{"id":90994,"date":"2023-09-27T06:12:33","date_gmt":"2023-09-27T11:42:33","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=90994"},"modified":"2023-09-29T04:23:16","modified_gmt":"2023-09-29T09:53:16","slug":"md-102-practice-test-questions","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/md-102-practice-test-questions\/","title":{"rendered":"20+ Free MD-102 Exam Questions on Microsoft Endpoint Administrator"},"content":{"rendered":"

Microsoft Endpoint Administrator (MD-102) certification<\/strong> <\/a>is designed mainly for IT professionals who are responsible for managing and deploying Windows 10 and other Microsoft 365 technologies within an organization.<\/p>\n

Microsoft MD-102 Exam assesses your expertise in deploying, configuring, protecting, managing, and monitoring devices and applications of the client in a Microsoft 365 environment.<\/p>\n

In this blog, we’ll provide you with valuable resources such as free MD-102 practice exam questions, allowing you to sharpen your skills and boost your confidence. Moreover, you can take advantage of our online Microsoft MD-102 practice test to assess your readiness before undertaking the actual MD-102 exam questions.<\/p>\n

Top MD-102 Practice Test Exam Questions & Answers<\/h3>\n

Passing the MD-102 Certification exam<\/a> can help you attain the Microsoft 365 Certified: Endpoint Administrator Associate distinction.<\/p>\n

You can prepare for the Endpoint Administrator (beta) certification<\/strong> with MD-102 exam questions and answers crafted by our experts. Relying on the Microsoft MD-102 exam practice test online before appearing for the actual MD-102 exam can help to determine your preparation level.<\/p>\n

Here, we have compiled the top 25 Microsoft’s MD-102 actual exam questions for you:<\/p>\n

Domain: <\/b>Manage identity and compliance<\/b><\/h4>\n

Question 1: Which of the following commands can be used for restricting to a specific resource group on a specific subscription?<\/strong><\/p>\n

A. <\/strong>“\/subscriptions\/{sub-id}\/resourceGroups\/{rg-name}”<\/span>
\nB. <\/strong>“\/subscriptions\/{sub-id}”<\/span>
\nC. <\/strong>“\/subscriptions\/{sub-id}\/resourceGroups\/{rg-name}\/{resource-name}”<\/span>
\nD. <\/strong>“\/subscriptions\/{sub-id}”, “\/subscriptions\/{sub-id}”<\/span><\/p>\n

Correct Answer: A<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option A<\/b> is correct <\/b>– Restrict to a specific resource group on a specific subscription.<\/span><\/p>\n

Option B is incorrect<\/b> – Command for Restrict to a subscription.<\/span><\/p>\n

Option C is incorrect <\/b>\u00a0– Command for Restrict to a specific resource.<\/span><\/p>\n

Option D is incorrect <\/b>– Command for Make a role available for assignment in two subscriptions.<\/span><\/p>\n

\"\"<\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/manage-users-and-groups-in-aad\/5-manage-aad-roles<\/span><\/a><\/p>\n

Domain: <\/b>Manage identity and compliance<\/b><\/h4>\n

Question 2: The forest root domain contains objects that don’t exist in other domains in the forest.<\/strong><\/p>\n

A. <\/strong>True<\/span>
\nB. <\/strong>False<\/span><\/p>\n

Correct Answer: A<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option A<\/b> is correct<\/b> because you always create these objects on the first domain controller, a forest can consist of as few as one domain with a single domain controller, or it can consist of several domains across multiple domain trees.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/introduction-to-ad-ds\/4-define-forests-domains<\/span><\/a><\/p>\n

Domain: <\/b>Manage identity and compliance<\/b><\/h4>\n

Question 3: Global Infotech has appointed you as a Desktop Administrator who needs your help on setting up conditional access policies to provide granular access for accessing company data irrespective of the device and location due to work from home policy. Please select the most secure way of accessing the data from the following.<\/strong><\/p>\n

A. <\/strong>Activate MFA for the employees to use the corporate application on their personal devices<\/span>
\nB. <\/strong>Automatically update the device to the latest version for accessing the company\u2019s data<\/span>
\nC. <\/strong>Ask the employees to visit any nearby office with a secured network<\/span>
\nD. <\/strong>User Exchange ActiveSync to enable access for the employees using their home network<\/span><\/p>\n

Correct Answer: A<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option A is correct<\/b> – We should need better protection and Conditional access allows you to add a layer of protection for them by requiring MFA when users access them.<\/span><\/p>\n

Option B is incorrect<\/b> – Conditional access will not have any functions on initiating any steps instead, it will set criteria for access.<\/span><\/p>\n

Option C is incorrect<\/b> – Employees will not prefer going to the office due to work from home setup.<\/span><\/p>\n

Option D is incorrect<\/b> – Exchange ActiveSync (EAS) is an Exchange synchronization protocol that’s optimized to work together with high-latency and low-bandwidth networks which can\u2019t be used to create policies.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/implement-device-compliance-policies\/5-explore-conditional-access<\/span><\/a><\/p>\n

Domain: <\/b>Manage identity and compliance<\/b><\/h4>\n

Question 4: What are some of the more commonly used device compliance settings? Choose 2 Options<\/strong><\/p>\n

A. <\/strong>Restrict internet service providers<\/span>
\nB. <\/strong>Perform factory reset including deleting personal data<\/span>
\nC. <\/strong>Maximum OS version allowed<\/span>
\nD. <\/strong>Record the private conversation on any 3rd party messenger<\/span>
\nE. <\/strong>Whether the device is jail-broken or rooted<\/span><\/p>\n

Correct Answers: C and E<\/b><\/p>\n

Explanation<\/b><\/p>\n

Options C and E are correct<\/b> – Maximum OS version allowed, Whether the device is jail-broken or rooted, Local data encryption, and requires the device to be at, or under the Mobile Threat Defense level are some of the more commonly used device compliance settings. Some of the more commonly used device compliance settings include, require a password to access devices, local data encryption, whether the device is jail-broken or rooted, minimum OS version required, maximum OS version allowed, require the device to be at, or under the Mobile Threat Defense level.<\/span><\/p>\n

Option A is incorrect<\/b> – Internet Service Provider (ISP) can\u2019t be restricted using compliance policies.<\/span><\/p>\n

Option B is incorrect<\/b> – Deleting personal data will be against the data protection policy but we can encrypt data.<\/span><\/p>\n

Option D is incorrect<\/b> – We can restrict the usage of applications that can be installed on a device but we don’t have access to record conversations on 3rd party messenger applications.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/manage-device-compliance\/2-plan-for<\/span><\/a><\/p>\n

Domain: Manage identity and compliance<\/b><\/h4>\n

Question 5: <\/b>You are assigned a task to restrict access for Android Smartphones from accessing Organizational data. You should find and restrict the access for smartphones that don\u2019t have the latest version of the security patch and can give a maximum 90 days of grace period for the users to update their smartphones. Which of the following can be used to achieve this task?<\/strong><\/p>\n

A. <\/strong>Notify end users through email<\/span>
\nB. <\/strong>Google Play Protect<\/span>
\nC. <\/strong>Encryption of data<\/span>
\nD. <\/strong>Mark device non-compliant<\/span><\/p>\n

Correct Answer: D<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option D is correct<\/b> – Organizations can grant a grace period for users to update the device to make it compliant. Devices that aren’t updated in that grace period are marked as noncompliant.<\/span><\/p>\n

Option A is incorrect <\/b>– Notifying end-users via email can just alert them with a customized email notification before sending it to the end-user.<\/span><\/p>\n

Option B is incorrect<\/b> – Google Play Protect is an android specific app that checks your apps and devices for harmful behavior.<\/span><\/p>\n

Option C is incorrect<\/b> – Only encryption of data will not restrict the user access using device compliance.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/manage-device-compliance\/2-plan-for<\/span><\/a><\/p>\n

Domain: Manage, maintain, and protect devices<\/b><\/h4>\n

Question 6: <\/b>A restaurant named Pizzamania wants to digitize their orders so they decide to give new iPhones to their waiters. Which Apple option can deploy an enrollment profile \u201cover the air\u201d to bring devices into management?<\/strong><\/p>\n

A. <\/strong>Company Portal<\/span>
\nB. <\/strong>Device Enrollment Program (DEP)<\/span>
\nC. <\/strong>Enterprise work profile<\/span>
\nD. <\/strong>Configurator for iPhone<\/span><\/p>\n

Correct Answer: B<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option B is correct<\/b> – Organizations can purchase iOS devices through Apple’s Device Enrollment Program (DEP). DEP lets you deploy an enrollment profile \u201cover the air\u201d to bring devices into management.<\/span><\/p>\n

Option A is incorrect<\/b> – Company Portal is the app that lets you, as an employee of your company, securely access those resources.<\/span><\/p>\n

Option C is incorrect<\/b> – Enterprise work profile devices to ensure work and personal information are separate.<\/span><\/p>\n

Option D is incorrect<\/b> – Configurator for iPhone enables you to add any Mac that has the T2 Security Chip or Apple silicon to your organization in Apple Business Manager or Apple School Manager so that you can use Automated Device Enrollment.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/enroll-devices-use-microsoft-intune\/8-enroll-ios-devices-intune<\/span><\/a><\/p>\n

Domain: Manage, maintain, and protect devices<\/b><\/h4>\n

Question 7: In Azure AD, If you\u2019re in a federated domain, you\u2019re redirected to your on-premises Secure Token Service (STS) server.<\/strong><\/p>\n

A. <\/strong>True<\/span>
\nB. <\/strong>False<\/span><\/p>\n

Correct Answer: A<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option A is correct<\/b> – Federated domain in Azure AD will redirect to the on-premises STS server by locating a matching tenant.<\/span><\/p>\n

For example, Active Directory Federation Services (AD FS), authenticates users with their usernames and password. Users can access certain applications without being prompted to provide login credentials repeatedly.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/manage-device-authentication\/4-join-devices-azure-active-directory<\/span><\/a><\/p>\n

Domain: Manage, maintain, and protect devices<\/b><\/h4>\n

Question 8: <\/b>Which of the following statements NOT true about policy sets?<\/strong><\/p>\n

A. <\/strong>Used for group objects that need to be assigned together<\/span>
\nB. <\/strong>It can be assigned as cross-platform<\/span>
\nC. <\/strong>The default restrictions and ESP cannot be added to a policy set<\/span>
\nD. <\/strong>Policy sets will replace existing concepts or objects<\/span><\/p>\n

Correct Answer: D<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option D<\/b> is correct<\/b> – Policy sets do not replace existing concepts or objects. You can continue to assign individual objects and you can also reference individual objects as part of a policy set. Therefore, any changes to those individual objects will be reflected in the policy set.<\/span><\/p>\n

Option A is incorrect<\/b> – One of the usages of policy sets is to Group objects that need to be assigned together.<\/span><\/p>\n

Option B is incorrect<\/b> – Policy sets support Windows, Android, macOS, and iOS\/iPadOS settings, and can be assigned cross-platform.<\/span><\/p>\n

Option C is incorrect<\/b> – In Policy sets, the default restrictions and ESP cannot be added to a policy set and which is one of the enrollment restrictions and Enrollment Status Page (ESP) issues.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/fundamentals\/policy-sets<\/span><\/a><\/p>\n

Domain: <\/b>Manage applications<\/b><\/h4>\n

Question 9: <\/b>You are required to deploy a Win32 application using Microsoft Endpoint Manager (MEM). While deploying, your employer asks you to add the name of the person who will be the point of contact for this app. Which of the following will be the most suitable field to add this information?<\/strong><\/p>\n

A. <\/strong>Publisher<\/span>
\nB. <\/strong>Developer<\/span>
\nC. <\/strong>Name<\/span>
\nD. <\/strong>Owner<\/span><\/p>\n

Correct Answer: D<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option D<\/b> is correct<\/b> – Under the App information page, the Owner field is used to indicate the name of the person in your organization who manages to license or the point of contact for this app.<\/span><\/p>\n

Option A is incorrect<\/b> – The name of the developer or company that distributes the app.<\/span><\/p>\n

Option B is incorrect<\/b> – The name of the developer or company that distributes the app.<\/span><\/p>\n

Option C is incorrect<\/b> – This name will be visible in the Intune apps list and to users in the Company Portal.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/education-deploy-applications\/deploy-win32-applications<\/span><\/a><\/p>\n

Domain: <\/b>Manage applications<\/b><\/h4>\n

Question 10: Which of the following values used to define the location of the Office installation files in the Office Deployment Tool?<\/strong><\/p>\n

A. <\/strong>UpdatePath=”\\\\Server\\Share”<\/span>
\nB. <\/strong>OfficeClientEdition=”32″<\/span>
\nC. <\/strong>SourcePath=”\\\\server\\share”<\/span>
\nD. <\/strong>DownloadPath=”\\\\server\\share”<\/span><\/p>\n

Correct Answer: C<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option C is correct<\/b> – SourcePath=”\\\\server\\share” – The SourcePath value should not include the \/Office part or the name of the folder on which Office Data has been downloaded.<\/span><\/p>\n

Option A is incorrect<\/b> – Office checks for updates at “\\server\\share” on your network.<\/span><\/p>\n

Option B is incorrect<\/b> – Downloads and installs the 32-bit edition of Office.<\/span><\/p>\n

Option D is incorrect<\/b> – Office downloads the package at “\\server\\share” on your network.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/deployoffice\/office-deployment-tool-configuration-options<\/span><\/a><\/p>\n

Domain: Manage applications<\/b><\/h4>\n

Question 11:<\/b> __________ monitors reliability and performance metrics and provides custom guidance to help optimize and troubleshoot Microsoft 365 Apps on your client devices.<\/strong><\/p>\n

A. <\/strong>Inventory<\/span>
\nB. <\/strong>Microsoft 365 Apps health<\/span>
\nC. <\/strong>Security update status<\/span>
\nD. <\/strong>Servicing profile<\/span><\/p>\n

Correct Answer: B<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option B<\/b> is correct<\/b> – Microsoft 365 Apps health monitors reliability and performance metrics and provides custom guidance to help optimize and troubleshoot Microsoft 365 Apps on your client devices.<\/span><\/p>\n

Option A is incorrect<\/b> – You can use the inventory page to see information about the devices in your organization, including hardware, operating system, and the Office software running on that device.<\/span><\/p>\n

Option C is incorrect<\/b> – You can use the security update status page in the Microsoft 365 Apps admin center to see which devices have installed the latest security updates for Office.<\/span><\/p>\n

Option D is incorrect<\/b> – With servicing profiles, you can automatically deliver monthly Office updates for specific users or groups.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/deployoffice\/admincenter\/overview<\/span><\/a><\/p>\n

Domain: Deploy Windows client<\/strong><\/h4>\n

Question 12: An organization manually deploys Enterprise or Education edition images for thousands of FAT machines, enters the Key Management services or Multiple Activation Key, and restarts the device. This causes a huge hit on SLA as they are unable to meet clients\u2019 requirements due to this tedious process. How can they implement a change to improve this situation?<\/strong><\/p>\n

A. <\/strong>Use Inherited Activation<\/span>
\nB. <\/strong>Use MAK<\/span>
\nC. <\/strong>Use Subscription Activation<\/span>
\nD. <\/strong>Use CSP program<\/span><\/p>\n

Correct Answer: C<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option C is correct<\/b>: The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later relying upon on-premises key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.<\/span><\/p>\n

Option A is incorrect:<\/b> Inherited Activation is a new feature available in Windows 10, version 1803 or later (Windows 11) that allows Windows 10\/11 virtual machines to inherit activation state from their Windows 10\/11 host. This will be applicable only when Virtual Machines activations are involved.<\/span><\/p>\n

Option B is incorrect:<\/b> Multiple Activation Key (MAK) activation is used for one-time activation through Microsoft-hosted activation services, either via the internet or by telephone. However, without Subscription activation, the IT Department needs to rely on the traditional method of rebooting the device.<\/span><\/p>\n

Option D is incorrect:<\/b> CSP (Cloud Solution Provider) is similar to the Subscription Activation feature but on a smaller scale.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/windows\/deployment\/windows-10-subscription-activation<\/span><\/a><\/p>\n

 <\/p>\n

Domain: Manage identity and compliance<\/b><\/h4>\n

Question 13: <\/b>An user was unable to log in to Azure Active Directory(AD) even though they have valid credentials, but they were able to log in when they are connected to the corporate network. What could be the issue?<\/strong><\/p>\n

A. <\/strong>AD user account was created before federated authentication<\/span>
\nB. <\/strong>Password hash was not synchronized to the cloud<\/span>
\nC. <\/strong>Legacy password hashes for NTLM + Kerberos authentication are required<\/span>
\nD. <\/strong>The hashing algorithm has failed<\/span><\/p>\n

Correct Answer: A<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option A is correct<\/b>: Azure AD user accounts created before federation authentication services might have an old password hash, so this doesn’t match a hash of their on-premises password. Hence, Azure Active Directory Domain Services (Azure AD DS) won’t be able to validate a user’s credentials.<\/span><\/p>\n

Option B is incorrect:<\/b> The password hash synchronization process runs every 2 minutes and it is streamlined to the cloud which cannot cause the issue.<\/span><\/p>\n

Option C is incorrect:<\/b> The user already accessed the AD while on-premises so the Legacy password hashes for NTLM (New Technology LAN Manager) + Kerberos authentication are already enabled and accessed.<\/span><\/p>\n

Option D is incorrect:<\/b> the hashing algorithm is automated and cannot be modified or reverted. Once the password is entered while on-premises, the existing password in the cloud is overwritten.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-domain-services\/compare-identity-solutions<\/span><\/a><\/p>\n

 <\/p>\n

Domain: Manage identity and compliance<\/b><\/h4>\n

Question 14: <\/b>Markle is a Law Firm located in New Jersey and you recently joined the firm as Desktop Administrator. One of the top executives forgot the password and used the self-service password reset functionality of Azure AD. What are the alternative methods of authentication for users that have forgotten their passwords?<\/strong><\/p>\n

A. <\/strong>Security questions, Office phone, Mobile Phone, Alternative email address<\/span>
\nB. <\/strong>Mobile phone, Alternative email address, Security questions, Biometric thumbprint<\/span>
\nC. <\/strong>Office phone, Mobile phone, Text message to any phone number, Security questions<\/span>
\nD. <\/strong>Challenge Handshake Authentication Protocol, or CHAP, Office phone, Mobile Phone, Alternative email address<\/span><\/p>\n

Correct Answer: A<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option A is correct – <\/b>This functionality can be enabled for all users or a group of users.<\/span><\/p>\n

Option B is incorrect<\/b> – A biometric thumbprint is not yet available for Azure AD.<\/span><\/p>\n

Option C is incorrect –<\/b> Text Message or One Time Password is sent only to a registered number.<\/span><\/p>\n

Option D is incorrect<\/b> – Challenge Handshake Authentication Protocol or CHAP is not a part of Azure AD.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/protect-identities-azure-active-directory\/6-manage-self-service-password-reset-azure-active-directory<\/span><\/a><\/p>\n

 <\/p>\n

Domain: Manage identity and compliance<\/b><\/h4>\n

Question 15:<\/b> As an Enterprise Admin in Gagle\u2019s IT Department, you are assigned a task to configure a mobile device setting or policy that specifies whether Gagle allows or blocks access to Exchange mail for devices that aren\u2019t supported by Basic Mobility and Security. Which of the following mobile device settings or policies should you use to make this requirement possible?<\/strong><\/p>\n

A. <\/strong>Device Compliance Policies<\/span>
\nB. <\/strong>Organization-Wide Device Access Settings<\/span>
\nC. <\/strong>Device Security Policies<\/span>
\nD. <\/strong>Conditional Access<\/span><\/p>\n

Correct Answer: A<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option B is correct –<\/b> Organization-wide device access settings enable an organization to specify whether it wants to allow or block access to Exchange mail for devices that aren’t supported by Basic Mobility and Security and which security groups should be excluded from access control.<\/span><\/p>\n

Option A is incorrect<\/b> – Device compliance policies are an Intune feature that defines the rules and settings that users and managed devices must meet to be compliant.<\/span><\/p>\n

Option C is incorrect<\/b> – Organizations can use device security policies to protect their devices from unauthorized access.<\/span><\/p>\n

Option D is incorrect<\/b> – Conditional Access policies are enforced after first-factor authentication is completed. Conditional Access isn’t intended to be an organization’s first line of defense<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/fundamentals\/policy-map-between-basic-mobility-security-intune<\/span><\/a><\/p>\n

 <\/p>\n

Domain: Manage, maintain, and protect devices<\/b><\/h4>\n

Question 16: <\/b>Whizlabs want to restrict specific content for the users due to security reasons. However, they are worried about line-of-business applications since many line-of-business applications are written with limited security concerns. How can an organization deploy attack surface reduction rules without affecting the productivity of its users?<\/strong><\/p>\n

A. <\/strong>Enable Notification and alerts<\/span>
\nB. <\/strong>Enable Block mode<\/span>
\nC. <\/strong>Enable Warn mode<\/span>
\nD. <\/strong>Enable Audit mode<\/span><\/p>\n

Correct Answer: D<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option D is correct –<\/b> Organizations should use audit mode to evaluate how attack surface reduction rules would affect them if enabled. They should also run all rules in audit mode first so they can understand how the rules affect their line-of-business applications. Many line-of-business applications are written with limited security concerns. As such, they may perform tasks in ways that seem similar to malware. By monitoring audit data and adding exclusions for necessary applications, organizations can deploy attack surface reduction rules without reducing productivity.<\/span><\/p>\n

Option A is incorrect –<\/b> Whenever an attack surface reduction rule is triggered, a notification and an optional alert are displayed on the device but it doesn’t prevent users from accessing the restricted contents.<\/span><\/p>\n

Option B is incorrect –<\/b> Enabling the block mode directly will result in affecting the line-of-business apps and can affect their day to day tasks of the users.<\/span><\/p>\n

Option C is incorrect – <\/b>With the introduction of warn mode, whenever the content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content, which may lead to exposing the restricted content to the users.<\/span><\/p>\n

Reference: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/implement-endpoint-security-microsoft-intune\/7-implement-attack-surface-reduction-rules<\/span><\/a><\/p>\n

 <\/p>\n

Domain: Manage, maintain, and protect devices<\/b><\/h4>\n

Question 17:<\/b> Which of the following is a cloud protection service and enhances standard real-time protection, providing arguably the best antivirus defense on the cloud?<\/strong><\/p>\n

A. <\/strong>Microsoft Sentinel<\/span>
\nB. <\/strong>Microsoft Defender for Cloud<\/span>
\nC. <\/strong>Microsoft Advanced Protection Service (MAPS)<\/span>
\nD. <\/strong>Microsoft Defender for Identity<\/span><\/p>\n

Correct Answer: C<\/b><\/p>\n

Explanation<\/b><\/p>\n

Option C is correct – <\/b>Microsoft Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhance standard real-time protection, providing arguably the best antivirus defense. Cloud protection is critical to preventing breaches from malware and a critical component of attack surface reduction rules.<\/span><\/p>\n

Option A is incorrect – <\/b>Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.<\/span><\/p>\n

Option B is incorrect – <\/b>\u00a0Defender for Cloud helps you limit exposure to brute force attacks. By reducing access to virtual machine ports, using the just-in-time VM access, you can harden your network by preventing unnecessary access. You can set secure access policies on selected ports, for only authorized users, allowed source IP address ranges or IP addresses, and for a limited amount of time.<\/span><\/p>\n

Option D is incorrect – <\/b>Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.<\/span><\/p>\n

References: <\/b>https:\/\/docs.microsoft.com\/en-us\/learn\/modules\/implement-endpoint-security-microsoft-intune\/7-implement-attack-surface-reduction-rules<\/span><\/a>, https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/overview<\/span><\/a>, https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-cloud\/defender-for-cloud-introduction<\/span><\/a>, https:\/\/docs.microsoft.com\/en-us\/defender-for-identity\/what-is<\/span><\/a><\/p>\n

 <\/p>\n

Domain: Manage, maintain, and protect devices<\/b><\/h4>\n

Question 18<\/b>: What are the factors that Threat and Vulnerability Management prioritize vulnerabilities in Microsoft Defender for Endpoint?<\/strong><\/p>\n

A. <\/strong>The Threat landscape<\/span>
\nB. <\/strong>Non-Sensitive information<\/span>
\nC. <\/strong>Detections in your organization<\/span>
\nD. <\/strong>Business context<\/span><\/p>\n

Correct Answers: A, C and D<\/b><\/p>\n

Explanation<\/b><\/p>\n

Options A, C and D are correct – <\/b>The Threat and Vulnerability Management module serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience. It uses sensors to discover vulnerabilities and misconfigurations in real-time. This discovery is completed without the need for agents or periodic scans. Threat and Vulnerability Management prioritizes vulnerabilities based on:<\/span><\/p>\n