ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-102 All Questions

View all questions & answers for the MD-102 exam
Go to Exam

Exam MD-102 topic 1 question 105 discussion

Actual exam question from Microsoft's MD-102
Question #: 105
Topic #: 1
[All MD-102 Questions]

HOTSPOT
-

You have a Microsoft Intune subscription that has the following device compliance policy settings:
• Mark devices with no compliance policy assigned as: Compliant
• Compliance status validity period (days): 14

On January1, you enroll Windows 10 devices in Intune as shown in the following table.



On January 4, you create the following two device compliance policies:

• Name: Policy1
• Platform: Windows 10 and later
• Require BitLocker: Require
• Mark device noncompliant: 5 days after noncompliance
• Scope (Tags): Tag1

• Name: Policy2
• Platform: Windows 10 and later
• Firewall: Require
• Mark device noncompliant: Immediately
• Scope (Tags): Tag2

On January 5, you assign Policy1 and Policy2 to Group1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Grg433 at Sept. 12, 2023, 6:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HawkieEyes
Highly Voted 1 year, 8 months ago
N - no firewall, policy 2 marks it non compliant immediately N - see above Y - will be set to not compliant on the 10th
upvoted 22 times
Besxp
1 month ago
Y,Y,Y! ➡ Device1: Matches Policy1 (Tag1) BitLocker: Enabled → meets requirement No noncompliance → still compliant ➡ No Policy2 applies → Device1 has no Tag2 ✅ Device1 is compliant → YES ➡ Same as above: Still meets Policy1 requirement (BitLocker enabled) No firewall requirement (Policy2 doesn’t apply because no Tag2) ✅ Device1 is compliant → YES ➡ Device2: Matches Policy2 (Tag2) Firewall: On → meets Policy2 requirement Policy1 doesn’t apply (no Tag1) ✅ Device2 is compliant → YES Many commenters assumed: ❌ Both policies apply to both devices (ignores scope tags). ❌ Device1 fails because its firewall is off (but no applicable policy requires firewall). ❌ Device2 fails because BitLocker is disabled (but no applicable policy requires BitLocker).
upvoted 2 times
...
...
mhmyz
Highly Voted 1 year, 4 months ago
I think YYY Y - Device1=Tag1 Policy1 only apply Y - Device1=Tag1 Policy1 only apply Y - Device2=Tag2 Policy2 only apply Scope Tag: https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy
upvoted 10 times
jzmirus2
5 months ago
Policy Assignment for Device1: Policy1 applies (because it is assigned to Group1 and has Scope Tag1). Policy2 does NOT apply (Device1 does not have Scope Tag2). Policy1 requires BitLocker enabled → Device1 meets this requirement ✅. Policy1 does not enforce firewall settings (so, the firewall being off does not make it noncompliant). Policy1 marks a device noncompliant after 5 days of noncompliance, but Device1 is already compliant. ➡️ Device1 remains compliant throughout. On January 7, Device1 is marked as compliant? ✅ Yes On January 8, Device1 is marked as compliant? ✅ Yes
upvoted 3 times
jzmirus2
5 months ago
Device2: BitLocker is disabled ❌ (Fails Policy1 requirement) Firewall is on ✅ (Meets Policy2 requirement) Scope Tag: Tag2 (Matches Policy2, but not Policy1) Group Membership: Group2 Policy Assignment for Device2: Policy1 does NOT apply (not in Group1 or Scope Tag1). Policy2 does NOT apply (only assigned to Group1, but Device2 is in Group2). Since no compliance policy is assigned to Device2, and the setting "Mark devices with no compliance policy assigned as: Compliant" is enabled, Device2 is automatically considered compliant. ➡️ On January 9, Device2 is marked as compliant? ✅ Yes
upvoted 2 times
...
...
2c57d1c
1 year, 1 month ago
Assignment of Groups is how these are assigned...Scope tags mean nothing in this case.
upvoted 2 times
...
Irism
1 year, 2 months ago
On January 5, you assign Policy1 and Policy2 to Group1
upvoted 1 times
...
...
PXAbstraction
Most Recent 1 week, 3 days ago
There is a lot of debate on this, but I've just spent a half hours reading up on it and am confident in saying that scope tags do NOT have any impacts on how policies are applied to devices, only what users can view them for administrator. Which means that the given answers are in fact correct.
upvoted 2 times
...
02dc19c
3 months, 3 weeks ago
the answers are YYY: Scope tags act as a filter, ensuring that only devices with the designated tags are impacted by the policy. This provides a way to refine and control the assignment of policies within broader groups. This means that Device 1 is only subject to the first policy and is compliant immediately regardless of grace period, and Device 2 is only subject to the 2nd policy and again, is compliant immediately. Hence, YYY
upvoted 2 times
...
batang_aratan
4 months, 3 weeks ago
Answers are correct No - because the firewall rule applies immediately No - for the same reason, firewall rule Yes - because although BitLocker is disabled on Device 2, Policy1 hasn't kicked in yet. On January 10, Device 2 will be non-compliant.
upvoted 2 times
...
JayHall
5 months ago
1 N) - Device 1 is NOT compliant on Jan 7th because the firewall is off and immediately becomes non-compliant. 2 N) - Device 1 is NOT compliant on Jan 8th because the firewall is still off. 3 Y) - Although firewall is off, Device 2 IS compliant on Jan 8th but it will go into non-compliant statis on Jan 10th (due to firewall being off, 5 days after non-compliance)
upvoted 3 times
...
AleFCI1908
8 months, 2 weeks ago
N no firewall, policy2 marks it non compl immediately N no firewall, policy2 marks it non compl immediately Y will be not compliant on the Jan 10th
upvoted 2 times
...
Faceless_Void
11 months, 3 weeks ago
January 1, devices onboarded with 14 days. Modified to 5 days. Device1 Tag1 Jan7 - NO - 5days validity from onboarding. Device1 Tag1 Jan8 - NO - 5days validity from onboarding. Device 2 TAG2 Jan8 - YES - Requirements MET - Firewall Enabled.
upvoted 2 times
...
ergacharsk
12 months ago
According to the Chat GPT correct answer is Y,Y,Y
upvoted 1 times
...
oopspruu
1 year ago
Scope Tags are just to throw you off and confuse you. They have no purpose when it comes to assignment. Given answers are correct.
upvoted 4 times
...
MR_Eliot
1 year, 4 months ago
NNY for sure.
upvoted 4 times
...
Darkfire
1 year, 5 months ago
I think NNN Because both policies will mark devices as non-compliant. Eventhough some variables pass the criteria.
upvoted 2 times
...
Manojkl1206
1 year, 6 months ago
ITs NNN Because: as both policy are applied Policy2 says move the device immediately to Non compliant it will not wait for 5 days hence the 3rd answer should be N
upvoted 2 times
AdamRachel
1 year, 6 months ago
Device is compliant for policy 2 but is not compliant for policy 1 where device will be mark non-compliant after 5 days which is 9 Jan.
upvoted 2 times
Krayzr
1 year, 5 months ago
But it will not be marked "compliant", it will have "evaluating" or something like that till 10th.
upvoted 2 times
...
...
...
ZaFletch
1 year, 8 months ago
Scope tags are irrelevant to policy deployment. So both policies apply to both machines on 4th. Policy 2 marks non-compliance immediately so device 1 is marked non-compliant immediately as it fails the criteria. Device 2 passes but it will fail on Policy 2. However it's not marked non-compliant until the 9th. So on the 8th it will remain compliant. NNY
upvoted 5 times
Tr1v
1 year, 8 months ago
Correct, but it says "On January 5, you assign Policy1 and Policy2 to Group1."
upvoted 1 times
...
...
RabbitB
1 year, 9 months ago
Isn't the answer NNN?? Both devices are assigned a compliance policy, which means they don't mark them as "compliant". Regardless of the day and devices, all are not marked as "compliant". Am I wrong?
upvoted 2 times
fiskaba
1 year, 7 months ago
Remember, the policies are assigned on Jan 5th. For this scenario, the device compliance policy settings are irrelevant because all devices have a policy assigned: 1 N) - Device 1 is NOT compliant on Jan 7th because the firewall is off and immediately becomes non-compliant. 2 N) - Device 1 is NOT compliant on Jan 8th because the firewall is still off. 3 Y) - Device 2 IS compliant on Jan 8th because the firewall is on, AND Policy1 does not go non-compliant until Jan 10th (5 days after non-compliance).
upvoted 3 times
...
RabbitB
1 year, 9 months ago
Mistake, YYY
upvoted 1 times
ubiquituz
1 year, 6 months ago
Who you?
upvoted 1 times
...
...
...
iamforksu
1 year, 9 months ago
NNY for the win
upvoted 1 times
...
reapernam
1 year, 9 months ago
On Second thought, its N N Y. Like ExamKiller020 says, the Scope Tags have no relevance in Policy or Group assignments. So both Policies are being applied.
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel