ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam
Go to Exam

Exam MS-101 topic 3 question 102 discussion

Actual exam question from Microsoft's MS-101
Question #: 102
Topic #: 3
[All MS-101 Questions]

You have a Microsoft 365 tenant that contains 1,000 Windows 10 devices. The devices are enrolled in Microsoft Intune.
Company policy requires that the devices have the following configurations:
✑ Require complex passwords.
✑ Require the encryption of removable data storage devices.
✑ Have Microsoft Defender Antivirus real-time protection enabled.
You need to configure the devices to meet the requirements.
What should you use?

  • A. an app configuration policy
  • B. a compliance policy
  • C. a security baseline profile
  • D. a conditional access policy
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mosab at Oct. 31, 2021, 7:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
amymay101
Highly Voted 3 years, 7 months ago
Selected Answer: C
I think this should be a security baseline as a compliance policy does not actually configure anything
upvoted 17 times
jkklim
3 years, 6 months ago
wrong. Answer is B. I create a compliance policy under Windows and the requirements are ALL FOUND in ONE SINGLE COMPLIANCE POLICY
upvoted 2 times
amymay101
3 years, 6 months ago
yes that's correct, they are all found in a compliance policy but the question asks 'you need to configure the devices to meet the requirements' You do this by using a security baseline
upvoted 4 times
...
ARYMBS
2 years, 9 months ago
Dude, it asks to set settings (Baseline) not to check those settings (Compliance). Answer is C.
upvoted 3 times
...
AlexBa
3 years, 6 months ago
Yes you create and after ? Compliance not set the correct setting, just inform you if you are compliance or not...
upvoted 3 times
BoxGhost
3 years, 1 month ago
The question doesn't say anything about compliance, it says configure devices to meet requirements. Security baseline achieves this, compliance policy will not help.
upvoted 4 times
...
...
...
qhuy199
1 year, 5 months ago
Great, as it requested "You need to configure the devices to meet the requirements". C is right option.
upvoted 1 times
...
...
mosab
Highly Voted 3 years, 8 months ago
It should be a security baseline profile
upvoted 8 times
JT19760106
3 years, 6 months ago
I don't seee "Require the encryption of removalbe data storage devices" or "Require complex" passwords in the security baseline policies for Windows 10, yet I see both of them in the compliance policies. Am I missing something?
upvoted 1 times
jackd
3 years, 3 months ago
Bitlocker Categorie -> Require the encryption of removalbe data storage devices Device Lock -> Require complex passwords
upvoted 4 times
...
...
...
KrisDeb
Most Recent 2 years, 7 months ago
Selected Answer: C
I thought it would be compliance policies, but they really don't enforce anything, you need to create other policies first. Security baselines tick all boxes and include all the requirements, just checked - real time protection, removable drive encryption and password complexity are all there and will be enforced, not only checked for compliance.
upvoted 2 times
...
John
2 years, 8 months ago
Selected Answer: C
https://learn.microsoft.com/en-us/mem/intune/protect/security-baselines
upvoted 2 times
...
RazielLycas
2 years, 11 months ago
Selected Answer: C
As already told by others, compliance policy let you know that device is complaint or not, but doesn't configure anything. Editing the baseline profiles in MEM -> Endpoint security -> MDM Security Baseline let you configure all the required parameters.
upvoted 2 times
...
venwaik
3 years, 1 month ago
Selected Answer: C
Came on exam 09-05-2022
upvoted 5 times
...
willyg78
3 years, 3 months ago
Selected Answer: C
Agree that the answer should be C - Security Baseline Profile The question reads 'You need to configure the devices to meet the requirements' A compliance profile will only mark the device as compliant / non compliant based on a set criteria To configure the devices we need a Security Baseline profile, this is based on MS best practice, and can be modified is required to meet the device requirements
upvoted 4 times
...
LillyLiver
3 years, 4 months ago
Selected Answer: C
Agree to answer C.
upvoted 2 times
...
Hershik
3 years, 5 months ago
Selected Answer: B
B. a compliance policy
upvoted 1 times
...
FreddyLao
3 years, 6 months ago
https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines You deploy security baselines to groups of users or devices in Intune, and the settings apply to devices that run Windows 10/11. For example, the MDM Security Baseline automatically enables BitLocker for removable drives, automatically requires a password to unlock a device, automatically disables basic authentication, and more. The second paragraph already answered this question
upvoted 1 times
...
Goena
3 years, 6 months ago
Answer should be B As jkklim mentioned, you can configure all the requirements in one single compliance policy. Security base lines are pre-configured and not meant to be changed.
upvoted 2 times
allesglar
3 years, 6 months ago
I agree with B but you are wrong regarding security base lines. You can create profiles and customize all needed requirements. Though I couldn't find a setting for the encyption of external storage and antivirus. Therefore B.
upvoted 1 times
jodtzz
3 years, 6 months ago
C is correct. Created a security baseline profile in my tenant and have the following option (copy and pasted directly): Block write access to removable data-drives not protected by BitLocker When set to Yes, Windows will not allow any data to be written to removable drives that are not BitLocker protected. If an inserted removable drive is not encrypted, the user will need to complete the BitLocker setup wizard for the drive before write access is granted. Setting this to not configured will allow data to be written to non-encrypted removable drives. There is also an entire section for Defender. On top of that, compliance policies don't actually configure anything.
upvoted 2 times
...
...
...
MichaelMu
3 years, 8 months ago
Security baselines are pre-configured groups of Windows settings that help you apply the security settings that are recommended by the relevant security teams. You can also customize the baselines you deploy to enforce only those settings and values you require. When you create a security baseline profile in Intune, you're creating a template that consists of multiple device configuration profiles. mosab,you are right
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel