Chapter 2

1. Answer: B

Compliance policies alone can give you a report listing devices/users that are noncompliant but are not enough to block access. You'll need a conditional access policy as well.

More information: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions#device-state.

2. Answer: D

Configure named locations in Azure AD so that you can use them with a conditional access policy.

More information: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition.