ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-102 All Questions

View all questions & answers for the MD-102 exam
Go to Exam

Exam MD-102 topic 1 question 3 discussion

Actual exam question from Microsoft's MD-102
Question #: 3
Topic #: 1
[All MD-102 Questions]

HOTSPOT -

Case study -

Overview -
ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
ADatum has a Microsoft 365 E5 subscription.

Environment -

Network Environment -
The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -
The adatum.com tenant contains the users shown in the following table.

All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.

Devices -
ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.

All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Configuration -
Microsoft Intune has the compliance policies shown in the following table.


The Automatic Enrollment settings have the following configurations:

MDM user scope: GroupA -

MAM user scope: GroupB -
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

Name: Protection1 -

Folder protection: Enable -
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:

Included groups: Group2, GroupB -

Windows Autopilot Configuration -
ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.

Currently, there are no devices deployed by using Windows Autopilot.
The Intune connector for Active Directory is installed on Server1.

Requirements -

Planned Changes -
ADatum plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
Deployed a network boundary configuration profile that will have the following settings:

Name: Boundary1 -
Network boundary: 192.168.1.0/24

Scope tags: Tag1 -
Assignments:

Included groups: Group1, Group2 -
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:

Name: Connection1 -

Connection name: VPN1 -

Connection type: L2TP -
Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: --

Name: Connection2 -

Connection name: VPN2 -

Connection type: IKEv2 -
Assignments:

Included groups: GroupA -

Excluded groups: GroupB -

Technical Requirements -
ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Joe9011 at Aug. 16, 2023, 8:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sh123df
Highly Voted 1 year, 8 months ago
No No Yes Answer is correct
upvoted 19 times
...
Tonsku
Highly Voted 7 months, 1 week ago
N,N,Y device1: bitlocker Y, secureboot N Device1: group1 group1: policy1 & policy2 compliance policies settings: Policy1: require bitlocker Only Policy2: requere secure boot only mark device with no complience policy as Compliant Device1 : Not Compliant Device4: bitlocker N, secureboot Y Device4: group2 group2: policy3 compliance policies settings: Policy3: require bitlocker & secureboot mark device with no complience policy as Compliant Device4 : Not compliance Device5: bitlocker Y, secureboot N Device5: group3 Policy3: group2 Policy3: require bitlocker & secureboot compliance policy: mark device with no complience as Complient Device5 : compliance
upvoted 15 times
...
boxafrica
Most Recent 7 months, 1 week ago
Cela semble correct.Sur le peripherique 1 nous avons deux politiques de conformité policy1 et poliy2 donc peripherique 1est non conforme.peripherique4 appartient au groupe 2 politique appliqué policy 3 qui requiere bitlocker et secure boot activeé;ce qui n'est pas le cas ici donc device 4 non conforme.Device 5 est conforme car il n a aucune poliique de conformité qui s'applique à lui donc oui/e qui nous donne NON;NON;OUI
upvoted 1 times
...
MR_Eliot
7 months, 1 week ago
Provided answer is correct: Device 1 - Group1 Conditional Policy: -> Policy1, Require bitlocker: YES -> Policy2, Require SecureBoot: NO ---------------------------------- Device 4 - Group2 Conditional Policy: -> Policy3, Require Bitlocker & SecureBoot: NO ---------------------------------- Device 5 - Group3 Conditional Policy: -> None: Compliant, becuase of configuration.
upvoted 6 times
...
7798da3
9 months, 3 weeks ago
disregard last post i see the names was looking for the actual policy
upvoted 1 times
...
7798da3
9 months, 3 weeks ago
where is policy2 I see one only
upvoted 1 times
...
Clauster
10 months ago
Provided answer is Correct 100%
upvoted 1 times
...
madsa
1 year, 5 months ago
No, No, Yes is correct.
upvoted 1 times
...
b0gdan433
1 year, 5 months ago
The answer is No, No, Yes, i just took the exam today.
upvoted 1 times
iTomi
1 year, 4 months ago
So...? MS doesnt reveal right answers.
upvoted 2 times
...
Merrybob
1 year, 2 months ago
No way you could've confirmed this.
upvoted 1 times
...
...
Contactfornitish
1 year, 6 months ago
Device 1 would not be compliant since Policy 2 would fail for that Device 4 (yes registered device can be checked for compliance, though no profile possible) is not compliant Device 5 would be compliant since group 3 is getting no policy and no policy means compliant No, No, yes
upvoted 3 times
...
picho707
1 year, 6 months ago
Can someone explain why Device4 is is a "No" It appears to me that the device is personally owned so the policy will not apply meaning that using these backward settings may be a "Yes". I am under the understanding that compliance policies require devices to be Azure Ad Joined to be able to properly report compliance results.
upvoted 1 times
NoursBear
1 year, 3 months ago
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune. Because it is enrolled it receives compliance policies
upvoted 1 times
...
Jacob75
1 year, 2 months ago
Group 2 required Policy is Secure boot and Bitlocker and device does not have Bitlocker. Personal devices can still be compliant and enrolled I think.
upvoted 1 times
...
...
FrenchDuck
1 year, 7 months ago
So for Device 1 it's a Yes bc the way it's arranged, from my understanding, Group one only needs either or to be marked as compliant. Compared to Device 2\group 2, it explicitly states it needs Bitlocker AND Secure boot, hence why it's a Not Compliant for me. Device 5 \ group 3 however , it's up to interpretation based on what Ive read in MS Learn so I'm going with Not Compliant based on here: https://learn.microsoft.com/en-us/training/modules/implement-device-compliance/4-deploy-policy
upvoted 2 times
Futfuyfyjfj
1 year, 7 months ago
In stead of what you are writing you mean it’s a No?
upvoted 1 times
...
...
picho707
1 year, 7 months ago
These answers are so backward. I will fire the Intune administrator for configuring something like this.
upvoted 8 times
...
NoursBear
1 year, 8 months ago
Well I was going for Yes No Yes because a device without a compliant policy is to be marked as compliant, so I don't know now as no one is thinking like me
upvoted 4 times
Futfuyfyjfj
1 year, 7 months ago
But device1 is assigned to 2 policies, which makes a No for device 1….
upvoted 2 times
...
NoursBear
1 year, 2 months ago
dunno why I came up with this, clearly NNY is correct, I see more clearly now lol
upvoted 1 times
...
...
ShiftDeL
1 year, 8 months ago
No No Yes for device 5 as :"Mark devices with no compliance policy assigned as: Compliant" has been configured.
upvoted 2 times
...
VirtualJP
1 year, 8 months ago
I'm going with: No No Yes
upvoted 3 times
...
krzysztofbr
1 year, 8 months ago
Guys, so many wrong answers in the comments below!! BossAceVentura: your comment is correct. "Yes - Device is part of group 1 which require only Bitlocker No - Requires both bitlocker and secure boot No - there is no group 3 policy"
upvoted 3 times
Futfuyfyjfj
1 year, 7 months ago
Lol, you are wrong: Mark devices with no compliance policy assigned as: Compliant" has been configured.
upvoted 3 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago