Mock

Cards (571)

  • Verigon Corporation has an Azure Active Directory (Azure AD) tenant named verigon.com that contains the devices shown in the following table: VRG-Device1: Windows 10 VRG-Device2: Windows 11 VRG-Device3: Android 12 (Snow Cone) VRG-Device4: Android 13 (Tiramisu) VRG-Device5: iPadOS 14 VRG-Device6: iOS 16.
  • All devices include an app called VerigonHR and are enrolled in Microsoft Intune.
  • The requirements include preventing users from copying data from VerigonHR and pasting the data into social media apps, requiring a PIN to open VerigonHR, and preventing users from saving data from VerigonHR to a local directory on the device or a drive attached to the device.
  • An app protection policy can require a user to provide a PIN to use an application within a work context and prevent users from saving data from a managed app to the device.
  • Administrators and Backup Operators group members can back up and restore a computer.
  • Sub-Objective: Manage identity.
  • References: Active Directory security groups and Windows 2000 Server: Default User Accounts and Groups.
  • Members of the Administrators group can manage performance alerts.
  • Members of the Administrators group can clear the Security log and any audit logs in Event Viewer.
  • Windows 2000 Server: Default User Accounts and Groups - TechNet Articles - United States (English) - TechNet Wiki.
  • Members of the Performance Log Users group can manage performance alerts and manage performance counters and performance logs locally on the computer and from remote clients.
  • Objective: Manage identity and compliance.
  • Mobile Application Management (MAM) app protection policies protect data with an application and allow you to manage the data.
  • An app protection policy (APP) can be a rule that is enforced when corporate data is moved or accessed by the user.
  • You should have a total of three app protection policies: one for Windows devices, one for iPadOS and iOS devices, and Android devices.
  • An app configuration policy assigns configuration settings for an application assigned to end-users before running the application.
  • Deploy Windows client involves planning and implementing a Windows client deployment by using Windows Autopilot.
  • Overview of Windows Autopilot can be found at Microsoft Learn.
  • Enrollment for hybrid Azure AD-joined devices - Windows Autopilot can be found at Microsoft Learn.
  • Windows Autopilot User-Driven Mode can be found at Microsoft Learn.
  • Configure Autopilot profiles can be found at Microsoft Learn.
  • A compliance policy can set compliance settings such as Device Health, System Security, Device Properties, and Microsoft Defender for Endpoint.
  • The nine templates in MDT are: Sysprep and Capture task sequence, Standard Client task sequence, Standard Client Replace task sequence, Custom task sequence, Standard Server task sequence, Lite Touch OEM task sequence, Post OS Installation task sequence, Deploy to VHD Client task sequence.
  • Leaving the Quality update deferral period (days) setting from 0 in Windows Update will not cause the deferral period to be 0 days, thus not delaying the updates.
  • The Set feature update uninstall period (days) setting in Windows Update determines the time after which feature updates cannot be uninstalled.
  • Task sequences are essential and play a crucial role in the deployment solution.
  • The Windows Update notification level setting in Windows Update controls the level of Windows Update notifications that users see.
  • The Quality update deferral period (days) setting from 0 in Windows Update is for updates that are typically fixes and improvements to existing Windows functionality.
  • The Restart checks setting in Windows Update allows checks such as checking for active users, battery levels, running games, and more.
  • Task sequences are the list of actions that must be executed in a specific order.
  • You should store the custom created template in the default MDT installation directory.
  • MDT has nine default task sequence templates, and you can create your own if desired.
  • The Windows Update notification level setting in Windows Update does not configure when or how updates are downloaded and installed.
  • The MDT task sequence templates are located in the MDT installation directory and determine the default actions present in the task sequence.
  • A task sequence is created to deploy the Windows 10 image.
  • Servicing profiles in Microsoft 365 Apps admin center can be configured to deploy and update Microsoft 365 apps on endpoints.
  • To deploy a Windows 10 computer to a domain using MDT, the Active Directory permissions required are first configured.
  • The NTFS and SMB permissions on the deployment share are configured so that files can be read.
  • A custom image is added to the share by importing the designated Windows 10 OS.
  • Drivers are prepared for the computers using the boot images by creating a driver source structure in the file system.