[2024年01月11日]MD-102試験ブレーン問題集で学習注釈と理論
合格させるMicrosoft MD-102テスト練習テスト問題試験問題集
質問 # 53
You have a Microsoft Deployment Toolkit (MDT) deployment share named DS1.
You import a Windows 11 image to DS1.
You have an executable installer for an application named App1.
You need to ensure that App1 will be installed for all the task sequences that deploy the image.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
MDT is a tool that allows you to automate the deployment of Windows operating systems and applications. To install an application for all the task sequences that deploy a Windows 11 image, you need to perform the following three actions in sequence:
Add App1 to DS1. You can use the Deployment Workbench to import the executable installer of App1 to a folder in your deployment share. This will create an application entry with a unique GUID that identifies App11.
Identify the GUID of App1. You can find the GUID of App1 by opening the application properties in the Deployment Workbench and looking at the Application GUID field1. You can copy the GUID to use it later.
Modify CustomSettings.ini. You can edit the CustomSettings.ini file in your deployment share to specify which applications to install for each task sequence. You can use the Applications property to list the GUIDs of the applications you want to install, separated by commas1. For example, if you want to install App1 and another application with GUID {1234-5678-90AB-CDEF}, you can use this line:
Applications={GUID of App1},{1234-5678-90AB-CDEF}
These are the three actions you need to perform to ensure that App1 will be installed for all the task sequences that deploy the Windows 11 image from DS1. I hope this helps you.
If you want to learn more about MDT and how to deploy applications with it, you can check out these resources:
Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10)
How to deploy applications with the Microsoft Deployment Toolkit
質問 # 54
You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace.
Which three types of data can you collect from the computers by using Log Analytics? Each correct answer a complete solution.
NOTE: Each correct selection is worth one point.
- A. third-party application logs stored as text files
- B. the list of processes and their execution times
- C. the average processor utilization
- D. error events from the System log
- E. failure events from the Security log
正解:A、C、D
解説:
Explanation
You can collect error events from the System log, third-party application logs stored as text files, and the average processor utilization from the computers by using Log Analytics. These are some of the types of data that you can collect by using data sources such as Windows event logs, custom logs, and performance counters. You cannot collect failure events from the Security log or the list of processes and their execution times by using Log Analytics. References:
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-overview
質問 # 55
You have a Microsoft 365 subscription that contains 1.000 Windows 11 devices enrolled in Microsoft Intune. You plan to use Intune to deploy an application named App1 that contains multiple installation files.
What should you do first?
- A. Upload the contents of App1 to Intune.
- B. Prepare the contents of App1 by using the Microsoft Win32 Content Prep Tool.
- C. Install the Microsoft Deployment Toolkit (MDT).
- D. Create an Android application package (APK).
正解:B
質問 # 56
You need to prepare for the deployment of the Phoenix office computers.
What should you do first?
- A. Extract the hardware ID information of each computer to a CSV file and upload the file from the Devices settings in Microsoft Store for Business.
- B. Extract the hardware ID information of each computer to an XLSX file and upload the file from the Devices settings in Microsoft Store for Business.
- C. Generalize the computers and configure the Device settings from the Azure Active Directory blade in the Azure portal.
- D. Generalize the computers and configure the Mobility (MDM and MAM) settings from the Azure Active Directory blade in the Azure portal.
正解:A
解説:
Explanation
References:
https://docs.microsoft.com/en-us/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles
質問 # 57
You have a Microsoft 365 subscription.
All users have Microsoft 365 apps deployed.
You need to configure Microsoft 365 apps to meet the following requirements:
* Enable the automatic installation of WebView2 Runtime.
* Prevent users from submitting feedback.
Which two settings should you configure in the Microsoft 365 Apps admin center? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 58
You have a Microsoft 365 subscription that contains two security groups named Group1 and Group2.
Microsoft 365 uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to assign roles in Intune to meet the following requirements:
* The members of Group1 must manage Intune roles and assignments.
* The members of Group2 must assign existing apps and policies to users and devices.
The solution must follow the principle of least privilege.
Which role should you assign to each group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
To assign roles in Intune to meet the requirements, you should assign the following roles to each group:
Group1: Intune Role Administrator Group2: Help Desk Operator
The Intune Role Administrator role is the only Intune role that can manage custom Intune roles and add assignments for built-in Intune roles1. This role meets the requirement for Group1 to manage Intune roles and assignments.
The Help Desk Operator role can perform remote tasks on users and devices, and can assign applications or policies to users or devices1. This role meets the requirement for Group2 to assign existing apps and policies to users and devices.
質問 # 59
What should you use to meet the technical requirements for Azure DevOps?
- A. An app protection policy
- B. Conditional access
- C. A device configuration profile
- D. Windows Information Protection (WIP)
正解:B
解説:
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/manage-conditional-access?
view=azure-devops
質問 # 60
You have a Microsoft 365 subscription.
You have 10 computers that run Windows 10 and are enrolled in mobile device management (MDM).
You need to deploy the Microsoft 36S Apps for enterprise suite to all the computers.
What should you do?
- A. From the Microsoft Intune admin center, create a Windows 10 device profile.
- B. From Azure AD, add an app registration.
- C. From the Microsoft Intune admin center, add an app.
- D. From Azure AD. add an enterprise application.
正解:C
解説:
Explanation
To deploy Microsoft 365 Apps for enterprise to Windows 10 devices that are enrolled in Intune, you need to add an app of type "Windows 10 app (Win32)" in the Microsoft Intune admin center and configure the app settings. You can then assign the app to groups of users or devices. References:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management
質問 # 61
What is the maximum number of devices that User1 and User2 can enroll in Intune? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 62
You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Azure AD joined and are enrolled in Microsoft Intune.
You plan to manage Microsoft Defender Antivirus on the computers.
You need to prevent users from disabling Microsoft Defender Antivirus,
What should you do?
- A. From the Microsoft Intune admin center, create an endpoint detection and response (EDR) policy.
- B. From the Microsoft Intune admin center, create an account protection policy.
- C. From the Microsoft 365 Defender portal, enable tamper protection.
- D. From the Microsoft Intune admin center, create a security baseline.
正解:C
解説:
Explanation
Tamper protection is a feature of Microsoft Defender Antivirus that prevents users or malicious software from disabling or modifying the antivirus settings. Tamper protection can be enabled from the Microsoft 365 Defender portal for devices that are Azure AD joined and enrolled in Microsoft Intune. This will prevent users from turning off Microsoft Defender Antivirus or changing its configuration through Windows Security, PowerShell, Registry, or Group Policy. References: [Enable tamper protection]
質問 # 63
You have a Microsoft 365 tenant that uses Microsoft Intune.
You use the Company Portal app to access and install published apps to enrolled devices.
From the Microsoft Intune admin center, you add a Microsoft Store app.
Which two App information types are visible in the Company Portal?
NOTE: Each correct selection is worth one point.
- A. Owner
- B. Developer
- C. Privacy URL
- D. Information URL
正解:B、C
質問 # 64
Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection. The company's security policy states the following:
* Personal devices do not need to be enrolled in Intune.
* Users must authenticate by using a PIN before they can access corporate email data.
* Users can use their personal iOS and Android devices to access corporate cloud services.
* Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.
You need to configure a solution to enforce the security policy.
What should you create?
- A. a data loss prevention (DIP) policy from the Microsoft Purview compliance portal
- B. an insider risk management policy from the Microsoft Purview compliance portal
- C. a device configuration profile from the Microsoft Intune admin center
- D. an app protection policy from the Microsoft Intune admin center
正解:A
質問 # 65
You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.
You plan to use Endpoint analytics.
You need to create baseline metrics.
What should you do first?
- A. Create a Log Analytics workspace.
- B. Create an Azure Monitor workbook.
- C. Modify the Baseline regression threshold.
- D. Onboard 10 devices to Endpoint analytics.
正解:D
解説:
Explanation
Onboarding from the Endpoint analytics portal is required for Intune managed devices.
Reference: https://docs.microsoft.com/en-us/mem/analytics/enroll-intune
質問 # 66
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
In the Microsoft 365 Apps admin center, you create a Microsoft Office customization.
Which users can download the Office customization file from the admin center?
- A. Admin1 and Admin3 only
- B. Admin3 and Admin4 only
- C. Admin1, Admin2, Admin3. and Admin4
- D. Admin3 only
- E. Admin1, Admin2, and Admin3 only
正解:E
解説:
Explanation
* Admin1
An application admin has full access to enterprise applications, applications registrations, and application proxy settings.
* Admin2
Mark your app as publisher verified.
In Azure AD this user must be a member of one of the following roles: Application Admin, Cloud Application Admin, or Global Admin.
* Admin3
Office Apps admin - Assign the Office Apps admin role to users who need to do the following:
- Use the Office cloud policy service to create and manage cloud-based policies for Office
- Create and manage service requests
- Manage the What's New content that users see in their Office apps
- Monitor service health
Reference:
Office Apps admin - Assign the Office Apps admin role to users who need to do the following
https://docs.microsoft.com/en-us/azure/active-directory/develop/mark-app-as-publisher-verified
質問 # 67
You need to meet the technical requirements for the LEG department computers.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
A screenshot of a white box Description automatically generated
Reference:
https://docs.microsoft.com/en-us/windows/deployment/update/windows-analytics-azure-portal
質問 # 68
You have devices enrolled in Microsoft Intune as shown in the following table.
On which devices can you apply app configuration policies?
- A. Device2, Device3, and Device4 only
- B. Device1, Device2, Device B, and Device4
- C. Device3 and Device4 only
- D. Device1 and Device2 only
- E. Device2 only
正解:A
解説:
Explanation
The correct answer is D because app configuration policies can be applied to managed devices and managed apps1. Managed devices are enrolled and managed by Intune, while managed apps are integrated with Intune App SDK or wrapped using the Intune Wrapping Tool1. Device2, Device3, and Device4 are either enrolled in Intune or have managed apps installed, so they can receive app configuration policies2. Device1 is not enrolled in any MDM solution and does not have any managed apps installed, so it cannot receive app configuration policies2. References: 1: App configuration policies for Microsoft Intune | Microsoft Learn
https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-overview 2: Policy sets - Microsoft Intune | Microsoft Learn https://learn.microsoft.com/en-us/mem/intune/fundamentals/policy-sets
質問 # 69
You need to ensure that computer objects can be created as part of the Windows Autopilot deployment. The solution must meet the technical requirements.
To what should you grant the right to create the computer objects?
- A. GroupA
- B. Server2
- C. Server1
- D. DC1
正解:C
解説:
Reference:
https://blog.matrixpost.net/set-up-windows-autopilot-production-environment-part-2/
質問 # 70
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you modify the User settings and the Device settings.
Does this meet the goal?
- A. Yes
- B. No
正解:B
質問 # 71
You have a Microsoft 365 E5 subscription that contains 10 Android Enterprise devices. Each device has a corporate-owned work profile and is enrolled in Microsoft Intune.
You need to configure the devices to run a single app in kiosk mode.
Which Configuration settings should you modify in the device restrictions profile?
- A. General
- B. Device experience
- C. System security
- D. Users and Accounts
正解:B
解説:
Explanation
To configure the devices to run a single app in kiosk mode, you need to modify the Device experience settings in the device restrictions profile. You can specify the app package name and activity name for the app that you want to run in kiosk mode. References:
https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-android-for-work#device-experie
質問 # 72
User1 and User2 plan to use Sync your settings.
On which devices can the users use Sync your settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Graphical user interface, text, application, email Description automatically generated
Reference:
https://www.jeffgilb.com/managing-local-administrators-with-azure-ad-and-intune/
質問 # 73
You have a Microsoft 365 subscription that uses Microsoft Intune.
You plan to manage Windows updates by using Intune.
You create an update ring for Windows 10 and later and configure the User experience settings for the ring as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 74
......
厳密検証されたMD-102問題集と解答でMD-102問題集と正解付き:https://www.goshiken.com/Microsoft/MD-102-mondaishu.html
ベストMicrosoft 365 Certified学習ガイドMD-102試験:https://drive.google.com/open?id=1NYAZ5qg8ul84eoUkcrenfSMpx-e4X7km