Configuring Windows Devices
Question No: 11 – (Topic 2)
Employees are permitted to bring personally owned portable Windows 10 Enterprise computers to the office. They are permitted to install corporate applications by using the
management infrastructure agent and access corporate email by using the Mail app. An employee’s personally owned portable computer is stolen.
You need to protect the corporate applications and email messages on the computer. Which two actions should you perform? Each correct answer presents part of the solution.
Prevent the computer from connecting to the corporate wireless network.
Change the user’s password.
Disconnect the computer from the management infrastructure.
Initiate a remote wipe.
Answer: B,D Explanation:
The personally owned portable Windows10Enterprise computers being managed by the management infrastructure agent enables the use of remote wipe. By initiating a remote wipe, we can erase all company data including email from the stolen device.
Microsoft Intune provides selective wipe, full wipe, remote lock, and passcode reset capabilities. Because mobile devices can store sensitive corporate data and provide access to many corporate resources, you can issue a remote device wipe command from the Microsoft Intune administrator console to wipe a lost or stolen device.
Changing the user’s password should be the first step. If the stolen computer is accessed before the remote wipe happens, the malicious user could be able to access company resources if the laptop has saved passwords.
Question No: 12 – (Topic 2)
You administer a Windows 10 Enterprise computer that runs Hyper-V. The computer hosts a virtual machine with multiple snapshots. The virtual machine uses one virtual CPU and 512 MB of RAM.
You discover that the virtual machine pauses automatically and displays the state as paused-critical.
You need to identify the component that is causing the error. Which component should you identify?
no virtual switch defined
insufficient hard disk space
insufficient number of virtual processors
Answer: C Explanation:
In this question, the VM has “multiple snapshots” which would use up a lot of disk space. Virtual machines will go into the “Paused-Critical” state in Hyper-V if the free space on the drive that contains the snapshots goes below 200MB.
One thing that often trips people up is if they have their virtual hard disks configured on one drive – but have left their snapshot files stored on the system drive. Once a virtual machine snapshot has been taken- the base virtual hard disk stops expanding and the snapshot file stores new data that is written to the disk – so it is critical that there is enough space in the snapshot storage location.
Question No: 13 – (Topic 2)
You are an IT consultant for small and mid-sized business.
One of your clients wants to start using Virtual Smart Cards on its Windows 10 Enterprise laptops and tablets. Before implementing any changes, the client wants to ensure that the laptops and tablets support Virtual Smart Cards.
You need to verify that the client laptops and tablets support Virtual Smart Cards. What should you do?
Ensure that each laptop and tablet has a Trusted Platform Module (TPM) chip of version
1.2 or greater.
Ensure that BitLocker Drive Encryption is enabled on a system drive of the laptops and tablets.
Ensure that each laptop and tablet can read a physical smart card.
Ensure that the laptops and tablets are running Windows 10 Enterprise edition.
Answer: A Explanation:
A Trusted Platform Module (TPM) chip of version 1.2 or greater is required to support Virtual Smart Cards.
Virtual smart card technology from Microsoft offers comparable security benefits to physical smart cards by using two-factor authentication. Virtual smart cards emulate the functionality of physical smart cards, but they use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. Virtual smart cards are created in the TPM, where the keys that are used for authentication are stored in cryptographically secured hardware.
Question No: 14 – (Topic 2)
You deploy several tablet PCs that run Windows 10 Enterprise.
You need to minimize power usage when the user presses the sleep button. What should you do?
In Power Options, configure the sleep button setting to Sleep.
In Power Options, configure the sleep button setting to Hibernate.
Configure the active power plan to set the system cooling policy to passive.
Disable the C-State control in the computer’s BIOS.
Answer: B Explanation:
We can minimize power usage on the tablet PCs by configuring them to use Hibernation mode. A computer in hibernation mode uses no power at all.
Hibernation is a power-saving state designed primarily for laptops. While sleep puts your work and settings in memory and draws a small amount of power, hibernation puts your open documents and programs on your hard disk, and then turns off your computer. Of all the power-saving states in Windows, hibernation uses the least amount of power. On a laptop, use hibernation when you know that you won#39;t use your laptop for an extended period and won#39;t have an opportunity to charge the battery during that time.
Topic 3, Plan and implement a Microsoft Intune device management solution
Question No: 15 – (Topic 3)
You have a Microsoft Intune subscription.
You have three security groups named Security1, Security2 and Security3. Security1 is the parent group of Security2. Security2 has 100 users.
You need to change the parent group of Security2 to be Security3. What should you do first?
Edit the properties of Security1.
Edit the properties of Security2.
Remove all users from Security2.
Answer: C Explanation:
You cannot change the parent group of a security group in Microsoft Intune. You can only delete the group and recreate another group with the correct parent.
Deleting a group does not delete the users that belong to that group. Therefore, you do not need to remove the users from the group; you can just delete the group and recreate it.
Question No: 16 – (Topic 3)
You manage Microsoft Intune for a company named Contoso. Intune client computers run Windows 10 Enterprise.
You notice that there are 25 mandatory updates listed in the Intune administration console.
You need to prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
Which policy template should you use?
Microsoft Intune Agent Settings
Windows Configuration Policy
Microsoft Intune Center Settings
Windows Custom Policy (Windows 10 and Windows 10 Mobile)
Answer: A Explanation:
To configure the Prompt user to restart Windows during Intune client agent mandatory updates update policy setting you have to configure the Microsoft Intune Agent Settings policy. Setting the Prompt user to restart Windows during Intune client agent mandatory updates setting to No would prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
Question No: 17 DRAG DROP – (Topic 3)
You manage Microsoft Intune for a company named Contoso. You have 200 computers that run Windows 10. The computers are Intune clients.
You need to configure software updates for the clients.
Which policy template should you use to configure each software updates setting? To answer, drag the appropriate policy templates to the correct settings. Each policy template may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.
You must make use of the Microsoft Intune Windows general configuration policy to configure settings for enrolled devices. The system settings that can be configured using this policy include the following:
To configure the Allow immediate installation of updates that do not interrupt Windows update policy setting you have to configure and deploy a Microsoft Intune Agent Settings policy.
Question No: 18 – (Topic 3)
Your network contains an Active Directory domain named contoso.com. Contoso.com is synchronized to a Microsoft Azure Active Directory. You have a Microsoft Intune subscription.
Your company plans to implement a Bring Your Own Device (BYOD) policy. You will provide users with access to corporate data from their personal iOS devices.
You need to ensure that you can manage the personal iOS devices. What should you do first?
Install the Company Portal app from the Apple App Store.
Create a device enrollment manager account.
Set a DNS alias for the enrollment server address.
Configure the Intune Service to Service Connector for Hosted Exchange.
Enroll for an Apple Push Notification (APN) certificate.
Answer: E Explanation:
An Apple Push Notification service (APNs) certificate must first be imported from Apple so that you can manage iOS devices. The certificate allows Intune to manage iOS devices and institutes an accredited and encrypted IP connection with the mobile device management authority services.
Question No: 19 – (Topic 3)
You have an Active Directory domain named contoso.com that contains a deployment of Microsoft System Center 2012 Configuration Manager Service Pack 1 (SP1). You have a Microsoft Intune subscription that is synchronized to contoso.com by using the Microsoft Azure Active Directory Synchronization Tool (DirSync.)
You need to ensure that you can use Configuration Manager to manage the devices that are registered to your Microsoft Intune subscription.
Which two actions should you perform? Each correct answer presents a part of the solution.
In Microsoft Intune, create a new device enrollment manager account.
Install and configure Azure Active Directory Synchronization Services (AAD Sync.)
In Microsoft Intune, configure an Exchange Connector.
In Configuration Manager, configure the Microsoft Intune Connector role.
In Configuration Manager, create the Microsoft Intune subscription.
Answer: D,E Explanation:
To allow Configuration Manager to manage mobile devices in the same context as other devices, it requires you to create a Windows Intune subscription and synchronize user accounts from Active Directory to Microsoft Online. to achieve that, you are required to complete the following tasks:
Topic 4, Configure networking
Question No: 20 HOTSPOT – (Topic 4)
You have a network that contains Window 10 Enterprise computers.
The network configuration of one of the computers is shown in the following output.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the output.
NOTE: Each correct selection is worth one point.
The exhibit below shows that the computer obtained its IPv4 address from a DHCP server. It also shows when the DHCP lease was obtained and when it will expire.
The IPv6 address shown below starts with ‘fe80’. This is an auto-configuration address, not an address obtained from a DHCP server.
The IP address of the Default Gateway is 10.1.1.1
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|