최신Microsoft Planning for and Managing Devices in the Enterprise - 070-398무료샘플문제
문제1
You have a computer named Computer1 that runs Windows 10 Enterprise. Computer1 is a member of an Active Directory domain named contoso.com.
You have a line-of-business universal app named App1. App1 is developed internally.
You need to ensure that you can run App1 on Computer1. The solution must meet the following requirements:
Minimize costs to deploy the app.
Minimize the attack surface on Computer1.
What should you do?
You have a computer named Computer1 that runs Windows 10 Enterprise. Computer1 is a member of an Active Directory domain named contoso.com.
You have a line-of-business universal app named App1. App1 is developed internally.
You need to ensure that you can run App1 on Computer1. The solution must meet the following requirements:
Minimize costs to deploy the app.
Minimize the attack surface on Computer1.
What should you do?
정답: A
설명: (ExamPassdump 회원만 볼 수 있음)
문제2
HOTSPOT
You need to configure the required security measures for the sales department mobile devices.
What should you do? To answer, select the appropriate action from each list in the answer area. Each correct answer is worth one point.
HOTSPOT
You need to configure the required security measures for the sales department mobile devices.
What should you do? To answer, select the appropriate action from each list in the answer area. Each correct answer is worth one point.
정답:
Explanation:
References:
https://docs.microsoft.com/en-us/intune/deploy-use/ios-policy-settings-in-microsoft-intune
https://docs.microsoft.com/en-us/intune/deploy-use/introduction-to-device-compliance- policies-in-microsoft-intune
문제3
A company plans uses Microsoft Azure to manage directory users. In Azure, you create a virtual network and a DNS record.
You need to set up the connection between the virtual network and your on-premises network.
Which two actions will achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A company plans uses Microsoft Azure to manage directory users. In Azure, you create a virtual network and a DNS record.
You need to set up the connection between the virtual network and your on-premises network.
Which two actions will achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
정답: B,C
설명: (ExamPassdump 회원만 볼 수 있음)
문제4
You manage a network that includes Windows 10 Enterprise computers. All of the computers on the network are members of an Active Directory domain.
The company recently proposed a new security policy that prevents users from synchronizing applications settings, browsing history, favorites, and passwords from the computers with their Microsoft accounts.
You need to enforce these security policy requirements on the computers.
What should you do?
You manage a network that includes Windows 10 Enterprise computers. All of the computers on the network are members of an Active Directory domain.
The company recently proposed a new security policy that prevents users from synchronizing applications settings, browsing history, favorites, and passwords from the computers with their Microsoft accounts.
You need to enforce these security policy requirements on the computers.
What should you do?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제5
A company uses Office 365. The company has an on-premises Active Directory Domain Services (AD DS) domain and Azure Active Directory Connect. The company runs an on- premises installation of System Center Configuration Manager. All devices are joined to the domain. All users have AD DS accounts and use their AD DS credentials to access the Office 365 resources.
You plan to use Cloud App Discovery.
You need to deploy a solution.
Which three will achieve the goal? Each correct answer presents a complete solution.
A company uses Office 365. The company has an on-premises Active Directory Domain Services (AD DS) domain and Azure Active Directory Connect. The company runs an on- premises installation of System Center Configuration Manager. All devices are joined to the domain. All users have AD DS accounts and use their AD DS credentials to access the Office 365 resources.
You plan to use Cloud App Discovery.
You need to deploy a solution.
Which three will achieve the goal? Each correct answer presents a complete solution.
정답: A,C,E
문제6
You use a Windows 8.1 tablet. The tablet receives Windows Update updates automatically from the Internet.
The tablet has Wi-Fi and is connected to a 3G mobile broadband Wi-Fi hot spot.
You need to minimize data usage while connected to this hot spot.
What should you do?
You use a Windows 8.1 tablet. The tablet receives Windows Update updates automatically from the Internet.
The tablet has Wi-Fi and is connected to a 3G mobile broadband Wi-Fi hot spot.
You need to minimize data usage while connected to this hot spot.
What should you do?
정답: D
설명: (ExamPassdump 회원만 볼 수 있음)
문제7
DRAG DROP
You are deploying Windows 10 clients for a small company. The environment does not have access to any network shares, and USB drives are not allowed.
You need to determine which recovery options you can use.
For each scenario, which recovery option should you use? To answer, drag the appropriate recovery tool to the correct scenario. Each recovery tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Each correct answer is worth one point.
DRAG DROP
You are deploying Windows 10 clients for a small company. The environment does not have access to any network shares, and USB drives are not allowed.
You need to determine which recovery options you can use.
For each scenario, which recovery option should you use? To answer, drag the appropriate recovery tool to the correct scenario. Each recovery tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Each correct answer is worth one point.
정답:
문제8
HOTSPOT
A bank deploys Active Directory Rights Management Services (AD RMS). The bank plans to migrate to Azure Rights Management Services (Azure RMS) as an alternative to the on- premises based AD RMS.
The bank must follow regulatory policies that restrict access to certain financial documents.
In the table below, identify which function each platform supports.
NOTE: Make only selection in each column. Each correct selection is worth one point.
HOTSPOT
A bank deploys Active Directory Rights Management Services (AD RMS). The bank plans to migrate to Azure Rights Management Services (Azure RMS) as an alternative to the on- premises based AD RMS.
The bank must follow regulatory policies that restrict access to certain financial documents.
In the table below, identify which function each platform supports.
NOTE: Make only selection in each column. Each correct selection is worth one point.
정답:
Explanation:
References:
https://expertslab.wordpress.com/2015/09/30/comparison-between-ad-rms-azure-rms/
Topic 3, Blue Yonder Airline
Overview
Background
Blue Yonder Airlines provides regional commercial jet services in the continental United States. The company also designs, manufactures, and sells custom parts for jet aircraft.
The custom parts business is growing rapidly. Blue Yonder airlines has developed a new part that will help airlines comply with new safety regulations. The company has a backlog of customers that would like to purchase the part.
The Sales department has 500 users and the Engineering department has 200 users. All employees work eight hour shifts. The Sales and Engineering teams cannot effectively collaborate on projects. This has resulted in missed deadlines for releasing new products to manufacturing.
Mobile device management
Blue Yonder Airlines has a subscription to Microsoft Intune for Mobile Device Management (MDM). The subscription includes the MDM Authority and Terms and Conditions components. The company has deployed the Network Device Enrollment service, Enterprise Certification Authority, and the Intune Certificate Connector. Blue Yonder Airlines has an on-premises Microsoft Exchange environment.
The company will use a combination of Intune and Azure RemoteApp for Mobile Application Management.
Mobile devices for employees
Blue Yonder Airlines plans to deploy mobile devices to the Sales and Engineering department employees for use while they are outside of the company network. The company plans to deploy the latest iOS devices for Sales department users and Windows
10 tablet devices for Engineering department users.
You configure a Sales group for Sales department users and an Engineering group for Engineering department users. In Intune, you configure a computer device group for Windows 10 devices, and a mobile device group for iOS devices. You synchronize the Sales and Engineering groups with Azure Active Directory (AD).
Network resources
You have a network file share that is used by Engineering department users to collaborate on projects. The file share is configured with full control permissions. The company is concerned that users may be disrupted if they are suddenly denied access to the file share.
Applications
Inventory Management App
Blue Yonder Airlines has developed a custom inventory management app. Sales department users must be able to access the app from enrolled mobile devices. The data that the app uses is considered confidential and must be encrypted.
New product Sales App
You procure a third-party app from a vendor to support new product sales. The data that the app uses is highly confidential. You must restrict access to the app and the app's data to only Engineering department users. The app has been signed by using a Blue Airlines certificate. This certificate is not trusted by devices that run Windows 10.
Product Request Program App
The company has developed the Product Request Program app as a 32-bit Windows application. The application allows the company to manage the sales fulfillment process. It is also used to record customer requests for new parts and services. You plan to publish the Product Request Program app in Azure RemoteApp and configure access for users in the Engineering and Sales departments. This app is not compatible with the iOS platform and cannot by published by using Intune. You create a virtual machine in Azure that runs Windows Server 2012 R2. You install the Product Request Program app on the virtual machine.
Business Requirements
You must ensure that the Sales and Engineering teams can share documents and collaborate effectively. Any collaboration solution must be highly available and must be accessible from the internet. You must restrict access to any shared files to prevent access.
You must restrict permissions to the Engineering file share. You must monitor access to the file share.
You must provide users in the Sales and Engineering departments access to the following resources:
*Corporate email
*File Shares hosted in Microsoft SharePoint Online
*The Product Request Program app
Technical Requirements
You have the following technical requirements:
*Allow all Sales department users to enroll iOS devices for device management andenable encrypted notifications to the devices.
*Employees must be able to access company resources without having to manually install certificates or using an out-of-band process.
*Employees must only access corporate resources from devices that comply withthe company's security policies.
Mobile device protection policies
*All devices must include a trusted build and must comply with Blue Yonder Airlines password complexity rules.
*You must clear all corporate data from a mobile device when the number of repeated log on failures is more than 10.
*All devices must be protected from data loss in the event that a device is lost or damaged.
*Data that is considered confidential must be encrypted on devices.
Additional technical requirements for Engineering department users and devices
*Users must not be challenged for credentials after they initially enroll a device in Intune.
*Users must be able to access corporate email on enrolled Windows 10 devices.
*Devices must be automatically updated when an update is available. You must configure the Intune agent to prompt for restart no more than one time during normal business hours.
System restarts to complete update installations must occur outside of normal business hours.
Problem Statements
Sales and Engineering teams
Sales and Engineering department users report that it is difficult to share documents and collaborate on new projects. Blue Yonder Airlines has an urgent need to improve collaboration between the Sales department and Engineering department. Any collaboration solution must be highly available and accessible from the Internet.
Engineering department users report that Intune prompts them to restart their Windows 10 devices every 30 minutes when an update is available for installation. The prompts are disruptive to users.
Security issues
The Blue Yonder Airlines Security team has detected a vulnerability in Windows 10 devices. Microsoft has released a patch to address the vulnerability. The Security department has issued a service announcement. They request that you deploy the patch to all Windows 10 devices managed by Microsoft Intune.