Page: 1
/ 25
Total 377 questions
HOTSPOT -
Your company has an infrastructure that has the following:
✑ A Microsoft 365 tenant
✑ An Active Directory forest
✑ Microsoft Intune
✑ A Key Management Service (KMS) server
✑ A Windows Deployment Services (WDS) server
✑ A Microsoft Azure Active Directory (Azure AD) Premium tenant
The company purchases 100 new computers that run Windows 10.
You need to ensure that the new computers are joined automatically to Azure AD by using Windows Autopilot.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: Microsoft Endpoint Manager admin center
Create an Autopilot device group using Intune
1. In the Microsoft Endpoint Manager admin center, select Groups > New group.
2. Etc.
Box 2: Device serial number and hardware hash
Ensure that the CSV file meets requirements.
Device information in the CSV file where you capture hardware hashes should include:
Serial number -
Windows product ID -
Hardware hash -
Optional group tag -
Optional assigned user -
Reference:
https://docs.microsoft.com/en-us/intune/enrollment-autopilot
https://docs.microsoft.com/en-us/mem/autopilot/add-devices
Your company purchases new computers that run Windows 10. The computers have cameras that support Windows Hello for Business.
You configure the Windows Hello for Business Group Policy settings as shown in the following exhibit.
What are two valid methods a user can use to sign in? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Facial recognition
- B. A smartwatch that is Bluetooth-enabled
- C. A PIN
- D. A USB key
Answer : AB
Explanation:
A: The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the Use biometrics Group Policy setting to disabled and apply it to your computers.
B: Dynamic Lock is another feature introduced in 2018.
The setting is disabled by default. To enable it, go to Settings app, Accounts, and Sign-in options. Then check the option ג€Allow Windows to automatically lock your device when you are awayג€ in the Dynamic Lock section.
The system will scan and check to see if any paired devices that can be used to determine your presence. Once enabled, Dynamic Lock locks your PC automatically when it detects that you are not around. To me, it works the best when you pair your smartphone with your Windows 10 computer.
Click the Bluetooth & other devices link to go to the Bluetooth pairing page, and click the ג€Add Bluetooth or other devicesג€ button to start the pairing process.
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings https://www.nextofwindows.com/windows-10-what-is-dynamic-lock-and-how-to-turn-it-on
You have 10 computers that run Windows 8.1 and have the following configurations:
✑ A single MBR disk
✑ A disabled TPM chip
✑ Disabled hardware virtualization
✑ UEFI firmware running in BIOS mode
Enabled Data Execution Prevention (DEP)
You plan to upgrade the computers to Windows 10.
You need to ensure that the computers can use Secure Boot.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Convert the MBR disk to a GPT disk
- B. Enable the TPM chip.
- C. Disable DEP
- D. Enable hardware virtualization
- E. Convert the firmware from BIOS to UEFI.
Answer : AE
Explanation:
E: Need to use the UEFI mode to get the UEFI Security features.
A: If you want to ensure that your drive boots into a certain mode, use drives that you've preformatted with the GPT file format for UEFI mode, or the MBR file format for BIOS mode. When the installation starts, if the PC is booted to the wrong mode, Windows installation will fail. To fix this, restart the PC in the correct firmware mode.
Reference:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode
Your network contains an Active Directory domain. The domain contains 2,000 computers that run Windows 10.
You implement hybrid Microsoft Azure Active Directory (Azure AD) and Microsoft Intune.
You need to automatically register all the existing computers to Azure AD and enroll the computers in Intune. The solution must minimize administrative effort.
What should you use?
- A. An Autodiscover address record.
- B. A Windows AutoPilot deployment profile.
- C. An Autodiscover service connection point (SCP).
- D. A Group Policy object (GPO).
Answer : B
Explanation:
Hybrid Azure AD join.
Support for Hybrid Azure AD join (on-premises AD) using Windows Autopilot user-driven mode is available with Windows 10, version 1809 (or later).
Note: In this mode, you can use Windows Autopilot to join a device to an on-premises Active Directory domain. Configuring this feature is very similar to the
Windows Autopilot user-driven mode process today:
1. Register the device with Windows Autopilot.
2. Create an Autopilot deployment profile specifying Hybrid Azure AD as the method in which you would like to join devices to Azure AD.
3. Install the Intune Connector for Active Directory on a computer running Windows Server 2016 (or later).
Reference:
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Autopilot-Hybrid-Azure-AD-join-and-automatic/ba-p/286126
HOTSPOT -
Your network contains an Active Directory domain. The domain contains computers that run Windows 10 and are enrolled in Microsoft Intune. Updates are deployed by using Windows Update for Business.
Users in a group named Group1 must meet the following requirements:
✑ Update installations must occur any day only between 00:00 and 05:00.
✑ Updates must be downloaded from Microsoft and from other company computers that already downloaded the updates.
You need to configure the Windows 10 Update Rings settings in Intune to meet the requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: Notify download -
Hereג€™s what Automatic update behavior means:
* Notify download ג€" Notify the user before downloading the update. Users choose to download and install updates.
* Auto install at maintenance time ג€" Updates download automatically and then install during Automatic Maintenance when the device isnג€™t in use or running on battery power.
* Auto install and restart at maintenance time ג€" Updates download automatically and then install during Automatic Maintenance when the device isnג€™t in use or running on battery power.
Box 2: Not configured -
With Intune, use Delivery Optimization settings for your Windows devices to reduce bandwidth consumption when those devices download applications and updates. Configure Delivery Optimization as part of your device configuration profiles.
Reference:
https://deviceadvice.io/2020/01/27/windows-10-update-rings-the-best-user-experience/ https://docs.microsoft.com/en-us/intune/delivery-optimization-windows#move-from-existing-update-rings-to-delivery-optimization
Your network contains an Active Directory domain named contoso.com.
You create a provisioning package named Package1 as shown in the following exhibit.
What is the maximum number of devices on which you can run Package1 successfully?
- A. 1
- B. 10
- C. 25
- D. unlimited
Answer : B
Explanation:
The device name uses a single random number (applied by %RAND:1%). This allows for 10 unique values (0 ג€" 9).
HOTSPOT -
You have computers that run Windows 10 and are configured by using Windows Autopilot.
A user performs the following tasks on a computer named Computer1:
✑ Creates a VPN connection to the corporate network
✑ Installs a Microsoft Store app named App1
✑ Connects to a Wi-Fi network
You perform a Windows Autopilot Reset on Computer1.
What will be the state of the computer when the user signs in? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: Retained and the passphrase will be retained
The Windows Autopilot Reset process automatically keeps information from the existing device:
* Wi-Fi connection details.
Box 2: Removed -
Windows Autopilot Reset:
* Removes personal files, apps, and settings.
Box 3: Removed -
Windows Autopilot Reset:
Removes personal files, apps, and settings.
Reapplies a device's original settings.
Sets the region, language, and keyboard to the original values.
Maintains the device's identity connection to Azure AD.
Maintains the device's management connection to Intune.
The Windows Autopilot Reset process automatically keeps information from the existing device:
Wi-Fi connection details.
Provisioning packages previously applied to the device.
A provisioning package present on a USB drive when the reset process is started.
Azure Active Directory device membership and MDM enrollment information.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset
HOTSPOT -
Your network contains an Active Directory domain named constoso.com that is synced to Microsoft Azure Active Directory (Azure AD). All computers are enrolled in Microsoft Intune.
The domain contains the computers shown in the following table.
You are evaluating which Intune actions you can use to reset the computers to run Windows 10 Enterprise with the latest update.
Which computers can you reset by using each action? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: Computer 2 and Computer 3 only
The Fresh Start device action removes any apps that are installed on a PC running Windows 10, version 1709 or later.
Box 2: Computer1, Computer2, and Computer3
Windows Wipe:
Reference:
https://docs.microsoft.com/en-us/intune/device-fresh-start
https://docs.microsoft.com/en-us/intune/devices-wipe
You have the 64-bit computers shown in the following table.
You plan to perform an in-place upgrade to the 64-bit version of Windows 10.
Which computers can you upgrade to the 64-bit version of Windows 10 in their current state?
- A. Computer2 and Computer4 only
- B. Computer4 only
- C. Computer3 and Computer4 only
- D. Computer1, Computer2, Computer3 and Computer4
- E. Computer2, Computer3, and Computer4 only
Answer : A
Explanation:
Note: Once the Windows 10 upgrade is complete the key in plain text is removed, and then BitLocker will enable again automatically. This means that the
Windows 10 upgrade process on a device using BitLocker is the same to a device without using the security feature
Incorrect:
Not Computer1 or Computer3:
Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process cannot change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios https://pureinfotech.com/upgrade-windows-10-bitlocker-enabled/
You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (AD) and enrolled in Microsoft Intune.
You need to enable self-service password reset on the sign-in screen.
Which settings should you configure from the Microsoft Endpoint Manager admin center?
- A. Device configuration
- B. Device compliance
- C. Device enrollment
- D. Conditional access
Answer : A
Explanation:
To enable the self service password reset option with Intune.
Use the Azure portal to create a new configuration policy. Open Microsoft Intune, choose Device Configuration, Profiles and Create profile.
Reference:
https://www.inthecloud247.com/enable-self-service-password-reset-feature-on-the-windows-logon-screen/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company uses Windows Update for Business.
The research department has several computers that have specialized hardware and software installed.
You need to prevent the video drivers from being updated automatically by using Windows Update.
Solution: From the Device Installation and Restrictions settings in a Group Policy object (GPO), you enable Prevent installation of devices using drivers that match these device setup classes, and then you enter the device GUID.
Does this meet the goal?
- A. Yes
- B. No
Answer : B
Explanation:
Prevent installation of devices using drivers that match these device setup classes.
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.
Reference:
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DeviceInstallation::DeviceInstall_Classes_Deny
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company uses Windows Update for Business.
The research department has several computers that have specialized hardware and software installed.
You need to prevent the video drivers from being updated automatically by using Windows Update.
Solution: From the Settings app, you clear the Give me updates for other Microsoft products when I update Windows check box.
Does this meet the goal?
- A. Yes
- B. No
Answer : B
Reference:
https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000024
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company uses Windows Update for Business.
The research department has several computers that have specialized hardware and software installed.
You need to prevent the video drivers from being updated automatically by using Windows Update.
Solution: From the Device Installation settings in a Group Policy object (GPO), you enable Specify search order for device driver source locations, and then you select Do not search Windows Update.
Does this meet the goal?
- A. Yes
- B. No
Answer : A
Explanation:
Device driver searches using Windows Update must be prevented.
Configure the policy value for Computer Configuration -> Administrative Templates -> System -> Device Installation -> "Specify search order for device driver source locations" to "Enabled: Do not search Windows Update".
Reference:
https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000024
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that feature and quality updates install automatically during a maintenance window.
Solution: In Group policy, from the Windows Update settings, you enable Configure Automatic Updates, select 3 ג€" Auto download and notify for Install, and then enter a time.
Does this meet the goal?
- A. Yes
- B. No
Answer : B
Explanation:
Instead: In Group policy, from the Windows Update settings, you enable Configure Automatic Updates, select 4-Auto download and schedule the install, and then enter a time.
Reference:
https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updates
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have 20 computers that run Windows 10 and are joined to Microsoft Azure Active Directory (Azure AD).
You plan to replace the computers with new computers that run Windows 10. The new computers will be joined to Azure AD.
You need to ensure that the desktop background, the favorites, and the browsing history are available on the new computers.
Solution: You configure Enterprise State Roaming.
Does this meet the goal?
- A. Yes
- B. No
Answer : A
Explanation:
Enterprise State Roaming provides users with a unified experience across their Windows devices and reduces the time needed for configuring a new device.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-enable