Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-102 All Questions

View all questions & answers for the MD-102 exam
Go to Exam

Exam MD-102 topic 1 question 4 discussion

Actual exam question from Microsoft's MD-102
Question #: 4
Topic #: 1
[All MD-102 Questions]

Case study -

Overview -
ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
ADatum has a Microsoft 365 E5 subscription.

Environment -

Network Environment -
The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.

ADatum has a hybrid Azure AD tenant named adatum.com.

Users and Groups -
The adatum.com tenant contains the users shown in the following table.

All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.
Enterprise State Roaming is enabled for Group1 and GroupA.
Group1 and Group2 have a Membership type of Assigned.

Devices -
ADatum has the Windows 10 devices shown in the following table.

The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.
The Windows 10 devices are configured as shown in the following table.

All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.

Microsoft Intune Configuration -
Microsoft Intune has the compliance policies shown in the following table.


The Automatic Enrollment settings have the following configurations:

MDM user scope: GroupA -

MAM user scope: GroupB -
You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

Name: Protection1 -

Folder protection: Enable -
List of apps that have access to protected folders: C:\*\AppA.exe
List of additional folders that need to be protected: D:\Folder1
Assignments:

Included groups: Group2, GroupB -

Windows Autopilot Configuration -
ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.

Currently, there are no devices deployed by using Windows Autopilot.
The Intune connector for Active Directory is installed on Server1.

Requirements -

Planned Changes -
ADatum plans to implement the following changes:
Purchase a new Windows 10 device named Device6 and enroll the device in Intune
New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
Deployed a network boundary configuration profile that will have the following settings:

Name: Boundary1 -
Network boundary: 192.168.1.0/24

Scope tags: Tag1 -
Assignments:

Included groups: Group1, Group2 -
Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:

Name: Connection1 -

Connection name: VPN1 -

Connection type: L2TP -
Assignments:
Included groups: Group1, Group2, GroupA
Excluded groups: --

Name: Connection2 -

Connection name: VPN2 -

Connection type: IKEv2 -
Assignments:

Included groups: GroupA -

Excluded groups: GroupB -

Technical Requirements -
ADatum must meet the following technical requirements:
Users in GroupA must be able to deploy new computers.
Administrative effort must be minimized.
You implement Boundary1 based on the planned changes.
Which devices have a network boundary of 192.168.1.0/24 applied?

  • A. Device2 only
  • B. Device3 only
  • C. Device1, Device2, and Device5 only
  • D. Device1, Device2, Device3, and Device4 only
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by deinth at Aug. 14, 2023, 11:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
letters1234
Highly Voted 1 year, 3 months ago
Selected Answer: D
Both Personal and Corporate devices can be enrolled to Intune, the network boundary can be assigned to enrolled Windows 10/11 devices. https://learn.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows The Boundary is assigned to Group 1 & 2, Devices 1,2,3 and 4 have membership to these groups. Device 5 is not part of the membership for Group 1 & 2 so doesnt receive the policy.
upvoted 40 times
iTomi
11 months, 2 weeks ago
When you creating boundary profile there are NO settings for scope tags. So, tags are irrelevant in this question.
upvoted 5 times
...
...
deinth
Highly Voted 1 year, 3 months ago
Selected Answer: D
I think it should be D. As the boundary group is asigned to Group 1 and 2
upvoted 7 times
Joe9011
1 year, 3 months ago
I read it the same
upvoted 1 times
...
volto
1 year, 3 months ago
Not only group membership defines assignment, but also scope tags. Device 3 belongs to Group 1 and has the correct scope tag. The correct answer is B
upvoted 9 times
letters1234
1 year, 3 months ago
Scope tags are: "You can use role-based access control and scope tags to make sure that the right admins have the right access and visibility to the right Intune objects." https://learn.microsoft.com/en-us/mem/intune/fundamentals/scope-tags It isn't used for deployment/assignment to users or devices. Only administration.
upvoted 12 times
TC1Labs
11 months, 3 weeks ago
When you are creating a Tag, this message explain: "Scope tags define groups of Intune resources that align with specific Intune Role assignments. For example, a "Seattle Office" scope tag could be used to associate policies, profiles or applications with administrators that only apply to the Seattle office locations" I doubt between B or D.
upvoted 2 times
...
...
...
...
JayHall
Most Recent 3 days, 17 hours ago
You can assign scope tags to an Intune object type if the tenant can have multiple versions of that object (such as role assignments or apps). The following Intune objects are exceptions to this rule and don't currently support scope tags: Corp Device Identifiers Autopilot Devices Device compliance locations Jamf devices Autopilot device deployment do not support the use of scope tags. So D is the only correct answer in this case: :Device1, Device2, Device3, and Device4 only. See ref: https://learn.microsoft.com/en-us/mem/intune/fundamentals/scope-tags
upvoted 1 times
...
AleFCI1908
3 weeks, 4 days ago
Selected Answer: B
B: because tag scope and assignment: only device 3
upvoted 2 times
...
Zachypoo
4 months, 2 weeks ago
https://learn.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows Point 9. "In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as US-NC IT Team or JohnGlenn_ITDepartment." Indicates given answer B is correct, tags can be used to filter to specific groups of users.
upvoted 1 times
...
c813ce5
5 months, 2 weeks ago
Device 3 because of the scope tag
upvoted 3 times
...
AnoG
7 months, 3 weeks ago
Answer is B because of the scope tag,, Device 3 only
upvoted 1 times
2c57d1c
5 months, 2 weeks ago
No, you are wrong.
upvoted 1 times
...
...
AnoG
7 months, 3 weeks ago
Answer is A because of the scope tag..
upvoted 1 times
...
SanuRockz
9 months ago
Answer is correct as per examlab
upvoted 1 times
...
BigStan82
9 months ago
Answer B: Device 3 Only. It is the only device within the group range and scope range. Tags are used for filtering and scoping.
upvoted 3 times
...
MR_Eliot
9 months, 1 week ago
Selected Answer: D
I have not tested this to confirm but D seems logical answer. Group tags has nothing to do with assignments, they are just to identify things. nothing more.
upvoted 2 times
MR_Eliot
8 months, 2 weeks ago
I stay with D: Policy is applies to all enrolled devices in Intune. You can enroll a device via Company Portal, Autopilot or Hybrid Join. https://learn.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows
upvoted 1 times
...
...
onepunchkenshin
10 months, 2 weeks ago
if the answer is incorrect, why doesn't site administrator update it?
upvoted 5 times
...
Tonsku
11 months, 1 week ago
Selected Answer: D
D Boundary1 has the following assignments: Included groups: Group1, Group2 Device1 (Group1) Device2 (Group1, Group2) Device3 (Group2) Device4 (Group2)
upvoted 3 times
...
GeekGizmo
11 months, 2 weeks ago
I chose A. Personal devices can’t be azure-ad joined so that would rule out device 3&4. Device 5 is in group 3, so that rules out that one.
upvoted 1 times
OyYaGotta
8 months, 3 weeks ago
Personal devices can be joined, does Azure know it's your computer? No, all it sees is User Groups, devices and policies.
upvoted 1 times
...
...
ThePrutser
12 months ago
Selected Answer: D
Scope tags are used for delegation of control and has nothing to do with device filtering for configuration profiles. Device 1, 2, 3, 4 are all part of either group 1, 2 or both and Device 5 is not. So it only applies to devices 1 through 4.
upvoted 4 times
...
Tati_Oliveira
12 months ago
Network Boundary is applied to Groups 1 and 2 and Tag 1. The only device that is member of Group 1 and 2 and has Scope Tag 1 is "Device 3" letter B.
upvoted 1 times
...
madsa
1 year ago
Definitely D.
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel