ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-102 All Questions

View all questions & answers for the MD-102 exam
Go to Exam

Exam MD-102 topic 1 question 105 discussion

Actual exam question from Microsoft's MD-102
Question #: 105
Topic #: 1
[All MD-102 Questions]

HOTSPOT
-

You have a Microsoft Intune subscription that has the following device compliance policy settings:
• Mark devices with no compliance policy assigned as: Compliant
• Compliance status validity period (days): 14

On January1, you enroll Windows 10 devices in Intune as shown in the following table.



On January 4, you create the following two device compliance policies:

• Name: Policy1
• Platform: Windows 10 and later
• Require BitLocker: Require
• Mark device noncompliant: 5 days after noncompliance
• Scope (Tags): Tag1

• Name: Policy2
• Platform: Windows 10 and later
• Firewall: Require
• Mark device noncompliant: Immediately
• Scope (Tags): Tag2

On January 5, you assign Policy1 and Policy2 to Group1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Grg433 at Sept. 12, 2023, 6:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HawkieEyes
Highly Voted 1 year, 5 months ago
N - no firewall, policy 2 marks it non compliant immediately N - see above Y - will be set to not compliant on the 10th
upvoted 21 times
...
mhmyz
Highly Voted 1 year, 1 month ago
I think YYY Y - Device1=Tag1 Policy1 only apply Y - Device1=Tag1 Policy1 only apply Y - Device2=Tag2 Policy2 only apply Scope Tag: https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy
upvoted 7 times
jzmirus2
2 months, 1 week ago
Policy Assignment for Device1: Policy1 applies (because it is assigned to Group1 and has Scope Tag1). Policy2 does NOT apply (Device1 does not have Scope Tag2). Policy1 requires BitLocker enabled → Device1 meets this requirement ✅. Policy1 does not enforce firewall settings (so, the firewall being off does not make it noncompliant). Policy1 marks a device noncompliant after 5 days of noncompliance, but Device1 is already compliant. ➡️ Device1 remains compliant throughout. On January 7, Device1 is marked as compliant? ✅ Yes On January 8, Device1 is marked as compliant? ✅ Yes
upvoted 3 times
jzmirus2
2 months, 1 week ago
Device2: BitLocker is disabled ❌ (Fails Policy1 requirement) Firewall is on ✅ (Meets Policy2 requirement) Scope Tag: Tag2 (Matches Policy2, but not Policy1) Group Membership: Group2 Policy Assignment for Device2: Policy1 does NOT apply (not in Group1 or Scope Tag1). Policy2 does NOT apply (only assigned to Group1, but Device2 is in Group2). Since no compliance policy is assigned to Device2, and the setting "Mark devices with no compliance policy assigned as: Compliant" is enabled, Device2 is automatically considered compliant. ➡️ On January 9, Device2 is marked as compliant? ✅ Yes
upvoted 2 times
...
...
2c57d1c
10 months, 3 weeks ago
Assignment of Groups is how these are assigned...Scope tags mean nothing in this case.
upvoted 2 times
...
Irism
11 months, 3 weeks ago
On January 5, you assign Policy1 and Policy2 to Group1
upvoted 1 times
...
...
02dc19c
Most Recent 4 weeks, 1 day ago
the answers are YYY: Scope tags act as a filter, ensuring that only devices with the designated tags are impacted by the policy. This provides a way to refine and control the assignment of policies within broader groups. This means that Device 1 is only subject to the first policy and is compliant immediately regardless of grace period, and Device 2 is only subject to the 2nd policy and again, is compliant immediately. Hence, YYY
upvoted 1 times
...
batang_aratan
2 months ago
Answers are correct No - because the firewall rule applies immediately No - for the same reason, firewall rule Yes - because although BitLocker is disabled on Device 2, Policy1 hasn't kicked in yet. On January 10, Device 2 will be non-compliant.
upvoted 1 times
...
JayHall
2 months, 1 week ago
1 N) - Device 1 is NOT compliant on Jan 7th because the firewall is off and immediately becomes non-compliant. 2 N) - Device 1 is NOT compliant on Jan 8th because the firewall is still off. 3 Y) - Although firewall is off, Device 2 IS compliant on Jan 8th but it will go into non-compliant statis on Jan 10th (due to firewall being off, 5 days after non-compliance)
upvoted 2 times
...
AleFCI1908
5 months, 3 weeks ago
N no firewall, policy2 marks it non compl immediately N no firewall, policy2 marks it non compl immediately Y will be not compliant on the Jan 10th
upvoted 1 times
...
Faceless_Void
9 months ago
January 1, devices onboarded with 14 days. Modified to 5 days. Device1 Tag1 Jan7 - NO - 5days validity from onboarding. Device1 Tag1 Jan8 - NO - 5days validity from onboarding. Device 2 TAG2 Jan8 - YES - Requirements MET - Firewall Enabled.
upvoted 2 times
...
ergacharsk
9 months, 1 week ago
According to the Chat GPT correct answer is Y,Y,Y
upvoted 1 times
...
oopspruu
9 months, 1 week ago
Scope Tags are just to throw you off and confuse you. They have no purpose when it comes to assignment. Given answers are correct.
upvoted 4 times
...
MR_Eliot
1 year, 1 month ago
NNY for sure.
upvoted 4 times
...
Darkfire
1 year, 2 months ago
I think NNN Because both policies will mark devices as non-compliant. Eventhough some variables pass the criteria.
upvoted 2 times
...
Manojkl1206
1 year, 4 months ago
ITs NNN Because: as both policy are applied Policy2 says move the device immediately to Non compliant it will not wait for 5 days hence the 3rd answer should be N
upvoted 2 times
AdamRachel
1 year, 3 months ago
Device is compliant for policy 2 but is not compliant for policy 1 where device will be mark non-compliant after 5 days which is 9 Jan.
upvoted 2 times
Krayzr
1 year, 2 months ago
But it will not be marked "compliant", it will have "evaluating" or something like that till 10th.
upvoted 2 times
...
...
...
ZaFletch
1 year, 5 months ago
Scope tags are irrelevant to policy deployment. So both policies apply to both machines on 4th. Policy 2 marks non-compliance immediately so device 1 is marked non-compliant immediately as it fails the criteria. Device 2 passes but it will fail on Policy 2. However it's not marked non-compliant until the 9th. So on the 8th it will remain compliant. NNY
upvoted 5 times
Tr1v
1 year, 5 months ago
Correct, but it says "On January 5, you assign Policy1 and Policy2 to Group1."
upvoted 1 times
...
...
RabbitB
1 year, 6 months ago
Isn't the answer NNN?? Both devices are assigned a compliance policy, which means they don't mark them as "compliant". Regardless of the day and devices, all are not marked as "compliant". Am I wrong?
upvoted 2 times
fiskaba
1 year, 4 months ago
Remember, the policies are assigned on Jan 5th. For this scenario, the device compliance policy settings are irrelevant because all devices have a policy assigned: 1 N) - Device 1 is NOT compliant on Jan 7th because the firewall is off and immediately becomes non-compliant. 2 N) - Device 1 is NOT compliant on Jan 8th because the firewall is still off. 3 Y) - Device 2 IS compliant on Jan 8th because the firewall is on, AND Policy1 does not go non-compliant until Jan 10th (5 days after non-compliance).
upvoted 3 times
...
RabbitB
1 year, 6 months ago
Mistake, YYY
upvoted 1 times
ubiquituz
1 year, 3 months ago
Who you?
upvoted 1 times
...
...
...
iamforksu
1 year, 6 months ago
NNY for the win
upvoted 1 times
...
reapernam
1 year, 6 months ago
On Second thought, its N N Y. Like ExamKiller020 says, the Scope Tags have no relevance in Policy or Group assignments. So both Policies are being applied.
upvoted 4 times
...
reapernam
1 year, 6 months ago
The answer could be YYY. Devices are already compliant before having the policies assigned to them. So when the newly added compliancy policies take effect, the devices are still compliant. 1. Yes- Device is still within its 14 day validity of initial compliance, and with 5-day rule, will only be labeled as non-compliant after 5 days, meaning its still compliant. 2. Same as above. 3. Yes, Look at cserra answer
upvoted 5 times
iTomi
1 year, 4 months ago
If policies are enforced and devicies report status of all reveived compliance policies to Intune, then this setting are meaningless. I think... "Specify the time period in which devices must report the status for all received compliance policies. Devices that do not return status within this time period are treated as noncompliant. The default value is 30 days."
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago