MD-101 Free Practice Test

- (Exam Topic 4)
You have a Microsoft 365 subscription that contains the devices shown in the following table.

You need to ensure that only devices running trusted firmware or operating system builds can access network resources.
Which compliance policy setting should you configure for each device? To answer, drag the appropriate settings to the correct devices. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Solution:
Box 1:
Device Compliance settings for Windows 10/11 in Intune
There are the different compliance settings you can configure on Windows devices in Intune. As part of your mobile device management (MDM) solution, use these settings to require BitLocker, set a minimum and maximum operating system, set a risk level using Microsoft Defender for Endpoint, and more.
Note: Windows Health Attestation Service evaluation rules Require BitLocker:
Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.
Not configured (default) - This setting isn't evaluated for compliance or non-compliance.
Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.
Box 2: Prevent jailbroken devices from having corporate access Device Compliance settings for iOS/iPadOS in Intune
There are different compliance settings you can configure on iOS/iPadOS devices in Intune. As part of your mobile device management (MDM) solution, use these settings to require an email, mark rooted (jailbroken) devices as not compliant, set an allowed threat level, set passwords to expire, and more.
Device Health
Jailbroken devices
Supported for iOS 8.0 and later
Not configured (default) - This setting isn't evaluated for compliance or non-compliance. Block - Mark rooted (jailbroken) devices as not compliant.
Box 3: Prevent rooted devices from having corporate access. Device compliance settings for Android Enterprise in Intune
There are different compliance settings you can configure on Android Enterprise devices in Intune. As part of your mobile device management (MDM) solution, use these settings to mark rooted devices as not compliant, set an allowed threat level, enable Google Play Protect, and more.
Device Health - for Personally-Owned Work Profile Rooted devices
Not configured (default) - This setting isn't evaluated for compliance or non-compliance. Block - Mark rooted devices as not compliant.
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android-for-work https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You redirect Windows known folders to Microsoft OneDrive for Business. Which folder will be included in the redirection?

1. A. Saved Games
2. B. Desktop
3. C. Music
4. D. Downloads

Correct Answer: B

References:
https://docs.microsoft.com/en-us/onedrive/redirect-known-folders

- (Exam Topic 4)
You use a Microsoft Intune subscription to manage iOS devices.
You configure a device compliance policy that blocks jailbroken iOS devices. You need to enable Enhanced jailbreak detection.
What should you configure?

1. A. the device compliance policy
2. B. the Compliance policy settings
3. C. a network location
4. D. a configuration profile

Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

- (Exam Topic 4)
You have a Microsoft 365 subscription. All devices run Windows 10.
You need to prevent users from enrolling the devices in the Windows Insider Program.
What should you configure from Microsoft 365 Device Management? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

1. A. a Windows 10 security baseline
2. B. an app configuration policy
3. C. a custom device configuration profile
4. D. a Windows 10 update ring
5. E. a device restrictions device configuration profile

Correct Answer: D

- (Exam Topic 4)
You have a public computer named Public1 that runs Windows 10. Users use Public1 to browse the Internet by using Microsoft Edge.
You need to view events associated with website phishing attacks on Public1. Which Event Viewer log should you view?

1. A. Applications and Services Logs > Microsoft\Windows > DeviceGuard > Operational
2. B. Applications and Services Logs > Microsoft > Windows > Security-Mitigations> User Mode
3. C. Applications and Services Logs > Microsoft > Windows > SmartScreen > Debug
4. D. Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/ microsoft-defender-smartscreen-overview#viewing-windows-event-logs-for-microsoft-defender-smartscreen