HOTSPOT You have a Microsoft 365 tenant that contains devices enrolled in Microsoft Intune. The devices are configured as shown in the following table. 
You plan to perform the following device management tasks in Microsoft Endpoint Manager: Deploy a VPN connection by using a VPN device configuration profile. Configure security settings by using an Endpoint Protection device configuration profile. You support the management tasks. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 
Table makes it super clear. VPN config can go to Device1, Device2, and Device3 since Intune supports all those OS types for VPN profiles. Endpoint Protection profile goes to Device1 only, as that's Windows 10. Great illustrative question.
Endpoint Protection: Device1 only
VPN config profile: Device1, Device2, Device3. Endpoint Protection: just Device1. I don't think the Endpoint Protection profile works on Android or iOS, that's a common trap answer here from similar practice sets.
