Exam MD-102 All QuestionsBrowse all questions from this exam
Go to Exam
Question 105

HOTSPOT

-

You have a Microsoft Intune subscription that has the following device compliance policy settings:

• Mark devices with no compliance policy assigned as: Compliant

• Compliance status validity period (days): 14

On January1, you enroll Windows 10 devices in Intune as shown in the following table.

On January 4, you create the following two device compliance policies:

• Name: Policy1

• Platform: Windows 10 and later

• Require BitLocker: Require

• Mark device noncompliant: 5 days after noncompliance

• Scope (Tags): Tag1

• Name: Policy2

• Platform: Windows 10 and later

• Firewall: Require

• Mark device noncompliant: Immediately

• Scope (Tags): Tag2

On January 5, you assign Policy1 and Policy2 to Group1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
HawkieEyes

N - no firewall, policy 2 marks it non compliant immediately N - see above Y - will be set to not compliant on the 10th

mhmyz

I think YYY Y - Device1=Tag1 Policy1 only apply Y - Device1=Tag1 Policy1 only apply Y - Device2=Tag2 Policy2 only apply Scope Tag: https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy

Irism

On January 5, you assign Policy1 and Policy2 to Group1

2c57d1c

Assignment of Groups is how these are assigned...Scope tags mean nothing in this case.

ZaFletch

Scope tags are irrelevant to policy deployment. So both policies apply to both machines on 4th. Policy 2 marks non-compliance immediately so device 1 is marked non-compliant immediately as it fails the criteria. Device 2 passes but it will fail on Policy 2. However it's not marked non-compliant until the 9th. So on the 8th it will remain compliant. NNY

Tr1v

Correct, but it says "On January 5, you assign Policy1 and Policy2 to Group1."

reapernam

On Second thought, its N N Y. Like ExamKiller020 says, the Scope Tags have no relevance in Policy or Group assignments. So both Policies are being applied.

reapernam

The answer could be YYY. Devices are already compliant before having the policies assigned to them. So when the newly added compliancy policies take effect, the devices are still compliant. 1. Yes- Device is still within its 14 day validity of initial compliance, and with 5-day rule, will only be labeled as non-compliant after 5 days, meaning its still compliant. 2. Same as above. 3. Yes, Look at cserra answer

iTomi

If policies are enforced and devicies report status of all reveived compliance policies to Intune, then this setting are meaningless. I think... "Specify the time period in which devices must report the status for all received compliance policies. Devices that do not return status within this time period are treated as noncompliant. The default value is 30 days."

MR_Eliot

NNY for sure.

RabbitB

Isn't the answer NNN?? Both devices are assigned a compliance policy, which means they don't mark them as "compliant". Regardless of the day and devices, all are not marked as "compliant". Am I wrong?

RabbitB

Mistake, YYY

ubiquituz

Who you?

fiskaba

Remember, the policies are assigned on Jan 5th. For this scenario, the device compliance policy settings are irrelevant because all devices have a policy assigned: 1 N) - Device 1 is NOT compliant on Jan 7th because the firewall is off and immediately becomes non-compliant. 2 N) - Device 1 is NOT compliant on Jan 8th because the firewall is still off. 3 Y) - Device 2 IS compliant on Jan 8th because the firewall is on, AND Policy1 does not go non-compliant until Jan 10th (5 days after non-compliance).

ExamKiller020

Just remember: Scope (Tags) are used to determine which objects admins can see. N,N,Y

cserra

I think the answer is YYY Initialy, all devices are compliant. 1) On jan 7, Policy1 don't mark yet as not compliant because need pass 5 days to apply the "noncompliant". Policy2 dont apply because Device1 is out of his scope (Tag2). Then, is it compliant? YES 2) On jan 8, the case is the same than before. Then YES 3) To Device2, only the Policy2 is applicable (Tag2). The device has the firewall activated. Then, is it compliant? YES

BJS78

Tag is for RBAC. No relevance in configuration implementation.

Grg433

can someone please explaing why N,N,Y ?

Fortind1974

Policy1 & Policy2 are both assigned to Group1. Scope (Tags) are used to determine which objects admins can see. 1: Policy2 marks the device noncompliant immediately 2: Policy2 still marks the device noncompliant immediately 3: Policy1 marks device noncompliant after 5 days

ergacharsk

According to the Chat GPT correct answer is Y,Y,Y

Darkfire

I think NNN Because both policies will mark devices as non-compliant. Eventhough some variables pass the criteria.

Manojkl1206

ITs NNN Because: as both policy are applied Policy2 says move the device immediately to Non compliant it will not wait for 5 days hence the 3rd answer should be N

AdamRachel

Device is compliant for policy 2 but is not compliant for policy 1 where device will be mark non-compliant after 5 days which is 9 Jan.

Krayzr

But it will not be marked "compliant", it will have "evaluating" or something like that till 10th.

iamforksu

NNY for the win