ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-102 All Questions

View all questions & answers for the MD-102 exam
Go to Exam

Exam MD-102 topic 1 question 239 discussion

Actual exam question from Microsoft's MD-102
Question #: 239
Topic #: 1
[All MD-102 Questions]

You have 500 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune.

You plan to distribute certificates to the computers by using Simple Certificate Enrollment Protocol (SCEP).

You have the servers shown in the following table.



NDES issues certificates from the subordinate CA.

You are configuring a device configuration profile as shown in the exhibit. (Click the Exhibit tab.)



You need to complete the SCEP profile.

On which server is the required root certificate located?

  • A. Server1
  • B. Server2
  • C. Server3
  • D. Server4
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mp34 at Jan. 18, 2024, 1:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Merrybob
Highly Voted 1 year, 2 months ago
Selected Answer: C
Given: NDES issues certificates from the subordinate CA. NDES server role – To support using the Certificate Connector for Microsoft Intune with SCEP, you must configure the Windows Server that hosts the certificate connector with the Network Device Enrollment Service (NDES) server role. In this case the NDES server pulls the certificate from the Subordinate CA and not the Root CA Ref: https://learn.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure#:~:text=NDES%20server%20role%20%E2%80%93%20To%20support%20using%20the%20Certificate%20Connector%20for%20Microsoft%20Intune%20with%20SCEP%2C%20you%20must%20configure%20the%20Windows%20Server%20that%20hosts%20the%20certificate%20connector%20with%20the%20Network%20Device%20Enrollment%20Service%20(NDES)%20server%20role.
upvoted 8 times
Merrybob
1 year, 2 months ago
The NDES allows routers and other network devices to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP) without using domain credentials. SCEP was developed to support the secure, scalable issuance of certificates to network devices by using existing certification authorities (CAs). The protocol supports CA and registration authority public key distribution, enrollment, and certificate revocation queries. Ref: https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/create-domain-user-account-ndes-service-account#:~:text=The%20NDES%20allows,certificate%20revocation%20queries.
upvoted 3 times
Merrybob
1 year, 2 months ago
Subordinate CA <--> NDES <--> Network Device on Windows machines.
upvoted 3 times
...
...
...
mp34
Highly Voted 1 year, 3 months ago
I think answer should be B https://learn.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure To use a SCEP certificate profile, devices must trust your Trusted Root Cert. Authority CA
upvoted 6 times
...
02dc19c
Most Recent 2 days, 13 hours ago
Selected Answer: B
For a SCEP certificate deployment, devices must trust the certification path of the issued certificates. In given setup, certificates are issued by the subordinate CA (Server 3) via NDES (Server 4), but the validity of those certificates is ultimately anchored by the root certificate from the Root CA, which resides on Server 2. To ensure that devices trust the certificates they receive through SCEP, you must deploy the root certificate (typically via a trusted certificate profile in Intune) to all devices. This root certificate establishes the chain of trust needed for certificate-based authentication and secure communications.
upvoted 1 times
...
Alex_UC
5 months ago
Selected Answer: B
The root CA certificate is needed in the SCEP profile even if the certificates are issued from a subordinate
upvoted 4 times
Alex_UC
5 months ago
From Doc: "If you have a multiple level PKI Infastructure, such as a Root Certification Authority and an Issuing Certification Authority, select the top level Trusted Root certificate profile that validates the Issuing Certification Authority."
upvoted 2 times
...
...
pragni4321
1 year, 2 months ago
Selected Answer: B
Should be B
upvoted 4 times
...
Murad01
1 year, 2 months ago
I think the correct answer should be B/Server 2. https://learn.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure
upvoted 5 times
...
NoursBear
1 year, 2 months ago
Server 3 is correct https://www.examtopics.com/discussions/microsoft/view/75018-exam-md-101-topic-3-question-36-discussion/
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago