- (Exam Topic 4)
You have a Microsoft Deployment Toolkit (MDT) deployment share.
You plan to deploy Windows 10 by using the Standard Client Task Sequence template. You need to modify the task sequence to perform the following actions:
Format disks to support Unified Extensible Firmware Interface (UEFI). Create a recovery partition.
Which phase of the task sequence should you modify?
Correct Answer:D
Reference: https://www.prajwaldesai.com/create-extra-partition-in-mdt/
- (Exam Topic 4)
You have computers that run Windows 8.1 or Windows 10. All the computers are enrolled in Microsoft Intune, Endpoint Configuration Manager, and Desktop Analytics. Co-management is enabled for your environment.
You plan to upgrade the Windows 8.1 computers to Windows 10.
You need to identify which Windows 8.1 computers do NOT have supported Windows 10 drivers.
What should you use?
Correct Answer:C
Reference:
https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/about-deployment-plans
- (Exam Topic 4)
Your company has several Windows 10 devices that are enrolled in Microsoft Inline.
You deploy a new computer named Computer1 that runs Windows 10 and is in a workgroup. You need to enroll Computer1 in Intune.
Solution: From the Settings app on Computer1, you use the Connect to work or school account settings. Does this meet the goal?
Correct Answer:B
Use MDM enrolment.
MDM only enrollment lets users enroll an existing Workgroup, Active Directory, or Azure Active directory joined PC into Intune. Users enroll from Settings on the existing Windows PC.
References:
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
- (Exam Topic 4)
You have the MDM Security Baseline profile shown in the MDM exhibit. (Click the MDM tab.)
You have the ASR Endpoint Security profile shown in the ASR exhibit. (Click the ASR tab.)
You plan to deploy both profiles to devices enrolled in Microsoft Intune.
You need to identify how the following settings will be configured on the devices: Block Office applications from creating executable content Block Win32 API calls from Office macro Currently, the settings are disabled locally on each device.
What are the effective settings on the devices? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: Audit mode
According to the ASR Endpoint Security profile and to the MDM Security Baseline profile
, Block Office applications from creating executable content is set to Audit mode. Box 2: Disable
Block Win32 API calls from Office macro: According to MDM Security Baseline profile it is set to disable. According to the ASR Endpoint Security profile it is set to Audit mode.
The profiles are merged. The Baseline profile overrides the Endpoint Security profile. Note:
When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.
Attack surface reduction rule merge behavior is as follows:
Endpoint security > Security baselines > Microsoft Defender for Endpoint Baseline > Attack Surface Reduction Rules.
MDM Security Baseline profile ASR Endpoint Security profile.
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy
Does this meet the goal?
Correct Answer:A
- (Exam Topic 4)
You have a Microsoft Office 365 E1 subscription. You plan to create Conditional Access policies.
You need to ensure that users have the required licenses. The solution must minimize costs. Which type of license should you assign to each user?
Correct Answer:C