Topic 4: Mix Question
You have a Microsoft 365 ES subscription that uses Microsoft Intune.
You have the apps shown in the following exhibit.
You have computer that run Windows 10 and connect to an Azure Log Analytics workspace. The workspace is configured to collect all available events from Windows event logs. The computers have the logged events shown in the following table.
Which events are collected in the Log Analytics workspace?
A.
1 only
B.
2 and 3 only
C.
1 and 3 only
D.
1, 2, and 4 on
E.
1, 2, 3, and 4
1, 2, 3, and 4
Explanation: All events from Windows event logs are collected in the Log Analytics workspace, regardless of the event level or source. Therefore, events 1, 2, 3, and 4 are all collected in the workspace.
References:
https://docs.microsoft.com/en-us/azure/azuremonitor/agents/data-sources-windows-events
You have 200 computers that run Windows 10 and are joined to an Active Directory domain.
You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A.
Enable the Allow Remote Shell access setting.
B.
Enable the Allow remote server management through WinRM setting.
C.
Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.
D.
Enable the Windows Defender Firewall: Allow inbound Remote Desktop exceptions setting.
E.
Set the Startup Type of the Remote Registry service to Automatic
F.
Enable the Windows Defender Firewall: Allow inbound remote administration exception setting.
Enable the Allow remote server management through WinRM setting.
Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.
Enable the Windows Defender Firewall: Allow inbound remote administration exception setting.
Explanation: To enable WinRM on domain computers using Group Policy, you need to perform the following actions:
Enable the Allow remote server management through WinRM setting under Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service. This setting allows you to specify the IP address ranges that can connect to the WinRM service.
Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic under Computer Configuration > Preferences > Control Panel Settings > Services. This setting ensures that the WinRM service starts automatically on the computers.
Enable the Windows Defender Firewall: Allow inbound remote administration exception setting under Computer Configuration > Policies > Security Settings > Windows Firewall and Advanced Security > Windows Firewall and Advanced Security > Inbound Rules. This setting creates a firewall rule that allows incoming TCP connections on port 5985 for WinRM. References: How to Enable WinRM via Group Policy, Installation and configuration for Windows Remote Management
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
Auto-enrollment in Intune is configured.
You have 100 Windows 11 devices in a workgroup.
You need to connect the devices to the corporate wireless network and enroll 100 new Windows devices in Intune.
What should you use?
A.
a provisioning package
B.
a Group Policy Object (GPO)
C.
mobile device management (MDM) automatic enrollment
D.
a device configuration policy
mobile device management (MDM) automatic enrollment
You have a Microsoft 365 subscription.
You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM).
You need to deploy the Microsoft 36S Apps for enterprise suite to all the computers.
What should you do?
A.
From the Microsoft Intune admin center, create a Windows 10 device profile.
B.
From Azure AD, add an app registration.
C.
From Azure AD. add an enterprise application.
D.
From the Microsoft Intune admin center, add an app.
From the Microsoft Intune admin center, add an app.
Explanation: To deploy Microsoft 365 Apps for enterprise to Windows 10 devices that are enrolled in Intune, you need to add an app of type “Windows 10 app (Win32)” in the Microsoft Intune admin center and configure the app settings. You can then assign the app to groups of users or devices.
References: https://docs.microsoft.com/enus/mem/intune/apps/apps-win32-app-management
You use the Microsoft Deployment Toolkit (MDT) to manage Windows 11 deployments.
From Deployment Workbench, you modify the WinPE settings and add PowerShell support.
You need to generate a new set of WinPE boot image files that contain the updated settings.
What should you do?
A.
From the Deployment Shares node, update the deployment share.
B.
From the Advanced Configuration node, create new media.
C.
From the Packages node, import a new operating system package
D.
From the Operating Systems node, import a new operating system.
From the Deployment Shares node, update the deployment share.
You have a Microsoft 365 tenant.
You have devices enrolled in Microsoft Intune.
You assign a conditional access policy named Policy1 to a group named Group1. Policy! restricts devices marked as noncompliant from accessing Microsoft OneDrive for Business.
You need to identify which noncompliant devices attempt to access OneDrive for Business.
What should you do?
A.
From the Microsoft Entra admin center, review the Conditional Access Insights and Reporting workbook.
B.
From the Microsoft Intune admin center, review Device compliance report.
C.
From the Microsoft Intune admin center, review the Noncompliant devices report.
D.
From the Microsoft Intune admin center, review the Setting compliance report.
From the Microsoft Intune admin center, review the Noncompliant devices report.
You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune. You need to set a custom image as the wallpaper and sign-in screen.
Which two settings should you configure in the Device restrictions configuration profile? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure AD tenant named contoso.com that contains the devices shown in the following table.
You have an Azure AD tenant that contains the users shown in the following table.
You have a Microsoft Deployment Toolkit (MDT) solution that is used to manage Windows 11 deployment tasks.
MDT contains the operating system images shown in the following table.
You use Windows Admin Center to remotely administer computers that run Windows 10. When connecting to Windows Admin Center, you receive the message shown in the following exhibit.
You need to prevent the message from appearing when you connect to Windows Admin Center.
To which certificate store should you import the certificate?
A.
Personal
B.
Trusted Root Certification Authorities
C.
Client Authentication Issuers
Trusted Root Certification Authorities
| Page 12 out of 27 Pages |
| Previous |