Previously, passing the MD-101 exam in general mode to earn a Microsoft 365 certification would do the following: familiarize yourself with the MD-101 exam syllabus and content, read official textbooks, and attend training courses. Today we are talking about breaking the traditional model and passing the MD-101 exam, that is, practicing the MD-101 exam sample questions.
How do I pass the MD-101 exam? Practicing the sample MD-101 exam questions is the best solution. You can practice and pass the exam using the 414 MD-101 sample questions provided by Pass4itSure MD-101 dumps https://www.pass4itsure.com/md-101.html.
What is the MD-101 exam and how do I pass it?
The MD-101 exam is a Microsoft 365 Modern Desktop Administrator certification exam that measures candidates’ ability in modern desktop management.
The MD-101 exam will be retired on July 31, 2023. Hurry. The replacement exam, Exam MD-102, will be available on May 2, 2023.
To pass the MD-101 exam, you need to use a new method – practicing MD-101 sample questions is an effective method.
Pass4itsure provides the latest MD-101 dumps containing MD-101 sample questions to ensure that the MD-101 exam is passed. With Pass4itsure’s MD-101 exam questions, you can better prepare for the MD-101 exam and increase your pass rate.
Where to get the best MD-101 sample questions in 2023?
The Pass4itSure website is where you should be. Latest MD-101 sample questions for 2023, you can trust it.
If you’re looking for the latest MD-101 sample questions exercises, here’s a free one for you.
[2023] MD-101 sample questions exercises (Online-Free)
Q1:
You have the Microsoft Deployment Toolkit (MDT) installed.
You install and customize Windows 10 on a reference computer.
You need to capture an image of the reference computer and ensure that the image can be deployed to multiple computers.
Which command should you run before you capture the image?
A. dism
B. wpeinit
C. bcdedit
D. sysprep
Correct Answer: D
Sysprep (System Preparation) prepares a Windows client or Windows Server installation for imaging. Sysprep can remove PC-specific information from a Windows installation (generalizing) so it can be installed on different PCs.
Q2:
You have computers that run Windows 10 Pro. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You need to upgrade the computers to Windows 10 Enterprise.
What should you configure in Intune?
A. A device enrollment policy
B. A device cleanup rule
C. A device compliance policy
D. A device configuration profile
Correct Answer: D
Intune: Upgrade Windows Pro to Enterprise.
1. First, create a Microsoft Intune configuration policy. In the Azure Portal navigate to Microsoft Intune -> Device Configuration -> Profiles. Click Create Profile.
2. Next, create a new Windows 10 and later profile, with a type of Edition Upgrade. Click Settings
3. Etc.
Q3:
Your company has a Microsoft 365 subscription.
You have enrolled all the company computers in Microsoft Intune.
You have been tasked with making sure that devices with a high Windows Defender Advanced Threat Protection (Windows Defender ATP) risk score are locked.
Which of the following actions should you take?
A. You should create a device configuration profile.
B. You should create a device compliance policy.
C. You should create a Windows AutoPilot deployment profile.
D. You should create a conditional access policy.
Correct Answer: B
References: https://github.com/MicrosoftDocs/IntuneDocs/blob/master/intune/advanced-threat-protection.md
Q4:
Your network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD).
You have a Microsoft 365 subscription.
You create a conditional access policy for Microsoft Exchange Online.
You need to configure the policy to prevent access to Exchange Online unless a user is connecting from a device that is hybrid Azure AD-joined.
Which settings should you configure?
A. Locations
B. Device platforms
C. Sign-in risk
D. Device state
Correct Answer: D
The device state condition was used to exclude devices that are hybrid Azure AD joined and/or devices marked as compliant with a Microsoft Intune compliance policy from an organization\’s Conditional Access policies.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions#device-state
Q5:
You have a Microsoft 365 E5 subscription and 150 Windows 10 devices.
All the devices are enrolled in Microsoft Intune.
You need to use Intune to apply Windows updates to the devices.
What should you do first?
A. From the Microsoft Endpoint Manager admin center, configure scope tags.
B. Create a device restriction policy that has telemetry set to the minimum setting of Required.
C. From the Microsoft Endpoint Manager admin center, configure a security baseline.
D. Create a device restriction policy that has telemetry set to Security (Enterprise Only).
Correct Answer: A
Q6:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Azure Active Directory admin center, you configure automatic mobile device management (MDM) enrollment. From the Device Management admin center, you create and assign a device restrictions profile.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, from the Azure Active Directory admin center, you configure automatic mobile device management (MDM) enrollment. From the Device Management admin center, you configure the Windows Hello for Business enrollment options.
References: https://docs.microsoft.com/en-us/intune/protect/windows-hello
Q7:
HOTSPOT
Your company has computers that run Windows 10 and are Microsoft Azure Active Directory (Azure AD)-joined.
The company purchases an Azure subscription.
You need to collect Windows events from the Windows 10 computers in Azure. The solution must enable you to create alerts based on the collected events.
What should you create in Azure and what should you configure on the computers? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System
Center Operations Manager and sends collected data to your Log Analytics workspace in Azure Monitor.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent
Q8:
HOTSPOT
You manage a Microsoft Deployment Toolkit (MDT) deployment share named DS1.
DS1 contains an Out-of-Box Drivers folder named Windows 10 x64 that has subfolders in the format of {make name}\{model name}.
You need to modify a deployment task sequence to ensure that all the drivers in the folder that match the make and model of the computers are installed without using PnP detection or selection profiles.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Preinstall
PREINSTALL Completes any tasks that need to be done (such as creating new partitions) before the target operating system is deployed.
Incorrect:
* INSTALL
Installs the target operating system on the target computer.
* VALIDATION
Identifies that the target computer is capable of running the scripts necessary to complete the deployment process.
Box 2: Inject Drivers
Inject Drivers This task sequence step injects drivers that have been configured for deployment to the target computer.
The unique properties and settings for the Inject Drivers task sequence step type are:
* Property: TypeSet this read-only type to Inject Drivers.
* Settings Install only matching drivers: Injects only the drivers that the target computer requires and that match what is available in Out-of-Box Drivers Install all drivers: Installs all drivers Selection profile: Installs all drivers in the selected profile
Reference: https://docs.microsoft.com/en-us/mem/configmgr/mdt/toolkit-reference
Q9:
Your company implements Microsoft Azure Active Directory (Azure AD), Microsoft 365, Microsoft Intune, and Azure Information Protection. The company\’s security policy states the following:
1. Personal devices do not need to be enrolled in Intune.
2. Users must authenticate by using a PIN before they can access corporate email data.
3. Users can use their personal iOS and Android devices to access corporate cloud services.
4. Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.
You need to configure a solution to enforce the security policy.
What should you create?
A. a data loss prevention (DLP) policy from the Microsoft 365 Compliance admin center
B. an insider risk management policy from the Microsoft 365 Compliance admin center
C. an app protection policy from the Endpoint Manager admin center
D. a device configuration profile from the Endpoint Manager admin center
Correct Answer: C
By implementing app-level policies, you can restrict access to company resources and keep data within the purview of your IT department.
Note: The important benefits of using App protection policies are the following:
Protecting your company data at the app level. Because mobile app management doesn’t require device management, you can protect company data on both managed and unmanaged devices. The management is centered on the user identity, which removes the requirement for device management.
End-user productivity isn’t affected and policies don’t apply when using the app in a personal context. The policies are applied only in a work context, which gives you the ability to protect company data without touching personal data.
App protection policies make sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
MDM, in addition to MAM, makes sure that the device is protected. For example, you can require a PIN to access the device, or you can deploy managed apps to the device. You can also deploy apps to devices through your MDM solution, to give you more control over app management.
Reference:
https://docs.microsoft.com/en-us/intune/app-protection-policy
Q10:
HOTSPOT
You have a Microsoft 365 tenant and an internal certification authority (CA).
You need to use Microsoft Intune to deploy the root CA certificate to managed devices.
Which type of Intune policy and profile should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Configuration profile Create a trusted certificate profile.
Box 2: Trusted certificate When using Intune to provision devices with certificates to access your corporate resources and network, use a trusted certificate profile to deploy the trusted root certificate to those devices.
Trusted root certificates establish trust from the device to your root or intermediate (issuing) CA from which the other certificates are issued.
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root
Q11:
Your company has a number of Windows 10 Microsoft Azure Active Directory (Azure AD) joined workstations. These workstations have been enrolled in Microsoft Intune. You are creating a device configuration profile for the workstations.
You have been informed that a custom image should be displayed as the Desktop background picture. Which of the following is a Device restriction setting that should be configured?
A. Locked screen experience
B. Personalization
C. Display
D. General
Correct Answer: B
Wallpaper image, or Desktop background picture, URL is set under Personalization.
References: https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10
Q12:
Your network contains an Active Directory domain. The domain contains computers that run Windows 8.1 and the users shown in the following table.
You plan to use the Microsoft Assessment and Planning (MAP) Toolkit to collect inventory data. The MAP Toolkit has the following configurations:
1. Inventory scenario: Windows computers
2. Discovery method: Use Active Directory Domain Services (AD DS)
You need to identify which user to use for the MAP Toolkit inventory discovery. The solution must use the principle of least privilege.
What should you identify?
A. User3
B. User1
C. User4
D. User2
Correct Answer: A
Discovery method: Use Active Directory Domain Services (AD DS)
Credentials required ” The wizard requires a domain account that is to be used to query AD DS. At a minimum, this account should be a member of the Domain
Users group in the domain. For each computer to be included in the WMI inventory process, the wizard also requires an account that is a member of the local Administrators group on that computer.
Reference:
Q13:
HOTSPOT
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains a user named User1 and two computers named Computer1 and Computer2 that run Windows 10.
User1 is configured as shown in the following exhibit.
You rename file \\Server1\Profiles\User1.V6\NTUSER.DAT as NTUSER.MAN.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the
desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user\’s session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
The .man extension causes the user profile to be a read-only profile.
Reference:
https://docs.microsoft.com/en-us/windows/client-management/mandatory-user-profile
Q14:
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. All users have computers that run Windows 10. The computers are joined to Azure AD and managed by using Microsoft Intune.
You need to ensure that you can centrally monitor the computers by using Windows Analytics.
What should you create in Intune?
A. a device configuration profile
B. a conditional access policy
C. a device compliance policy
D. an updated policy
Correct Answer: A
To use Update Compliance (including in Desktop analytics solution), Commercial ID and telemetry must be enabled. Device configuration (with custom OMA-URI settings) allows doing that. https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-configuration-mem
With CommercialID in hand, you\’re ready to go to the MEM admin center portal and start putting your keyboard to work making a custom OMA-URI device configuration profile to enable Update Compliance settings. You\’re going to need a total of four custom policy settings to configure devices to play nice with
Update Compliance Reference:
Q15:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
Your company uses Windows Autopilot to configure the computer settings of computers issued to users.
A user named User1 has a computer named Computer1 that runs Windows 10. User1 leaves the company.
You plan to transfer the computer to a user named User2.
You need to ensure that when User2 first starts the computer, User2 is prompted to select the language setting and to agree to the license agreement.
Solution: You create a new Windows AutoPilot self-deploying deployment profile.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
In Group Policy, within Configure Automatic Updates, you can configure a forced restart after a specified installation time.
To set the time, you need to go to Configure Automatic Updates, select option 4 – Auto download and schedule the install, and then enter a time in the Scheduled install time dropdown. Alternatively, you can specify that installation will occur during the automatic maintenance time.
1) Automatic Maintenance Random Delay has NOTHING to do with us achieving our goal of automatically installing updates during a maintenance window
2) Automatic Maintenance Activation Boundary made me take a deeper dive into these specific GPOs. From my understanding, configuring Activation Boundary will install updates on devices that are not in use. If a user is currently signed in, the updates will not install.
3) “Auto download and schedule the install” does what our question asks. We can decide NOT to check the option for “Automatic Maintenance”, which includes Activation Boundary and Random Delay. This question is once again quite nonspecific.
The activation Boundary seems to do more than what the question is asking. If we just need to auto-install updates during a maintenance window, answer B achieves that goal.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/update/waas-restart
There is also MD-101 PDF free download: https://drive.google.com/file/d/1kBcLVLPJ4ABqVwq-bE16ceGCXG_uYLuo/view?usp=share_link
Conclusion:
Dare to break the mold and win. Passing the exam by practicing sample MD-101 exam questions is a proven and effective method.
Download the latest MD-101 exam sample questions https://www.pass4itsure.com/md-101.html Prepare for the exam, keep up the good work, and hope that everyone will successfully pass the Microsoft MD-101 exam.
