You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.

You need to create Endpoint security policies to meet the following requirements:

Hide the Firewall & network protection area in the Windows Security app.

Disable the provisioning of Windows Hello for Business on the devices.

Which two policy types should you use? To answer, select the policies in the answer area.

NOTE: Each correct selection is worth one point.

You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.

You need to configure an Intune device configuration profile to meet the following requirements:

Prevent Microsoft Office applications from launching child processes.

Block users from transferring files over FTP.

Which two settings should you configure in Endpoint protection? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that uses Microsoft Intune and contains the users shown in the following table.



Group2 has been assigned in the Enrollment Status Page.

You have the devices shown in the following table.



You capture and upload the hardware IDs of the devices in the marketing department.

You configure Windows Autopilot.

For each of the following statements, select Yes if the statement is true. Otherwise select No.

NOTE: Each correct selection is worth one point

You have a Microsoft 365 E5 subscription and 25 Apple iPads.

You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollment method.

What should

A. Upload a file that has the device identifiers for each iPad.

B. Modify the enrollment restrictions.

C. Configure an Apple MDM push certificate.

D. Add your user account as a device enrollment manager (DEM).

Your network contains an Active Directory domain.

You install the Microsoft Deployment Toolkit (MDT) on a server.

You have a custom image of Windows 11.

You need to deploy the image to 100 devices by using MDT.

Which three actions should you perform in sequence? To answer, move answer area and arrange them in the correct order.

You have a Microsoft Intune subscription that has the following device compliance policy settings:

Mark devices with no compliance policy assigned as: Compliant

Compliance status validity period (days): 14

On January 1, you enroll Windows 10 devices in Intune as shown in the following table.



On January 4, you create the following two device compliance policies:

Name: Policy1

Platform: Windows 10 and later

Require BitLocker: Require

Mark device noncompliant: 5 days after noncompliance

Scope (Tags): Tag1

Name: Policy2

Platform: Windows 10 and later

Firewall: Require

Mark device noncompliant: Immediately

Scope (Tags): Tag2

On January 5, you assign Policy1 and Policy2 to Group1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined Windows devices. All the devices are enrolled in Microsoft Intune. You need to configure Delivery Optimization on the devices to meet the following requirements:

• Allow downloads from the internet and from other computers on the local network.

• Limit the percentage of used bandwidth to 50.

What should you use?

A. a configuration profile

B. a Windows Update for Business Group Policy setting

C. a Microsoft Peer-to-Peer Networking Services Group Policy setting

D. an Update ring for Windows 10 and later profile

You have 200 computers that run Windows 10 and are joined to an Active Directory domain.

You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Enable the Allow Remote Shell access setting.

B. Enable the Allow remote server management through WinRM setting.

C. Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.

D. Enable the Windows Defender Firewall: Allow inbound Remote Desktop exceptions setting.

E. Set the Startup Type of the Remote Registry service to Automatic

F. Enable the Windows Defender Firewall: Allow inbound remote administration exception setting.

You have a Microsoft 365 subscription that contains a user named User1 and uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices that run Windows 11.

User1 provides remote support for 75 devices in the marketing department.

You need to add User1 to the Remote Desktop Users group on each marketing department device.

What should you configure?

A. an app configuration policy

B. a device compliance policy

C. an account protection policy

D. a device configuration profile

Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.

When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.

You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.

Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you configure the Windows Hello for Business enrollment options.

Does this meet the goal?

A. Yes

B. No