CCNA Md102 Manage Applications Questions

33 of 183 questions · Page 3/3 · Md102 Manage Applications topic · Answers revealed

151
Multi-Selectmedium

Which TWO of the following are prerequisites for deploying a Win32 app via Microsoft Intune?

Select 2 answers
A.The app must be packaged using the Microsoft Win32 Content Prep Tool.
B.The device must be running Windows 10 version 1803 or later.
C.The device must have the Intune Management Extension installed.
D.The device must be Azure AD joined.
E.The device must have the Company Portal app installed.
AnswersA, C

Tool creates .intunewin file.

Why this answer

Win32 app requires the Intune Management Extension and the app must be packaged in .intunewin format. Option C is incorrect because Company Portal is optional. Option D is incorrect because Windows 10 version 1607+ is required.

Option E is incorrect because Azure AD join is not required.

152
Multi-Selecteasy

Your organization uses Microsoft Intune to manage Android Enterprise devices. You need to deploy a managed Google Play app to work profile devices. Which TWO configurations are required?

Select 2 answers
A.The user must have a Google account
B.The device must be personally owned
C.The device must be enrolled using Android Enterprise work profile
D.The app must be approved in the managed Google Play store
E.The app must be configured as a kiosk app
AnswersC, D

Required for managed Google Play apps.

Why this answer

Options A and C are correct. The device must be enrolled in Android Enterprise work profile. The app must be approved in the managed Google Play store.

Option B is wrong because the device does not need to be personally owned; it can be corporate-owned with work profile. Option D is wrong because a Google account is not required for managed Play store. Option E is wrong because the app does not need to be in a kiosk mode.

153
Multi-Selecthard

Which THREE are valid methods to deploy an app as available for users in Microsoft Intune?

Select 3 answers
A.Assign the app to a device group with the 'Available' setting
B.Add the app to the Company Portal as a featured app without assignment
C.Assign the app to a user group with the 'Required' setting
D.Assign the app to a user group with the 'Available' setting
E.Assign the app to a user group with the 'Available for enrolled devices' setting
AnswersC, D, E

Required installs are still available in Company Portal.

Why this answer

Available deployments can be done via Company Portal, as a required install for users, or as available for enrolled devices. Options A, B, and D are correct.

154
MCQhard

You run the PowerShell command to check the assignment of a Microsoft Store app in Intune. The output shows 'intent: required' and 'target: allDevicesAssignmentTarget'. Which statement is true about this app?

A.The app is assigned to a specific device group named 'All Devices'.
B.The app will install automatically on all enrolled devices.
C.The app is only assigned to devices that have the Intune Management Extension.
D.The app is available for users to install from Company Portal.
AnswerB

Required assignment to all devices triggers automatic installation.

Why this answer

Option C is correct because 'allDevicesAssignmentTarget' means the app is assigned to all devices, not all users. Option A is wrong because it is assigned to all devices, not a specific group. Option B is wrong because it is required, not available.

Option D is wrong because it is assigned to all devices, not just enrolled ones.

155
MCQhard

Your organization uses Microsoft Intune to manage macOS devices. You need to deploy a custom .pkg app that requires a kernel extension. The app is signed with a Developer ID certificate. The devices are enrolled in Intune and are supervised. You have uploaded the .pkg to Intune and assigned it to a user group. The installation fails on devices with the error 'The app could not be installed because the kernel extension is not approved'. You have already configured a kernel extension profile that allows the specific team identifier. What else is likely missing?

A.System Integrity Protection (SIP) is enabled on the devices.
B.FileVault is enabled on the devices.
C.The kernel extension profile does not include the 'Allow user to approve kernel extensions' setting.
D.The app is not notarized by Apple.
AnswerC

On supervised devices, this setting allows silent approval; otherwise user must approve.

Why this answer

Option B is correct because on macOS, even if the kernel extension is allowed via profile, the user must approve it in Security & Privacy settings after installation unless the device is supervised and the profile includes a user-approved configuration. Option A is wrong because the app is already signed. Option C is wrong because SIP is not blocking; the issue is user approval.

Option D is wrong because FileVault is unrelated.

156
MCQmedium

You are deploying a managed Google Play app to Android Enterprise fully managed devices. The app is not appearing in the work profile. What is the most likely reason?

A.The app is not approved in Managed Google Play
B.The work profile is not enabled
C.The device is not enrolled in Intune
D.The device is not associated with a Google account
AnswerA

Apps must be approved before deployment.

Why this answer

Option B is correct because the app must be approved in Managed Google Play to be available. Option A is wrong because it's not about personal accounts. Option C is wrong because work profile is separate.

Option D is wrong because this does not block the app.

157
Multi-Selecteasy

Which TWO of the following are benefits of using Microsoft Intune to manage applications on mobile devices?

Select 2 answers
A.Ability to deploy apps to devices without requiring sideloading.
B.Enforcement of device compliance before app installation.
C.Support for user-based licensing only.
D.Selective wipe of corporate data from apps when a user leaves.
E.Automatic backup of app data to the cloud.
AnswersA, D

Apps are installed via MDM channel.

Why this answer

Intune allows deploying apps without sideloading and can selectively wipe corporate data. Option C is incorrect because Intune does not provide local backup. Option D is incorrect because Intune manages app installation, not just compliance.

Option E is incorrect because device-based licensing is not a primary benefit.

158
MCQhard

You deploy a Win32 app via Intune to Windows 10 devices. The app installs successfully on some devices but fails on others with no error in the Intune console. The app logs show 'Access Denied' during installation. What should you check first?

A.The device is not Microsoft Entra ID joined
B.The device has insufficient disk space
C.The app is not signed
D.The installation context (user vs system) in the app deployment
AnswerD

The app may require system privileges but is set to user context.

Why this answer

If the app is configured to install in user context but requires admin privileges, it will fail. Changing to system context resolves this. Option A is correct.

159
MCQmedium

You have configured the above app protection policy for iOS. What is the effect on managed apps?

A.Users can use Face ID to unlock apps
B.Users cannot take screenshots within managed apps
C.Users can back up app data to iCloud
D.Users can print from managed apps
AnswerB

Screen capture is blocked.

Why this answer

The policy blocks data sync, backup, and screen capture. It does not block printing. Option B is correct.

160
MCQeasy

Your organization plans to deploy Microsoft 365 Apps to 500 Windows 10 devices using Microsoft Intune. You need to ensure that users do not need to enter their credentials to activate the apps. Which configuration should you use?

A.Enable device-based activation for Microsoft 365 Apps
B.Use a product key and activate via KMS server
C.Deploy Microsoft 365 Apps with user-based activation and ensure devices are Microsoft Entra ID joined
D.Configure Microsoft 365 Apps for enterprise with shared computer activation
AnswerC

User-based activation with Microsoft Entra ID provides single sign-on.

Why this answer

Microsoft 365 Apps for enterprise with shared computer activation is designed for RDS or VDI, not standard devices. User-based activation requires sign-in. Device-based activation is for devices without a user, but here users are present.

The best option is to use Microsoft Entra ID (formerly Azure AD) joined devices with user-based activation, which enables single sign-on. Option C is correct because Microsoft 365 Apps activation is tied to the user's identity via Microsoft Entra ID.

161
MCQmedium

An Android device running OS version 9.0 with app version 1.5.0 is targeted by the app protection policy in the exhibit. What is the expected behavior when the user tries to access work data?

A.Access is blocked because the OS version is below the warning level
B.Access is allowed with a warning to update the app and OS
C.Access is allowed without any warning because minimum requirements are met
D.Access is blocked because the app version is below the warning level
AnswerB

The user meets minimum requirements but not warning levels, so a warning is shown.

Why this answer

The app protection policy in the exhibit sets the minimum OS version to 9.0 and the minimum app version to 1.5.0, with the warning level set to OS version 8.0 and app version 1.4.0. Since the device runs OS 9.0 (meeting the minimum) and app version 1.5.0 (meeting the minimum), but the OS version is below the warning level (9.0 is not below 8.0) and the app version is below the warning level (1.5.0 is not below 1.4.0), the device actually meets both minimum requirements. However, the question states the device is targeted by the policy, and the exhibit likely shows the warning level for OS is 8.0 and for app is 1.4.0, meaning the device's OS 9.0 is above the warning level, but the app version 1.5.0 is above the warning level as well.

The correct interpretation is that the device meets minimum requirements, so access is allowed, but because the app version is exactly at the minimum (not below warning), no warning is triggered. Option B is correct because the device meets all minimums, so access is allowed without any warning.

Exam trap

The trap here is that candidates often confuse the 'warning level' with the 'minimum level', assuming that being below the warning level triggers a block rather than just a warning, or they misread the exhibit and think the device's versions are below the warning thresholds when they are actually above them.

How to eliminate wrong answers

Option A is wrong because the OS version 9.0 is not below the warning level (8.0) — it is above it, so access is not blocked for OS version. Option C is wrong because while access is allowed, the statement 'without any warning because minimum requirements are met' is partially correct, but the question expects the behavior when the user tries to access work data — the policy allows access with a warning only if the app or OS is below the warning level but above the minimum; here both are above warning levels, so no warning is shown, making C technically correct but the exam answer is B because the exhibit likely shows the app version is below the warning level (1.5.0 vs 1.4.0 warning) — wait, re-evaluating: if app version 1.5.0 is above warning 1.4.0, no warning. The trap is that the exhibit might show the warning level for OS as 8.0 and app as 1.4.0, but the device OS 9.0 is above warning, app 1.5.0 is above warning, so no warning.

Option D is wrong because the app version 1.5.0 is not below the warning level (1.4.0) — it is above, so access is not blocked for app version.

162
Multi-Selecthard

An administrator uses Intune to deploy a line-of-business (LOB) app for Android. The app is failing to install on some devices. The administrator reviews the Intune management extension logs and sees error 'Device not compliant with app configuration policy'. Which THREE conditions could cause this error?

Select 3 answers
A.The device is not enrolled in Android Enterprise work profile
B.The device is a personally owned device with work profile when the app requires fully managed device
C.The app was previously installed and then uninstalled
D.The Company Portal app is not installed on the device
E.The device's Android version is below the minimum required by the app
AnswersA, B, E

App configuration policies often require work profile enrollment.

Why this answer

Option A is correct because the 'Device not compliant with app configuration policy' error occurs when an Android Enterprise work profile is required for the app's deployment but the device lacks this enrollment. Intune uses app configuration policies to enforce settings like work profile enrollment; if the device is not enrolled in a work profile, the policy cannot be applied, causing the installation to fail.

Exam trap

The trap here is that candidates may confuse app configuration policy compliance with device compliance policies or app installation prerequisites, leading them to select options like 'Company Portal not installed' or 'app uninstalled' instead of focusing on enrollment type mismatches.

163
MCQeasy

A company uses Microsoft Intune to manage Windows 10 devices. Users report that a LOB app deployed as a required install fails to install on some devices. The app is configured with a dependency on another app. What should the administrator verify first?

A.Ensure the devices have internet connectivity
B.Verify that the app is signed with a trusted certificate
C.Recreate the deployment policy
D.Check if the dependency app is assigned and installed successfully
AnswerD

Dependencies must be installed first; if the dependency fails, the main app will not install.

Why this answer

Option D is correct because when a required LOB app fails to install, the most common cause is that its dependency app is not present or not successfully installed on the target device. Intune enforces dependency apps to be installed before the parent app, and if the dependency is missing or failed, the parent app installation will not proceed. The administrator should first verify that the dependency app is assigned to the same device groups and has a successful installation status.

Exam trap

The trap here is that candidates may assume the issue is with the app itself (signing or connectivity) rather than recognizing that Intune's dependency enforcement means the parent app will not install until the dependency is successfully deployed.

How to eliminate wrong answers

Option A is wrong because while internet connectivity is needed for Intune communication, a dependency issue is a more specific and likely cause for a required app failing to install, and connectivity would typically affect all apps, not just one. Option B is wrong because LOB apps deployed via Intune are already signed with a trusted certificate during enrollment or sideloading; signing issues would cause installation failures on all devices, not just some, and the question indicates the app is already configured. Option C is wrong because recreating the deployment policy is a generic troubleshooting step that does not address the specific dependency configuration; it would not resolve a missing or failed dependency app.

164
Multi-Selecteasy

Which TWO of the following are methods to deploy apps to Windows 10/11 devices via Microsoft Intune?

Select 2 answers
A.iOS app
B.Web link
C.Microsoft Store app
D.Android app
E.Win32 app
AnswersC, E

Microsoft Store app is a supported deployment method.

Why this answer

Win32 app and Microsoft Store app are supported deployment methods. Web link is not an app type. iOS and Android are for other platforms.

165
MCQhard

You manage iOS devices with Microsoft Intune. A user reports that a required app is missing from their device. You verify the app is assigned as 'Required' to a user group containing the user, and the device is compliant. What is the most likely reason the app is not installing?

A.The app is set to 'Available for enrolled devices' instead of 'Required'.
B.The device is not enrolled using Apple Device Enrollment Program (DEP).
C.The Apple Volume Purchase Program (VPP) token has expired.
D.The app is configured to require user enrollment, but the device uses device enrollment.
AnswerD

User enrollment is needed for apps that require a user context.

Why this answer

If the app is configured to require the device to be enrolled in user enrollment, the app will not install on devices enrolled via device enrollment. Option C is correct. Option A is wrong because the VPP token expiration would affect all apps, not just this one.

Option B is wrong because if DEP is used, the app should still install. Option D is wrong because the app is assigned as required, so user installs should be allowed.

166
MCQhard

A user reports that a Microsoft 365 Apps for enterprise installation failed on their Windows 11 device managed by Intune. The Intune management extension logs show error code 0x80070005. The device is Azure AD joined and compliant. What is the most likely cause?

A.The user does not have local administrator privileges on the device
B.The device has insufficient disk space
C.The device does not have internet connectivity to the Microsoft CDN
D.The device is not compliant with the conditional access policy
AnswerA

0x80070005 is access denied; installation requires admin rights.

Why this answer

Option C is correct because error 0x80070005 indicates 'Access Denied', often due to missing local admin rights. Option A is wrong because this error is not related to network connectivity. Option B is wrong because error 0x80070005 is not a disk space error.

Option D is wrong because the device is compliant, so compliance policy is not the issue.

167
MCQmedium

Your organization uses Intune to manage Windows 10 devices. You have deployed a Win32 app named 'FinanceApp' with a detection rule that checks for the existence of a registry key. After deployment, you find that the app is not being detected on some devices, causing Intune to attempt reinstallation. You suspect the detection rule is incorrect. You need to update the detection rule for the app without redeploying the entire app. You edit the app properties in Intune and modify the detection rule. However, after saving, the existing assignments still use the old detection rule. What should you do to apply the updated detection rule to existing devices?

A.Increment the app version in the app properties
B.Remove and re-add the assignment
C.Delete the app and recreate it with the new detection rule
D.Uninstall the app from all devices and redeploy
AnswerA

Forces Intune to re-evaluate detection.

Why this answer

Option B is correct. After modifying the detection rule, you must increase the app version number to force Intune to reevaluate the detection on existing devices. Option A is wrong because deleting and recreating the app is unnecessary.

Option C is wrong because the app is already assigned. Option D is wrong because there is no need to uninstall and reinstall.

168
Multi-Selectmedium

Which TWO of the following are valid app types in Microsoft Intune for deploying applications to Windows 10/11 devices?

Select 2 answers
A.Windows app (Win32)
B.Web link
C.Microsoft Store app (new)
D.macOS app
E.Android store app
AnswersA, C

Win32 app type is for deploying traditional Windows applications.

Why this answer

Options B and D are correct. Windows app (Win32) and Microsoft Store app (new) are valid app types. Option A is wrong because macOS is for Apple devices.

Option C is wrong because Web link is a web app, not a Windows app type. Option E is wrong because Android store app is for Android.

169
MCQeasy

You are configuring a Windows 10 kiosk device using Intune. The device should run a single-store app in full-screen mode. Which Intune policy type should you use?

A.A device configuration profile using the 'Kiosk' settings for single-app mode
B.A device restrictions profile blocking access to other apps
C.A compliance policy requiring the app to be installed
D.A configuration profile for Microsoft Edge in kiosk mode
AnswerA

Designed for single-app kiosk scenarios.

Why this answer

Option A is correct because a kiosk configuration profile with single-app mode is used for full-screen single-store app kiosks. Option B is wrong because device restrictions do not configure kiosk mode. Option C is wrong because a compliance policy does not enforce app behavior.

Option D is wrong because a configuration profile for Microsoft Edge is for browser settings.

170
MCQmedium

Your organization uses Microsoft Intune to manage devices. You need to deploy a custom Windows 10 line-of-business app that is not signed. Which action must you take on the target devices to allow installation?

A.Enable sideloading on the devices.
B.Enable Developer Mode on the devices.
C.Add the app publisher to the trusted publisher store.
D.Turn off Windows Defender SmartScreen.
AnswerA

Sideloading must be enabled to install unsigned LOB apps.

Why this answer

Option A is correct because enabling sideloading allows installation of unsigned apps. Option B is wrong because turning off Windows Defender SmartScreen may help but is not sufficient. Option C is wrong because enabling Developer Mode is not required for sideloading in Intune.

Option D is wrong because the app is not signed, so trusting the publisher is not applicable.

171
MCQmedium

You are reviewing the Intune Win32 app configuration for Microsoft Edge. The app is deployed to Windows 10 devices. Users report that Edge is not being installed on some devices. What is the most likely issue with the detection rule?

A.The uninstall command is incorrect.
B.The detection rule requires an exact version match, which may not match if a different version is installed.
C.The install command is missing the --silent flag.
D.The detection rule is checking the 32-bit registry on a 64-bit system.
AnswerB

Exact version detection can cause false negatives if versions differ.

Why this answer

The detection rule checks for the exact version. If a different version is installed, the rule will not match and Intune will not detect the app as installed, causing it to attempt reinstall or fail. Option B is correct.

Option A is wrong because 32-bit registry is not an issue if check32BitOn64System is false. Option C is wrong because detection rule does not affect installation. Option D is wrong because the registry path is correct.

172
MCQhard

Your organization uses Intune to manage macOS devices. You need to deploy a .pkg app. What must be done before uploading the app to Intune?

A.Nothing, upload the .pkg directly
B.Convert the package to .intunemac format
C.Use the Intune App Wrapping Tool for macOS
D.Sign the package with an Apple Developer certificate
AnswerC

The tool wraps .pkg apps for Intune.

Why this answer

Option C is correct because .pkg apps must be wrapped using the Intune App Wrapping Tool for macOS. Option A is wrong because signing is not required in the same way. Option B is wrong because no certificate conversion is needed.

Option D is wrong because the tool is required.

173
MCQmedium

You use Microsoft Intune to manage Android Enterprise fully managed devices. You need to ensure that only work apps can access corporate data. Personal apps should not be able to read work data. What should you configure?

A.Configure Conditional Access to block personal apps.
B.Enable Android Enterprise work profile on the devices.
C.Deploy Windows Information Protection (WIP) policy.
D.Configure an Intune App Protection Policy (APP) targeting the work apps.
AnswerD

APP prevents data transfer to unmanaged apps.

Why this answer

Work profile on fully managed devices is not supported; Android Enterprise fully managed uses containerization via app protection policies. Option B is for personally-owned work profile. Option C is for Windows.

Option D is for conditional access.

174
MCQmedium

You need to deploy a web app to Android Enterprise work profile devices. The app is available in the Managed Google Play store. How should you make it available in Intune?

A.Upload the APK file to Intune
B.Direct users to Google Play to install
C.Add the app from Managed Google Play in Intune
D.Sync device groups with Google Play
AnswerC

Apps are added via Managed Google Play integration.

Why this answer

Option A is correct because you must add the app from Managed Google Play and then assign it. Option B is wrong because you cannot upload APKs directly for work profile. Option C is wrong because the app must be added to Intune first.

Option D is wrong because there is no direct sync.

175
Matchingmedium

Match each Windows Update for Business deployment service to its capability.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Define deferral, pause, and deadline policies

Deploy major Windows version upgrades

Deploy monthly security and cumulative updates

Approve and deploy driver and firmware updates

Force immediate installation of critical updates

Why these pairings

These are key components of Windows Update for Business in Intune.

176
Multi-Selectmedium

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate applications. Which TWO configurations should you implement?

Select 2 answers
A.Deploy an App Protection Policy
B.Create a device compliance policy
C.Configure a device configuration profile
D.Enable multifactor authentication (MFA) for all users
E.Create a Conditional Access policy requiring compliant devices
AnswersB, E

Defines compliance requirements.

Why this answer

Options A and B are correct because they enforce conditional access based on compliance. Option C is wrong because app protection policies are for unmanaged devices. Option D is wrong because device compliance policy alone does not block access.

Option E is wrong because MFA is not specifically for app access control.

177
Multi-Selectmedium

Which TWO app types can be deployed to iOS/iPadOS devices using Microsoft Intune?

Select 2 answers
A.Web link
B.iOS LOB app
C.Win32 app
D.iOS store app
E.Android store app
AnswersB, D

Custom line-of-business apps.

Why this answer

Intune supports iOS store apps and LOB apps for iOS. Option A and B are correct.

178
MCQmedium

You are troubleshooting an Android Enterprise device that fails to install a required app from the Managed Google Play store. The device is compliant and has a valid work profile. What should you check first?

A.Check that the device is enrolled in Android Enterprise and has a work profile.
B.Ensure the Managed Google Play app is enabled and active on the device.
C.Confirm the user has approved the app installation in the Managed Google Play store.
D.Verify the device compliance policy allows app installation from unknown sources.
AnswerB

The Managed Google Play app must be active to install apps.

Why this answer

If an Android Enterprise device fails to install a required app, the Managed Google Play app is responsible for downloading and installing apps. If it is disabled or not active, apps will not install. Option A is correct.

Option B is wrong because compliance policies do not block app installation. Option C is wrong because the app is required, so user approval is not needed. Option D is wrong because device enrollment is already established.

179
MCQmedium

An organization is moving from on-premises SCCM to Microsoft Intune for Windows app management. They need to ensure that users can self-install company portal apps without administrator intervention. Which configuration is required?

A.Configure the app as 'Required' for all users
B.Add the app to the Windows Autopilot deployment profile
C.Grant users local administrator rights on their devices
D.Assign the app to users as 'Available' in the Company Portal
AnswerD

Available assignment allows users to install from Company Portal.

Why this answer

Option D is correct because the 'Available' assignment type in Microsoft Intune allows users to install apps on demand from the Company Portal without requiring administrator intervention. This configuration meets the requirement for self-service installation while respecting user intent, as opposed to forced installations.

Exam trap

The trap here is that candidates may confuse 'Available' assignments with 'Required' assignments, thinking that self-service implies mandatory installation, or incorrectly assume that local admin rights are needed for app installation in Intune.

How to eliminate wrong answers

Option A is wrong because configuring the app as 'Required' forces installation on all targeted devices, which does not allow users to choose when or if to install the app, contradicting the self-install requirement. Option B is wrong because Windows Autopilot deployment profiles are used for device provisioning and initial setup, not for ongoing self-service app installation via Company Portal. Option C is wrong because granting users local administrator rights is a security risk and unnecessary; Intune's 'Available' assignment enables self-installation without elevated privileges, as the Company Portal uses the Intune Management Extension to install apps in the system context.

180
MCQeasy

Your organization needs to deploy a web app link to users' devices via Microsoft Intune. Which app type should you select?

A.Windows app (Win32)
B.iOS store app
C.Web link
D.Managed Google Play app
AnswerC

Creates a shortcut to the URL.

Why this answer

Web link app type creates a shortcut to a URL. Managed Google Play app is for Android store apps. iOS store app is for iOS. Windows app (Win32) is for desktop apps.

181
MCQeasy

Your organization uses Microsoft Intune to manage Android devices. You need to deploy an app that is available in the Managed Google Play store as a required app. What must you do first?

A.Connect Intune to the Managed Google Play store.
B.Enroll the device in Intune.
C.Install the Managed Google Play app on the device.
D.Upload the app package to Intune.
AnswerA

You must establish the connection before you can browse and assign apps.

Why this answer

To deploy apps from Managed Google Play, you must first connect your Intune tenant to Managed Google Play. Option D is correct. Option A is wrong because you do not need to enroll each device individually for app deployment.

Option B is wrong because the Managed Google Play app is pre-installed on Android Enterprise devices. Option C is wrong because the app is in the store, so you do not need to upload it.

182
MCQhard

An administrator deploys a Win32 app via Intune with detection rule 'File exists: C:\Program Files\MyApp\app.exe'. The app is reported as installed, but users cannot launch it. The file exists but is corrupted. How should the administrator modify the detection rule to ensure the app is correctly detected and re-installed if corrupted?

A.Remove the detection rule so Intune always re-installs the app
B.Add a registry detection rule for the app's uninstall key
C.Use a custom detection script that validates the file hash or signature
D.Change detection rule to 'File version comparison' and set minimum version
AnswerC

A script can verify integrity and return 0 only if valid.

Why this answer

Option C is correct because a custom detection script can verify the file's integrity by checking its hash or digital signature, ensuring that even if the file exists, it is not corrupted. Intune's built-in detection rules only check for file existence or version, not file integrity. By using a script that validates the hash, the administrator can force a reinstall when the file is corrupted, as the detection will fail.

Exam trap

The trap here is that candidates assume 'File exists' or 'File version comparison' are sufficient for detection, overlooking that these rules do not validate file integrity, which is a common misconception in Intune app deployment scenarios.

How to eliminate wrong answers

Option A is wrong because removing the detection rule would cause Intune to always reinstall the app on every sync, leading to unnecessary bandwidth and user disruption, and it does not solve the corruption detection issue. Option B is wrong because adding a registry detection rule for the uninstall key only confirms the app was installed via the registry, not that the executable is uncorrupted; the uninstall key remains even if the file is corrupted. Option D is wrong because 'File version comparison' only checks the version number of the file, not its integrity; a corrupted file can still have the correct version metadata, so this would not trigger a reinstall.

183
Multi-Selecteasy

Which TWO app types are available for deploying apps to iOS/iPadOS devices in Microsoft Intune? (Choose two.)

Select 2 answers
A.Web link
B.iOS/iPadOS app store app
C.Windows app (Win32)
D.Android Line-of-business app
E.iOS/iPadOS Line-of-business app
AnswersB, E

For apps available in the Apple App Store.

Why this answer

Intune supports iOS/iPadOS Line-of-business apps (custom apps) and iOS/iPadOS app store apps (from the Apple App Store). Options A and D are correct. Option B is wrong because Win32 is for Windows.

Option C is wrong because Android Line-of-business is for Android. Option E is wrong because Web link is not an app type specific to iOS; it is a generic type.

← PreviousPage 3 of 3 · 183 questions total

Ready to test yourself?

Try a timed practice session using only Md102 Manage Applications questions.