Protecting user devices using Intune

Question 1

The devices enrolled in Intune are configured as shown in the following table: 📷 The device compliance policies in Intune are configured as shown in the following table: 📷 The device compliance policies have the assignments shown in the following table: 📷 The Mark devices with no compliance policy are assigned as Compliant. You are evaluating which devices are compliant with Intune. Check the box if the device is compliant

Accepted Answer

Device6. Device2.

Question 2

You have a Microsoft 365 tenant with the following devices enrolled in Intune. 📷 You've configured the following compliance policies in Intune including the groups they are assigned to: 📷 What policies will apply to which devices?

Accepted Answer

DeviceA and DeviceC only. DeviceD only.

Question 3

Your organization has a Microsoft 365 tenant. All the computers in your organization are running Windows 10. Every computer is joined to the domain and has Microsoft Intune installed. Your organization has updated its IT policy. Your new IT policy says only required telemetry data should be sent to Microsoft. You've been tasked with configuring the policy. How do you create the policy and apply it to all your Windows devices?

Accepted Answer

A device configuration profile that has device restrictions configured.

Question 4

Your company has a Microsoft 365 subscription. The company does not permit users to enroll personal devices in mobile device management (MDM). Users in the sales department have personal iOS devices. You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant. The users must be prevented from backing up the app data to iCloud. What should you create?

Accepted Answer

An app protection policy in Microsoft Endpoint Manager.

Question 5

Your organization has a Microsoft 365 tenant with a default domain of gitbit.org Your organization's Azure AD contains the following users. Your organization's Microsoft Endpoint Manager admin center shows the following devices enrolled. Both devices have three apps named AppA, AppB, and AppC installed. You create an app protection policy named ProtectionPolicyA that has the following settings: Protected apps: AppA Exempt apps: AppB Windows Information Protection mode: Block You apply ProtectionPolicyA to GroupA and GroupC. You exclude GroupB from ProtectionPolicyA. Check the box next to each true statement

Accepted Answer

From DeviceB, User1 can copy data from AppA to AppB. From DeviceB, User2 can copy data from AppA to AppC.

Question 6

Your organization has a Microsoft 365 tenant with a primary domain of gitbit.org The following Windows 10 devices are joined to Azure AD.

Accepted Answer

DeviceA, DeviceB, DeviceC, and DeviceD. DeviceA and DeviceC.

Question 7

Your organization has Microsoft 365 tenant configured with a hybrid on-premises Exchange server. Every user in your organization has a Windows 10 computer that's joined to the domain and has the latest version of Microsoft Office installed. All computers in the organization run Windows 10 Enterprise, are joined to the domain, and use Microsoft Office 365 ProPlus. You have a server named ServerA that runs Windows Server 2016 and hosts the telemetry database. You've been tasked with preventing private details in the telemetry data from being sent to Microsoft. What should you do?

Accepted Answer

Configure a registry value on all the computers.

Question 8

You need to ensure that unmanaged mobile devices are quarantined when the devices attempt to connect to Exchange Online. What steps should you take to complete the task?

Accepted Answer

Open Exchange Admin Center. Click Mobile then Edit.Click Select options.

Question 9

Your organization has a Microsoft 365 tenant with devices registered in Azure AD. The devices are managed by using Microsoft Intune. Your manager asks you to enable and configure Windows Defender Exploit Guard (Windows Defender EG) on the devices. Which type of device configuration profile should you use?

Accepted Answer

Device configuration profile > Endpoint protection.

Question 10

Your manager has asked you to set up the Microsoft 365 tenant so users can only join 5 devices to the tenant. What do you need to do to configure it? Put the answers in the correct order

Accepted Answer

Open the Microsoft Azure AD Admin Center. Go to Devices. Click Device Settings.

Question 11

Your organization has a Microsoft 365 tenant named GitBit.org that contains the following users. 📷 Your organization has registered the following devices in Azure AD. 📷 You create the app protection policies in the Microsoft Endpoint Manager admin center as shown below. 📷 Check the box next to each true statement below.

Accepted Answer

When UserB uses DeviceA, PolicyB applies.

Question 12

You have a Microsoft 365 tenant with Defender for Endpoint. Intune is set up and installed on your Windows 10 devices. You open the Microsoft Endpoint Manager admin center and create an attack surface reduction policy. The policy is shown in the image below. Use the dropdowns below to complete the statement.

Accepted Answer

the user will receive a security warning. the webpage will open without warning.

Question 13

Your organization has a Microsoft 365 tenant. Your manager has asked you to set up app-enforced restrictions for 20 users so they can't download attachments unless they are on a compliant device. From the Azure AD admin center, you create a security group called GroupA. What are the next two steps you need to take? Select the correct options below.

Accepted Answer

New-OwaMailboxPolicy and Set-OwaMailboxPolicy. The group, the cloud app, and enable app enforced restrictions.

Question 14

You have a Microsoft 365 tenant with Microsoft 365 E5 licenses. Your organization uses Intune and it's managed through the Microsoft Endpoint Manager admin center. You've already configured the compliance policy settings as below. 📷 On April 1, 2022, you create the device compliance policies shown below 📷 On April 5, 2022, users enroll the following Windows 10 devices in Intune. 📷 Check the boxes below if the statements are true.

Accepted Answer

On April 10, 2022, Device1 is flagged as compliant. On April 6, 2022, Device2 is flagged as compliant.

Protecting user devices using Intune

Questions for this test