ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 4 question 3 discussion

Actual exam question from Microsoft's MS-500
Question #: 3
Topic #: 4
[All MS-500 Questions]

HOTSPOT -
You have a Microsoft 365 subscription that contains the users shown in the following table.

Group1 is a member of a group named Group3.
The Azure Active Directory (Azure AD) tenant contains the Windows 10 devices shown in the following table.

Microsoft Endpoint Manager has the devices shown in the following table.

Microsoft Endpoint Manager contains the compliance policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
Device1 is a member of Group4. Policy2 is assigned to Group 4.

Box 2: Yes -
Device1 is a member of Group4. Policy2 is assigned to Group 4.

Box 3: No -
Policy3 is assigned to Group2.
Device2 is a member of Group5.
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started
by xyz213 at Sept. 12, 2022, 6:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bac0n
Highly Voted 2 years, 7 months ago
Trying to research this and this helped me understand it more; https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy You can target users or devices with policies but this is asking if the policy is APPLYING TO THE DEVICE. It seems that if a user is an owner of a device and a policy is applied to that user then it doesn't apply to the device. They are only asking if the DEVICE IS BEING TARGETED BY THE POLICY.
upvoted 10 times
...
esabkov
Most Recent 2 years, 3 months ago
NYY - Deploy to users in user groups or devices in device groups. When a compliance policy is deployed to a user, all the user's devices are checked for compliance. Using device groups in this scenario helps with compliance reporting.
upvoted 2 times
josh_josh
2 years, 3 months ago
NYY Correct Answer
upvoted 1 times
...
...
RJ06
2 years, 8 months ago
I think its YYY for all 3. 1. Policy 1 - applies to Group3, Group3 has nested group 1 who has user1 in it. User1 has enrolled device 1, hence policy1 applies. 2. Policy 2 applies to Group4, Group4 has Device 1 as member, so regardless of any user, Policy 2 applies. 3. Policy 3 applies to group 2. Group 2 has two members user 2 and user 3. User 2 has enrolled device 2, so policy 3 applies to device 2.
upvoted 3 times
yaza85
2 years, 5 months ago
Where do you see nested groups?
upvoted 2 times
...
abill
2 years, 5 months ago
Also agree You can add an existing Security group to another Security group (also known as nested groups). Depending on the group types, you can add a group as a member of another group, just like a user, which applies settings like roles and access to the nested groups. You'll need the Groups Administrator or User Administrator role to edit group membership. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/how-to-manage-groups
upvoted 1 times
...
Tommy0000
2 years, 4 months ago
Apparently, nested group cannot apply the compliance polices https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions
upvoted 2 times
...
...
Bob27745
2 years, 9 months ago
Valid on Exam 9/21/2022
upvoted 2 times
...
xyz213
2 years, 9 months ago
Correct!
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel