions on devices managed by Intune, such as syncing, restarting, or wiping. Where do you configure these actions?
A) Device compliance policies B) Endpoint security policies C) Devices pane in Intune D) Azure AD Conditional Access
C) Devices pane in Intune (6)
Which technology allows for the deployment of a device name template during a Windows Autopilot deployment?
A) Microsoft Endpoint Configuration Manager B) Windows Deployment Services (WDS) C) Azure Active Directory D) Windows Autopilot profile
D) Windows Autopilot profile (5)
What method should you use to enroll 1,000 iOS devices in Intune and assign them to specific users automatically?
A) Apple Configurator B) Device Enrollment Program (DEP) C) Apple School Manager D) Manual enrollment
B) Device Enrollment Program (DEP) (7)
What is required to use Log Analytics to query events from a Windows 10 computer?
A) Install the Microsoft Monitoring Agent B) Configure the commercial ID C) Join Azure Active Directory D) Create an event subscription
A) Install the Microsoft Monitoring Agent (5)
Which configuration in Microsoft Endpoint Manager can you use to ensure that users in a specific department are using a supported version of Windows 10?
A) Device compliance B) Workspaces C) Endpoint security D) Reports
D) Reports (6)
Which profile should you use to configure and enable Endpoint Privilege Management on devices managed by Intune?
A) Device compliance policy B) Device configuration profile C) Device enrollment profile D) Conditional Access policy
B) Device configuration profile (6)
You need to ensure that all new user accounts created in your on-premises Active Directory domain are synchronized to Azure AD as quickly as possible. What should you do?
A) Modify directory synchronization settings in the Azure portal B) Customize synchronization options in Azure AD Connect C) Modify user account properties in Active Directory Users and Computers D) Run the Start-ADSyncSyncCycle cmdlet in PowerShell
D) Run the Start-ADSyncSyncCycle cmdlet in PowerShell (7)
Which policy should be used to restrict users from running non-approved applications on their Windows 10 devices?
A) App configuration policy in Intune B) Windows Defender Application Control policy C) Conditional access policy D) Device compliance policy
B) Windows Defender Application Control policy (6)
You need to ensure that Windows Defender policies are updated across all devices managed by Intune. What action should you take?
A) Create an update ring B) Configure a device compliance policy C) Deploy a Windows Autopilot profile D) Create a device configuration profile
D) Create a device configuration profile (5)