- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows 10.
You save a provisioning package named Package1 to a folder named C:Folder1. You need to apply Package1 to Computer1.
Solution: From File Explorer, you go to C:Folder1, and then you double-click the Package1.ppkg file.
Does this meet the goal?
Correct Answer:
B
To install a provisioning package, navigate to Settings > Accounts > Access work or school > Add or remove a provisioning package > Add a package, and select the package to install.
Reference:
https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package
- (Exam Topic 4)
You have a Microsoft Deployment Toolkit (MDT) server named MDT1.
When computers start from the LiteTouchPE_x64.lso image and connect to MDT1. the welcome screen appears as shown In the following exhibit.
You need to prevent the welcome screen from appearing when the computers connect to MDT1.
Which three actions should you perform in sequence? To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Solution:
Box 1: Modify the Bootstrap.ini file.
Add this to your bootstrap.ini file and then update the deployment share and use the new boot media created in that process:
SkipBDDWelcome=YES
Box 2: Modify the CustomSettings.ini file. SkipBDDWelcome
Indicates whether the Welcome to Windows Deployment wizard page is skipped.
For this property to function properly it must be configured in both CustomSettings.ini and BootStrap.ini. BootStrap.ini is processed before a deployment share (which contains CustomSettings.ini) has been selected.
Box 3: Update the deployment share. Reference:
https://docs.microsoft.com/en-us/mem/configmgr/mdt/toolkit-reference#table-6-deployment-wizard-pages
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You manage a Microsoft Deployment Toolkit (MDT) deployment share named DS1. OS! contains an
Out-of-Box Drivers folder named Windows 10 x64 that has subfolders in the format of (make name} (model name).
You need to modify a deployment task sequence to ensure that all the drivers In the folder that match the make and model of the computers are installed without using PnP detection or selection profiles.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box 1: Preinstall PREINSTALL
Completes any tasks that need to be done (such as creating new partitions) before the target operating system is deployed.
Box 2: Inject Drivers Inject Drivers
This task sequence step injects drivers that have been configured for deployment to the target computer.
The unique properties and settings for the Inject Drivers task sequence step type are:
* Property: TypeSet this read-only type to Inject Drivers.
* Settings
Install only matching drivers: Injects only the drivers that the target computer requires and that match what is available in Out-of-Box Drivers
Install all drivers: Installs all drivers
Selection profile: Installs all drivers in the selected profile
Reference: https://docs.microsoft.com/en-us/mem/configmgr/mdt/toolkit-reference
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have 500 Windows 10 devices enrolled in Microsoft Intune.
You plan to use Exploit protection in Microsoft Endpoint Manager to enable the following system settings on the devices:
• Data Execution Prevention (DEP)
• Force randomization for images (Mandatory ASLR)
You need to configure a Windows 10 device that will be used to create a template file.
Which protection areas on the device should you configure in the Windows Security app before you create the template file? To answer, drag the appropriate protection areas to the correct settings. Each protection area may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: App & browser control
Graphical user interface, text, application Description automatically generated
Note: Data Execution Prevention (DEP): This mitigation prevents code from being run from data-only memory pages.
Box 2: App & browser control
Force randomization for images (Mandatory ASLR). This mitigation forcibly relocates images not compiled with /DYNAMICBASE.
Reference:
https://support.microsoft.com/en-us/windows/app-browser-control-in-windows-security-8f68fb65-ebb4-3cfb-4b
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 2)
You need a new conditional access policy that has an assignment for Office 365 Exchange Online. You need to configure the policy to meet the technical requirements for Group4.
Which two settings should you configure in the policy? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
The policy needs to be applied to Group4 so we need to configure Users and Groups. The Access controls are set to Block access
We therefore need to exclude compliant devices. From the scenario:
Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.
Note: When a device enrolls in Intune, the device information is updated in Azure AD to include the device compliance status. This compliance status is used by conditional access policies to block or allow access to e-mail and other organization resources.
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions https://docs.microsoft.com/en-us/intune/device-compliance-get-started
Does this meet the goal?
Correct Answer:
A
