MD-102 Exam QuestionsBrowse all questions from this exam

MD-102 Exam - Question 105


HOTSPOT

-

You have a Microsoft Intune subscription that has the following device compliance policy settings:

• Mark devices with no compliance policy assigned as: Compliant

• Compliance status validity period (days): 14

On January1, you enroll Windows 10 devices in Intune as shown in the following table.

On January 4, you create the following two device compliance policies:

• Name: Policy1

• Platform: Windows 10 and later

• Require BitLocker: Require

• Mark device noncompliant: 5 days after noncompliance

• Scope (Tags): Tag1

• Name: Policy2

• Platform: Windows 10 and later

• Firewall: Require

• Mark device noncompliant: Immediately

• Scope (Tags): Tag2

On January 5, you assign Policy1 and Policy2 to Group1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer:

Discussion

14 comments
Sign in to comment
HawkieEyes
Nov 20, 2023

N - no firewall, policy 2 marks it non compliant immediately N - see above Y - will be set to not compliant on the 10th

reapernam
Oct 4, 2023

The answer could be YYY. Devices are already compliant before having the policies assigned to them. So when the newly added compliancy policies take effect, the devices are still compliant. 1. Yes- Device is still within its 14 day validity of initial compliance, and with 5-day rule, will only be labeled as non-compliant after 5 days, meaning its still compliant. 2. Same as above. 3. Yes, Look at cserra answer

iTomi
Dec 11, 2023

If policies are enforced and devicies report status of all reveived compliance policies to Intune, then this setting are meaningless. I think... "Specify the time period in which devices must report the status for all received compliance policies. Devices that do not return status within this time period are treated as noncompliant. The default value is 30 days."

reapernam
Oct 7, 2023

On Second thought, its N N Y. Like ExamKiller020 says, the Scope Tags have no relevance in Policy or Group assignments. So both Policies are being applied.

ZaFletch
Oct 31, 2023

Scope tags are irrelevant to policy deployment. So both policies apply to both machines on 4th. Policy 2 marks non-compliance immediately so device 1 is marked non-compliant immediately as it fails the criteria. Device 2 passes but it will fail on Policy 2. However it's not marked non-compliant until the 9th. So on the 8th it will remain compliant. NNY

Tr1v
Nov 14, 2023

Correct, but it says "On January 5, you assign Policy1 and Policy2 to Group1."

mhmyz
Mar 3, 2024

I think YYY Y - Device1=Tag1 Policy1 only apply Y - Device1=Tag1 Policy1 only apply Y - Device2=Tag2 Policy2 only apply Scope Tag: https://learn.microsoft.com/en-us/mem/intune/protect/create-compliance-policy

Irism
May 7, 2024

On January 5, you assign Policy1 and Policy2 to Group1

2c57d1c
Jun 9, 2024

Assignment of Groups is how these are assigned...Scope tags mean nothing in this case.

MR_Eliot
Mar 1, 2024

NNY for sure.

Grg433
Sep 12, 2023

can someone please explaing why N,N,Y ?

Fortind1974
Sep 13, 2023

Policy1 & Policy2 are both assigned to Group1. Scope (Tags) are used to determine which objects admins can see. 1: Policy2 marks the device noncompliant immediately 2: Policy2 still marks the device noncompliant immediately 3: Policy1 marks device noncompliant after 5 days

cserra
Sep 23, 2023

I think the answer is YYY Initialy, all devices are compliant. 1) On jan 7, Policy1 don't mark yet as not compliant because need pass 5 days to apply the "noncompliant". Policy2 dont apply because Device1 is out of his scope (Tag2). Then, is it compliant? YES 2) On jan 8, the case is the same than before. Then YES 3) To Device2, only the Policy2 is applicable (Tag2). The device has the firewall activated. Then, is it compliant? YES

BJS78
Sep 25, 2023

Tag is for RBAC. No relevance in configuration implementation.

ExamKiller020
Sep 25, 2023

Just remember: Scope (Tags) are used to determine which objects admins can see. N,N,Y

RabbitB
Oct 19, 2023

Isn't the answer NNN?? Both devices are assigned a compliance policy, which means they don't mark them as "compliant". Regardless of the day and devices, all are not marked as "compliant". Am I wrong?

RabbitB
Oct 22, 2023

Mistake, YYY

ubiquituz
Jan 2, 2024

Who you?

fiskaba
Dec 13, 2023

Remember, the policies are assigned on Jan 5th. For this scenario, the device compliance policy settings are irrelevant because all devices have a policy assigned: 1 N) - Device 1 is NOT compliant on Jan 7th because the firewall is off and immediately becomes non-compliant. 2 N) - Device 1 is NOT compliant on Jan 8th because the firewall is still off. 3 Y) - Device 2 IS compliant on Jan 8th because the firewall is on, AND Policy1 does not go non-compliant until Jan 10th (5 days after non-compliance).

iamforksu
Oct 18, 2023

NNY for the win

Manojkl1206
Dec 23, 2023

ITs NNN Because: as both policy are applied Policy2 says move the device immediately to Non compliant it will not wait for 5 days hence the 3rd answer should be N

AdamRachel
Jan 13, 2024

Device is compliant for policy 2 but is not compliant for policy 1 where device will be mark non-compliant after 5 days which is 9 Jan.

Krayzr
Feb 11, 2024

But it will not be marked "compliant", it will have "evaluating" or something like that till 10th.

Darkfire
Feb 19, 2024

I think NNN Because both policies will mark devices as non-compliant. Eventhough some variables pass the criteria.

ergacharsk
Jul 22, 2024

According to the Chat GPT correct answer is Y,Y,Y