You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined
Windows devices. All the devices are enrolled in Microsoft Intune.You need to
configure Delivery Optimization on the devices to meet the following
requirements:Allow downloads from the internet and from other computers on the
local network.Limit the percentage of used bandwidth to 50.What should you use?
A. a configuration profile
B. a Windows Update for Business Group Policy setting
C. a Microsoft Peer-to-Peer Networking Services Group Policy setting
D. an Update ring for Windows 10 and later profile
Give this one a try later!
, A. a configuration profile
Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure
Information Protection.The company's security policy states the following:• Personal
devices do not need to be enrolled in Intune.• Users must authenticate by using a PIN
before they can access corporate email data.• Users can use their personal iOS and
Android devices to access corporate cloud services.• Users must be prevented from
copying corporate email data to a cloud storage service other than Microsoft
OneDrive for Business.You need to configure a solution to enforce the security
policy.What should you create?
A. a device configuration profile from the Microsoft Intune admin center
B. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal
C. an insider risk management policy from the Microsoft Purview compliance portal
D. an app protection policy from the Microsoft Intune admin center
Give this one a try later!
D. an app protection policy from the Microsoft Intune admin center
DRAG DROP -You have a Microsoft 365 subscription. The subscription contains
computers that run Windows 11 and are enrolled in Microsoft Intune.You need to
create a compliance policy that meets the following requirements:Requires BitLocker
Drive Encryption (BitLocker) on each deviceRequires a minimum operating system
versionWhich setting of the compliance policy should you configure for each
requirement? To answer, drag the appropriate settings to the correct requirements.
Each setting may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.NOTE: Each correct selection is
worth one point.
Settings
Device Health
Device Properties
Microsoft Defender for Endpoint
,System Security
Answer Area
Requires BitLocker:
Requires a minimum operating system version:
Give this one a try later!
Device Health
Device Properties
DRAG DROP -You have a Microsoft 365 subscription that includes Microsoft
Intune.You need to implement a Microsoft Defender for Endpoint solution that meets
the following requirements:Enforces compliance for Defender for Endpoint by using
Conditional AccessPrevents suspicious scripts from running on devicesWhat should
you configure? To answer, drag the appropriate features to the correct requirements.
Each feature may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.NOTE: Each correct selection is
worth one point.
Features
A device restriction policy
A security baseline
An attack surface reduction (ASR) rule
An Intune connection
Answer Area
Enforces compliance:
Prevents suspicious scripts
Give this one a try later!
, Enforces compliance: An Intune connection
Prevents suspicious scripts: An attack surface reduction (ASR) rule
Your network contains an Active Directory domain named contoso.com. The domain
contains two computers named Computer1 and Computer2 that run Windows 10.On
Computer1, you need to run the Invoke-Command cmdlet to execute several
PowerShell commands on Computer2.What should you do first?
A. On Computer2, run the Enable-PSRemoting cmdlet.
B. On Computer2, add Computer1 to the Remote Management Users group.
C. From Active Directory, configure the Trusted for Delegation setting for the
computer account of Computer2.
D. On Computer1, run the New-PSSession cmdlet.
Give this one a try later!
A. On Computer2, run the Enable-PSRemoting cmdlet.
You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined
and managed by using Microsoft Intune.You need to configure Microsoft Defender
Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize
administrative effort.Which two actions should you perform? Each correct answer
presents part of the solution.NOTE: Each correct selection is worth one point.
A. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and
configure the Windows Defender Antivirus settings.
B. To configure Microsoft Defender Firewall, create a device configuration profile and
configure the Device restrictions settings.
C. To configure Microsoft Defender Antivirus, create a device configuration profile
and configure the Endpoint protection settings.
D. To configure Microsoft Defender Antivirus, create a device configuration profile
and configure the Device restrictions settin
Give this one a try later!
Windows devices. All the devices are enrolled in Microsoft Intune.You need to
configure Delivery Optimization on the devices to meet the following
requirements:Allow downloads from the internet and from other computers on the
local network.Limit the percentage of used bandwidth to 50.What should you use?
A. a configuration profile
B. a Windows Update for Business Group Policy setting
C. a Microsoft Peer-to-Peer Networking Services Group Policy setting
D. an Update ring for Windows 10 and later profile
Give this one a try later!
, A. a configuration profile
Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure
Information Protection.The company's security policy states the following:• Personal
devices do not need to be enrolled in Intune.• Users must authenticate by using a PIN
before they can access corporate email data.• Users can use their personal iOS and
Android devices to access corporate cloud services.• Users must be prevented from
copying corporate email data to a cloud storage service other than Microsoft
OneDrive for Business.You need to configure a solution to enforce the security
policy.What should you create?
A. a device configuration profile from the Microsoft Intune admin center
B. a data loss prevention (DLP) policy from the Microsoft Purview compliance portal
C. an insider risk management policy from the Microsoft Purview compliance portal
D. an app protection policy from the Microsoft Intune admin center
Give this one a try later!
D. an app protection policy from the Microsoft Intune admin center
DRAG DROP -You have a Microsoft 365 subscription. The subscription contains
computers that run Windows 11 and are enrolled in Microsoft Intune.You need to
create a compliance policy that meets the following requirements:Requires BitLocker
Drive Encryption (BitLocker) on each deviceRequires a minimum operating system
versionWhich setting of the compliance policy should you configure for each
requirement? To answer, drag the appropriate settings to the correct requirements.
Each setting may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.NOTE: Each correct selection is
worth one point.
Settings
Device Health
Device Properties
Microsoft Defender for Endpoint
,System Security
Answer Area
Requires BitLocker:
Requires a minimum operating system version:
Give this one a try later!
Device Health
Device Properties
DRAG DROP -You have a Microsoft 365 subscription that includes Microsoft
Intune.You need to implement a Microsoft Defender for Endpoint solution that meets
the following requirements:Enforces compliance for Defender for Endpoint by using
Conditional AccessPrevents suspicious scripts from running on devicesWhat should
you configure? To answer, drag the appropriate features to the correct requirements.
Each feature may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.NOTE: Each correct selection is
worth one point.
Features
A device restriction policy
A security baseline
An attack surface reduction (ASR) rule
An Intune connection
Answer Area
Enforces compliance:
Prevents suspicious scripts
Give this one a try later!
, Enforces compliance: An Intune connection
Prevents suspicious scripts: An attack surface reduction (ASR) rule
Your network contains an Active Directory domain named contoso.com. The domain
contains two computers named Computer1 and Computer2 that run Windows 10.On
Computer1, you need to run the Invoke-Command cmdlet to execute several
PowerShell commands on Computer2.What should you do first?
A. On Computer2, run the Enable-PSRemoting cmdlet.
B. On Computer2, add Computer1 to the Remote Management Users group.
C. From Active Directory, configure the Trusted for Delegation setting for the
computer account of Computer2.
D. On Computer1, run the New-PSSession cmdlet.
Give this one a try later!
A. On Computer2, run the Enable-PSRemoting cmdlet.
You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined
and managed by using Microsoft Intune.You need to configure Microsoft Defender
Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize
administrative effort.Which two actions should you perform? Each correct answer
presents part of the solution.NOTE: Each correct selection is worth one point.
A. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and
configure the Windows Defender Antivirus settings.
B. To configure Microsoft Defender Firewall, create a device configuration profile and
configure the Device restrictions settings.
C. To configure Microsoft Defender Antivirus, create a device configuration profile
and configure the Endpoint protection settings.
D. To configure Microsoft Defender Antivirus, create a device configuration profile
and configure the Device restrictions settin
Give this one a try later!
