Dumps4free
Go Back on MD-102 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

MD-102 Practice Test


Page 12 out of 64 Pages

Topic 4: Mix Question

You have a Microsoft 365 subscription that contains two security groups named Group1 and Group2. Microsoft 365 uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You need to assign roles in Intune to meet the following requirements:
• The members of Group1 must manage Intune roles and assignments.
• The members of Group2 must assign existing apps and policies to users and devices.
The solution must follow the principle of least privilege.
Which role should you assign to each group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.






Your network contains an Active Directory domain.
You install the Microsoft Deployment Toolkit (MDT) on a server.
You have a custom image of Windows 11.
You need to deploy the image to 100 devices by using MDT.
Which three actions should you perform in sequence? To answer, move answer area and arrange them in the correct order.






Your network contains an on-premises Active Directory Domain Services {AD DS) domain that syncs with an Azure AD tenant by using Azure AD Connect.
You use Microsoft Intune and Configuration Manager to manage devices.
You need to recommend a deployment plan for new Windows 11 devices. The solution must meet the following requirements:

• Devices for the marketing department must be joined to the AD DS domain only. The IT department will install complex applications on the devices at build time, before giving the devices to the marketing department users.
• Devices for The sales department must be Azure AD joined. The devices will be shipped directly from the manufacturer to The homes of the sales department users.
• Administrative effort must be minimized.

Which deployment method should you recommend for each department? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.






You have a Microsoft 365 subscription that contains a user named User1. The subscription contains devices enrolled in Microsoft intune as shown in the following table.






You have a Microsoft 365 E5 subscription that contains a group named Group1.
You create a Conditional Access policy named CAPolicy1 and assign CAPolicy1 to Group1.
You need to configure CAPolicy1 to require the members of Group1 to reauthenticate
every eight hours when they connect to Microsoft Exchange Online.
What should you configure?


A.

Session access controls


B.

an assignment that uses a User risk condition


C.

an assignment that uses a Sign-in risk condition


D.

Grant access controls





A.   

Session access controls



User sign-in frequency
Sign-in frequency defines the time period before a user is asked to sign in again when attempting to access a resource.

The Azure Active Directory (Azure AD) default configuration for user sign-in frequency is a rolling window of 90 days.
Sign-in frequency control
Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
Browse to Azure Active Directory > Security > Conditional Access.
Select New policy.
Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
Choose all required conditions for customer’s environment, including the target cloud apps.
Under Access controls > Session.
Select Sign-in frequency.
Choose Periodic reauthentication and enter a value of hours or days or select Every time. 
Save your policy.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditionalaccess/howto-conditional-access-session-lifetime


Page 12 out of 64 Pages
Previous