Microsoft Azure

Endpoint Administrator

MD-102

Demonstrate your skills as an Endpoint Administrator with the MD-102 exam.

150 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 121–130 of 150

Q121

Which service allows you to manage device policies in Azure?

  • A Microsoft Intune
  • B Azure Backup
  • C Azure Monitor
  • D Azure Active Directory
Explanation Microsoft Intune is directly designed for managing device policies, while the others are for different purposes.
Q122

A company needs to enforce MFA for all admin accounts. Which Azure feature should they implement?

  • A Conditional Access
  • B Azure Security Center
  • C Log Analytics
  • D Azure Information Protection
Explanation Conditional Access policies enable enforcement of MFA, whereas the others serve different security functions.
Q123

What happens when a user is removed from a Dynamic Group in Azure AD?

  • A User remains in group
  • B User is deleted from Azure AD
  • C User loses access to resources
  • D User is manually notified
Explanation Removing a user will revoke their access to resources tied to that group, while the others are incorrect consequences.
Q124

Which service provides a secure way to manage application secrets in Azure?

  • A Azure Key Vault
  • B Azure Storage
  • C Azure Functions
  • D Azure Traffic Manager
Explanation Azure Key Vault securely stores and manages keys, secrets, and certificates; other options serve different purposes.
Q125

A company needs to configure a baseline policy for device compliance in Intune; which compliance policy should they leverage?

  • A Device Configuration Policy
  • B Device Compliance Policy
  • C App Protection Policy
  • D Endpoint Protection Policy
Explanation Device Compliance Policies specifically enforce compliance conditions, while others focus on different areas.
Q126

What happens when you assign a user a role in Azure AD?

  • A They gain elevated permissions immediately
  • B They can log in without MFA
  • C They receive an email confirmation
  • D Access to resources based on role
Explanation Assigning a role grants permissions to resources based on that role; other options misrepresent results of role assignment.
Q127

A company needs to deploy a Windows application across multiple devices. Which tool should they use for automation?

  • A Microsoft Endpoint Manager
  • B Azure Blob Storage
  • C Azure Resource Manager
  • D Azure Virtual Machines
Explanation Microsoft Endpoint Manager facilitates application deployment across devices, while the other options serve different purposes.
Q128

What happens when a user device fails to meet compliance policies in Azure AD?

  • A Device is retained with monitoring
  • B Device is auto-enrolled into remediation
  • C Access to company resources is blocked
  • D Device will be wiped remotely
Explanation Access will be blocked until compliance is achieved, while the other options do not align with Azure AD policy enforcement.
Q129

You are configuring a virtual machine in Azure. What is the default network security group rule for outbound traffic?

  • A Deny all outbound traffic
  • B Allow all outbound traffic
  • C Allow only HTTP traffic
  • D Allow only ICMP traffic
Explanation By default, outbound traffic is allowed, while the other options incorrectly represent Azure's security rules.
Q130

A company needs to restrict access to resources based on user location. Which Azure service should they use?

  • A Conditional Access
  • B Azure Sentinel
  • C Azure Firewall
  • D Azure Blob Storage
Explanation Conditional Access allows access restrictions based on user conditions, making it ideal for geo-restrictions; the other services do not provide this functionality.