Apple Deployment and Management Flashcards

Question 1

Q

What links a device to an MDM solution?

APNs
A firewall
A restriction
An enrollment profile

Answer

A

4 - An enrollment profile

An enrollment profile links a device to the MDM solution.

Question 2

Q

What does MDM need to operate, specifically for APNs and SSL?

Certificates
Restrictions
Enrollment profiles

Answer

A

1 - Certificates

MDM requires multiple certificates to operate, including an APNs certificate to talk to clients and an SSL certificate to communicate securely.

Question 3

Q

Which Apple device capability allows MDM to secure devices?

Location Services
Enrollment profiles
Built-in device security features

Answer

A

3 - Built-in device security features

An MDM solution allows you to use the device’s built-in security features.

Question 4

Q

How do devices report their status when using declarative device management?

Declarations
The status channel
Profiles

Answer

A

2 - The status channel

The status channel is what a device uses to update the MDM server with information about itself.

Question 5

Q

In which type of enrollment and ownership model can users personalize apps and data on their managed devices?
1. BYOD, organization-owned
2. Nonpersonalized, organization-owned
3. Personally enabled, organization-owned

Answer

A

3 - Personally enabled, organization-owned

The organization assigns devices to users, and after configuration, users can personalize their devices with their own apps and data.

Question 6

Q

In which type of ownership model can users personalize apps and data on their personal devices?

BYOD, User Enrollment
BYOD, organization-owned
Nonpersonalized, organization-owned
Personally enabled, organization-owned

Answer

A

1 - BYOD, User Enrollment

BYOD users can customize their personal devices before and after enrolling them in an MDM solution.

Question 7

Q

In which ownership model can IT administrators restrict the installed apps and personal data on a device meant to be shared with multiple users?

BYOD, User Enrollment
BYOD, personally enabled
Nonpersonalized, organization-owned
Personally enabled, organization-owned

Answer

A

3 - Nonpersonalized, organization-owned

IT administrators typically centrally configure and manage shared or single-purpose devices.

Question 8

Q

How do you enroll devices ineligible for automatic enrollment in Apple Business Manager or Apple School Manager?

Device Enrollment
Automated Device Enrollment
Automatic enrollment
No enrollment possible

Answer

A

1 - Device Enrollment

You can choose to manually enroll devices in your MDM solution by installing an enrollment profile locally on the devices.

Question 9

Q

Which type of enrollment is ideal for devices you need to distribute to multiple users in multiple regions?

Device Enrollment
User Enrollment
Automated Device Enrollment

Answer

A

3 - Automated Device Enrollment

Automated Device Enrollment is the most convenient choice because you can enroll devices in MDM without physically handling or preparing devices before users receive them.

Question 10

Q

Which type of enrollment do you commonly use for BYOD deployments?

Device
User
Automated device

Answer

A

2 - User

BYOD deployments most commonly employ User Enrollment. You can provide BYOD users a customized URL to an enrollment portal.

Question 11

Q

What do you need to consider when evaluating MDM solutions?

Support for watchOS
Pricing structure and subscription model
A device’s life cycle and trade-in value

Answer

A

2 - Pricing structure and subscription model

Understand your organization’s budget and growth projections, then compare MDM solution pricing and subscription options.

Question 12

Q

Which is a deployment model to consider as part of your device management goals?

Application Programming Interface (API)
Over-the-air (OTA) enrollment
One-to-one

Answer

A

3 - One-to-one

Also known as personally enabled, one-to-one is a deployment model you can consider when understanding your organization’s needs.

Question 13

Q

Which is an important user authentication feature of an MDM solution that you should consider?

Support and integration with your identity provider or directory service
Support for future versions of macOS, iOS, and iPadOS
Support for the BYOD deployment model

Answer

A

1 - Support and integration with your identity provider or directory service

Verify if the MDM solution supports your current identity provider or directory service.

Question 14

Q

Which aspect of your organization’s infrastructure should you evaluate to ensure that your organization meets the network roaming needs of users throughout a building?

Number of devices per user
Wi-Fi coverage and capacity
Adequate number of access points per device
Sources of interference caused by construction materials

Answer

A

2 - Wi-Fi coverage and capacity

Evaluating Wi-Fi coverage and capacity helps you strategically place wireless access points that have enough power to meet the roaming needs throughout your organization’s facilities.

Question 15

Q

Which type of network uses individual user credentials or device- and/or user-based certificates to control who or which devices can use the network?

Provisioning network
WPA2 Personal network
WPA2 Enterprise network

Answer

A

3 - WPA2 Enterprise network

WPA2 Enterprise network uses individual user credentials or device- and/or user-based certificates to control who or what devices can use the network.

Question 16

Q

Which functions require Apple devices to continuously access APNs?

Bonjour access, content caching, and internet connection sharing
SSO, VPN connectivity, and Wi-Fi network roaming
Notifications of operating-system and app updates, MDM policies, and messages
Ad and location tracking, Keychain data backup, and app suggestions

Answer

A

3 - Notifications of operating-system and app updates, MDM policies, and messages

Apple devices learn of operating-system and app updates, MDM policies, and incoming messages through continuous access to APNs. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.

Question 17

Q

What should you do to ensure that Apple devices can access APNs and other Apple services on your organization’s network?

Configure all devices to auto-establish secure VPN access to Apple’s network.
Deploy devices with an SSO payload that are configured to allow access to Apple’s network.
Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.
Set up your network to work with Bonjour so that devices can connect to APNs and Apple services.

Answer

A

3 - Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.

For Apple devices to access APNs and Apple services, you might need to adjust network configurations on web proxies or firewall ports to allow network traffic access to Apple’s network. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.

Question 18

Q

What’s the most commonly deployed authentication technology that both AD and SSO use?

Kerberos
MSCHAPv2
OAuth
SAML

Answer

A

1 - Kerberos

Kerberos is the most commonly deployed authentication technology that both AD and SSO use.

Question 19

Q

Which Kerberos feature allows users to sign in once and access multiple authenticated services?

Sign in with Apple at Work & School
OAuth
Ticket-granting ticket (TGT)
SAML

Answer

A

3 - Ticket-granting ticket (TGT)

TGT generates a ticket for the use of any resource that supports Kerberos without requiring the user to authenticate again.

Question 20

Q

Which feature allows administrators to streamline the creation of Managed Apple IDs based on existing Google Workspace or Azure AD data?

MSCHAPv2
Federated Authentication
Active Directory
SAML

Answer

A

2 - Federated Authentication

Federated authentication can link Apple Business Manager, Apple Business Essentials, or Apple School Manager to your instance of Google Workspace or Azure AD to automatically create Managed Apple IDs for your users.

Question 21

Q

What’s a benefit of using Apple Business Manager or Apple School Manager to automate MDM enrollment during initial setup of managed Apple devices?

You can track the location of managed devices.
You can make the enrollment mandatory and nonremovable on user-owned devices.
You can make the enrollment mandatory and nonremovable on organization-owned devices.

Answer

A

3 - You can make the enrollment mandatory and nonremovable on organization-owned devices.

Using Apple Business Manager or Apple School Manager provides additional enrollment options for managed, organization-owned Apple devices.

Question 22

Q

Which strategy would be most effective in a scenario where an organization wants to ensure that users always have the apps they need on their devices and to control the access and exchange of the organization’s sensitive information?

Deploy devices to users in shared mode.
Install a nonremovable managed app onto the devices.
Convert all unmanaged apps on the devices to managed apps.

Answer

A

2 - Install a nonremovable managed app onto the devices.

Nonremovable managed apps are ideal for deployment scenarios where an organization wants to ensure that users always have the apps they need on their devices and to control the access and exchange of the organization’s sensitive information.

Question 23

Q

What’s the main benefit of using managed device attestation when deploying Apple devices in an organization?

It allows the MDM administrator to use a bypass code to erase a device and assign it to a new user.
It allows a user to unlock the storage on APFS volumes that require a secure token and then become owners of the volume.
It provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.

Answer

A

3 - It provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.

Managed device attestation provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.

Question 24

Q

Why might you create a security policy that enforces the use of FileVault for data encryption on a managed Mac?

This policy ensures that users can’t disable FileVault.
When you use an MDM solution to enable FileVault, it adds a Recovery Key to a user’s iCloud account.
FileVault is compatible with any Apple device.
You can use third-party encryption algorithms to configure FileVault.

Answer

A

1 - This policy ensures that users can’t disable FileVault.

Users can’t disable FileVault if you enforce it with a configuration profile on managed Mac computers.

Question 25

Q

Which benefit helps IT administrators reduce the need to perform extensive configurations on Apple devices?

Many security features are turned on by default.
Users can select a security profile in Setup Assistant.
IT administrators can deliver and enforce policies without an MDM solution.
IT administrators can issue remote commands to devices to erase all private information.

Answer

A

1 - Many security features are turned on by default.

Because many security features on Apple devices are turned on by default, administrators save time when they configure devices.

Question 26

Q

What happens if your Apple device can’t validate the trust chain of a signing CA?

The service encounters an error.
The CA is added to the unapproved list.
The user is asked to enter the device password or passcode.

Answer

A

1 - The service encounters an error.

If your Apple device can’t validate the trust chain of a signing CA, the service encounters an error.

Question 27

Q

Which MDM payload setting can you use to turn off updating certificates wirelessly for iPhone and iPad devices?

Automatic sync while roaming
Allow users to accept untrusted TLS certificates
Allow automatic updates to certificate trust settings

Answer

A

3 - Allow automatic updates to certificate trust settings

When you deselect this option and push the payload to your device, you prevent wireless certificate updates.

Question 28

Q

You’ve installed a payload on your managed Apple device that prevents users from accepting untrusted TLS certificates.

What happens when users try to access a webpage that uses an untrusted TLS certificate and then tap Show Details?

They’re asked to contact the issuing CA to validate the certificate.
They can tap “view the certificate,” but they can’t trust this certificate or visit the site.
They can’t tap “view the certificate,” and they can view only the unsecured version of the webpage.

Answer

A

2 - They can tap “view the certificate,” but they can’t trust this certificate or visit the site.

When you deselect the option “Allow users to accept untrusted TLS certificates,” users can’t accept untrusted TLS certificates or visit sites that use untrusted certificates.

Question 29

Q

How do you configure Custom Apps to appear in the sidebar?

In Settings, select Apps and Books, then click Enable next to Custom Apps.
In Settings, select Enrollment Information, then click Enable next to Custom Apps.
In Roles, choose the role for which to enable custom apps, then select the View Custom Apps checkbox.

Answer

A

2 - In Settings, select Enrollment Information, then click Enable next to Custom Apps.

You enable Custom Apps in Settings > Enrollment Information. When you enable the Custom Apps option, it appears below the Content section in the sidebar.

Question 30

Q

What’s the purpose of using federated authentication with Apple Business Manager or Apple School Manager?

Federated authentication links to your Google Workspace or Azure AD domain.
Federated authentication verifies your organization’s eligibility.
Federated authentication verifies ownership of the domains that you use with your portal.

Answer

A

1 - Federated authentication links to your Google Workspace or Azure AD domain.

When you link to Google Workspace or Azure AD, people can use their user names and passwords from your domain as Managed Apple IDs.

Question 31

Q

You didn’t import user data into Apple Business Manager after configuring federated authentication.

Which Apple Business Manager settings pane can you use to import user data into Apple Business Manager?

Accounts
Directory Sync
Enrollment Information

Answer

A

2 - Directory Sync

In the Directory Sync pane, you can sync Apple Business Manager with user data from your Google Workspace or Azure AD.

Question 32

Q

Which of the following roles has the least user privileges?

Staff
Administrator
Content Manager

Answer

A

1 - Staff

The Staff role has the least user privileges.

Question 33

Q

Which type of additional user should you create immediately after sign-up is complete?

Administrator
Device Enrollment Manager
People Manager
Content Manager

Answer

A

1 - Administrator

After sign-up is complete, you’re the only person who can sign in. Create a second administrator account in case you can’t sign in for any reason.

Question 34

Q

Which roles must your account have to add or edit locations in Apple Business Manager?

Administrator or Site Manager
Administrator or People Manager
People Manager or Content Manager

Answer

A

2 - Administrator or People Manager

Only an Administrator or a People Manager can add or edit locations in Apple Business Manager.

Question 35

Q

You’ve created a number of users with Content Manager, Device Enrollment Manager, and People Manager roles.

What should you do next to give each user access?

Enter a secure password for each user.
Ask each user to enroll in your portal.
Create sign-in information and email it to each user.

Answer

A

3 - Create sign-in information and email it to each user.

You can choose to either email users their sign-in information directly or download it as a PDF or CSV file.

Question 36

Q

Which statement about adding an MDM server in Apple Business Manager or Apple School Manager is true?

Adding an MDM server creates a link to your MDM solution.
Adding an MDM server eliminates the need for an MDM solution.
Adding an MDM server configures an additional server in your MDM solution.

Answer

A

1 - Adding an MDM server creates a link to your MDM solution.

Adding an MDM server establishes a secure relationship between your MDM solution and Apple Business Manager or Apple School Manager.

Question 37

Q

What’s the purpose of the public key certificate file that you download from your MDM server before you add the server to your Apple Business Manager or Apple School Manager portal?

It enables the MDM server to securely send email through the portal.
It configures two-step verification between your MDM server and the portal.
It contains a public key that the MDM server uses to encrypt the portal server token.

Answer

A

3 - It contains a public key that the MDM server uses to encrypt the portal server token.

You upload the public key certificate file to Apple Business Manager or Apple School Manager when you add your MDM server.

Question 38

Q

After you add your MDM server in your Apple Business Manager or Apple School Manager portal, what must you do so that the MDM server securely connects to the portal?

Enter the encryption key that the portal generates into the MDM server.
Verify that the secure URL for your MDM server in the portal is correct.
Download the server token from the portal and upload it to the MDM server.

Answer

A

3 - Download the server token from the portal and upload it to the MDM server.

The server token is a P7M file that your MDM server uses to securely connect to Apple Business Manager or Apple School Manager.

Question 39

Q

On your Mac, which Apple Configurator tool do you use to add donated iPhone and iPad devices to Apple Business Manager, Apple School Manager, or Apple Business Essentials?

Blueprints
Profile Editor
Prepare Assistant
Device Assignments

Answer

A

3 - Prepare Assistant

You can use Apple Configurator with Prepare Assistant to manually add iPhone and iPad devices to Apple Business Manager, Apple School Manager, or Apple Business Essentials.

Question 40

Q

What happens if a Wi-Fi payload isn’t included in a configuration profile when using Apple Configurator on your Mac to manually add iPhone or iPad devices to Apple Business Manager, Apple School Manager, or Apple Business Essentials?

Adding the device fails with a network error.
The device is added to Apple Business Manager, Apple School Manager, or Apple Business Essentials but isn’t able to connect to Wi-Fi.
Apple Configurator continues trying to add the device to Apple Business Manager, Apple School Manager, or Apple Business Essentials until you click Cancel.

Answer

A

1 - Adding the device fails with a network error.

Because iPhone and iPad devices require an internet connection to be added to Apple Business Manager, Apple School Manager, or Apple Business Essentials, you must install a configuration profile with a Wi-Fi payload.

Question 41

Q

As an administrator in Apple Business Manager, Apple School Manager, or Apple Business Essentials, you’re manually adding a newly purchased Mac to your organization.

What else do you need to complete the task?

AppleCare+ for Mac chat or phone support
An enrollment profile for your MDM solution and a device supporting AirDrop
Another Mac, Apple Configurator, and a Thunderbolt or Ethernet cable to connect them
Your iPhone, the Apple Configurator for iPhone app, and a Wi-Fi connection to the internet

Answer

A

4 - Your iPhone, the Apple Configurator for iPhone app, and a Wi-Fi connection to the internet

You can use Shared Wi-Fi credentials with Apple Configurator for iPhone to add the Mac computer to your organization.

Question 42

Q

You want to link your MDM solution with Apps and Books for managed distribution to your devices.

What must you download in Apple Business Manager and then upload to your MDM solution?

A server token
A public key certificate
A CSV file containing all device serial numbers
Your organization’s Apple Customer ID

Answer

A

1 - A server token

A server token is a file that connects your MDM solution to the volume purchasing feature.

Question 43

Q

Your organization wants to retain full ownership and control of apps that you bought through Apps and Books.

Which license type should you choose?

Custom licenses
Managed licenses
Redemption codes
Supervised licenses

Answer

A

2 - Managed licenses

Choose Managed when you buy licenses for managed distribution. Your organization retains full ownership and control of apps through assignment with your MDM solution.

Question 44

Q

You buy books and choose licenses for managed distribution.

What happens to ownership of the books when you distribute them?

Book ownership always transfers to users. You can’t revoke or reassign books.
You choose whether you want to retain or transfer ownership of books when you distribute them.
The organization retains full ownership and control, so you can revoke and reassign them later.

Answer

A

1 - Book ownership always transfers to users. You can’t revoke or reassign books.

Regardless of whether you choose licenses for managed distribution or redemption codes, book ownership always transfers to the user.

Question 45

Q

What must multiple subnets share so that a network can use a single content cache, without requiring DNS changes?

DNS
Subnet
Bandwidth
Public IP Address

Answer

A

4 - Public IP Address

You can set the caching server to provide content caching for subnets of the local network that share a common public IP address.

Question 46

Q

When an iPhone device on your network tries to download Apple content that could be cached, the Apple content server instructs the device to check with the local network’s cache first.

True
False

Answer

A

1 - True

With content caching, when an iPhone device on your network downloads an iOS update from the App Store, content caching keeps a copy of the update.

Question 47

Q

Which issue could arise when multiple devices request the same data and caching is NOT turned on?

Data becomes less secure.
Bandwidth consumption increases.
Only the first device can download the requested data.
No issue — each device downloads the requested data.

Answer

A

2 - Bandwidth consumption increases.

When the second device requests the same content, the bandwidth consumption doubles because the second device also needs to download the content from the internet.

Question 48

Q

For best results, deploy content caching on a Mac that has a single wired Ethernet connection as its only network connection.

True
False

Answer

A

2 - True

Use an Ethernet connection to the network for best results.

Question 49

Q

Where do you turn on content caching on your Mac?

System Settings > Privacy & Security
System Settings > Sharing
System Settings > Network
System Settings > Displays

Answer

A

2 - System Settings > Sharing

Use the Content Caching option in Sharing settings to manage content caching on your Mac.

Question 50

Q

Which setting should you select to prevent your computer from going to sleep and interfering with content caching?

Wake for network access
Put hard disks to sleep when possible
Enable Power Nap while plugged into a power source
Prevent automatic sleeping when the display is off

Answer

A

4 - Prevent automatic sleeping when the display is off

Content caching requires the Mac to be turned on.

Question 51

Q

With internet connection sharing, you can use a Mac computer’s internet connection to cache content for iPhone or iPad devices that are physically connected to the Mac through USB.

True
False

Answer

A

1 - True

A Mac with internet connection sharing turned on and with an Ethernet connection can cache content for iPhone and iPad devices.

Question 52

Q

Which advanced option do you use to set the cache size?

Peers
Storage
Clients
Parents

Answer

A

2 - Storage

You view and set the cache size in the Storage tab.

Question 53

Q

Which Mac sharing service becomes unavailable when the content caching internet connection setting is turned on?

Internet Sharing
Remote Management
Media Sharing
File Sharing

Answer

A

1 - Internet Sharing

Internet Sharing on a Mac becomes unavailable when the content caching internet connection setting is turned on.

Question 54

Q

When you use Activity Monitor to check performance statistics for content caching, which comparison can tell you how much content caching is helping?

The closer the Maximum Cache Pressure value is to the Data Served value, the more content caching is helping.
The further the Maximum Cache Pressure value is from the Data Served value, the more content caching is helping.
The closer the Data Served From Cache values are to the Data Served values, the more content caching is helping.
The further the Data Served From Cache values are from the Data Served values, the more content caching is helping.

Answer

A

3 - The closer the Data Served From Cache values are to the Data Served values, the more content caching is helping.

Comparing the closeness of these two values is the best way to determine how content cache is helping.

Question 55

Q

Where does the content caching service send log messages?

To the main system.log
To the subsystem com.apple.AssetCache
To the subsystem com.apple.ContentCache
To the subsystem com.apple.AssetCacheManagerUtil

Answer

A

2 - To the subsystem com.apple.AssetCache

Specifying this subsystem in the log command filters the displayed results to those associated with content caching.

Question 56

Q

Which command can you use to configure advanced settings for content caching?

defaults write
AssetCacheManagerUtil status
AssetCacheManagerUtil settings

Answer

A

1 - defaults write

When used with sudo, the defaults write command allows you to configure advanced settings for content caching.

Question 57

Q

Which tool can you use to display advanced settings for the content caching service?

Activity Monitor
Console
System Settings
Terminal

Answer

A

4 - Terminal

You can use the command-line interface in Terminal to configure all settings, both basic and advanced, for content caching.

Question 58

Q

Which statement about entering Apple Customer Numbers and Reseller Numbers is correct?

You can enter both an Apple Customer Number and a Reseller Number.
You can enter an Apple Customer Number or a Reseller Number but not both.
You can enter only one Apple Customer Number, but multiple Reseller Numbers.

Answer

A

1 - You can enter both an Apple Customer Number and a Reseller Number.

You can enter both an Apple Customer Number and a Reseller Number and even add multiple numbers if you need them.

Question 59

Q

Your organization has multiple MDM servers linked in Apple Business Manager or Apple School Manager.

What should you do to automatically assign iPhone devices and Mac computers to different MDM servers?

Choose your preferred assignment method in MDM Server Assignment, then select the default MDM server for each device type.
Edit the assignment options in Default MDM Server Assignment settings and choose a different server for iPhone devices and Mac computers.
Upload a CSV file containing iPhone device serial numbers and assign them to
one MDM server, then upload a CSV file for Mac computers and assign them to a different MDM server.

Answer

A

2 - Edit the assignment options in Default MDM Server Assignment settings and choose a different server for iPhone devices and Mac computers.

If you have linked more than one MDM server, you can choose default assignments by device type in Default MDM Server Assignment settings.

Question 60

Q

You made multiple orders for new iPhone devices and you want the devices from one order assigned to a different MDM server than the others.

What’s the best way to do that?

Use MDM Server Assignment to change the Default MDM Server Assignment for iPhone.
Select Devices, filter by order number and device type, then select All Devices to change assignments.
Use MDM Server Assignment to enter a new Reseller Number for the order to filter device assignments.
Use Devices to download a CSV file containing iPhone device serial numbers
for that order only. Edit the file and upload it with the unique server
assignment for the iPhone devices in that order.

Answer

A

2 - Select Devices, filter by order number and device type, then select All Devices to change assignments.

You can select All Devices to edit the MDM Server assignments of all devices matching the search criteria.

Question 61

Q

You’re responsible for managing 10 identical iPad devices that your organization uses in a training classroom and networking isn’t available onsite. Each week you need to retrieve the files stored on each device by the recent students and set up the devices for a new class.

Which approach is best for this task?

Apple Configurator for Mac
Apple Configurator for Mac with Shared iPad
Apple Configurator for Mac with your MDM solution

Answer

A

1 - Apple Configurator for Mac

You can use Apple Configurator for Mac to create a single backup configuration that you apply to all the devices at the start of class and that you retrieve files with at the end.

Question 62

Q

Which type of content can you assign to iPhone or iPad with Apple Configurator for Mac?

Apps
User settings
Purchased music
Podcasts

Answer

A

1 - Apps

Distributing apps to multiple Apple devices simplifies deployment.

Question 63

Q

Which of the following devices can Apple Configurator for iPhone add to Apple Business Manager, Apple Business Essentials, and Apple School Manager?

iPhone with iOS 15, iPad with iPadOS 16.1, and Mac with macOS 11 or later installed.
iPhone with iOS 16, iPad with iPadOS 16.1, Mac with macOS 12.0.1, and Apple TV with tvOS 16 or later installed.
iPhone with iOS 16, iPad with iPadOS 16.1, and Mac with macOS 12.0.1 or later installed.
iPhone with iOS 16, iPad with iPadOS 15, and Mac with macOS 11 or later installed.

Answer

A

3 - iPhone with iOS 16, iPad with iPadOS 16.1, and Mac with macOS 12.0.1 or later installed.

Apple Configurator for iPhone can add iPhone, iPad, and Mac to Apple Business Manager, Apple Business Essentials, and Apple School Manager.

Question 64

Q

Which type of information about iPad can you view in Apple Configurator for Mac?

Camera status
iPad location
Console log
Ebook licenses

Answer

A

3 - Console log

You can find the Console log by choosing File > Get Info from the Apple Configurator for Mac menu bar.

Answer 65

A

2 - From Apple Configurator for Mac

The cfgutil tool is one of the automation tools that you can install from Apple Configurator for Mac.

Answer 66

A

3 - Command-line tool cfgutil

The command-line tool cfgutil in the Terminal app helps you write shell scripts and automate specific processes.

Answer 67

A

2 - Automator app

You can use the Automator app to create automated workflows for others to use when configuring devices.

Answer 68

A

1 - Blueprints

Blueprints use template tools to record actions that you can then apply to devices.

Answer 69

A

1 - Blueprints

Blueprints use template tools to record actions that you can then apply to devices.

Answer 70

A

4 - A file with payloads for Apple devices

A profile is a file with payloads that contain settings and authorization information for Apple devices.

Answer 71

A

3 - An MDM solution

To create custom configuration profiles that contain settings specific to macOS, use an MDM solution.

Answer 72

A

1 - Profile Editor

Use the Profile Editor to create configuration profiles for Apple TV as well as iPhone and iPad devices.

Answer 73

A

2 - False

You can also create a configuration profile with Apple Configurator and then distribute it using a message, a web page, Apple Configurator, or an MDM solution.

Answer 74

A

2 - Signing a configuration profile makes it more resistant to tampering during distribution.

If someone modifies a profile after you sign it, the MDM framework won’t allow that profile to be installed on a device.

Answer 75

A

3 - Restrictions

Configure Restrictions to restrict functions for Setup Assistant options that you hide during device setup. Restrictions remain in place until removed.

Answer 76

A

3 - Assigning devices to your MDM solution in Apple Business Manager, Apple Business Essentials, or Apple School Manager

You must configure them to enroll during setup.

Answer 77

A

2 - False

Users need a network connection to complete Setup Assistant on Mac computers with macOS 13 and Apple silicon or an Apple T2 Security Chip. Prior to macOS 13, users could complete Setup Assistant without an internet connection.

Answer 78

A

3 - Select the option to require user authentication during enrollment

The user will need to authenticate in order to enroll.

Answer 79

A

2 - False

Setup Assistant guides users before they get to the Home Screen.

Answer 80

A

1 - True

You can use your MDM solution to manage devices but still permit users to personalize some settings.

Answer 81

A

1 - Install the profile in the Settings app.

Users install the profile in the Settings app.

Answer 82

A

2 - The MDM solution records information about the device, such as the serial number and installed apps.

When the user connects to the MDM solution using the device, the MDM solution records information about the device.

Answer 83

A

4 - Running profiles validate on a Mac with macOS 13 installed

Three options are limited to 10 requests in a 24-hour period: profiles show, profiles validate, and profiles renew.

Answer 84

A

4 - Managed Apps based on that configuration profile

A user can remove an enrollment profile from their device, including all configuration profiles and their settings, as well as Managed Apps based on that enrollment profile.

Answer 85

A

3 - The device identifies itself to the MDM solution.

If users enroll their own devices, the devices identify themselves to an organization’s MDM solution.

Answer 86

A

3 - All configuration profiles, their settings, and managed apps based on that enrollment profile are removed with it.

If users bring their own devices, they can remove the enrollment profiles to disassociate from an organization’s MDM solution.

Answer 87

A

2 - Change and send a new updated configuration profile.

The easiest way to send new settings is to use your MDM solution to change and send an updated configuration profile to users.

Answer 88

A

3 - All of the above

Sending an enrollment profile by email or SMS and setting up a self-service portal are two common options you can offer users to enroll their devices.

Answer 89

A

1 - iPad Pro

Any iPad Pro is compatible with Shared iPad.

Answer 90

A

2 - Content Caching

When you have a Mac with the Content Caching service turned on, Shared iPad can locally save iCloud user data in addition to iPadOS and app updates.

Answer 91

A

3 - Apps and Books

Apps optimized for Shared iPad are labeled in Apps and Books.

Answer 92

A

1 - True

Organizations that purchase devices directly from a participating Apple Authorized Reseller or carrier can enroll the devices automatically in an MDM solution with Apple Business Manager, Apple Business Essentials, or Apple School Manager.

Answer 93

A

2 - Managed Apple ID credentials

The option to add Managed (or personal) Apple ID credentials appears after you enroll the device in MDM if the administrator allows the option in Setup Assistant.

Answer 94

A

1 - Download internal business apps

If an organization provides self-support sites, these sites can allow users to access device enrollment in MDM, downloads of internal business apps, and other device management services.

Answer 95

A

1 - A configuration profile

To connect Apple devices to networks that use 802.1X EAP-TLS authentication, MDM administrators must create the appropriate settings for their networks in configuration profiles and then push them to their devices.

Answer 96

A

2 - WPA3 Enterprise

Configuring your managed Apple devices with this type gives them access to a broad range of 802.1X authentication environments.

Answer 97

A

1 - True

You can authenticate to a network from the login window when your Mac is set up with a compatible directory service and configured to use this mode with MDM.

Answer 98

A

2 - PKCS #12 Certificate

You can use a PKCS #12 identity certificate (.p12 or .pfx) payload or a SCEP payload for authentication to Wi-Fi networks using EAP-TLS on iPhone and iPad devices.

Answer 99

A

2 - The device follows the PAC file rules that define the proxy server’s location and traffic allowed to connect directly.

The proxy server’s location and rules for allowed direct traffic defined in the PAC file manage the way an Apple device communicates over a network.

Answer 100

A

3 - WPAD using DHCP option 252

When configuring an Apple device to use a proxy, you can use WPAD using DHCP option 252 instead of a proxy server URL.

Answer 101

A

4 - The server’s DNS name or IP address

The server identity certificate must contain the server’s DNS name or IP address in the SubjectAltName field.

Answer 102

A

2 - The appropriate authentication app

You need the vendor’s VPN app.

Answer 103

A

1 - Per-App VPN

Per-App VPN connections are established on a per-app basis, which provides more granular control over which data goes through VPN.

Answer 104

A

3 - Link your MDM solution to at least one location in Apple Business Manager or Apple School Manager.

To enable managed distribution, you link your MDM solution to at least one location in your Apple Business Manager or Apple School Manager account.

Answer 105

A

2 - Redemption codes

Distributing app licenses through redemption codes transfers ownership of an app to the user who redeems the code.

Answer 106

A

1 - No one

When you distribute books, ownership permanently transfers to the users; you can’t revoke or reassign book licenses.

Answer 107

A

1 - True

Using managed distribution with MDM, your organization retains full control and ownership of app licenses with the ability to assign, revoke, and reassign apps to devices.

Answer 108

A

2 - Your MDM solution automatically pushes the app to the supervised device.

Your MDM solution can automatically push it to supervised devices without requiring user invitation or acceptance.

Answer 109

A

3 - After you assign or revoke an app to a device or device group

After you assign or revoke an app using your MDM solution, the number of app licenses available for assignment adjusts accordingly.

Answer 110

A

2 - Accept an invitation to enroll in managed distribution

The user must accept the invitation by signing in with their Apple ID and agreeing to the terms and conditions.

Answer 111

A

2 - Each individual user in the group

Each user in the group receives an invitation to enroll in managed distribution.

Answer 112

A

1 - A restriction

Open In management uses a set of restrictions to prevent users from opening attachments or documents from managed sources in unmanaged destinations on a managed iPhone or iPad.

Answer 113

A

1 - A restriction

You can use your MDM solution to push a restriction to your managed devices to keep managed app data from being backed up to iTunes and iCloud.

Answer 114

A

3 - A “Paste Not Allowed” notification displays.

If the user isn’t allowed to paste content in an app due to the restriction, they get a “Paste Not Allowed” notification that includes the organization name.

Answer 115

A

4 - Only managed apps that the MDM solution installs

Apps that the MDM solution installs are considered managed. You can apply restrictions to managed apps that limit how users can share attachments with unmanaged apps.

Answer 116

A

2 - In System Settings > Privacy & Security

After you’ve used MDM to push restrictions to your devices, the profile displays those restrictions. Using System Settings, you can review the restrictions by choosing the profile containing them.

Answer 117

A

1 - Restrictions

Use a Restrictions payload to prevent users from removing system apps on iPhone.

Answer 118

A

4 - In System Settings > Privacy & Security, below Security settings.

In macOS 13.0 or later you configure Gatekeeper below Security settings in System Settings > Privacy & Security.

Answer 119

A

3 - Managed apps, MDM-installed apps, system apps, and updates to those apps

The device can still receive managed apps, MDM-installed apps, system apps, and updates to those apps despite restrictions on access to the App Store.

Answer 120

A

1 - Additional security by requiring a login password to decrypt data

On Mac computers with Apple silicon or the T2 chip, data is always encrypted on the startup volume. Turning on FileVault provides additional security by requiring a login password to decrypt data.

Answer 121

A

2 - To unlock the startup disk if the user forgets their login password

When you first turn on FileVault on an individual unmanaged Mac, you choose how you want to unlock the startup disk if the user forgets their login password: with the Apple ID they use for iCloud or with a PRK.

Answer 122

A

1 - The managed Mac must be supervised.

You can manage FileVault settings on Mac computers that are enrolled in and supervised by your MDM solution, using either Automated Device Enrollment or Device Enrollment.

Answer 123

A

1 - Local administrator

A local administrator account is required to perform a software upgrade on a Mac.

Answer 124

A

2 - To test critical apps and infrastructure before deploying the update

Testing apps and infrastructure before deployment is critical.

Answer 125

A

3 - 90

You can defer software updates up to 90 days.

Answer 126

A

4 - Software Update

Use the Software Update payload to manage the installation of macOS beta releases and automatic installation of macOS updates or app updates from the App Store.

Answer 127

A

1 - In minor software updates

Rapid Security Responses distribute security fixes in minor software updates.

Answer 128

A

1 - Passcode

You choose the Passcode payload to configure specific rules for the creation of passwords or passcodes on enrolled devices.

Answer 129

A

4 - It enforces passcode rules that help prevent unauthorized access to your organization’s devices and data.

You configure a Passcode payload with specific rules that users must follow when creating a device passcode or password.

Answer 130

A

2 - False

The Passcode payload configures passcode rules for iPhone and iPad, as well as password rules for Mac.

Answer 131

A

1 - The user must enter a passcode using the specified settings within 60 minutes.

If the user doesn’t do so within that time frame, the payload forces the user to enter a passcode using the specified settings.

Answer 132

A

1 - The restriction description contains “(supervised only).”

MDM solutions indicate when a restriction applies only to supervised devices.

Answer 133

A

3 - Restrictions prevent users from accessing a specific app, service, or function of a device.

You configure a Restrictions payload to prevent access to a specific app, service, or function on a device.

Answer 134

A

1 - The “(supervised only)” settings don’t take effect unless you have previously supervised the device.

You can select “(supervised only)” settings for unsupervised devices, but the settings don’t take effect unless the device is supervised.

Answer 135

A

3 - Allow Thunderbolt or USB device connections

The MDM restriction “Allow Thunderbolt or USB device connections” lets you manage a user’s ability to connect Thunderbolt or USB devices to a Mac by disabling the “Allow accessories to connect” setting in System Settings > Privacy & Security.

Answer 136

A

2 - The device maintains a data connection to a connected network before a user unlocks it.

When you select the “Allow connected accessories while locked” restriction and an iPhone or iPad device is connected to a computer with a compatible Ethernet adapter, the device maintains a data connection even before a user unlocks it.

Answer 137

A

1 - Device supervision

Configurations to restrict accessory connections require that your iPhone and iPad devices be supervised.

Answer 138

A

3 - Distribute the correct supervision identities to users’ devices.

When you deselect the “Pair with non-Apple Configurator hosts” restriction — and distribute the correct supervision identities to users’ devices — you ensure that only trusted computers holding a valid supervision host certificate are allowed to access iPhone or iPad over Thunderbolt or USB.

Answer 139

A

1 - A .p12 file

You can put a certificate identity into a PKCS #12 file protected with a
password, and push the file to the device in a configuration profile.

Answer 140

A

3 - A padlock icon appears to the right of the recipient’s contact name, and the address text is blue.

Mail consults the GAL to discover the recipient’s S/MIME certificate. When Mail finds the certificate for your recipient, a padlock icon appears to the right of the recipient’s contact name, and the address text is blue.

Answer 141

A

2 - You must have your identity’s private key in your keychain.

Private keys are important for signing messages in Mail. To send signed messages in Mail using S/MIME on a managed Apple device, you must have your identity’s private key in your keychain.

Answer 142

A

1 - The public key from the recipient’s certificate

Public keys are important for encrypting messages in Mail. To send encrypted messages in Mail using S/MIME on a managed Apple device, you must have the public key from the recipient’s certificate in your keychain.

Answer 143

A

3 - “This Connection Is Not Private” appears instead of the contents of the site.

When you use Safari on iPhone or iPad to visit a site with a revoked certificate, “This Connection Is Not Private” appears instead of the contents of the site.

Answer 144

A

3 - Device information

Device information queries return a device’s information about apps installed, battery level, and device name.

Answer 145

A

1 - Security

Security queries return a device’s information about whether it has the following enabled: Activation Lock, Find My, FileVault, Firmware password (for Intel-based Mac computers), and more.

Answer 146

A

4 - Operating system

Operating system queries return a device’s information about the product version and whether specific update options are enabled.

Answer 147

A

3 - Fastlane QoS marking

Fastlane QoS marking ensures that the most important app data always gets the best possible bandwidth.

Answer 148

A

3 - The ability to filter content or manage available bandwidth

You can use a proxy server to control the routing of traffic between your local intranet and the internet.

Answer 149

A

4 - Network Usage Rules

You can configure the Network Usage Rules payload settings to specify how managed apps use cellular data.

Answer 150

A

1 - Wi-Fi

Apps with enabled QoS support automatically take priority over low-priority apps, such as those used for syncing documents in the background.

Answer 151

A

2 - QoS classification or marking refers to the process of classifying the type of IP packets or traffic.

Apple devices can mark an app’s network traffic with QoS, and configured network devices can detect these markings and prioritize some types of traffic.

Answer 152

A

1 - The network service type

The developer must mark the network service type for QoS to use it.

Answer 153

A

2 - Network

You set QoS priorities with a Network payload.

Answer 154

A

3 - MDM remotely queries a lost device for its location the last time that the device was online.

With Managed Lost Mode, you can find a supervised iPhone or iPad device that is lost or stolen because the MDM solution remotely queries for its location when the device connects to a network that both the managed device and the MDM solution can access.

Answer 155

A

1 - You can customize the Lock Screen with a message, add a contact phone number, and include a note.

When you enable Lost Mode on a device, you can customize the Lock Screen with a message, a contact phone number, and a note.

Answer 156

A

3 - You can disable Managed Lost Mode if it’s erroneously enabled or enabled on a retrieved device.

Answer 157

A

1 - MDM enabled Managed Lost Mode and collected the device location.

When an MDM solution administrator remotely disables Managed Lost Mode, the user is notified that their device was locked and the MDM solution collected its location.

Answer 158

A

3 - Wiping iPhone or iPad restores the device to its factory settings while preserving the last installed iOS or iPadOS version.

Wiping iPhone or iPad removes all user data and settings and restores factory settings, preserving the last installed iOS or iPadOS version.

Answer 159

A

2 - MDM locks the device.

When you enable Lost Mode for a missing device with your MDM solution, it locks the device, displays your custom message, and determines the device location.

Answer 160

A

1 - Activation Lock is enabled.

If Find My is enabled when your MDM solution allows Activation Lock on managed devices, Activation Lock is automatically enabled at that point.

Answer 161

A

4 - Activation Lock is enabled the next time the user enables Find My.

If Find My is disabled when your MDM solution allows Activation Lock on managed devices, Activation Lock is enabled the next time the user enables Find My.

Answer 162

A

2 - Start up in recoveryOS, then click the Recovery Assistant menu, choose “Activate with MDM key,” and enter the bypass code in the field.

You can find the device-based bypass code in your MDM solution.

Answer 163

A

3 - Mac computers with Apple silicon and the T2 chip

Activation Lock is available on Mac computers with Apple silicon and the T2 chip.

Answer 164

A

1 - Apple Configurator for Mac or Apple Configurator for iPhone

You use Apple Configurator to assign iPhone or iPad devices or Mac computers to your organization in Apple Business Manager or Apple School Manager.

Answer 165

A

1 - Yes

You can reassign revoked licenses for managed apps to other users or devices.

Answer 166

A

3 - In the macOS Installer package bundle

startosinstall is located inside the macOS installer’s Contents and Resources folder.

Answer 167

A

3 - Determine the necessary sequence, and call startosinstall with multiple --installpackage arguments for each package in order.

--installpackage installs all packages passed to it in the order in which they’re passed to the command.

Answer 168

A

1 - Apple recycles the devices.

Apple recycles the devices through its recycling partners.

Answer 169

A

3 - Apple refurbishes devices that are in good condition and recycles the rest.

Apple refurbishes reusable devices.

Answer 170

A

1 - True

You don’t have to, but you should wipe your devices first, then you can release them from management in Apple Business Manager or Apple School Manager and remove them from MDM.

Answer 171

A

B. Modify Personal Hotspot settings

Answer 172

A

A. Disable Safari web browser

Answer 173

A

A. Back up your device.
D. Remove your old device from your list of trusted devices.
E. Sign out of iCloud and the iTunes Store and the App Store.
F. Remove the devices from Apple School Manager and Apple Business Manager.

Answer 174

A

B. Device Enrollment
D. Automated Device Enrollment

Answer 175

A

A. A fully qualified domain name, TLS certificate communication, and a static IP address

Answer 176

A

A. User Enrollment

Answer 177

A

B. Google Workspace

Answer 178

A

B. Pasting content from a managed app to an unmanaged app

Answer 179

A

A. Provider companion app

Answer 180

A

A. User assignment

Answer 181

A

A. It depends on the setting you selected in your MDM solution.

Answer 182

A

D. It continues to function for a limited time.

Answer 183

A

C. User and device assignment

Answer 184

A

D. Wireless Diagnostics

Answer 185

A

A. Standardize on the 5 GHz band

D. Avoid using “hidden” service set identifiers

E. Avoid creating excessive service set identifiers

Answer 186

A

B. Once a year

Answer 187

A

B. Managed Apple IDs

Answer 188

A

A. iCloud Backup
C. iCloud Drive
D. Notes

Answer 189

A

B. Site Manager

C. Administrator

E. Device Enrollment Manager

Answer 190

A

B. Console log

Answer 191

A

B. Content Manager
D. Administrator

Answer 192

A

B. Managed licenses

Answer 193

A

B. OS updates
E. Apple Books
F. iCloud data caching
G. Apps from the App Store

Answer 194

A

B. Configure multiple Ethernet services in Network settings

Answer 195

A

A. Connect your Mac mini to the network with a cable and disable Wi-Fi.

Answer 196

A

B. Specify a TCP port for caching

C. Block rogue cache registration

D. Manage intersite caching traffic

Answer 197

A

D. The message “This Connection Is Not Private” appears instead of the webpage.

Answer 198

A

B. Manage Open In

Answer 199

A

C. Managed Open In

Answer 200

A

A. FaceTime communications
B. iMessage communications
E. HTTPS web browsing

Answer 201

A

B. ONLY Mac computers with Apple silicon

Answer 202

A

D. The key is protected only by the hardware UID in the Secure Enclave.

Answer 203

A

B. Enable Lost Mode

Answer 204

A

B. Installed managed apps

Answer 205

A

C. iPhone, iPad, Mac, and Apple TV

Answer 206

A

A. Apple recycles the devices.

Answer 207

A

B. Enrollment

Answer 208

A

D. macOS 13 and later

Answer 209

A

A. Use Safari

C. Safari AutoFill

D. Password AutoFill

Answer 210

A

C. Managed apps

D. Keychain items

E. Calendar attachments

Answer 211

A

A. Session token

B. User enrollment

D. MDM enrollment

E. Service discovery

Answer 212

A

C. Account-based User Enrollment

Answer 213

A

B. Profile-based User Enrollment

Answer 214

A

A. Bypass codes
D. macOS bootstrap tokens
E. Activation Lock escrow keys

Answer 215

A

A. Maximum number of failed attempts before the user account is disabled
B. Passcode or password history (unable to use previous passwords)
D. Minimum passcode length

Answer 216

A

D. Eight-digit complex

Answer 217

A

B. Automated Device Enrollment

D. Device Enrollment

E. User Enrollment

Answer 218

A

B. The most restrictive setting is applied

Answer 219

A

C. .pfx, .p12

Answer 220

A

A. .cer, .crt, .der, .pfx, .p12

Answer 221

A

B. Blocked

C. Trusted

D. Always Ask

Answer 222

A

C. Trustedcertificate

Answer 223

A

C. Settings> General> About >Certificate Trust Settings

Answer 224

A

A. iPhone

B. iPad

Answer 225

A

A. Use your MDM solution to remove the profile.

Answer 226

A

A. Access to Apple services

B. Security of your organization’s data

C. Complexity of implementing the network
E. Convenience for the user or the technician during setup

Answer 227

A

B. Allow outbound connections to *.apple.com

Answer 228

A

B. Network Authentication Type
D. Service Set Identifier

Answer 229

A

B. EAP

C. PEAP

D. TLS

Answer 230

A

B. Your MDM Servers

Answer 231

A

A. Lock student’s iPad

B. View student’s screen

D. Launch a specific app on student’s iPad

Answer 232

A

D. Swift Playgrounds

Answer 233

A

A. ONLY andre@acme.com

Answer 234

A

A. Enables the creation of Managed Apple IDs unique to the organization
D. Enables automatic enrollment into an MDM solution

Answer 235

A

A. Device Enrollment Manager

B. Content Manager
E. Staff

Answer 236

A

B. The organization

Answer 237

A

C. The resulting behavior is undefined.

Answer 238

A

A. Apple Configurator for iPhone

Answer 239

A

A. Device Enrollment Manager

Answer 240

A

B. Pair your remote

Answer 241

A

B. Books and PDFs

C. Enrollment profiles

D. Configuration profiles

Answer 242

A

C. Quick Start

Answer 243

A

A. More privacy-preserving setting

Answer 244

A

B. Supervised Mac with macOS 11 or later installed

Answer 245

A

B. The user can modify the setting.

Answer 246

A

C. iPadOS 14.5

Answer 247

A

A. Devices do not advertise to nearby devices for Wi-Fi passwords

Answer 248

A

C. Have an active Ethernet connection

Answer 249

A

B. Large numbers of apps and books are not installing promptly
D. Network traffic to Apple services is extremely high

E. Shared iPad login times are slow

Answer 250

A

B. ONLY unassigned licenses to another location.

Answer 251

A

D. Create three or fewer SSIDs

Answer 252

A

C. RADIUS

D. WPA2

E. WPA3

Answer 253

A

C. To use Global HTTP proxy automatic configuration

Answer 254

A

A. Identity certificate

B. Account user name

Answer 255

A

A. Proxy PAC URL
D. IP address of the proxy server

E. DNS name of the proxy server

Answer 256

A

A. The provider’s VPN app

Answer 257

A

D. To create device templates andapply them to multiple devices

Answer 258

A

C. Automator

Answer 259

A

C. Install the Automation Tools in the Apple Configurator menu.

Answer 260

A

A. Users can’t add Touch ID fingerprints

B. Users can remove Touch ID fingerprints

D. Users can’t use Touch ID to unlock a device

E. Users can’t use Touch ID to autofill app data

Answer 261

A

A. Lightweight Directory Access Protocol

Answer 262

A

C. Certificate name

D. Certificate UUID

Answer 263

A

A. User pairing

B. Smart Card use

D. Restrict one smart card per user

Answer 264

A

D. Certificate-based authentication

Answer 265

A

D. Certificate-based authentication

Answer 266

A

A. WPA2 Enterprise

B. WPA3 Enterprise

C. WPA2 Personal

Answer 267

A

A. You can reassign the app immediately.

Answer 268

A

A. The device must be supervised.

Answer 269

A

A. Allow documents from unmanaged sources in managed destinations
B. Allow documents from managed sources in unmanaged destinations
E. Managed Pasteboard

Answer 270

A

A. Accounts installed using Apple Configurator for Mac

B. Apps installed using Apple Configurator for Mac

C. Apps and accounts installed using MDM

Answer 271

A

A. The more stringent policy will be applied.

Answer 272

A

A. A Managed App

Answer 273

A

A. Handoff

C. iCloud Private Relay

D. Defer software updates

Answer 274

A

A. Display a message on the Lock Screen
B. Query for the device’s location
E. Play a sound

Answer 275

A

D. If the device is wiped, the Apple ID credentials are required to reconfigure the device.

Answer 276

A

B. Activation Lock

Answer 277

A

D. You can query its location even if Location Services are turned off.

Answer 278

A

A. Security queries

C. Installed app queries

D. Device information queries

Answer 279

A

A. Device network information queries

C. Operating system queries

E. Security queries

Answer 280

A

A. Find My enabled
B. Passcode present
D. Passcode compliant

Answer 281

A

A. System Integrity Protection enabled
B. Lights Out Management
E. Apple silicon

Answer 282

A

B. App name
E. Unique bundle ID

Answer 283

A

A. Shared
B. One-to-one
D. Personally enabled

Answer 284

A

A. Organization-owned

Answer 285

A

A. Automated Device Enrollment
C. Device Enrollment

Answer 286

A

A. A fully qualified domain name, TLS certificate communication, and a static IP address

Answer 287

A

B. Automated Device Enrollment
D. Device Enrollment

Answer 288

A

B. Managed Apple ID
D. Schoolwork
E. Classroom

Answer 289

A

A. User assignment

Answer 290

A

D. It will continue to function for a limited time.

Answer 291

A

A. It depends on the setting you selected in your MDM solution.

Answer 292

A

A. User assignment

Answer 293

A

B. Require a numeric value

Answer 294

A

D. Available trusted root certificates for Apple operating systems support article

Answer 295

A

A. The organization

Answer 296

A

B. Profile-based User Enrollment

Answer 297

A

C. Apple Configurator for Mac

Answer 298

A

A. Device Enrollment Manager

Answer 299

A

B. OS updates
E. Apple Books
F. iCloud data caching
G. Apps from the App Store

Answer 300

A

B. Cache content for: devices using the same public IP address

Answer 301

A

B. They can tap “view certificate,” but they CANNOT trust this certificate or visit the site.

Answer 302

A

B. Manage Open In

Answer 303

A

A. FaceTime communications
B. iMessage communications
E. HTTPS web browsing

Answer 304

A

C. Enable Lost Mode

Answer 305

A

A. Display a message on the Lock Screen
B. Query for the device’s location
E. Play a sound

Answer 306

A

D. If the device is wiped, the Apple ID credentials are required to reconfigure the device

Answer 307

A

A. The device must be supervised.

Answer 308

A

A. Apple will recycle the devices.

Answer 309

A

C. Apple refurbishes devices that are in good shape and recycles the rest.

Answer 310

A

A. TCP port 5223 to communicate with APNs
C. TCP port 443 or 2197 to send notifications from MDM to APNs