Apple Deployment and Management Flashcards
1
Q
What links a device to an MDM solution?
- APNs
- A firewall
- A restriction
- An enrollment profile
A
4 - An enrollment profile
An enrollment profile links a device to the MDM solution.
2
Q
What does MDM need to operate, specifically for APNs and SSL?
- Certificates
- Restrictions
- Enrollment profiles
A
1 - Certificates
MDM requires multiple certificates to operate, including an APNs certificate to talk to clients and an SSL certificate to communicate securely.
3
Q
Which Apple device capability allows MDM to secure devices?
- Location Services
- Enrollment profiles
- Built-in device security features
A
3 - Built-in device security features
An MDM solution allows you to use the device’s built-in security features.
4
Q
How do devices report their status when using declarative device management?
- Declarations
- The status channel
- Profiles
A
2 - The status channel
The status channel is what a device uses to update the MDM server with information about itself.
5
Q
In which type of enrollment and ownership model can users personalize apps and data on their managed devices?
1. BYOD, organization-owned
2. Nonpersonalized, organization-owned
3. Personally enabled, organization-owned
A
3 - Personally enabled, organization-owned
The organization assigns devices to users, and after configuration, users can personalize their devices with their own apps and data.
6
Q
In which type of ownership model can users personalize apps and data on their personal devices?
- BYOD, User Enrollment
- BYOD, organization-owned
- Nonpersonalized, organization-owned
- Personally enabled, organization-owned
A
1 - BYOD, User Enrollment
BYOD users can customize their personal devices before and after enrolling them in an MDM solution.
7
Q
In which ownership model can IT administrators restrict the installed apps and personal data on a device meant to be shared with multiple users?
- BYOD, User Enrollment
- BYOD, personally enabled
- Nonpersonalized, organization-owned
- Personally enabled, organization-owned
A
3 - Nonpersonalized, organization-owned
IT administrators typically centrally configure and manage shared or single-purpose devices.
8
Q
How do you enroll devices ineligible for automatic enrollment in Apple Business Manager or Apple School Manager?
- Device Enrollment
- Automated Device Enrollment
- Automatic enrollment
- No enrollment possible
A
1 - Device Enrollment
You can choose to manually enroll devices in your MDM solution by installing an enrollment profile locally on the devices.
9
Q
Which type of enrollment is ideal for devices you need to distribute to multiple users in multiple regions?
- Device Enrollment
- User Enrollment
- Automated Device Enrollment
A
3 - Automated Device Enrollment
Automated Device Enrollment is the most convenient choice because you can enroll devices in MDM without physically handling or preparing devices before users receive them.
10
Q
Which type of enrollment do you commonly use for BYOD deployments?
- Device
- User
- Automated device
A
2 - User
BYOD deployments most commonly employ User Enrollment. You can provide BYOD users a customized URL to an enrollment portal.
11
Q
What do you need to consider when evaluating MDM solutions?
- Support for watchOS
- Pricing structure and subscription model
- A device’s life cycle and trade-in value
A
2 - Pricing structure and subscription model
Understand your organization’s budget and growth projections, then compare MDM solution pricing and subscription options.
12
Q
Which is a deployment model to consider as part of your device management goals?
- Application Programming Interface (API)
- Over-the-air (OTA) enrollment
- One-to-one
A
3 - One-to-one
Also known as personally enabled, one-to-one is a deployment model you can consider when understanding your organization’s needs.
13
Q
Which is an important user authentication feature of an MDM solution that you should consider?
- Support and integration with your identity provider or directory service
- Support for future versions of macOS, iOS, and iPadOS
- Support for the BYOD deployment model
A
1 - Support and integration with your identity provider or directory service
Verify if the MDM solution supports your current identity provider or directory service.
14
Q
Which aspect of your organization’s infrastructure should you evaluate to ensure that your organization meets the network roaming needs of users throughout a building?
- Number of devices per user
- Wi-Fi coverage and capacity
- Adequate number of access points per device
- Sources of interference caused by construction materials
A
2 - Wi-Fi coverage and capacity
Evaluating Wi-Fi coverage and capacity helps you strategically place wireless access points that have enough power to meet the roaming needs throughout your organization’s facilities.
15
Q
Which type of network uses individual user credentials or device- and/or user-based certificates to control who or which devices can use the network?
- Provisioning network
- WPA2 Personal network
- WPA2 Enterprise network
A
3 - WPA2 Enterprise network
WPA2 Enterprise network uses individual user credentials or device- and/or user-based certificates to control who or what devices can use the network.
16
Q
Which functions require Apple devices to continuously access APNs?
- Bonjour access, content caching, and internet connection sharing
- SSO, VPN connectivity, and Wi-Fi network roaming
- Notifications of operating-system and app updates, MDM policies, and messages
- Ad and location tracking, Keychain data backup, and app suggestions
A
3 - Notifications of operating-system and app updates, MDM policies, and messages
Apple devices learn of operating-system and app updates, MDM policies, and incoming messages through continuous access to APNs. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.
17
Q
What should you do to ensure that Apple devices can access APNs and other Apple services on your organization’s network?
- Configure all devices to auto-establish secure VPN access to Apple’s network.
- Deploy devices with an SSO payload that are configured to allow access to Apple’s network.
- Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.
- Set up your network to work with Bonjour so that devices can connect to APNs and Apple services.
A
3 - Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.
For Apple devices to access APNs and Apple services, you might need to adjust network configurations on web proxies or firewall ports to allow network traffic access to Apple’s network. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.
18
Q
What’s the most commonly deployed authentication technology that both AD and SSO use?
- Kerberos
- MSCHAPv2
- OAuth
- SAML
A
1 - Kerberos
Kerberos is the most commonly deployed authentication technology that both AD and SSO use.
19
Q
Which Kerberos feature allows users to sign in once and access multiple authenticated services?
- Sign in with Apple at Work & School
- OAuth
- Ticket-granting ticket (TGT)
- SAML
A
3 - Ticket-granting ticket (TGT)
TGT generates a ticket for the use of any resource that supports Kerberos without requiring the user to authenticate again.
20
Q
Which feature allows administrators to streamline the creation of Managed Apple IDs based on existing Google Workspace or Azure AD data?
- MSCHAPv2
- Federated Authentication
- Active Directory
- SAML
A
2 - Federated Authentication
Federated authentication can link Apple Business Manager, Apple Business Essentials, or Apple School Manager to your instance of Google Workspace or Azure AD to automatically create Managed Apple IDs for your users.
21
Q
What’s a benefit of using Apple Business Manager or Apple School Manager to automate MDM enrollment during initial setup of managed Apple devices?
- You can track the location of managed devices.
- You can make the enrollment mandatory and nonremovable on user-owned devices.
- You can make the enrollment mandatory and nonremovable on organization-owned devices.
A
3 - You can make the enrollment mandatory and nonremovable on organization-owned devices.
Using Apple Business Manager or Apple School Manager provides additional enrollment options for managed, organization-owned Apple devices.
22
Q
Which strategy would be most effective in a scenario where an organization wants to ensure that users always have the apps they need on their devices and to control the access and exchange of the organization’s sensitive information?
- Deploy devices to users in shared mode.
- Install a nonremovable managed app onto the devices.
- Convert all unmanaged apps on the devices to managed apps.
A
2 - Install a nonremovable managed app onto the devices.
Nonremovable managed apps are ideal for deployment scenarios where an organization wants to ensure that users always have the apps they need on their devices and to control the access and exchange of the organization’s sensitive information.
23
Q
What’s the main benefit of using managed device attestation when deploying Apple devices in an organization?
- It allows the MDM administrator to use a bypass code to erase a device and assign it to a new user.
- It allows a user to unlock the storage on APFS volumes that require a secure token and then become owners of the volume.
- It provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.
A
3 - It provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.
Managed device attestation provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.
24
Q
Why might you create a security policy that enforces the use of FileVault for data encryption on a managed Mac?
- This policy ensures that users can’t disable FileVault.
- When you use an MDM solution to enable FileVault, it adds a Recovery Key to a user’s iCloud account.
- FileVault is compatible with any Apple device.
- You can use third-party encryption algorithms to configure FileVault.
A
1 - This policy ensures that users can’t disable FileVault.
Users can’t disable FileVault if you enforce it with a configuration profile on managed Mac computers.
25
Which benefit helps IT administrators reduce the need to perform extensive configurations on Apple devices?
1. Many security features are turned on by default.
2. Users can select a security profile in Setup Assistant.
3. IT administrators can deliver and enforce policies without an MDM solution.
4. IT administrators can issue remote commands to devices to erase all private information.
1 - Many security features are turned on by default.
Because many security features on Apple devices are turned on by default, administrators save time when they configure devices.
26
What happens if your Apple device can’t validate the trust chain of a signing CA?
1. The service encounters an error.
2. The CA is added to the unapproved list.
3. The user is asked to enter the device password or passcode.
1 - The service encounters an error.
If your Apple device can’t validate the trust chain of a signing CA, the service encounters an error.
27
Which MDM payload setting can you use to turn off updating certificates wirelessly for iPhone and iPad devices?
1. Automatic sync while roaming
2. Allow users to accept untrusted TLS certificates
3. Allow automatic updates to certificate trust settings
3 - Allow automatic updates to certificate trust settings
When you deselect this option and push the payload to your device, you prevent wireless certificate updates.
28
You’ve installed a payload on your managed Apple device that prevents users from accepting untrusted TLS certificates.
What happens when users try to access a webpage that uses an untrusted TLS certificate and then tap Show Details?
1. They’re asked to contact the issuing CA to validate the certificate.
2. They can tap “view the certificate,” but they can’t trust this certificate or visit the site.
3. They can’t tap “view the certificate,” and they can view only the unsecured version of the webpage.
2 - They can tap “view the certificate,” but they can’t trust this certificate or visit the site.
When you deselect the option “Allow users to accept untrusted TLS certificates,” users can’t accept untrusted TLS certificates or visit sites that use untrusted certificates.
29
How do you configure Custom Apps to appear in the sidebar?
1. In Settings, select Apps and Books, then click Enable next to Custom Apps.
2. In Settings, select Enrollment Information, then click Enable next to Custom Apps.
3. In Roles, choose the role for which to enable custom apps, then select the View Custom Apps checkbox.
2 - In Settings, select Enrollment Information, then click Enable next to Custom Apps.
You enable Custom Apps in Settings > Enrollment Information. When you enable the Custom Apps option, it appears below the Content section in the sidebar.
30
What’s the purpose of using federated authentication with Apple Business Manager or Apple School Manager?
1. Federated authentication links to your Google Workspace or Azure AD domain.
2. Federated authentication verifies your organization’s eligibility.
3. Federated authentication verifies ownership of the domains that you use with your portal.
1 - Federated authentication links to your Google Workspace or Azure AD domain.
When you link to Google Workspace or Azure AD, people can use their user names and passwords from your domain as Managed Apple IDs.
31
You didn’t import user data into Apple Business Manager after configuring federated authentication.
Which Apple Business Manager settings pane can you use to import user data into Apple Business Manager?
1. Accounts
2. Directory Sync
3. Enrollment Information
2 - Directory Sync
In the Directory Sync pane, you can sync Apple Business Manager with user data from your Google Workspace or Azure AD.
32
Which of the following roles has the least user privileges?
1. Staff
2. Administrator
3. Content Manager
1 - Staff
The Staff role has the least user privileges.
33
Which type of additional user should you create immediately after sign-up is complete?
1. Administrator
2. Device Enrollment Manager
3. People Manager
4. Content Manager
1 - Administrator
After sign-up is complete, you’re the only person who can sign in. Create a second administrator account in case you can’t sign in for any reason.
34
Which roles must your account have to add or edit locations in Apple Business Manager?
1. Administrator or Site Manager
2. Administrator or People Manager
3. People Manager or Content Manager
2 - Administrator or People Manager
Only an Administrator or a People Manager can add or edit locations in Apple Business Manager.
35
You’ve created a number of users with Content Manager, Device Enrollment Manager, and People Manager roles.
What should you do next to give each user access?
1. Enter a secure password for each user.
2. Ask each user to enroll in your portal.
3. Create sign-in information and email it to each user.
3 - Create sign-in information and email it to each user.
You can choose to either email users their sign-in information directly or download it as a PDF or CSV file.
36
Which statement about adding an MDM server in Apple Business Manager or Apple School Manager is true?
1. Adding an MDM server creates a link to your MDM solution.
2. Adding an MDM server eliminates the need for an MDM solution.
3. Adding an MDM server configures an additional server in your MDM solution.
1 - Adding an MDM server creates a link to your MDM solution.
Adding an MDM server establishes a secure relationship between your MDM solution and Apple Business Manager or Apple School Manager.
37
What’s the purpose of the public key certificate file that you download from your MDM server before you add the server to your Apple Business Manager or Apple School Manager portal?
1. It enables the MDM server to securely send email through the portal.
2. It configures two-step verification between your MDM server and the portal.
3. It contains a public key that the MDM server uses to encrypt the portal server token.
3 - It contains a public key that the MDM server uses to encrypt the portal server token.
You upload the public key certificate file to Apple Business Manager or Apple School Manager when you add your MDM server.
38
After you add your MDM server in your Apple Business Manager or Apple School Manager portal, what must you do so that the MDM server securely connects to the portal?
1. Enter the encryption key that the portal generates into the MDM server.
2. Verify that the secure URL for your MDM server in the portal is correct.
3. Download the server token from the portal and upload it to the MDM server.
3 - Download the server token from the portal and upload it to the MDM server.
The server token is a P7M file that your MDM server uses to securely connect to Apple Business Manager or Apple School Manager.
39
On your Mac, which Apple Configurator tool do you use to add donated iPhone and iPad devices to Apple Business Manager, Apple School Manager, or Apple Business Essentials?
1. Blueprints
2. Profile Editor
3. Prepare Assistant
4. Device Assignments
3 - Prepare Assistant
You can use Apple Configurator with Prepare Assistant to manually add iPhone and iPad devices to Apple Business Manager, Apple School Manager, or Apple Business Essentials.
40
What happens if a Wi-Fi payload isn’t included in a configuration profile when using Apple Configurator on your Mac to manually add iPhone or iPad devices to Apple Business Manager, Apple School Manager, or Apple Business Essentials?
1. Adding the device fails with a network error.
2. The device is added to Apple Business Manager, Apple School Manager, or Apple Business Essentials but isn’t able to connect to Wi-Fi.
3. Apple Configurator continues trying to add the device to Apple Business Manager, Apple School Manager, or Apple Business Essentials until you click Cancel.
1 - Adding the device fails with a network error.
Because iPhone and iPad devices require an internet connection to be added to Apple Business Manager, Apple School Manager, or Apple Business Essentials, you must install a configuration profile with a Wi-Fi payload.
41
As an administrator in Apple Business Manager, Apple School Manager, or Apple Business Essentials, you’re manually adding a newly purchased Mac to your organization.
What else do you need to complete the task?
1. AppleCare+ for Mac chat or phone support
2. An enrollment profile for your MDM solution and a device supporting AirDrop
3. Another Mac, Apple Configurator, and a Thunderbolt or Ethernet cable to connect them
4. Your iPhone, the Apple Configurator for iPhone app, and a Wi-Fi connection to the internet
4 - Your iPhone, the Apple Configurator for iPhone app, and a Wi-Fi connection to the internet
You can use Shared Wi-Fi credentials with Apple Configurator for iPhone to add the Mac computer to your organization.
42
You want to link your MDM solution with Apps and Books for managed distribution to your devices.
What must you download in Apple Business Manager and then upload to your MDM solution?
1. A server token
2. A public key certificate
3. A CSV file containing all device serial numbers
4. Your organization’s Apple Customer ID
1 - A server token
A server token is a file that connects your MDM solution to the volume purchasing feature.
43
Your organization wants to retain full ownership and control of apps that you bought through Apps and Books.
Which license type should you choose?
1. Custom licenses
2. Managed licenses
3. Redemption codes
4. Supervised licenses
2 - Managed licenses
Choose Managed when you buy licenses for managed distribution. Your organization retains full ownership and control of apps through assignment with your MDM solution.
44
You buy books and choose licenses for managed distribution.
What happens to ownership of the books when you distribute them?
1. Book ownership always transfers to users. You can’t revoke or reassign books.
2. You choose whether you want to retain or transfer ownership of books when you distribute them.
3. The organization retains full ownership and control, so you can revoke and reassign them later.
1 - Book ownership always transfers to users. You can’t revoke or reassign books.
Regardless of whether you choose licenses for managed distribution or redemption codes, book ownership always transfers to the user.
45
What must multiple subnets share so that a network can use a single content cache, without requiring DNS changes?
1. DNS
2. Subnet
3. Bandwidth
4. Public IP Address
4 - Public IP Address
You can set the caching server to provide content caching for subnets of the local network that share a common public IP address.
46
When an iPhone device on your network tries to download Apple content that could be cached, the Apple content server instructs the device to check with the local network’s cache first.
1. True
2. False
1 - True
With content caching, when an iPhone device on your network downloads an iOS update from the App Store, content caching keeps a copy of the update.
47
Which issue could arise when multiple devices request the same data and caching is **NOT** turned on?
1. Data becomes less secure.
2. Bandwidth consumption increases.
3. Only the first device can download the requested data.
4. No issue — each device downloads the requested data.
2 - Bandwidth consumption increases.
When the second device requests the same content, the bandwidth consumption doubles because the second device also needs to download the content from the internet.
48
For best results, deploy content caching on a Mac that has a single wired Ethernet connection as its only network connection.
1. True
2. False
2 - True
Use an Ethernet connection to the network for best results.
49
Where do you turn on content caching on your Mac?
1. System Settings > Privacy & Security
2. System Settings > Sharing
3. System Settings > Network
4. System Settings > Displays
2 - System Settings > Sharing
Use the Content Caching option in Sharing settings to manage content caching on your Mac.
50
Which setting should you select to prevent your computer from going to sleep and interfering with content caching?
1. Wake for network access
2. Put hard disks to sleep when possible
3. Enable Power Nap while plugged into a power source
4. Prevent automatic sleeping when the display is off
4 - Prevent automatic sleeping when the display is off
Content caching requires the Mac to be turned on.
51
With internet connection sharing, you can use a Mac computer’s internet connection to cache content for iPhone or iPad devices that are physically connected to the Mac through USB.
1. True
2. False
1 - True
A Mac with internet connection sharing turned on and with an Ethernet connection can cache content for iPhone and iPad devices.
52
Which advanced option do you use to set the cache size?
1. Peers
2. Storage
3. Clients
4. Parents
2 - Storage
You view and set the cache size in the Storage tab.
53
Which Mac sharing service becomes unavailable when the content caching internet connection setting is turned on?
1. Internet Sharing
2. Remote Management
3. Media Sharing
4. File Sharing
1 - Internet Sharing
Internet Sharing on a Mac becomes unavailable when the content caching internet connection setting is turned on.
54
When you use Activity Monitor to check performance statistics for content caching, which comparison can tell you how much content caching is helping?
1. The closer the Maximum Cache Pressure value is to the Data Served value, the more content caching is helping.
2. The further the Maximum Cache Pressure value is from the Data Served value, the more content caching is helping.
3. The closer the Data Served From Cache values are to the Data Served values, the more content caching is helping.
4. The further the Data Served From Cache values are from the Data Served values, the more content caching is helping.
3 - The closer the Data Served From Cache values are to the Data Served values, the more content caching is helping.
Comparing the closeness of these two values is the best way to determine how content cache is helping.
55
Where does the content caching service send log messages?
1. To the main system.log
2. To the subsystem com.apple.AssetCache
3. To the subsystem com.apple.ContentCache
4. To the subsystem com.apple.AssetCacheManagerUtil
2 - To the subsystem com.apple.AssetCache
Specifying this subsystem in the `log` command filters the displayed results to those associated with content caching.
56
Which command can you use to configure advanced settings for content caching?
1. `defaults write`
2. `AssetCacheManagerUtil status`
3. `AssetCacheManagerUtil settings`
1 - `defaults write`
When used with `sudo`, the `defaults write` command allows you to configure advanced settings for content caching.
57
Which tool can you use to display advanced settings for the content caching service?
1. Activity Monitor
2. Console
3. System Settings
4. Terminal
4 - Terminal
You can use the command-line interface in Terminal to configure all settings, both basic and advanced, for content caching.
58
Which statement about entering Apple Customer Numbers and Reseller Numbers is correct?
1. You can enter both an Apple Customer Number and a Reseller Number.
2. You can enter an Apple Customer Number or a Reseller Number but not both.
3. You can enter only one Apple Customer Number, but multiple Reseller Numbers.
1 - You can enter both an Apple Customer Number and a Reseller Number.
You can enter both an Apple Customer Number and a Reseller Number and even add multiple numbers if you need them.
59
Your organization has multiple MDM servers linked in Apple Business Manager or Apple School Manager.
What should you do to automatically assign iPhone devices and Mac computers to different MDM servers?
1. Choose your preferred assignment method in MDM Server Assignment, then select the default MDM server for each device type.
2. Edit the assignment options in Default MDM Server Assignment settings and choose a different server for iPhone devices and Mac computers.
3. Upload a CSV file containing iPhone device serial numbers and assign them to
one MDM server, then upload a CSV file for Mac computers and assign them to a different MDM server.
2 - Edit the assignment options in Default MDM Server Assignment settings and choose a different server for iPhone devices and Mac computers.
If you have linked more than one MDM server, you can choose default assignments by device type in Default MDM Server Assignment settings.
60
You made multiple orders for new iPhone devices and you want the devices from one order assigned to a different MDM server than the others.
What’s the best way to do that?
1. Use MDM Server Assignment to change the Default MDM Server Assignment for iPhone.
2. Select Devices, filter by order number and device type, then select All Devices to change assignments.
3. Use MDM Server Assignment to enter a new Reseller Number for the order to filter device assignments.
4. Use Devices to download a CSV file containing iPhone device serial numbers
for that order only. Edit the file and upload it with the unique server
assignment for the iPhone devices in that order.
2 - Select Devices, filter by order number and device type, then select All Devices to change assignments.
You can select All Devices to edit the MDM Server assignments of all devices matching the search criteria.
61
You’re responsible for managing 10 identical iPad devices that your organization uses in a training classroom and networking isn’t available onsite. Each week you need to retrieve the files stored on each device by the recent students and set up the devices for a new class.
Which approach is best for this task?
1. Apple Configurator for Mac
2. Apple Configurator for Mac with Shared iPad
3. Apple Configurator for Mac with your MDM solution
1 - Apple Configurator for Mac
You can use Apple Configurator for Mac to create a single backup configuration that you apply to all the devices at the start of class and that you retrieve files with at the end.
62
Which type of content can you assign to iPhone or iPad with Apple Configurator for Mac?
1. Apps
2. User settings
3. Purchased music
4. Podcasts
1 - Apps
Distributing apps to multiple Apple devices simplifies deployment.
63
Which of the following devices can Apple Configurator for iPhone add to Apple Business Manager, Apple Business Essentials, and Apple School Manager?
1. iPhone with iOS 15, iPad with iPadOS 16.1, and Mac with macOS 11 or later installed.
2. iPhone with iOS 16, iPad with iPadOS 16.1, Mac with macOS 12.0.1, and Apple TV with tvOS 16 or later installed.
3. iPhone with iOS 16, iPad with iPadOS 16.1, and Mac with macOS 12.0.1 or later installed.
4. iPhone with iOS 16, iPad with iPadOS 15, and Mac with macOS 11 or later installed.
3 - iPhone with iOS 16, iPad with iPadOS 16.1, and Mac with macOS 12.0.1 or later installed.
Apple Configurator for iPhone can add iPhone, iPad, and Mac to Apple Business Manager, Apple Business Essentials, and Apple School Manager.
64
Which type of information about iPad can you view in Apple Configurator for Mac?
1. Camera status
2. iPad location
3. Console log
4. Ebook licenses
3 - Console log
You can find the Console log by choosing File > Get Info from the Apple Configurator for Mac menu bar.
65
From where do you install the `cfgutil` tool?
1. From the App Store
2. From Apple Configurator for Mac
3. From Profile Manager
4. From `/Applications/Utilities` on your Mac
2 - From Apple Configurator for Mac
The `cfgutil` tool is one of the automation tools that you can install from Apple Configurator for Mac.
66
Which tool can you use to automate configurations with shell scripts?
1. Blueprints
2. Automator app
3. Command-line tool `cfgutil`
3 - Command-line tool `cfgutil`
The command-line tool `cfgutil` in the Terminal app helps you write shell scripts and automate specific processes.
67
Which tool can you use to create your own workflows for bulk deployments?
1. Blueprints
2. Automator app
3. Command-line tool
2 - Automator app
You can use the Automator app to create automated workflows for others to use when configuring devices.
68
Which tool can you use to automate configurations with a template tool to add configuration profiles and apps?
1. Blueprints
2. Automator app
3. Command-line tool
1 - Blueprints
Blueprints use template tools to record actions that you can then apply to devices.
69
Which tool can you use to automate configurations with a template tool to add configuration profiles and apps?
1. Blueprints
2. Automator app
3. Command-line tool
1 - Blueprints
Blueprints use template tools to record actions that you can then apply to devices.
70
What is a configuration profile?
1. A System Report file with hardware and software configuration from a device
2. An automation file to script Apple Configurator actions
3. A file with user data from Apple devices
4. A file with payloads for Apple devices
4 - A file with payloads for Apple devices
A profile is a file with payloads that contain settings and authorization information for Apple devices.
71
Which method can you use to build configuration profiles with payloads specific to macOS?
1. Apple Configurator
2. Apple Business Manager
3. An MDM solution
3 - An MDM solution
To create custom configuration profiles that contain settings specific to macOS, use an MDM solution.
72
Which tool can you use to set up payloads for Apple TV?
1. Profile Editor
2. Prepare Assistant
3. Setup Assistant
4. Blueprints
1 - Profile Editor
Use the Profile Editor to create configuration profiles for Apple TV as well as iPhone and iPad devices.
73
An MDM solution is the only way to create and distribute a configuration profile.
1. True
2. False
2 - False
You can also create a configuration profile with Apple Configurator and then distribute it using a message, a web page, Apple Configurator, or an MDM solution.
74
What is the benefit of signing configuration profiles?
1. A signed profile prevents users from removing the profile from the device.
2. Signing a configuration profile makes it more resistant to tampering during distribution.
3. Signing a configuration profile allows a device to communicate securely with an MDM solution.
2 - Signing a configuration profile makes it more resistant to tampering during distribution.
If someone modifies a profile after you sign it, the MDM framework won’t allow that profile to be installed on a device.
75
Which payload prevents a user from later configuring an option that is hidden in Setup Assistant during device setup?
1. App Configuration
2. Parental Controls
3. Restrictions
4. Security & Privacy
3 - Restrictions
Configure Restrictions to restrict functions for Setup Assistant options that you hide during device setup. Restrictions remain in place until removed.
76
What allows you to configure which Setup Assistant panes users see during device setup?
1. App Configuration
2. Require credentials for enrollment
3. Assigning devices to your MDM solution in Apple Business Manager, Apple Business Essentials, or Apple School Manager
4. Security & Privacy
3 - Assigning devices to your MDM solution in Apple Business Manager, Apple Business Essentials, or Apple School Manager
You must configure them to enroll during setup.
77
On Mac computers with macOS 13 and Apple silicon or an Apple T2 Security Chip, users can complete Setup Assistant without a network connection.
1. True
2. False
2 - False
Users need a network connection to complete Setup Assistant on Mac computers with macOS 13 and Apple silicon or an Apple T2 Security Chip. Prior to macOS 13, users could complete Setup Assistant without an internet connection.
78
How can you ensure that only authorized users can enroll a device?
1. Add a Restrictions payload to the device
2. Configure a Setup Assistant option
3. Select the option to require user authentication during enrollment
3 - Select the option to require user authentication during enrollment
The user will need to authenticate in order to enroll.
79
Setup Assistant guides users through setting up their Apple devices after they access the Home Screen.
1. True
2. False
2 - False
Setup Assistant guides users before they get to the Home Screen.
80
You can manage user devices through your MDM solution and still give users some freedom to personalize the configuration.
1. True
2. False
1 - True
You can use your MDM solution to manage devices but still permit users to personalize some settings.
81
You downloaded a configuration profile on iPhone from a website or an email message.
Where on the device do you install it?
1. Install the profile in the Settings app.
2. Delete the attachment, and go to a webpage.
3. Don’t do anything because the profile installs automatically.
1 - Install the profile in the Settings app.
Users install the profile in the Settings app.
82
What happens when the user manually enrolls a device in the MDM solution?
1. Nothing happens until the user restarts the device.
2. The MDM solution records information about the device, such as the serial number and installed apps.
3. The user receives a web address where they can download the enrollment profile.
4. The user receives a web address where they can download the configuration profile.
2 - The MDM solution records information about the device, such as the serial number and installed apps.
When the user connects to the MDM solution using the device, the MDM solution records information about the device.
83
When you run the `profiles` command in Terminal, in which scenario are you limited to 10 requests in a 24-hour period?
1. Running `profiles renew` on a Mac with macOS 12 installed
2. Running `profiles show` on iPhone with iOS 16 installed
3. Running `profiles status` on a Mac with macOS 13 installed
4. Running `profiles validate` on a Mac with macOS 13 installed
4 - Running `profiles validate` on a Mac with macOS 13 installed
Three options are limited to 10 requests in a 24-hour period: `profiles show`, `profiles validate`, and `profiles renew`.
84
What’s also removed when a user removes an enrollment profile from their device?
1. User data
2. The current operating system
3. Organization data
4. Managed Apps based on that configuration profile
4 - Managed Apps based on that configuration profile
A user can remove an enrollment profile from their device, including all configuration profiles and their settings, as well as Managed Apps based on that enrollment profile.
85
What is service discovery in the four stages of user enrollment?
1. Users identify themselves to the MDM solution.
2. The MDM solution notifies an enrolled device through APNs that it needs to contact the server.
3. The device identifies itself to the MDM solution.
4. Users visit a specified self-service site to enroll their devices.
3 - The device identifies itself to the MDM solution.
If users enroll their own devices, the devices identify themselves to an organization’s MDM solution.
86
What happens when users remove an enrollment profile from their devices?
1. Users can continue to use their apps, but an MDM solution doesn’t manage their apps anymore.
2. The devices reset and erase all settings.
3. All configuration profiles, their settings, and managed apps based on that enrollment profile are removed with it.
4. Users are asked to reenroll the devices into the MDM solution.
3 - All configuration profiles, their settings, and managed apps based on that enrollment profile are removed with it.
If users bring their own devices, they can remove the enrollment profiles to disassociate from an organization’s MDM solution.
87
How would you send new settings to user devices?
1. Send users a self-service URL.
2. Change and send a new updated configuration profile.
3. Remove the configuration profile, and send a new one.
4. Email users a link for a new configuration profile.
2 - Change and send a new updated configuration profile.
The easiest way to send new settings is to use your MDM solution to change and send an updated configuration profile to users.
88
What MDM enrollment options can you give users if your organization has a BYOD policy?
1. Send an enrollment profile by email or SMS.
2. Provide a self-service portal if supported.
3. All of the above
3 - All of the above
Sending an enrollment profile by email or SMS and setting up a self-service portal are two common options you can offer users to enroll their devices.
89
Which iPad is compatible with Shared iPad?
1. iPad Pro
2. iPad Air
3. iPad 4th generation
4. iPad mini 3
1 - iPad Pro
Any iPad Pro is compatible with Shared iPad.
90
Which service can you configure on a Mac to temporarily store iCloud user data from shared iPad devices?
1. iCloud
2. Content Caching
3. Internet Sharing
2 - Content Caching
When you have a Mac with the Content Caching service turned on, Shared iPad can locally save iCloud user data in addition to iPadOS and app updates.
91
Where can you find apps that are Optimized for Shared iPad?
1. Apple Configurator
2. Classroom
3. Apps and Books
3 - Apps and Books
Apps optimized for Shared iPad are labeled in Apps and Books.
92
You can ship devices directly to users without touching or preparing the devices if your organization purchases them directly from a participating Apple Authorized Reseller or carrier and you automatically enroll them in MDM with Apple Business Manager, Apple Business Essentials, or Apple School Manager.
1. True
2. False
1 - True
Organizations that purchase devices directly from a participating Apple Authorized Reseller or carrier can enroll the devices automatically in an MDM solution with Apple Business Manager, Apple Business Essentials, or Apple School Manager.
93
When you set up a device with Setup Assistant, which of the following might you be required to enter to complete the enrollment in MDM?
1. iCloud account credentials
2. Managed Apple ID credentials
3. Passcode credentials
2 - Managed Apple ID credentials
The option to add Managed (or personal) Apple ID credentials appears after you enroll the device in MDM if the administrator allows the option in Setup Assistant.
94
Which of the following is a task that a user can complete with help from a self-support site or app?
1. Download internal business apps
2. Purchase apps from the App Store
3. Install personalized apps on a device
4. Enroll a device in Apple Business Manager, Apple Business Essentials, or Apple School Manager
1 - Download internal business apps
If an organization provides self-support sites, these sites can allow users to access device enrollment in MDM, downloads of internal business apps, and other device management services.
95
What do you use to connect Apple devices to networks that use 802.1X EAP-TLS authentication?
1. A configuration profile
2. A PAC file
3. A `.plist` file
1 - A configuration profile
To connect Apple devices to networks that use 802.1X EAP-TLS authentication, MDM administrators must create the appropriate settings for their networks in configuration profiles and then push them to their devices.
96
Which security type do you use to configure managed Apple devices to connect to 802.1X networks?
1. WEP
2. WPA3 Enterprise
3. WPA3 Personal
2 - WPA3 Enterprise
Configuring your managed Apple devices with this type gives them access to a broad range of 802.1X authentication environments.
97
You can use WPA2/WPA3 Enterprise authentication at the login window of macOS.
1. True
2. False
1 - True
You can authenticate to a network from the login window when your Mac is set up with a compatible directory service and configured to use this mode with MDM.
98
You’re using your MDM solution to configure iPhone and iPad devices to connect to Wi-Fi networks using EAP-TLS.
Which of these types of certificates payloads can you use for authentication?
1. Active Directory Certificate
2. PKCS #12 Certificate
3. S/MIME Certificate
2 - PKCS #12 Certificate
You can use a PKCS #12 identity certificate (`.p12` or `.pfx`) payload or a SCEP payload for authentication to Wi-Fi networks using EAP-TLS on iPhone and iPad devices.
99
How does a PAC file influence the way an Apple device communicates over a network?
1. The device uses the authentication credentials defined in the PAC file to connect to servers.
2. The device follows the PAC file rules that define the proxy server’s location and traffic allowed to connect directly.
3. The device constructs a list of approved websites by using the web addresses that the PAC file defines.
2 - The device follows the PAC file rules that define the proxy server’s location and traffic allowed to connect directly.
The proxy server’s location and rules for allowed direct traffic defined in the PAC file manage the way an Apple device communicates over a network.
100
Which of these alternatives to a proxy server URL could you use to configure a payload with proxy settings for an Apple device?
1. A .plist file with allowed websites
2. A domains restriction
3. WPAD using DHCP option 252
3 - WPAD using DHCP option 252
When configuring an Apple device to use a proxy, you can use WPAD using DHCP option 252 instead of a proxy server URL.
101
What must the server identity certificate contain in the SubjectAltName field?
1. The CA name
2. The rest of the trust chain
3. The user’s group name
4. The server’s DNS name or IP address
4 - The server’s DNS name or IP address
The server identity certificate must contain the server’s DNS name or IP address in the SubjectAltName field.
102
What must users of an MDM solution install so that custom VPN works on Apple devices?
1. Profile Manager and VPN Manager
2. The appropriate authentication app
3. Configuration profile and VPN Manager
4. VPN Manager and User Authentication Profile
2 - The appropriate authentication app
You need the vendor’s VPN app.
103
Which VPN connection type provides more granular control over which data goes through VPN?
1. Per-App VPN
2. VPN On Demand
3. Always-On VPN
1 - Per-App VPN
Per-App VPN connections are established on a per-app basis, which provides more granular control over which data goes through VPN.
104
How do you enable managed distribution?
1. Enroll devices in MDM.
2. Download a spreadsheet of app licenses.
3. Link your MDM solution to at least one location in Apple Business Manager or Apple School Manager.
4. Purchase content through Apps and Books in Apple Business Manager or Apple School Manager.
3 - Link your MDM solution to at least one location in Apple Business Manager or Apple School Manager.
To enable managed distribution, you link your MDM solution to at least one location in your Apple Business Manager or Apple School Manager account.
105
Which distribution model permanently transfers apps to users?
1. Custom apps
2. Redemption codes
3. Managed distribution to users
4. Managed distribution to devices
2 - Redemption codes
Distributing app licenses through redemption codes transfers ownership of an app to the user who redeems the code.
106
Your organization wants developers to read a software architecture book available in Apps and Books. Funding is limited, so the engineering lead wants to know if a book can be transferred between developers after they finish reading it.
Who has the authority to revoke a book license after distribution?
1. No one
2. The user
3. The content manager
4. The MDM administrator
1 - No one
When you distribute books, ownership permanently transfers to the users; you can’t revoke or reassign book licenses.
107
When you use managed distribution to assign apps directly to devices, your organization retains full control and ownership of the app licenses.
1. True
2. False
1 - True
Using managed distribution with MDM, your organization retains full control and ownership of app licenses with the ability to assign, revoke, and reassign apps to devices.
108
How is an app installed on a user’s device after the app is assigned to that device?
1. The user must accept the app installation.
2. Your MDM solution automatically pushes the app to the supervised device.
3. The user receives an invitation to download and install the app from the App Store.
2 - Your MDM solution automatically pushes the app to the supervised device.
Your MDM solution can automatically push it to supervised devices without requiring user invitation or acceptance.
109
When does the number of available app licenses for supervised devices change in your MDM solution apps library?
1. After the user installs or deletes the app
2. After the user accepts or rejects the installation
3. After you assign or revoke an app to a device or device group
3 - After you assign or revoke an app to a device or device group
After you assign or revoke an app using your MDM solution, the number of app licenses available for assignment adjusts accordingly.
110
What must a user do before you can assign apps to them with managed distribution?
1. Install a managed distribution profile on their device
2. Accept an invitation to enroll in managed distribution
3. Sign in to an MDM solution and create a Managed Apple ID
4. Sign in to Apple Business Manager or Apple School Manager and enroll in Apps and Books
2 - Accept an invitation to enroll in managed distribution
The user must accept the invitation by signing in with their Apple ID and agreeing to the terms and conditions.
111
When you assign an app to a group for managed distribution, who must accept the invitation to enroll in managed distribution?
1. Your MDM solution administrator
2. Each individual user in the group
3. The Apple Business Manager or Apple School Manager administrator
2 - Each individual user in the group
Each user in the group receives an invitation to enroll in managed distribution.
112
What do you use on a managed, user-owned iPhone or iPad to prevent users from opening unmanaged attachments or documents in managed sources?
1. A restriction
2. A managed domain
3. A managed account
1 - A restriction
Open In management uses a set of restrictions to prevent users from opening attachments or documents from managed sources in unmanaged destinations on a managed iPhone or iPad.
113
What do you use on a managed, user-owned iPhone to prevent managed apps from storing data in iCloud?
1. A restriction
2. A managed domain
3. A managed account
1 - A restriction
You can use your MDM solution to push a restriction to your managed devices to keep managed app data from being backed up to iTunes and iCloud.
114
Which condition applies when a Managed Pasteboard restriction is installed on a managed device?
1. The Paste button is dimmed.
2. The Paste button doesn’t appear.
3. A “Paste Not Allowed” notification displays.
3 - A “Paste Not Allowed” notification displays.
If the user isn’t allowed to paste content in an app due to the restriction, they get a “Paste Not Allowed” notification that includes the organization name.
115
Which apps can users use to open the email attachment in the organization account after Managed Open In restrictions are in place?
1. Only apps that the user installs
2. Any app installed on the device
3. Only apps installed from the App Store
4. Only managed apps that the MDM solution installs
4 - Only managed apps that the MDM solution installs
Apps that the MDM solution installs are considered managed. You can apply restrictions to managed apps that limit how users can share attachments with unmanaged apps.
116
Where can you confirm whether iCloud restrictions are active in a managed Mac?
1. In iCloud Keychain in Keychain Access
2. In System Settings > Privacy & Security
3. In Restrictions in System Information
4. In About This Mac in the Apple menu
2 - In System Settings > Privacy & Security
After you’ve used MDM to push restrictions to your devices, the profile displays those restrictions. Using System Settings, you can review the restrictions by choosing the profile containing them.
117
Which type of payload do you use to prevent a user from removing system apps on iPhone?
1. Restrictions
2. Privacy & Security
3. Software Updates
1 - Restrictions
Use a Restrictions payload to prevent users from removing system apps on iPhone.
118
Where on a Mac with macOS 13.0 or later do you access the options to configure Gatekeeper?
1. In System Settings > General, below Security settings.
2. In System Settings > Control Center, below Security settings.
3. In System Preferences > Security & Privacy, in the General tab.
4. In System Settings > Privacy & Security, below Security settings.
4 - In System Settings > Privacy & Security, below Security settings.
In macOS 13.0 or later you configure Gatekeeper below Security settings in System Settings > Privacy & Security.
119
You apply an MDM payload to prevent users from installing apps from the App Store to a device.
Which types of apps are still available to download to the device?
1. Games and Reader apps
2. All free apps that don’t have in-app purchases
3. Managed apps, MDM-installed apps, system apps, and updates to those apps
3 - Managed apps, MDM-installed apps, system apps, and updates to those apps
The device can still receive managed apps, MDM-installed apps, system apps, and updates to those apps despite restrictions on access to the App Store.
120
What is a benefit of enabling FileVault on a Mac startup volume?
1. Additional security by requiring a login password to decrypt data
2. Increased encryption by increasing the number of bits in the key from 0 to 128
3. Enhanced privacy by encoding all data sent over a Mac computer’s network connections
1 - Additional security by requiring a login password to decrypt data
On Mac computers with Apple silicon or the T2 chip, data is always encrypted on the startup volume. Turning on FileVault provides additional security by requiring a login password to decrypt data.
121
What is the purpose of a PRK (Personal Recovery Key) ?
1. To initiate an “Erase All Content and Settings” command
2. To unlock the startup disk if the user forgets their login password
3. To authorize the installation of macOS software updates and upgrades
2 - To unlock the startup disk if the user forgets their login password
When you first turn on FileVault on an individual unmanaged Mac, you choose how you want to unlock the startup disk if the user forgets their login password: with the Apple ID they use for iCloud or with a PRK.
122
When managing FileVault using MDM, which of the following is required?
1. The managed Mac must be supervised.
2. An IRK must be installed on the managed Mac.
3. A user must log in on the managed Mac using an administrator account.
1 - The managed Mac must be supervised.
You can manage FileVault settings on Mac computers that are enrolled in and supervised by your MDM solution, using either Automated Device Enrollment or Device Enrollment.
123
On a Mac, which type of account is required to perform software upgrades?
1. Local administrator
2. Network
3. Shared
4. Standard
1 - Local administrator
A local administrator account is required to perform a software upgrade on a Mac.
124
Why would you defer software updates on Apple devices?
1. To roll back an update if it’s unsuccessful
2. To test critical apps and infrastructure before deploying the update
3. To verify that your organization’s iPhone and iPad devices are managed
2 - To test critical apps and infrastructure before deploying the update
Testing apps and infrastructure before deployment is critical.
125
What is the maximum number of days that you can defer software updates on Apple devices?
1. 30
2. 60
3. 90
4. 99
3 - 90
You can defer software updates up to 90 days.
126
Which payload manages the ability to schedule a scan of a managed Apple device?
1. Content Filter
2. Restrictions
3. Security & Privacy
4. Software Update
4 - Software Update
Use the Software Update payload to manage the installation of macOS beta releases and automatic installation of macOS updates or app updates from the App Store.
127
How are security fixes distributed to Apple devices in a Rapid Security Response?
1. In minor software updates
2. In major software upgrades
3. In both major upgrades and minor updates
1 - In minor software updates
Rapid Security Responses distribute security fixes in minor software updates.
128
Which payload do you use to configure specific rules when users create a password or passcode on their enrolled device?
1. Passcode
2. Password
3. Restrictions
4. Security & Privacy
1 - Passcode
You choose the Passcode payload to configure specific rules for the creation of passwords or passcodes on enrolled devices.
129
What is the purpose of configuring a Passcode payload?
1. It helps retrieve a user’s passcode if the user can’t sign in for some reason.
2. It requires that users set passcodes for all apps that they use on their devices.
3. It enables your organization to change a user’s passcode remotely if a device is lost or stolen.
4. It enforces passcode rules that help prevent unauthorized access to your organization’s devices and data.
4 - It enforces passcode rules that help prevent unauthorized access to your organization’s devices and data.
You configure a Passcode payload with specific rules that users must follow when creating a device passcode or password.
130
The Passcode payload configures passcode rules for iPhone and iPad devices, whereas the Password payload configures password rules for Mac computers.
1. True
2. False
2 - False
The Passcode payload configures passcode rules for iPhone and iPad, as well as password rules for Mac.
131
What must a user do when you install the Passcode payload on the user’s iPhone?
1. The user must enter a passcode using the specified settings within 60 minutes.
2. The user must accept the payload to permit the specified settings to take effect.
3. The user must restart the device to install the payload, and then enter a new passcode.
1 - The user must enter a passcode using the specified settings within 60 minutes.
If the user doesn’t do so within that time frame, the payload forces the user to enter a passcode using the specified settings.
132
How can you tell if a restriction applies only to a supervised device?
1. The restriction description contains “(supervised only).”
2. The restriction displays only if a device is supervised.
3. The restriction is dimmed on unsupervised devices.
4. The restriction appears in the group named Supervised Restrictions.
1 - The restriction description contains “(supervised only).”
MDM solutions indicate when a restriction applies only to supervised devices.
133
What is the purpose of configuring a Restrictions payload for Apple devices?
1. Restrictions prevent users from unenrolling a device from MDM.
2. Restrictions prevent unauthorized users from accessing a device.
3. Restrictions prevent users from accessing a specific app, service, or function of a device.
3 - Restrictions prevent users from accessing a specific app, service, or function of a device.
You configure a Restrictions payload to prevent access to a specific app, service, or function on a device.
134
What happens if you select “(supervised only)” restriction settings for an unsupervised device?
1. The “(supervised only)” settings don’t take effect unless you have previously supervised the device.
2. The “(supervised only)” settings override any configuration that the user sets on the unsupervised device.
3. The “(supervised only)” settings require you to turn on device supervision before you can save the payload.
1 - The “(supervised only)” settings don’t take effect unless you have previously supervised the device.
You can select “(supervised only)” settings for unsupervised devices, but the settings don’t take effect unless the device is supervised.
135
Which MDM restriction lets you manage a user’s ability to connect Thunderbolt or USB devices to a Mac?
1. Allow connected accessories while locked
2. Automatically enable accessory connections
3. Allow Thunderbolt or USB device connections
3 - Allow Thunderbolt or USB device connections
The MDM restriction “Allow Thunderbolt or USB device connections” lets you manage a user’s ability to connect Thunderbolt or USB devices to a Mac by disabling the “Allow accessories to connect” setting in System Settings > Privacy & Security.
136
What happens when you select the “Allow connected accessories while locked” restriction and an iPhone or iPad device is connected to a computer with a compatible Ethernet adapter?
1. The device maintains a data connection to a connected network only when a user unlocks it.
2. The device maintains a data connection to a connected network before a user unlocks it.
3. The device automatically unlocks after an hour so that you can refresh it using MDM.
2 - The device maintains a data connection to a connected network before a user unlocks it.
When you select the “Allow connected accessories while locked” restriction and an iPhone or iPad device is connected to a computer with a compatible Ethernet adapter, the device maintains a data connection even before a user unlocks it.
137
What’s required before you can restrict accessory connections on iPhone or iPad?
1. Device supervision
2. A Managed Apple ID
3. An unsupervised Apple device
1 - Device supervision
Configurations to restrict accessory connections require that your iPhone and iPad devices be supervised.
138
How do you ensure that only trusted host computers can pair with your organization’s iPhone and iPad devices?
1. Allow pairing with only Mac computers.
2. Distribute the correct digital certificate to users’ groups and devices.
3. Distribute the correct supervision identities to users’ devices.
3 - Distribute the correct supervision identities to users’ devices.
When you deselect the “Pair with non-Apple Configurator hosts” restriction — and distribute the correct supervision identities to users’ devices — you ensure that only trusted computers holding a valid supervision host certificate are allowed to access iPhone or iPad over Thunderbolt or USB.
139
Which of the following can you use to distribute a certificate identity to a device in a configuration profile?
1. A `.p12` file
2. A PKI token
3. An MD5 hash file
1 - A `.p12` file
You can put a certificate identity into a PKCS #12 file protected with a
password, and push the file to the device in a configuration profile.
140
When you compose a Mail message on a managed Apple device, what happens when Mail finds the certificate for a recipient email?
1. The user is asked to choose a certificate to sign the message.
2. A “Sign this message” option appears left of the “To:” field.
3. A padlock icon appears to the right of the recipient’s contact name, and the address text is blue.
3 - A padlock icon appears to the right of the recipient’s contact name, and the address text is blue.
Mail consults the GAL to discover the recipient’s S/MIME certificate. When Mail finds the certificate for your recipient, a padlock icon appears to the right of the recipient’s contact name, and the address text is blue.
141
What do managed Apple devices require to send signed messages in Mail using S/MIME?
1. Your email address must be in the recipient’s GAL.
2. You must have your identity’s private key in your keychain.
3. Recipients must have your identity’s private key in their keychains.
2 - You must have your identity’s private key in your keychain.
Private keys are important for signing messages in Mail. To send signed messages in Mail using S/MIME on a managed Apple device, you must have your identity’s private key in your keychain.
142
What do managed Apple devices require to send encrypted messages in Mail using S/MIME?
1. The public key from the recipient’s certificate
2. An encryption extension in the recipient’s certificate
3. A restriction payload with the “Allow sending encrypted messages using S/MIME” setting selected
1 - The public key from the recipient’s certificate
Public keys are important for encrypting messages in Mail. To send encrypted messages in Mail using S/MIME on a managed Apple device, you must have the public key from the recipient’s certificate in your keychain.
143
What happens when you use Safari on iPhone or iPad to visit a site with a revoked certificate?
1. You are asked to delete the certificate.
2. You are directed to the CA’s website to update the certificate.
3. “This Connection Is Not Private” appears instead of the contents of the site.
3 - “This Connection Is Not Private” appears instead of the contents of the site.
When you use Safari on iPhone or iPad to visit a site with a revoked certificate, “This Connection Is Not Private” appears instead of the contents of the site.
144
Which type of query can you use to list all installed apps on a device?
1. Security
2. Installed app
3. Device information
4. Operating system
3 - Device information
Device information queries return a device’s information about apps installed, battery level, and device name.
145
Which type of query can you use to find information about Find My and FileVault settings?
1. Security
2. Installed app
3. Device information
4. Operating system
1 - Security
Security queries return a device’s information about whether it has the following enabled: Activation Lock, Find My, FileVault, Firmware password (for Intel-based Mac computers), and more.
146
Which type of query can you use to list all devices that need to be updated to new system software?
1. Security
2. Installed app
3. Device information
4. Operating system
4 - Operating system
Operating system queries return a device’s information about the product version and whether specific update options are enabled.
147
Which prioritization method ensures that the most important app data always gets the best possible bandwidth, even if the network is congested with other traffic?
1. Proxies
2. Restrictions
3. Fastlane QoS marking
3 - Fastlane QoS marking
Fastlane QoS marking ensures that the most important app data always gets the best possible bandwidth.
148
What is the main benefit of using a proxy server on your network?
1. The ability to encrypt content
2. The ability to specify how managed apps use cellular data
3. The ability to filter content or manage available bandwidth
3 - The ability to filter content or manage available bandwidth
You can use a proxy server to control the routing of traffic between your local intranet and the internet.
149
Which MDM payload contains the settings that specify how managed apps use cellular data?
1. Cellular
2. Proxy server
3. Content Caching
4. Network Usage Rules
4 - Network Usage Rules
You can configure the Network Usage Rules payload settings to specify how managed apps use cellular data.
150
Which MDM payload contains the settings that enable QoS support on your managed devices?
1. Wi-Fi
2. Proxy
3. Content Caching
4. Network Usage Rules
1 - Wi-Fi
Apps with enabled QoS support automatically take priority over low-priority apps, such as those used for syncing documents in the background.
151
What is QoS marking?
1. QoS marking determines how much network data an app can use.
2. QoS classification or marking refers to the process of classifying the type of IP packets or traffic.
3. QoS marking determines how quickly app data reaches devices.
2 - QoS classification or marking refers to the process of classifying the type of IP packets or traffic.
Apple devices can mark an app’s network traffic with QoS, and configured network devices can detect these markings and prioritize some types of traffic.
152
What is a requirement for QoS prioritization?
1. The network service type
2. Accurate proxy settings
3. The QoS app
1 - The network service type
The developer must mark the network service type for QoS to use it.
153
Which payload do you use to set QoS priorities?
1. Wi-Fi
2. Network
3. Certificate
4. Restrictions
2 - Network
You set QoS priorities with a Network payload.
154
Which statement about Managed Lost Mode is true?
1. Managed Lost Mode requires Find My to be turned on.
2. You can use MDM to put an unsupervised iPhone or iPad device into Managed Lost Mode.
3. MDM remotely queries a lost device for its location the last time that the device was online.
3 - MDM remotely queries a lost device for its location the last time that the device was online.
With Managed Lost Mode, you can find a supervised iPhone or iPad device that is lost or stolen because the MDM solution remotely queries for its location when the device connects to a network that both the managed device and the MDM solution can access.
155
What can you do when you use your MDM solution to enable Managed Lost Mode on a device?
1. You can customize the Lock Screen with a message, add a contact phone number, and include a note.
2. You can customize the Lock Screen with a bypass code, add a contact phone number, and include a note.
3. You can customize the Lock Screen with only a contact phone number and a message.
1 - You can customize the Lock Screen with a message, add a contact phone number, and include a note.
When you enable Lost Mode on a device, you can customize the Lock Screen with a message, a contact phone number, and a note.
156
Which of these statements is true?
1. When an MDM solution remotely disables Managed Lost Mode, it locks the device. It also notifies the user upon locking the device screen that the MDM solution enabled Managed Lost Mode and collected the device’s
location.
2. You can use your MDM solution to issue commands to disable Lost Mode on an unmanaged iPhone or iPad device.
3. You can disable Managed Lost Mode if it’s erroneously enabled or enabled on a retrieved device.
3 - You can disable Managed Lost Mode if it’s erroneously enabled or enabled on a retrieved device.
157
Using your MDM solution, you enabled Lost Mode for a lost iPad. The next day, the verified user recovered the device, and you disabled Lost Mode.
Which message appeared when the user unlocked their iPad?
1. MDM enabled Managed Lost Mode and collected the device location.
2. MDM disabled Managed Lost Mode and Activation Lock.
3. MDM enabled recovery mode and restored the device data and settings.
1 - MDM enabled Managed Lost Mode and collected the device location.
When an MDM solution administrator remotely disables Managed Lost Mode, the user is notified that their device was locked and the MDM solution collected its location.
158
What happens when you use an MDM solution to wipe iPhone or iPad?
1. Wiping iPhone or iPad automatically backs up user data and settings to iCloud before restoring factory settings.
2. Wiping iPhone or iPad puts the device in recovery mode, and you must reinstall iOS.
3. Wiping iPhone or iPad restores the device to its factory settings while preserving the last installed iOS or iPadOS version.
3 - Wiping iPhone or iPad restores the device to its factory settings while preserving the last installed iOS or iPadOS version.
Wiping iPhone or iPad removes all user data and settings and restores factory settings, preserving the last installed iOS or iPadOS version.
159
What happens when you use an MDM solution to enable Lost Mode on iPhone or iPad?
1. MDM wipes the device remotely.
2. MDM locks the device.
3. MDM issues a bypass code.
2 - MDM locks the device.
When you enable Lost Mode for a missing device with your MDM solution, it locks the device, displays your custom message, and determines the device location.
160
What happens if Find My is turned on for a managed device and your MDM solution allows Activation Lock?
1. Activation Lock is enabled.
2. The device is locked, and its location is collected.
3. The user is notified that Activation Lock is enabled.
1 - Activation Lock is enabled.
If Find My is enabled when your MDM solution allows Activation Lock on managed devices, Activation Lock is automatically enabled at that point.
161
What happens if Find My is turned off for a managed device when your MDM solution allows Activation Lock?
1. Activation Lock is enabled at that point.
2. The device is locked, and its location is collected.
3. The user is notified that Activation Lock is disabled.
4. Activation Lock is enabled the next time the user enables Find My.
4 - Activation Lock is enabled the next time the user enables Find My.
If Find My is disabled when your MDM solution allows Activation Lock on managed devices, Activation Lock is enabled the next time the user enables Find My.
162
Your Mac has been wiped and Activation Lock has been enabled.
Where do you enter the bypass code?
1. Start up in recoveryOS, then enter the bypass code in the password field on the Activation Lock Screen.
2. Start up in recoveryOS, then click the Recovery Assistant menu, choose “Activate with MDM key,” and enter the bypass code in the field.
3. On the Sign In with Your Apple ID screen in Setup Assistant, enter the bypass code in the password field.
4. On the Create a Computer Account screen in Setup Assistant, enter the bypass code in the password field.
2 - Start up in recoveryOS, then click the Recovery Assistant menu, choose “Activate with MDM key,” and enter the bypass code in the field.
You can find the device-based bypass code in your MDM solution.
163
Which Mac models support Activation Lock?
1. Mac computers with Intel processors only
2. Mac computers with A12 Bionic
3. Mac computers with Apple silicon and the T2 chip
3 - Mac computers with Apple silicon and the T2 chip
Activation Lock is available on Mac computers with Apple silicon and the T2 chip.
164
Someone turns in a managed iPhone device that was purchased from a reseller other than Apple or participating Apple Authorized Resellers or carriers.
Which tool do you use to add it to your organization’s Apple Business Manager or Apple School Manager account?
1. Apple Configurator for Mac or Apple Configurator for iPhone
2. Apple Business Manager or Apple School Manager
3. `startosinstall`
1 - Apple Configurator for Mac or Apple Configurator for iPhone
You use Apple Configurator to assign iPhone or iPad devices or Mac computers to your organization in Apple Business Manager or Apple School Manager.
165
A user turns in an iPhone device and a Mac. Both have managed apps installed. You use your MDM solution to erase the content and settings, disable Activation Lock, and then revoke the app licenses.
Can you immediately reassign the app licenses?
1. Yes
2. No
1 - Yes
You can reassign revoked licenses for managed apps to other users or devices.
166
Where can you find the `startosinstall` tool?
1. In the App Store
2. In Apple Configurator
3. In the macOS Installer package bundle
4. In `/Applications/Utilities` on your Mac
3 - In the macOS Installer package bundle
`startosinstall` is located inside the macOS installer’s Contents and Resources folder.
167
You’re writing a `startosinstall` script to prepare Mac computers for redeployment and you need to install multiple packages. Some packages depend on other packages
already being installed.
What’s the best way to ensure that the packages are installed in a specific order with `--installpackage`?
1. Use a loop, and call `startosinstall` multiple times with different `--installpackage` arguments for each package in order.
2. Write separate `startosinstall` commands with `--installpackage` for each package, and specify a `--rebootdelay`.
3. Determine the necessary sequence, and call `startosinstall` with multiple `--installpackage` arguments for each package in order.
3 - Determine the necessary sequence, and call `startosinstall` with multiple `--installpackage` arguments for each package in order.
`--installpackage` installs all packages passed to it in the order in which they’re passed to the command.
168
Your organization retires six iPhone devices and turns them in for credit toward new devices through the Apple Trade In program. Three of the iPhone devices aren’t eligible for credit.
What happens to those devices?
1. Apple recycles the devices.
2. Apple ships the devices back to you.
3. Apple deducts a recycling fee from your credit.
4. Apple ships the devices to the recycling facility of your choice.
1 - Apple recycles the devices.
Apple recycles the devices through its recycling partners.
169
What happens to trade-in devices that Apple receives through the Apple Trade In program?
1. Apple refurbishes and resells all devices.
2. Apple sends all devices to its recycling partners.
3. Apple refurbishes devices that are in good condition and recycles the rest.
3 - Apple refurbishes devices that are in good condition and recycles the rest.
Apple refurbishes reusable devices.
170
You should first back up devices and erase all content and settings before redeploying or recycling them. If you are recycling devices, you must then release them from management in Apple Business Manager or Apple School Manager and remove them from your MDM solution.
1. True
2. False
1 - True
You don’t have to, but you should wipe your devices first, then you can release them from management in Apple Business Manager or Apple School Manager and remove them from MDM.
171
Which configuration profile payload requires supervision?
A. Enforce setting a passcode
B. Modify Personal Hotspot settings
C. Trusting new enterprise app authors
D. Disable AirDrop as an unmanaged destination
B. Modify Personal Hotspot settings
172
Which configuration profile payload restriction requires supervision?
A. Disable Safari web browser
B. Enforce setting a passcode
C. Trusting new enterprise app authors
D. Treat AirDrop as an unmanaged destination
A. Disable Safari web browser
173
*Select four responses.*
Which four options are good practices before trading in and recycling your organization’s retired devices?
A. Back up your device.
B. Reset your device password.
C. Remove the lithium-ion battery.
D. Remove your old device from your list of trusted devices.
E. Sign out of iCloud and the iTunes Store and the App Store.
F. Remove the devices from Apple School Manager and Apple Business Manager.
A. Back up your device.
D. Remove your old device from your list of trusted devices.
E. Sign out of iCloud and the iTunes Store and the App Store.
F. Remove the devices from Apple School Manager and Apple Business Manager.
174
*Scenario*
Township Schools wants to deploy 150 Apple TV devices in its high schools. The Apple TV devices are a mix of products purchased directly from Apple and some newly donated devices.
*Select two responses.*
Which two device enrollment types should you use to enroll these Apple TV devices into your MDM solution?
A. User Enrollment
B. Device Enrollment
C. Declarative Enrollment
D. Automated Device Enrollment
B. Device Enrollment
D. Automated Device Enrollment
175
What are some of the basic network requirements for setting up an on-premise MDM solution?
A. A fully qualified domain name, TLS certificate communication, and a static IP address
B. Activation Lock escrow keys, firewall ports 2195/2196, and a fully qualified domain name
C. A static IP address, a robust disaster recovery solution, and encrypted database connectivity
D. A Transport Layer Security certificate, firewall ports 2195/2196, and a macOS bootstrap token
A. A fully qualified domain name, TLS certificate communication, and a static IP address
176
Which enrollment type supports separating personal user data and organization data on iPhone and iPad?
A. User Enrollment
B. Device Enrollment
C. Automated Device Enrollment
D. Declarative Device Enrollment
A. User Enrollment
177
Which cloud identity provider can you use to automatically create Managed Apple IDs with federated authentication?
A. Open Directory
B. Google Workspace
C. Microsoft Active Directory
B. Google Workspace
178
Which Managed Open In restriction can you enforce using an MDM solution?
A. Pasting content from a managed app to a managed app
B. Pasting content from a managed app to an unmanaged app
C. Pasting content from an unmanaged app to an unmanaged app
B. Pasting content from a managed app to an unmanaged app
179
What should you use to remotely access private organization networks?
A. SSH
B. SSL
C. TLS
D. VPN
D. VPN
180
What is required to support SSL VPN connections for Apple devices?
A. Provider companion app
B. Push certificate
C. Secure Wi-Fi
D. MDM
A. Provider companion app
181
Which assignment method should you use to distribute book licenses that were bought within Apple School Manager or Apple Business Manager?
A. User assignment
B. Device assignment
C. Either user or device assignment
A. User assignment
182
*Scenario*
Fabiano is leaving ACME, Inc. and you want to unenroll his personal iPhone from your MDM solution.
What happens to the managed apps that your MDM solution installed on his iPhone?
A. It depends on the setting you selected in your MDM solution.
B. They are instantly removed from his device.
C. They stay on the device and keep working.
D. They stay on the device but stop working.
A. It depends on the setting you selected in your MDM solution.
183
What happens to an app when you use your MDM solution to revoke its app license?
A. The icon is dimmed.
B. It unexpectedly quits when opened.
C. It is instantly removed from the device.
D. It continues to function for a limited time.
D. It continues to function for a limited time.
184
Which assignment method can you use to distribute app licenses bought with Apple School Manager and Apple Business Manager?
A. User assignment only
B. Device assignment only
C. User and device assignment
C. User and device assignment
185
Which macOS utility identifies the Received Signal Strength Indicator when troubleshooting roaming between access points within a wireless network?
A. Activity Monitor
B. `networkQuality`
C. `getnetworkpower`
D. Wireless Diagnostics
D. Wireless Diagnostics
186
*Select three responses.*
Which three options should you use to optimize your Wi-Fi networks for Apple devices?
A. Standardize on the 5 GHz band
B. Standardize on the 2.4 GHz band
C. Create “hidden” service set identifiers
D. Avoid using “hidden” service set identifiers
E. Avoid creating excessive service set identifiers
A. Standardize on the 5 GHz band
D. Avoid using “hidden” service set identifiers
E. Avoid creating excessive service set identifiers
187
How often do MDM server tokens expire in Apple School Manager and Apple Business Manager?
A. Every six months
B. Once a year
C. Every two years
D. Every three years
B. Once a year
188
What allows you to grant privileges to a user in Apple School Manager or Apple Business Manager?
A. Groups
B. Locations
C. Rights
D. Roles
D. Roles
189
Which type of Apple IDs does your organization own?
A. Enterprise Apple IDs
B. Managed Apple IDs
C. Business Apple IDs
D. Personal Apple IDs
B. Managed Apple IDs
190
*Select three responses.*
Which three features are available for Managed Apple IDs?
A. iCloud Backup
B. iCloud Keychain
C. iCloud Drive
D. Notes
E. Sidecar
A. iCloud Backup
C. iCloud Drive
D. Notes
191
*Select three responses.*
Which three Apple School Manager roles have the privileges to add, assign, and remove devices?
A. Manager
B. Site Manager
C. Administrator
D. Content Manager
E. Device Enrollment Manager
B. Site Manager
C. Administrator
E. Device Enrollment Manager
192
Which type of information about iPhone can you view in Apple Configurator for Mac, but **NOT** with an MDM solution?
A. Disk usage
B. Console log
C. Installed apps
D. Battery charge
B. Console log
193
*Select two responses.*
Which two roles allow you to transfer licenses and apps to other locations in Apple Business Manager?
A. Device Enrollment Manager
B. Content Manager
C. People Manager
D. Administrator
B. Content Manager
D. Administrator
194
Which license type should you choose if your organization wants to retain full ownership and control of apps that you bought in Apple School Manager and Apple Business Manager?
A. App Store credits
B. Managed licenses
C. Volume purchases
D. App redemption codes
B. Managed licenses
195
*Select four responses.*
Which four content types does the content caching service support on Mac computers?
A. Apple TV+
B. OS updates
C. Apple Music
D. mpeg videos
E. Apple Books
F. iCloud data caching
G. Apps from the App Store
B. OS updates
E. Apple Books
F. iCloud data caching
G. Apps from the App Store
196
ACME, Inc. has 350 Apple devices installed over three network subnets. You want to turn on content caching on a Mac mini to optimize your network’s internet bandwidth.
How should you configure content caching?
A. Change content caching settings to devices using custom local networks
B. Configure multiple Ethernet services in Network settings
C. Use default content caching settings
D. Set content caching to parent
B. Configure multiple Ethernet services in Network settings
197
*Scenario*
ACME, Inc. has 250 Apple devices that connect to both wired and wireless networks. You plan to turn on content caching on a Mac mini connected to the network.
What should you do to optimize content caching?
A. Connect your Mac mini to the network with a cable and disable Wi-Fi.
B. Enable the Optimize Content Caching Over Wi-Fi setting in content caching advanced options.
C. Add your router IP address to the Parent IP Addresses setting in content caching advanced options.
D. Add your firewall IP address to the Parent IP Addresses setting in content caching advanced options.
A. Connect your Mac mini to the network with a cable and disable Wi-Fi.
198
*Select three responses.*
Which three are best practices for setting up content caching?
A. Use manual proxy settings
B. Specify a TCP port for caching
C. Block rogue cache registration
D. Manage intersite caching traffic
E. Proxy client requests to content caches
B. Specify a TCP port for caching
C. Block rogue cache registration
D. Manage intersite caching traffic
199
What happens when you use Safari on iPad to visit a site with a revoked certificate?
A. You are asked to delete the certificate.
B. You are directed to the CA’s website to update the certificate.
C. A dialog box appears noting an issue with the website or service.
D. The message “This Connection Is Not Private” appears instead of the webpage.
D. The message “This Connection Is Not Private” appears instead of the webpage.
200
Which MDM feature should you use to restrict content so that organization content is inaccessible in apps that the user installs?
A. App sandboxing
B. Manage Open In
C. iCloud restriction
D. Account modification restriction
B. Manage Open In
201
*Scenario*
You want to prevent users from using personal apps to open work email attachments from ACME, Inc.’s managed mail account.
Which feature should you apply using your MDM solution?
A. App Sandbox
B. iCloud restriction
C. Managed Open In
D. Account modification restriction
C. Managed Open In
202
*Select three responses.*
Which three items are always encrypted on Apple devices?
A. FaceTime communications
B. iMessage communications
C. Email communications
D. Wi-Fi communications
E. HTTPS web browsing
A. FaceTime communications
B. iMessage communications
E. HTTPS web browsing
203
Which Mac computers implement FileVault using Data Protection Class C with a volume key?
A. **ONLY** Intel-based Mac computers
B. **ONLY** Mac computers with Apple silicon
C. **ONLY** Mac computers with the Apple T2 Security Chip
D. Mac computers with Apple silicon and the Apple T2 Security Chip
B. **ONLY** Mac computers with Apple silicon
204
What happens to volume encryption keys when FileVault is **NOT** turned on during the initial Setup Assistant process on Mac computers with Apple silicon or the Apple T2 Security Chip?
A. The key is encrypted using only AES-128 bit software encryption.
B. The keys are generated when the first user’s password is created.
C. The keys are generated when the first user’s password is logged in.
D. The key is protected only by the hardware UID in the Secure Enclave.
D. The key is protected only by the hardware UID in the Secure Enclave.
205
Jesse notifies you that he lost his managed organization-owned iPhone while riding the bus. You want to try to locate the device with your MDM solution.
Which MDM command should you send before you can remotely query the device’s location?
A. Erase device
B. Enable Lost Mode
C. Allow Activation Lock
D. Enable Activation Lock
B. Enable Lost Mode
206
Which query is available for user enrolled devices?
A. FaceTime and phone call logs
B. Installed managed apps
C. SMS and iMessages
D. Device location
B. Installed managed apps
207
*Scenario*
ACME, Inc. is deploying a profile that marks a collaboration app to have a better quality of service than other apps on your Apple device.
Which devices support this setting?
A. iPhone and iPad
B. iPhone, iPad, and Mac
C. iPhone, iPad, Mac, and Apple TV
D. iPhone, iPad, Mac, Apple TV, and Apple Watch
C. iPhone, iPad, Mac, and Apple TV
208
ACME, Inc. retires 150 iPad devices and turns them in for credit toward new devices through the Apple Trade In program. Twenty iPad devices aren’t eligible for credit.
What happens to the 20 devices that are **NOT** eligible for credit?
A. Apple recycles the devices.
B. Apple refurbishes the devices.
C. Apple returns the devices to you.
D. Apple deducts the recycling fee from your credit.
A. Apple recycles the devices.
209
Which profile type is required to send a remote wipe command to a device using MDM?
A. Configuration
B. Enrollment
C. Device
D. User
B. Enrollment
210
Which macOS version supports declarative status reports?
A. macOS 10.15 and later
B. macOS 11 and later
C. macOS 12 and later
D. macOS 13 and later
D. macOS 13 and later
211
*Select three responses.*
Which three restrictions can MDM set in a profile for supervised Apple devices?
A. Use Safari
B. Set passcode
C. Safari AutoFill
D. Password AutoFill
E. Enable Location Services
A. Use Safari
C. Safari AutoFill
D. Password AutoFill
212
*Select three responses.*
When User Enrollment is completed on iPhone or iPad, which types of
organization data are separated from user data on different volumes?
A. Contacts
B. Reminders
C. Managed apps
D. Keychain items
E. Calendar attachments
C. Managed apps
D. Keychain items
E. Calendar attachments
213
*Select four responses.*
What are the four stages of User Enrollment into MDM?
A. Session token
B. User enrollment
C. App installation
D. MDM enrollment
E. Service discovery
F. Create Managed Apple ID
A. Session token
B. User enrollment
D. MDM enrollment
E. Service discovery
214
Which User Enrollment process, built into the Settings app, makes it easier for users to enroll their personal iPhone?
A. Automated User Enrollment
B. Profile-based User Enrollment
C. Account-based User Enrollment
D. Personal device User Enrollment
C. Account-based User Enrollment
215
Which User Enrollment method requires the users to access a given URL to download the enrollment profile?
A. Automated User Enrollment
B. Profile-based User Enrollment
C. Account-based User Enrollment
D. Personal device User Enrollment
B. Profile-based User Enrollment
216
Which three types of data, essential to continuity of device access, might you lose if you don’t have a robust backup strategy for an on-premises MDM installation?
A. Bypass codes
B. User passwords
C. Device passcodes
D. macOS bootstrap tokens
E. Activation Lock escrow keys
A. Bypass codes
D. macOS bootstrap tokens
E. Activation Lock escrow keys
217
*Select three responses.*
Which three passcode and password settings can you configure remotely using your MDM solution?
A. Maximum number of failed attempts before the user account is disabled
B. Passcode or password history (unable to use previous passwords)
C. Maximum number of complex characters
D. Minimum passcode length
E. Maximum passcode length
A. Maximum number of failed attempts before the user account is disabled
B. Passcode or password history (unable to use previous passwords)
D. Minimum passcode length
218
*Scenario*
Christina enrolled her iPhone in ACME, Inc.’s MDM solution. It deployed a profile requiring her to enter an eight-digit simple passcode. She manually added her Exchange Active Sync account, which requires a six-digit complex passcode.
Which passcode policy is applied to Christina’s iPhone?
A. Six-digit simple
B. Six-digit complex
C. Eight-digit simple
D. Eight-digit complex
D. Eight-digit complex
219
*Scenario*
ACME, Inc. uses its MDM solution to deploy digital certificates to allow
iPhone devices access to organization services and protect confidential
data.
Which three MDM enrollment types can manage digital certificates on managed Apple devices?
A. Account-Driven User Enrollment
B. Automated Device Enrollment
C. Business Enrollment
D. Device Enrollment
E. User Enrollment
B. Automated Device Enrollment
D. Device Enrollment
E. User Enrollment
220
What happens when you deploy multiple restriction-based configuration profiles that contain similar payloads with different settings on iPhone or iPad?
A. The least restrictive setting is applied
B. The most restrictive setting is applied
C. No setting is applied if profiles conflict
D. The profile that is assigned last is applied
B. The most restrictive setting is applied
221
Which formats are the private key part of a certificate identity stored as?
A. .csr, .rsa
B. .cer, .crt
C. .pfx, .p12
D. .der, X.509
C. .pfx, .p12
222
Which of the following are supported certificate and identity formats for Apple devices?
A. .cer, .crt, .der, .pfx, .p12
B. .cer, .der, .p15, X.509, RSA
C. .pfx, .crt, .p12, 802.1X, SSH
D. .ca, SSH, X.509, TLS 1.0, RADIUS
A. .cer, .crt, .der, .pfx, .p12
223
*Select three responses.*
What are the three categories of trust certificates on Apple devices?
A. Unknown
B. Blocked
C. Trusted
D. Always Ask
E. Pre-approved
B. Blocked
C. Trusted
D. Always Ask
224
Which certificate type establishes a chain of trust that verifies other certificates signed by the trusted roots?
A. Root certificate
B. Anchor certificate
C. Trusted certificate
D. Intermediary certificate
C. Trusted certificate
225
Where can you find the version of Trust Stores installed on your iPhone and iPad?
A. Settings > General > About > Keychain
B. System Preferences > General > About > Keychain
C. Settings > General > About > Certificate Trust Settings
D. System Settings > General > About > Certificate Trust Settings
C. Settings > General > About > Certificate Trust Settings
226
*Select two responses.*
Which two devices support the Certificate Revocation MDM payload setting?
A. iPhone
B. iPad
C. Mac
D. Apple TV
E. Apple Watch
A. iPhone
B. iPad
227
*Scenario*
ACME, Inc. is migrating to a new MDM solution.
How should you delete a nonremovable profile from your Mac?
A. Use your MDM solution to remove the profile.
B. Use Apple Business Manager to remove the profile.
C. Remove the profile by navigating to Settings > General > VPN & Device Management.
D. Remove the profile by clicking the Remove button (-) in System Settings > Privacy & Security > Profiles.
A. Use your MDM solution to remove the profile.
228
*Select four responses.*
Which four factors should you consider when you plan to deploy Apple devices on your network?
A. Access to Apple services
B. Security of your organization’s data
C. Complexity of implementing the network
D. Require updating passcodes and passwords
E. Convenience for the user or the technician during setup
F. Set the power levels for all wireless access points to maximum
A. Access to Apple services
B. Security of your organization’s data
C. Complexity of implementing the network
E. Convenience for the user or the technician during setup
229
How should you configure your firewall to use most Apple services?
A. Allow inbound connections to 17.0.0.0/8
B. Allow outbound connections to *.apple.com
C. Require authentication to identity.apple.com
D. Allow inbound and outbound connections over ports 80 and 443 to *.apple.com
B. Allow outbound connections to *.apple.com
230
*Scenario*
Township Schools plans on deploying Mac computers and iPad devices to their
students. They need to ensure that all devices will be able to
successfully connect to the Wi-Fi network.
*Select two responses.*
Which Wi-Fi configuration profile payload settings will be required to ensure Wi-Fi connectivity?
A. Disable association MAC address randomization
B. Network Authentication Type
C. Network Proxy Configuration
D. Service Set Identifier
E. Auto Join
B. Network Authentication Type
D. Service Set Identifier
231
*Select three responses.*
Which three 802.1X authentication methods are available for Apple devices?
A. ARP
B. EAP
C. PEAP
D. TLS
E. WEP
B. EAP
C. PEAP
D. TLS
232
Where should you download an MDM token from Apple Business Manager?
A. MDM Server Assignment
B. Your MDM Servers
C. Token vault
D. Accounts
B. Your MDM Servers
233
*Select three responses.*
Which three options are available to teachers from the Apple Classroom app?
A. Lock student’s iPad
B. View student’s screen
C. Mirror their iPad on student’s iPad
D. Launch a specific app on student’s iPad
E. Block a specific website on student’s iPad
A. Lock student’s iPad
B. View student’s screen
D. Launch a specific app on student’s iPad
234
*Scenario*
Township Schools’ teachers and students are using Mac computers. The teachers want to introduce their students to coding.
In addition to the Everyone Can Code Puzzles book, which app should you recommend to the teachers?
A. Homework
B. Classroom
C. Schoolwork
D. Swift Playgrounds
D. Swift Playgrounds
235
*Scenario*
ACME, Inc. federated its Microsoft Azure Active Directory (Azure AD)
@acme.com domain with Apple Business Manager.You want to test that
federation is working by using your account with UPN andre@acme.com.
Your account also has these aliases:
- andre@dev.acme.com
- a.lorico@acme.com
- andre.lorico@dev.acme.com
What should you use to log in to your iCloud account?
A. **ONLY** andre@acme.com
B. andre@acme.com and andre.lorico@dev.acme.com
C. andre.lorico@dev.acme.com, andre@dev.acme.com, and a.lorico@acme.com
D. andre@acme.com, a.lorico@acme.com, andre@dev.acme.com, and andre.lorico@dev.acme.com
A. **ONLY** andre@acme.com
236
*Select two responses.*
What are two ways an organization can benefit from using Apple School Manager or Apple Business Manager?
A. Enables the creation of Managed Apple IDs unique to the organization
B. Contains a store portal to purchase organization-owned devices
C. Allows users to securely use their user-owned devices
D. Enables automatic enrollment into an MDM solution
A. Enables the creation of Managed Apple IDs unique to the organization
D. Enables automatic enrollment into an MDM solution
237
*Select three responses.*
Which three roles can use their Managed Apple ID using federated authentication to sign in to Apple services?
A. Device Enrollment Manager
B. Content Manager
C. People Manager
D. Administrator
E. Staff
A. Device Enrollment Manager
B. Content Manager
E. Staff
238
Who owns app licenses installed on devices with managed distribution?
A. The device
B. The organization
C. The device owner
D. The Apple ID owner
B. The organization
239
What happens if you install multiple configuration profiles that contain conflicting restrictions on a Mac?
A. An error occurs on subsequent profiles with similar payloads.
B. The most restrictive settings of each profile are applied.
C. The resulting behavior is undefined.
D. The first profile to deploy is applied.
C. The resulting behavior is undefined.
240
Which app should you use to manually add Mac computers to Apple School Manager and Apple Business Manager?
A. Apple Configurator for iPhone
B. iPhone Configuration Utility
C. Apple Business Essentials
D. Profile Manager
A. Apple Configurator for iPhone
241
What is the minimum role required to assign a device to an MDM solution in Apple School Manager and Apple Business Manager?
A. Device Enrollment Manager
B. People Manager
C. Site Manager
D. Administrator
A. Device Enrollment Manager
242
Which Setup Assistant pane should you be on before you prepare to enroll
Apple TV devices using Apple Configurator into your MDM solution?
A. Choose your language
B. Pair your remote
C. Screen saver
D. Update tvOS
E. Home Screen
B. Pair your remote
243
*Select three responses.*
Which three types of content and configurations can you add or assign to
iPhone and iPad devices using Apple Configurator for Mac?
A. App config
B. Books and PDFs
C. Enrollment profiles
D. Configuration profiles
E. Exchange web services
B. Books and PDFs
C. Enrollment profiles
D. Configuration profiles
244
Which Setup Assistant pane always appears the first time an iPhone or iPad device is set up, even when using MDM?
A. Device-to-device migration
B. Passcode lock
C. Quick Start
D. Apple ID
C. Quick Start
245
Which privacy setting is enforced when Setup Assistant panes are skipped on Apple devices?
A. More privacy-preserving setting
B. Least privacy-preserving setting
C. Setup Assistant panes can’t be skipped
D. Setup Assistant pane is skipped with a privacy warning
A. More privacy-preserving setting
246
When using Automated Device Enrollment, on which Apple device can all Setup Assistant panes be skipped?
A. Supervised Apple TV with tvOS 10 or later installed
B. Supervised Mac with macOS 11 or later installed
C. Supervised iPad with iPadOS 15 or later installed
D. Supervised iOS device with iOS 15 or later installed
B. Supervised Mac with macOS 11 or later installed
247
*Scenario*
ACME, Inc. chooses to **NOT** allow users to interact with specific Setup Assistant panes, such as Apple Pay.
What is the expected device behavior after completing Setup Assistant?
A. The setting is grayed out.
B. The user can modify the setting.
C. Options to manage the setting are hidden.
D. The MDM profile must be removed before modifying.
B. The user can modify the setting.
248
*Scenario*
ACME, Inc. wants to ensure that users **CANNOT** wipe an enrolled iPad from an unpaired Mac computer.
What is the earliest version of iPadOS to restrict this by default?
A. iPadOS 13.4
B. iPadOS 14.0
C. iPadOS 14.5
C. iPadOS 14.5
249
How does restricting Proximity AutoFill affect iPadOS?
A. Devices do not advertise to nearby devices for Wi-Fi passwords
B. Devices do not advertise to nearby devices for Safari passwords
C. Devices do not advertise to nearby devices for any password fields
D. Devices do not advertise to nearby devices for administrator passwords
A. Devices do not advertise to nearby devices for Wi-Fi passwords
250
What is required for a Mac with a serial number in Apple Business Manager to skip all Setup Assistant panes using Auto Advance?
A. A paired keyboard and mouse
B. Have an active Wi-Fi connection
C. Have an active Ethernet connection
D. Mac notebook computers must be plugged into a power source
C. Have an active Ethernet connection
251
*Select three responses.*
Which three are situations where a network administrator should use content caching?
A. iCloud Drive storage has been maxed out for numerous Apple IDs
B. Large numbers of apps and books are not installing promptly
C. iTunes Store movie purchases are slow to download
D. Network traffic to Apple services is extremely high
E. Shared iPad login times are slow
B. Large numbers of apps and books are not installing promptly
D. Network traffic to Apple services is extremely high
E. Shared iPad login times are slow
252
Which licenses can you transfer from one location to another in Apple School Manager and Apple Business Manager?
A. **ONLY** assigned licenses to another location.
B. **ONLY** unassigned licenses to another location.
C. You **CANNOT** transfer licenses to another location.
D. Both assigned and unassigned licenses to another location.
B. **ONLY** unassigned licenses to another location.
253
What is the recommended best practice when you create SSIDs on a network?
A. Create six or fewer SSIDs
B. Create five or fewer SSIDs
C. Create four or fewer SSIDs
D. Create three or fewer SSIDs
D. Create three or fewer SSIDs
254
*Select three responses.*
Which three authentication methods do Apple devices support?
A. ARP
B. DLP
C. RADIUS
D. WPA2
E. WPA3
C. RADIUS
D. WPA2
E. WPA3
255
When should you refer to a PAC file in a configuration profile?
A. To use VPN proxy automatic configuration
B. To use DNS Proxy automatic configuration
C. To use Global HTTP proxy automatic configuration
D. To use Content filter providers automatic configuration
C. To use Global HTTP proxy automatic configuration
256
*Select two responses.*
Which two settings are required when you create a Wi-Fi configuration profile for the TTLS 802.1X authentication method?
A. Identity certificate
B. Account user name
C. Inner authentication
D. Two-factor authentication
E. Use directory authentication
A. Identity certificate
B. Account user name
257
Township Schools’ IT department will use its MDM solution to deploy a global
HTTP proxy to provide internet content filtering on devices both at
school or at home.
*Select three responses.*
Which three items are supported when using a global HTTP proxy payload?
A. Proxy PAC URL
B. Identity certificate
C. SOCKS extension
D. IP address of the proxy server
E. DNS name of the proxy server
A. Proxy PAC URL
D. IP address of the proxy server
E. DNS name of the proxy server
258
What is required when you configure devices to use SSL VPN through MDM?
A. The provider’s VPN app
B. A certificate configuration
C. A configuration profile with SSL VPN settings
D. An additional network interface in System Settings
A. The provider’s VPN app
259
What can you use Apple Configurator Blueprints for?
A. To export device console logs
B. To create Automator workflows
C. To create shell scripts and automate specific processes
D. To create device templates and apply them to multiple devices
D. To create device templates and apply them to multiple devices
260
Which tool should you use to create Apple Configurator automated workflows that you can share with your colleagues?
A. Xcode
B. Blueprints
C. Automator
D. Swift Playgrounds
C. Automator
261
*Scenario*
You are using Apple Configurator to prepare your iPad devices. You’d
like to automate the process by using command-line script with the `cfgutil` command.
What should you do before using the `cfgutil` command?
A. Install Xcode tools.
B. Install the `cfgutil` from the App Store.
C. Install the Automation Tools in the Apple Configurator menu.
D. Download and install the `cfgutil` from the developer website.
C. Install the Automation Tools in the Apple Configurator menu.
262
*Select four responses.*
Which four Touch ID restrictions are possible using MDM?
A. Users can’t add Touch ID fingerprints
B. Users can remove Touch ID fingerprints
C. Users can authenticate only with Touch ID
D. Users can’t use Touch ID to unlock a device
E. Users can’t use Touch ID to autofill app data
F. Users can’t use Touch ID to perform software updates
A. Users can’t add Touch ID fingerprints
B. Users can remove Touch ID fingerprints
D. Users can’t use Touch ID to unlock a device
E. Users can’t use Touch ID to autofill app data
263
What does macOS use for user and group resolution to integrate with Active Directory?
A. Lightweight Directory Access Protocol
B. Distributed File System
C. Identity as a service
D. Kerberos
A. Lightweight Directory Access Protocol
264
*Scenario*
ACME’s IT department needs to deploy a profile containing a Microsoft Exchange payload that requires certificates.
*Select two responses.*
Which two Certificates payload settings are required?
A. PAC URL
B. Passphrase
C. Certificate name
D. Certificate UUID
C. Certificate name
D. Certificate UUID
265
*Select three responses.*
What are three optional Smart Card MDM payload settings for Apple devices?
A. User pairing
B. Smart Card use
C. Disable screen saver
D. Restrict one smart card per user
E. Allow multiple smart cards per user
A. User pairing
B. Smart Card use
D. Restrict one smart card per user
266
Which option should you use as an authentication method for VPN On Demand?
A. User-based authentication
B. Client-based authorization
C. System-based authentication
D. Certificate-based authentication
D. Certificate-based authentication
267
Which option should you use as an authentication method for VPN On Demand?
A. User-based authentication
B. Client-based authorization
C. System-based authentication
D. Certificate-based authentication
D. Certificate-based authentication
268
*Select three responses.*
Which three wireless network authentication and encryption protocols do Apple products support?
A. WPA2 Enterprise
B. WPA3 Enterprise
C. WPA2 Personal
D. WPA4 Personal
E. WAP2 Personal
A. WPA2 Enterprise
B. WPA3 Enterprise
C. WPA2 Personal
269
How long must you wait to reassign an app after you’ve revoked it from a device or user?
A. You can reassign the app immediately.
B. You must wait 30 days before reassigning the app.
C. You must wait 24 hours before reassigning the app.
D. You must wait 60 minutes before reassigning the app.
A. You can reassign the app immediately.
270
What is required to prevent a user from installing apps when the “Allow installing apps” restriction is on an iOS device?
A. The device must be supervised.
B. A VPN configuration is required.
C. A personal Apple ID is required on the device.
D. It must be used with the “Allow removing apps” restriction.
A. The device must be supervised.
271
*Select three responses.*
Which three restrictions should you set to protect your organization’s app data in your MDM solution?
A. Allow documents from unmanaged sources in managed destinations
B. Allow documents from managed sources in unmanaged destinations
C. Allow opening a PDF from a website
D. Allow opening a PDF from an email
E. Managed Pasteboard
A. Allow documents from unmanaged sources in managed destinations
B. Allow documents from managed sources in unmanaged destinations
E. Managed Pasteboard
272
*Select three responses.*
Which three of the following are a managed source?
A. Accounts installed using Apple Configurator for Mac
B. Apps installed using Apple Configurator for Mac
C. Apps and accounts installed using MDM
D. Accounts set up manually on the device
E. Apps installed from website
A. Accounts installed using Apple Configurator for Mac
B. Apps installed using Apple Configurator for Mac
C. Apps and accounts installed using MDM
273
The Mac computers at Township Schools use Active Directory authentication
for students. The school district is enrolling its Mac computers into
MDM. Both Active Directory and MDM have password policies being deployed to the computers.
Which password policy will be applied?
A. The more stringent policy will be applied.
B. The strictest settings from each policy will be applied.
C. Directory-based accounts will always defer to Active Directory for a password policy.
D. Both local and directory-based accounts will use password policy settings from MDM.
A. The more stringent policy will be applied.
274
*Scenario*
ACME, Inc. allows users to personalize their organization-owned iPhone. Users
work with client data that contains Personally Identifiable Information
(PII). The IT team will enable the Managed Pasteboard restriction using
MDM to restrict the copying and pasting of sensitive data.
What else is needed for Managed Pasteboard to function as expected?
A. A Managed App
B. A Managed Apple ID
C. Deploy a secure content app
D. A configuration profile to restrict the App Store
A. A Managed App
275
*Select three responses.*
Which three restrictions can you apply to iPhone, iPad, and a Mac computer?
A. Handoff
B. Managed Pasteboard
C. iCloud Private Relay
D. Defer software updates
E. Allow network drive connections
A. Handoff
C. iCloud Private Relay
D. Defer software updates
276
*Scenario*
Christina lost her managed organization-owned iPhone at a store. You sent the
Enable Managed Lost Mode command to the device with your MDM solution.
*Select three responses.*
Which three other actions should you take with your MDM solution to locate the device?
A. Display a message on the Lock Screen
B. Query for the device’s location
C. Flash the front camera light
D. Vibrate the phone
E. Play a sound
A. Display a message on the Lock Screen
B. Query for the device’s location
E. Play a sound
277
Which behavior is expected for an Apple device with Activation Lock enabled?
A. It is impossible to reconfigure or wipe the device.
B. The device is automatically wiped after 10 failed passcode attempts.
C. It is impossible to successfully connect the device to a computer with a USB cable.
D. If the device is wiped, the Apple ID credentials are required to reconfigure the device.
D. If the device is wiped, the Apple ID credentials are required to reconfigure the device.
278
Which feature can deter someone from reactivating your Apple device without your permission if you wipe your device remotely?
A. Face ID
B. Activation Lock
C. Secure Enclave
D. Managed Lost Mode
B. Activation Lock
279
What is possible if you enable Lost Mode on an iPhone device with your MDM solution?
A. You can query its location even if it is turned off.
B. You can query the location of unsupervised devices.
C. The device can take a photo with its front camera if it moves.
D. You can query its location even if Location Services are turned off.
D. You can query its location even if Location Services are turned off.
280
*Select three responses.*
Which three MDM queries are available for iPad?
A. Security queries
B. Enrollment queries
C. Installed app queries
D. Device information queries
E. Configuration profile queries
A. Security queries
C. Installed app queries
D. Device information queries
281
*Select three responses.*
Which three MDM queries are available for iPhone?
A. Device network information queries
B. Configuration profile queries
C. Operating system queries
D. Enrollment queries
E. Security queries
A. Device network information queries
C. Operating system queries
E. Security queries
282
*Select three responses.*
Which three MDM queries are unique to iPhone and iPad?
A. Find My enabled
B. Passcode present
C. Secure boot status
D. Passcode compliant
E. Can Activation Lock be managed
A. Find My enabled
B. Passcode present
D. Passcode compliant
283
*Select three responses.*
Which three MDM queries are supported for Mac computers?
A. System Integrity Protection enabled
B. Lights Out Management
C. EAS device identifier
D. Find My enabled
E. Apple silicon
A. System Integrity Protection enabled
B. Lights Out Management
E. Apple silicon
284
*Scenario*
ACME, Inc. needs to prioritize its video conferencing Wi-Fi traffic higher
than Safari web traffic. Using ACME’s MDM solution, you deploy a network configuration profile with Fastlane Quality of Service (QoS) marking.
*Select two responses.*
Which two are required when you only want to mark some apps?
A. SSID
B. App name
C. App version
D. App identifier
E. Unique bundle ID
B. App name
E. Unique bundle ID
285
*Select three responses.*
Which three characteristics best describe an organization-owned deployment model?
A. Shared
B. One-to-one
C. Over-the-air
D. Personally enabled
E. "Bring your own device”
A. Shared
B. One-to-one
D. Personally enabled
286
*Select one response.*
Which deployment model best defines an organization’s goal to support a shared deployment?
A. Organization-owned
B. User-owned
C. Over-the-air
D. Shared-use
A. Organization-owned
287
*Select two responses.*
Which two enrollment types enforce supervision on Mac computers running macOS 11 or later?
A. Automated Device Enrollment
B. Over-the-Air Enrollment
C. Device Enrollment
D. User Enrollment
A. Automated Device Enrollment
C. Device Enrollment
288
*Select one response*.
What are some of the basic network requirements for setting up an on-premise MDM solution?
A. A fully qualified domain name, TLS certificate communication, and a static IP address
B. Activation Lock escrow keys, firewall ports 2195/2196, and a fully qualified domain name
C. A static IP address, robust disaster recovery solution, and encrypted database connectivity
D. A Transport Layer Security certificate, firewall ports 2195/2196, and a macOS bootstrap token
A. A fully qualified domain name, TLS certificate communication, and a static IP address
289
*Select two response.*
Which two macOS MDM enrollment types support supervision?
A. Account Driven User Enrollment
B. Automated Device Enrollment
C. Over-the-Air Enrollment
D. Device Enrollment
E. User Enrollment
B. Automated Device Enrollment
D. Device Enrollment
290
*Select three responses.*
Which three MDM features add specific functionality for education?
A. Apple School Manager
B. Managed Apple ID
C. Personal Apple ID
D. Schoolwork
E. Classroom
B. Managed Apple ID
D. Schoolwork
E. Classroom
291
*Select one response.
Scenario*
A French teacher at your school has 15 Shared iPad devices used by 30 students. They asked you to install a French book from Apple Books to cover all students using Shared iPad.
How many book licenses of this French book should you buy in Apple School Manager?
A. 15
B. 30
C. 20 to use the 50% education price discount
D. Apple Books are NOT available on Shared iPad
B. 30
292
*Select one response.*
Which assignment method should you use to distribute book licenses that were purchased within Apple School Manager or Apple Business Manager?
A. User assignment
B. Device assignment
C. Either user or device assignment
A. User assignment
293
*Select one response.*
What happens to an app when you revoke its app license using your MDM solution?
A. The icon is dimmed.
B. It will unexpectedly quit when opened.
C. It is instantly removed from the device.
D. It will continue to function for a limited time.
D. It will continue to function for a limited time.
294
*Select one response.
Scenario*
Fabiano left your organization. You want to unenroll his personal iPhone from your MDM solution.
What happens to the managed apps that you installed with your MDM solution on his iPhone?
A. It depends on the setting you selected in your MDM solution.
B. They are instantly removed from his device.
C. They stay on the device and keep working.
D. They stay on the device but stop working.
A. It depends on the setting you selected in your MDM solution.
295
*Select one response.*
Which assignment method should you use to distribute book licenses that were purchased with Apple School Manager or Apple Business Manager?
A. User assignment
B. Device assignment
C. Either user or device assignment
A. User assignment
296
*Select one response.
*Which passcode and password setting CANNOT be enforced from an MDM solution?
A. Maximum passcode age
B. Require a numeric value
C. Require an alphanumeric value
D. Maximum number of failed attempts before a Mac is locked
B. Require a numeric value
297
*Select one response.*
Which source contains detailed information about root certificates included in Apple operating systems?
A. Apple Platform Security guide
B. Apple Platform Deployment guide
C. Encryption and Data Protection support article
D. Available trusted root certificates for Apple operating systems support article
D. Available trusted root certificates for Apple operating systems support article
298
*Select one response.
*Who owns app licenses bought in Apple Business Manager and deployed to users with managed distribution?
A. The organization
B. The device owner
C. The Apple ID owner
D. The content manager
A. The organization
299
*Select one response.*
Which User Enrollment flow requires the users to access a given URL to download the enrollment profile?
A. Automated User Enrollment
B. Profile-based User Enrollment
C. Account-based User Enrollment
D. Personal device User Enrollment
B. Profile-based User Enrollment
300
*Select one response.
*Which app should you use to manually add iOS, iPadOS, and tvOS devices to Apple Business Manager?
A. Apple Configurator for iPhone
B. iPhone Configuration Utility
C. Apple Configurator for Mac
D. iTunes
C. Apple Configurator for Mac
301
*Select one response.*
What is the minimum role required to assign a device to an MDM solution in Apple School Manager?
A. Device Enrollment Manager
B. People Manager
C. Site Manager
D. Administrator
A. Device Enrollment Manager
302
*Select four response.*
Which four content types does the content caching service support on Mac computers?
A. Apple TV+
B. OS updates
C. Apple Music
D. mpeg videos
E. Apple Books
F. iCloud data caching
G. Apps from the App Store
B. OS updates
E. Apple Books
F. iCloud data caching
G. Apps from the App Store
303
*Select one response.
Scenario*
Your organization has 50 Apple devices deployed over three network subnets.
You want to turn on content caching on a Mac mini to optimize your internet bandwidth for all three network subnets.
Which setting should you use in the content caching advanced options?
A. Cache content for: devices using the same local networks
B. Cache content for: devices using the same public IP address
C. Share Peers content: content caches using custom local networks
D. Share Peers content: content caches using the same local networks
B. Cache content for: devices using the same public IP address
304
*Select one response.
Scenario*
You have installed a payload on your managed Apple device that prevents users from accepting untrusted TLS certificates.
What happens when users try to access a webpage that uses an untrusted TLS certificate and then tap Show Details?
A. They are asked to visit the site where they can download and add the trusted CA to the device.
B. They can tap “view certificate,” but they CANNOT trust this certificate or visit the site.
C. They CANNOT tap “view the certificate,” but they can view the unsecured webpage.
D. They are asked to contact the issuing CA to validate the certificate.
B. They can tap “view certificate,” but they CANNOT trust this certificate or visit the site.
305
*Select one response.*
Which MDM feature should you use to restrict managed so that content is inaccessible to apps installed by the user?
A. App sandboxing
B. Manage Open In
C. iCloud restriction
D. Account modification restriction
B. Manage Open In
306
Select three response.
Which three items are always encrypted on Apple devices?
A. FaceTime communications
B. iMessage communications
C. Email communications
D. Wi-Fi communications
E. HTTPS web browsing
A. FaceTime communications
B. iMessage communications
E. HTTPS web browsing
307
*Select one response.*
How can you remotely lock a supervised iOS device using your MDM solution?
A. Remote lock the device using two-factor authentication
B. Remove the inventory record
C. Enable Lost Mode
D. Enable Find My
C. Enable Lost Mode
308
*Select three response.
Scenario*
Molly lost her managed organization-owned iPhone at a store. With your MDM solution, you sent an Enable Lost Mode command to the device.
Which three other actions should you take with your MDM solution to locate the device?
A. Display a message on the Lock Screen
B. Query for the device’s location
C. Flash the front camera light
D. Vibrate the phone
E. Play a sound
A. Display a message on the Lock Screen
B. Query for the device’s location
E. Play a sound
309
*Select one response.
*Which behavior is expected for an Apple device with Activation Lock enabled?
A. It is impossible to reconfigure or wipe the device.
B. The device is automatically wiped after 10 failed passcode attempts.
C. It is impossible to successfully connect the device to a computer with a USB cable.
D. If the device is wiped, the Apple ID credentials are required to reconfigure the device
D. If the device is wiped, the Apple ID credentials are required to reconfigure the device
310
*Select one response.*
What is required to prevent a user from installing apps when the “allow installing apps” restriction is on an iOS device?
A. The device must be supervised.
B. A VPN configuration is required.
C. A personal Apple ID is required on the device.
D. It must be used with the “allow removing apps” restriction.
A. The device must be supervised.
311
*Select one response.*
Your organization retires 50 iPad devices and turns them in for credit toward new devices through the Apple Trade-In program. Ten iPad devices aren’t eligible for credit.
What happens to the 10 devices that are NOT eligible for credit?
A. Apple will recycle the devices.
B. Apple will refurbish the devices.
C. Apple will return the devices to you.
D. Apple will deduct a recycling fee from your credit.
A. Apple will recycle the devices.
312
*Select one response.*
What happens to devices that Apple receives through the Apple Trade-In program?
A. Apple refurbishes and resells all devices.
B. Apple sends all the devices to a recycling partner.
C. Apple refurbishes devices that are in good shape and recycles the rest.
C. Apple refurbishes devices that are in good shape and recycles the rest.
313
Required Ports and Hosts for APNs e MDM?
*Select two responses.*
A. TCP port 5223 to communicate with APNs
B. TCP port 8080 to communicate with APNs
C. TCP port 443 or 2197 to send notifications from MDM to APNs
D. TCP port 550 or 2879 to send notifications from MDM to APNs
A. TCP port 5223 to communicate with APNs
C. TCP port 443 or 2197 to send notifications from MDM to APNs
