2023年最新の実際に出る無料Microsoft MD-101試験問題集と解答
MD-101練習テストエンジンで今すぐ試そう358試験問題
Microsoft MD-101認定を獲得すると、今日の職場で不可欠な最新のデスクトップとデバイスの管理に関するITプロフェッショナルの専門知識が検証されます。この認定は、IT業界でのキャリアを促進したい専門家に競争力を提供します。この試験に合格することにより、候補者は、エンタープライズ環境で最新のデスクトップ、デバイス、アプリケーションを管理および展開する能力を実証できます。これにより、あらゆる組織の資産になります。
試験は、Windows 10の展開からデバイスとアプリケーションの管理まで、様々なトピックをカバーしています。試験は、更新とサービスの管理、ポリシーとプロファイルの管理、アイデンティティとアクセスの管理などのトピックもカバーしています。候補者は、これらの領域における知識とスキルを示す必要があります。
質問 # 32
You have the x64 devices shown in the following table.
You have the Windows 10 Enterprise images shown in the following table.
You need to identify which images can be used to perform an in-place upgrade of Computer1 and Computer2.
Which images should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: Image1 and Image2 only
Computer1 is a x64 system so Image1 and Image2 are fine.
Note: x86 refers to a 32-bit CPU and operating system while x64 refers to a 64-bit CPU and operating system.
Box 2: Image3 and Image4 only
There is no upgrade path from 32 bit versions of Windows to Windows 8 64 bit.
Reference:
https://answers.microsoft.com/en-us/windows/forum/all/switch-from-x86-to-x64/a69b5aae-9d20-414b-86b8-004
質問 # 33
You need to meet the OOBE requirements for Windows AutoPilot.
Which two settings should you configure from the Azure Active Directory blade? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://blogs.msdn.microsoft.com/sgern/2018/10/11/intune-intune-and-autopilot-part-3-preparing-your-environment/
https://blogs.msdn.microsoft.com/sgern/2018/11/27/intune-intune-and-autopilot-part-4-enroll-your-first-device/
Topic 3, Contoso, Ltd. (NEW)
Network Environment
The network contains an on-premises Active domain named Contoso.com. The domain contains the servers shown in the following table.
Contoso has a hybrid Azure Active Directory (Azure AD) tenant named Contoso.com.
Contoso has a Microsoft Store for Business instance.
Users and Groups
The Contoso.com tenant contains the users shown in the following table.
All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group and Group have a Membership type of Assign
Devices
Contoso has the Windows 10 devices shown in the following table.
The Windows 10 devices are joined to Azure AD and enrolled in Microsoft intune.
The Windows 10 devices are configured as shown in the following table.
All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder 1.
Microsoft Endpoint Manager Configuration
Microsoft Endpoint Manager has the compliance policies shown in the following table.
The Compliance policy settings are shown in the following exhibit.
The Automatic Enrolment settings have the following configurations:
* MDM user scope GroupA
* MAM user scope: GroupB
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:
* Name: Protection1
* Folder protection: Enable
* List of apps that have access to protected folders: CV\AppA.exe
* List of additional folders that need to be protected: D:\Folderi1
* Assignments
Windows Autopilot Configuration
Currently, there are no devices deployed by using Window Autopilot
The Intune connector tor Active Directory is installed on Server 1.
Planned Changes
Contoso plans to implement the following changes:
* Purchase a new Windows 10 device named Device6 and enroll the device in Intune.
* New computers will be deployed by using Windows Autopilot and will be hybrid Azure AO joined.
* Deploy a network boundary configuration profile that will have the following settings:
* Name Boundary 1
* Network boundary 192.168.1.0/24
* Scope tags: Tag 1
* Assignments;
* included groups: Group 1. Group2
* Deploy two VPN configuration profiles named Connection! and Connection that will have the following settings:
* Name: Connection 1
* Connection name: VPNI
* Connection type: L2TP
* Assignments:
* Included groups: Group1. Group2, GroupA
* Excluded groups: -
* Name: Connection
* Connection name: VPN2
* Connection type: IKEv2 i Assignments:
* included groups: GroupA
* Excluded groups: GroupB
* Purchase an app named App1 that is available in Microsoft Store for Business and to assign the app to all the users.
Technical Requirements
Contoso must meet the following technical requirements:
* Users in GroupA must be able to deploy new computers.
* Administrative effort must be minimized.
質問 # 34
What should you use to meet the technical requirements for Azure DevOps?
- A. A device configuration profile
- B. Windows Information Protection (WIP)
- C. Conditional access
- D. An app protection policy
正解:C
解説:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/manage-conditional-access?
view=azure-devops
Testlet 2
This is a case study. Case studies are not timed separately. You can use as much exam time as you would
like to complete each case. However, there may be additional case studies and sections on this exam. You
must manage your time to ensure that you are able to complete all questions included on this exam in the
time provided.
To answer the questions included in a case study, you will need to reference information that is provided in
the case study. Case studies might contain exhibits and other resources that provide more information
about the scenario that is described in the case study. Each question is independent of the other questions
in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers
and to make changes before you move to the next section of the exam. After you begin a new section, you
cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to
explore the content of the case study before you answer the questions. Clicking these buttons displays
information such as business requirements, existing environment, and problem statements. When you are
ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle
and New York.
Contoso has the users and computers shown in the following table.
The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN)
departments.
Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.
The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work
from home.
Existing Environment
The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure
Active Directory (Azure AD).
All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10
Enterprise.
The computers are managed by using Microsoft System Center Configuration Manager. The mobile
devices are managed by using Microsoft Intune.
The naming convention for the computers is the department acronym, followed by a hyphen, and then four
numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.
Each department has an organization unit (OU) that contains a child OU named Computers. Each
computer account is in the Computers OU of its respective department.
Intune Configuration
Requirements
Planned Changes
Contoso plans to implement the following changes:
Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro
preinstalled and were purchased already.
Start using a free Microsoft Store for Business app named App1.
Implement co-management for the computers.
Technical Requirements:
Contoso must meet the following technical requirements:
Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from
devices that are enrolled in Intune.
Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows
Autopilot.
Monitor the computers in the LEG department by using Windows Analytics.
Create a provisioning package for new computers in the HR department.
Block iOS devices from sending diagnostic and usage telemetry data.
Use the principle of least privilege whenever possible.
Enable the users in the MKG department to use App1.
Pilot co-management for the IT department.
質問 # 35
Your company has computers that run Windows 8.1, Windows 10, or macOS.
The company uses Microsoft Intune to manage the computers.
You need to create an Intune profile to configure Windows Hello for Business on the computers that support it.
Which platform type and profile type should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/intune/endpoint-protection-configure
質問 # 36
Your company uses Windows Defender Advanced Threat Protection (Windows Defender ATP). Windows Defender ATP includes the machine groups shown in the following table.
You onboard a computer to Windows Defender ATP as shown in the following exhibit.
What is the effect of the Windows Defender ATP configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 37
You have computers that run Windows 10 Pro. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You need to upgrade the computers to Windows 10 Enterprise.
What should you configure in Intune?
- A. A device cleanup rule
- B. A device enrollment policy
- C. A device compliance policy
- D. A device configuration profile
正解:D
解説:
Explanation/Reference:
https://blogs.technet.microsoft.com/skypehybridguy/2018/09/21/intune-upgrade-windows-from-pro-to- enterprise-automatically/
質問 # 38
Your network contains an Active Directory domain named constoso.com that is synced to Microsoft Azure Active Directory (Azure AD). All computers are enrolled in Microsoft Intune.
The domain contains the computers shown in the following table.
You are evaluating which Intune actions you can use to reset the computers to run Windows 10 Enterprise with the latest update.
Which computers can you reset by using each action? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/intune/device-fresh-start
https://docs.microsoft.com/en-us/intune/devices-wipe
質問 # 39
What should you configure to meet the technical requirements for the Azure AD-joined computers?
- A. The Password Policy settings in a Group Policy object (GPO).
- B. A password policy from the Microsoft Office 365 portal.
- C. The Accounts options in an endpoint protection profile.
- D. Windows Hello for Business from the Microsoft Intune blade in the Azure portal.
正解:D
解説:
References:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-manage-inorganization
Topic 2, Contoso Ltd
Contoso Ltd
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd, is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
Contoso has the users and computers shown in the following table.
The company has IT, human resources (HR), legal (LEG), marketing (MKG) and finance (FIN) departments.
Contoso uses Microsoft Store for Business and recently purchased a Microsoft 365 subscription.
The company is opening a new branch office in Phoenix. Most of the users in the Phoenix office will work from home.
Existing Environment
The network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).
All member servers run Windows Server 2016. All laptops and desktop computers run Windows 10 Enterprise.
The computers are managed by using Microsoft System Center Configuration Manager. The mobile devices are managed by using Microsoft Intune.
The naming convention for the computers is the department acronym, followed by a hyphen, and then four numbers, for example, FIN-6785. All the computers are joined to the on-premises Active Directory domain.
Each department has an organization unit (OU) that contains a child OU named Computers. Each computer account is in the Computers OU of its respective department.
Intune Configuration
Requirements
Planned Changes
Contoso plans to implement the following changes:
* Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.
* Start using a free Microsoft Store for Business app named App1.
* Implement co-management for the computers.
Technical Requirements:
Contoso must meet the following technical requirements:
* Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.
* Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.
* Monitor the computers in the LEG department by using Windows Analytics.
* Create a provisioning package for new computers in the HR department.
* Block iOS devices from sending diagnostic and usage telemetry data.
* Use the principle of least privilege whenever possible.
* Enable the users in the MKG department to use App1.
* Pilot co-management for the IT department.
質問 # 40
Your company has an infrastructure that has the following:
* A Microsoft 365 tenant
* An Active Directory forest
* Microsoft Store for Business
* A Key Management Service (KMS) server
* A Windows Deployment Services (WDS) server
* A Microsoft Azure Active Directory (Azure AD) Premium tenant
The company purchases 100 new computers that run Windows 10.
You need to ensure that the new computers are joined automatically to Azure AD by using Windows AutoPilot.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/en-us/intune/enrollment-autopilot
質問 # 41
Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Your network contains an Active Directory domain. The domain contains member computers that run
Windows 8.1 and are enrolled in Microsoft Intune.
You need to identify which computers can be upgraded to Windows 10.
Solution: From Windows on the Devices blade of the Microsoft Endpoint Manager admin center, you create a
filter and export the results as a CSV file.
Does this meet the goal?
- A. No
- B. Yes
正解:A
質問 # 42
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows 10.
You save a provisioning package named Package1 to a folder named C:\Folder1.
You need to apply Package1 to Computer1.
Solution: From the Settings app, you select Access work or school, and then you select Add or remove a provisioning package.
Does this meet the goal?
- A. No
- B. Yes
正解:B
解説:
To install a provisioning package, navigate to Settings > Accounts > Access work or school > Add or remove a provisioning package > Add a package, and select the package to install.
Reference:
https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package
質問 # 43
To which devices do Policy1 and Policy2 apply? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/intune/device-profile-assign
質問 # 44
You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You need to configure an Intune device configuration profile to meet the following requirements:
* Prevent Microsoft Office applications from launching child processes.
* Block users from transferring files over FTP.
Which two settings should you configure in Endpoint protection? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
References:
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
質問 # 45
You use Microsoft Intune to manage Windows updates.
You have computers that run Windows 10. The computers are in a workgroup and are enrolled in Intune. The computers are configured as shown in the following table.
On each computer, the Select when Quality Updates are received Group Policy setting is configured as shown in the following table.
You have Windows 10 update rings in Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 46
Your network contains an Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD). The domain contains the users shown in the following table.
Enterprise State Roaming is enabled for User2.
You have the computers shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 47
You have an Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain.
The tenant contains computers that run Windows 10. The computers are hybrid Azure AD joined and enrolled in Microsoft Intune. The Microsoft Office settings on the computers are configured by using a Group Policy Object (GPO).
You need to migrate the GPO to Intune.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
1 - Create a configuration profile.
2 - Configure the Administrative Templates settings.
3 - Assign the profile.
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/administrative-templates-windows
質問 # 48
Your company uses Microsoft System Center Configuration Manager (Current Branch) and purchases 365 subscription.
You need to set up Desktop Analytics for Configuration Manager.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/connect-configmgr
質問 # 49
You have a Microsoft 365 tenant
You have devices enrolled in Microsoft intune.
You assign a conditional access policy nan-ted Policy1 to a group named Group1. Policy1 restricts devices
marked as noncompliant from accessing Microsoft OneDrive for Business.
You need to identify which noncompliant devices attempt to access OneDrive for Business.
What should you do?
- A. From the Microsoft Endpoint Manager admin center, review the Setting compliance report.
- B. From the Microsoft Endpoint Manager admin center, review the Noncompliant devices reporter.
- C. From the Azure Active Directory admin center, review the Conditional Access Insights and Reporting
workbook. - D. From the Microsoft Endpoint Manager admin center, review Device compliance report.
正解:B
解説:
Explanation
The Noncompliant devices report provides data typically used by Helpdesk or admin roles to identify
problems and help remediate issues. The data found in this report is timely, calls out unexpected behavior, and
is meant to be actionable.
Note: Compliance reports help you understand when devices fail to meet your compliance configurations and
can help you identify compliance-related issues in your organization.
Open the compliance dashboard
Open the Intune Device compliance dashboard:
* Sign in to the Microsoft Endpoint Manager admin center.
* Select Devices > Overview > Compliance status tab.
When the dashboard opens, you get an overview with all the compliance reports. In these reports, you can see
and check for:
Overall device compliance
Per-policy device compliance
Per-setting device compliance
Threat agent status
Device protection status
View compliance reports
In addition to using the charts on Compliance status, you can go to Reports > Device compliance.
* Sign in to the Microsoft Endpoint Manager admin center.
* Select Devices > Monitor, and then from below Compliance select the report you want to view. Some of
the available compliance reports include:
Device compliance
Noncompliant devices
Devices without compliance policy
Setting compliance
Policy compliance
Noncompliant policies (preview)
Windows health attestation report
Threat agent status
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-monitor
質問 # 50
You have a Microsoft 365 E5 tenant that connects to Microsoft Defender for Endpoint.
You have devices enrolled in Microsoft Intune as shown in the following table.
You plan to use risk levels in Microsoft Defender for Endpoint to identify whether a device is compliant.
Noncompliant devices must be blocked from accessing corporate resources.
You need to identify which devices can be onboarded to Microsoft Defender for Endpoint, and which
Endpoint security policies must be configured.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: Device 1, Device2, Device 3, and Device 4
Supported Windows versions include Windows 8.1 and Windows 10
Other supported operating systems
Android
iOS
Linux
macOS
Box 2: Device configuration profile, device compliance policy, and conditional access policy
We need all three policies.
Establish a service-to-service connection between Intune and Microsoft Defender for Endpoint. This
connection lets Microsoft Defender for Endpoint collect data about machine risk from supported devices you
manage with Intune.
Use a device configuration profile to onboard devices with Microsoft Defender for Endpoint. You onboard
devices to configure them to communicate with Microsoft Defender for Endpoint and to provide data that
helps assess their risk level.
Use a device compliance policy to set the level of risk you want to allow. Risk levels are reported by Microsoft
Defender for Endpoint. Devices that exceed the allowed risk level are identified as noncompliant.
Use a conditional access policy to block users from accessing corporate resources from devices that are
noncompliant.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements
https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection#onboard-devices-by-using-a-co
質問 # 51
Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active Directory (Azure AD).
There are 500 domain-joined computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.
You plan to implement Windows Defender Exploit Guard.
You need to create a custom Windows Defender Exploit Guard policy, and then distribute the policy to all the computers.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
References:
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-exp
質問 # 52
You have a Microsoft 365 tenant that uses Microsoft Intune to manage personal and corporate devices. The tenant contains three Windows 10 devices as shown in the following exhibit.
How will Intune classify each device after the devices are enrolled in Intune automatically? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Table Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join
https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-register
質問 # 53
......
Microsoft MD-101認定試験の準備をするために、Microsoftは、候補者がWindows 10の展開と管理の経験、およびクラウドベースのサービスコンセプトとデバイス管理の経験を持つことを推奨しています。候補者は、Microsoftの公式トレーニングコース、練習テスト、および学習資料を活用して、試験の準備を支援することもできます。 MD-101試験に合格すると、最新のデスクトップ管理における専門知識が示され、ITプロフェッショナルとしてのキャリアを向上させることができます。
試験合格保証付きのMicrosoft Windows 10 Release 1809 and later MD-101試験問題集:https://www.goshiken.com/Microsoft/MD-101-mondaishu.html
Microsoft MD-101日常練習試験は2023年最新のに更新された358問あります:https://drive.google.com/open?id=15vUcA0S6EEIqWHonJOlUbBpmw0sYRCaz