Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Apple Device Support / Deployment and Management / Business Essentials Tutorials Questions > Check Your Understanding / Deployment and Management > Flashcards

Check Your Understanding / Deployment and Management Flashcards

1
Q

What links a device to an MDM (mobile device management) solution?

A. APNs
B. Firewall
C. Restriction
D. Enrollment profile

A

D. Enrollment profile

Enrollment profiles are the links between devices and the MDM solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does MDM need to operate, specifically for APNs and SSL?

A. Certificates
B. Restrictions
C. Enrollment profiles

A

A. Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which Apple device capability allows MDM to secure devices?

A. Location Services
B. Enrollment profiles
C. Built-in device security features

A

C. Built-in device security features

An MDM solution allows you to use the device’s built-in security features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which statement about the Apple management framework is true?

A. It’s built into Apple devices.
B. It doesn’t support personal devices.
C. It provides settings created by third parties to manage Apple devices.

A

A. It’s built into Apple devices.

Each MDM solution uses the built-in Apple management framework in iOS, iPadOS, macOS, and tvOS to manage features and settings for each platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

After a device has enrolled with an MDM server, what happens next?

A. The device reports status to the server.
B. The device polls the server for any commands.
C. The server sends push notifications to the device.

A

C. The server sends push notifications to the device.

After a device enrolls with the MDM server, the server sends push notifications to the device when there are commands to process on the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What transformative update to the MDM protocol allows a device to react autonomously to its own state changes and apply management logic to itself without cues from the server?

A. User Enrollment
B. Device Assignment
C. Declarative Management

A

C. Declarative Management

Declarative management allows the device to be autonomous and proactive, freeing up the server to be lightweight, reactive, and able to subscribe to updates without constant polling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When is it recommended to test beta software releases?

A. Quarterly
B. Year-round
C. When new devices are added to your organization

A

B. Year-round

A modern approach to managing Apple devices involves committing to the latest software, testing year-round, and ensuring that everything works together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In which type of enrollment and ownership model can users personalize apps and data on their managed devices?

A. BYOD, organization-owned
B. Nonpersonalized, organization-owned
C. Personally enabled, organization-owned

A

C. Personally enabled, organization-owned

The organization assigns devices to users, and after configuration, users can personalize their devices with their own apps and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In which type of ownership model can users personalize apps and data on their personal devices?

A. BYOD, User Enrollment
B. BYOD, organization-owned
C. Nonpersonalized, organization-owned
D. Personally enabled, organization-owned

A

A. BYOD, User Enrollment

BYOD users can customize their personal devices before and after enrolling them in an MDM solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In which ownership model can IT administrators restrict the installed apps and personal data on a device meant to be shared with multiple users?

A. BYOD, User Enrollment
B. BYOD, personally enabled
C. Nonpersonalized, organization-owned
D. Personally enabled, organization-owned

A

C. Nonpersonalized, organization-owned

IT administrators typically centrally configure and manage shared or single-purpose devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do you enroll devices ineligible for automatic enrollment in Apple Business Manager or Apple School Manager?

A. Device Enrollment
B. Automated Device Enrollment
C. Automatic enrollment
D. No enrollment possible

A

A. Device Enrollment

You can choose to manually enroll devices into your MDM solution by installing an enrollment profile locally on the devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which type of enrollment is ideal for devices you need to distribute to multiple users in multiple regions?

A. Device Enrollment
B. User Enrollment
C. Automated Device Enrollment

A

C. Automated Device Enrollment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which type of enrollment do you commonly use for BYOD deployments?

A. Device
B. User
C. Automated device

A

B. User

BYOD deployments most commonly employ User Enrollment. You can provide BYOD users a customized URL to an enrollment portal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do you need to consider when evaluating MDM solutions?

A. Support for watchOS
B. Pricing structure and subscription model
C. A device’s life cycle and trade-in value

A

B. Pricing structure and subscription model

Understand your organization’s budget and growth projections, then compare MDM solution pricing and subscription options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which is a deployment model to consider as part of your device management goals?

A. Application Programming Interface (API)
B. Over-the-air (OTA) enrollment
C. One-to-one

A

C. One-to-one

Also known as personally enabled, one-to-one is a deployment model you can consider when understanding your organization’s needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which is an important user authentication feature of an MDM solution that you should consider?

A. Support and integration with your identity provider or directory service
B. Support for future versions of macOS, iOS, and iPadOS
C. Support for the BYOD deployment model

A

A. Support and integration with your identity provider or directory service

Verify if the MDM solution supports your current identity provider or directory service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which aspects of your organization’s infrastructure should you evaluate to ensure that it meets the network roaming needs of users throughout a building?

A. Number of devices per user
B. Wi-Fi coverage and capacity
C. Adequate number of access points per device
D. Sources of interference caused by construction materials

A

B. Wi-Fi coverage and capacity

Evaluating Wi-Fi coverage and capacity helps you strategically place wireless access points that have enough power to meet the roaming needs throughout your organization’s facilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which type of network uses individual user credentials or device- and/or user-based certificates to control who or what devices can use the network?

A. Provisioning network
B. WPA2 Personal network
C. WPA2 Enterprise network

A

C. WPA2 Enterprise network

WPA2 Enterprise network uses individual user credentials or device- and/or user-based certificates to control who or what devices can use the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which functions require Apple devices to continuously access APNs?

A. Bonjour access, content caching, and internet connection sharing
B. SSO, VPN connectivity, and Wi-Fi network roaming
C. Notifications of operating-system and app updates, MDM policies, and messages
D. Ad and location tracking, Keychain data backup, and app suggestions

A

C. Notifications of operating-system and app updates, MDM policies, and messages

Apple devices learn of operating-system and app updates, MDM policies, and incoming messages through continuous access to APNs. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What should you do to ensure that Apple devices can access APNs and other Apple services on your organization’s network?

A. Configure all devices to auto-establish secure VPN access to Apple’s network.
B. Deploy devices with an SSO payload that are configured to allow access to Apple’s network.
C. Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.
D. Set up your network to work with Bonjour so that devices can connect to APNs and Apple services.

A

C. Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.

For Apple devices to access APNs and Apple services, you might need to adjust network configurations on web proxies or firewall ports to allow network traffic access to Apple’s network. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which is the most commonly deployed authentication technology that both AD and SSO use?

A. Kerberos
B. MSCHAPv2
C. OAuth
D. SAML

A

A. Kerberos

Kerberos is the most commonly deployed authentication technology that both AD and SSO use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is used for personalized setup of a managed device?

A. Apple Configurator
B. MDM solution
C. Setup Assistant

A

C. Setup Assistant

Setup Assistant is used for personalized setup of a managed device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Why might you create a security policy that enforces the use of FileVault for data encryption on a managed Mac?

A. This policy ensures that users can’t disable FileVault.
B. When you turn on FileVault using an MDM solution, it adds a Recovery Key to a user’s iCloud account.
C. FileVault is compatible with any Apple device.
D. You can use third-party encryption algorithms to configure FileVault.

A

A. This policy ensures that users can’t disable FileVault.

Users can’t disable FileVault if it’s enforced with a configuration profile on managed Mac computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which benefit helps IT administrators reduce the need to perform extensive configurations on Apple devices?

A. Many security features are turned on by default.
B. Users can select a security profile in Setup Assistant.
C. IT administrators can deliver and enforce policies without an MDM solution.
D. IT administrators can issue remote commands to devices to erase all private information.

A

A. Many security features are turned on by default.

Because many security features on Apple devices are turned on by default, administrators save time when they configure devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What happens if your Apple device can’t validate the trust chain of a signing CA?

A. The service encounters an error.
B. The CA is added to the unapproved list.
C. The user is asked to enter the device password or passcode.

A

A. The service encounters an error.

If your Apple device can’t validate the trust chain of a signing CA, the service encounters an error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which MDM payload setting can you use to turn off updating certificates wirelessly for iPhone and iPad devices?

A. Automatic sync while roaming
B. Allow users to accept untrusted TLS certificates
C. Allow automatic updates to certificate trust settings

A

C. Allow automatic updates to certificate trust settings

When you deselect this option and push the payload to your device, you prevent wireless certificate updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

You’ve installed a payload on your managed Apple device that prevents users from accepting untrusted TLS certificates.

What happens when users try to access a webpage that uses an untrusted TLS certificate and then tap Show Details?

A. They’re asked to contact the issuing CA to validate the certificate.
B. They can tap “view the certificate,” but they can’t trust this certificate or visit the site.
C. They can’t tap “view the certificate,” and they can view only the unsecured version of the webpage.

A

B. They can tap “view the certificate,” but they can’t trust this certificate or visit the site.

When you deselect the option “Allow users to accept untrusted TLS certificates,” users can’t accept untrusted TLS certificates or visit sites that use untrusted certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How do you configure Custom Apps to appear in the sidebar?

A. In Settings, select Apps and Books, then click Enable next to Custom Apps.
B. In Settings, select Enrollment Information, then click Enable next to Custom Apps.
C. In Roles, choose the role for which to enable custom apps, then select the View Custom Apps checkbox.

A

B. In Settings, select Enrollment Information, then click Enable next to Custom Apps.

You enable Custom Apps in Settings > Enrollment Information. When you enable the Custom Apps option, it appears below the Content section in the sidebar.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the purpose of using federated authentication with Apple Business Manager or Apple School Manager?

A. Federated authentication links to your Google Workspace or Azure AD domain.
B. Federated authentication verifies your organization’s eligibility.
C. Federated authentication verifies ownership of the domains that you use with your portal.

A

A. Federated authentication links to your Google Workspace or Azure AD domain.

When you link to Google Workspace or Azure AD, users can leverage their user names and passwords as Managed Apple IDs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

You didn’t import user data into Apple Business Manager after configuring federated authentication.

Which Apple Business Manager settings pane can you use to import user data into Apple Business Manager?

A. Accounts
B. Directory Sync
C. Enrollment Information

A

B. Directory Sync

In the Directory Sync pane, you can sync Apple Business Manager with user data from your Google Workspace or Azure AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following roles has the least user privileges?

A. Staff
B. Administrator
C. Content Manager

A

A. Staff

The Staff role has the least user privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which type of additional user should you create immediately after signup is complete?

A. Administrator
B. Device Enrollment Manager
C. People Manager
D. Content Manager

A

A. Administrator

After signup is complete, you’re the only person who can sign in. Create a second administrator account in case you can’t sign in for some reason.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which roles must your account have to add or edit locations in Apple Business Manager?

A. Administrator or Site Manager
B. Administrator or People Manager
C. People Manager or Content Manager

A

B. Administrator or People Manager

Only an Administrator or a People Manager can add or edit locations in Apple Business Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

You’ve created a number of users with Content Manager, Device Enrollment Manager, and People Manager roles.

What should you do next to give each user access?

A. Enter a secure password for each user.
B. Ask each user to enroll in your portal.
C. Create sign-in information and email it to each user.

A

C. Create sign-in information and email it to each user.

You can choose to either email users their sign-in information directly or download it as a PDF or CSV file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which statement about adding an MDM server in Apple Business Manager or Apple School Manager is true?

A. Adding an MDM server creates a link to your MDM solution.
B. Adding an MDM server eliminates the need for an MDM solution.
C. Adding an MDM server configures an additional server in your MDM solution.

A

A. Adding an MDM server creates a link to your MDM solution.

Adding an MDM server establishes a secure relationship between your MDM solution and Apple Business Manager or Apple School Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What’s the purpose of the public key certificate file that you download from your MDM server before you add the server to your Apple Business Manager or Apple School Manager portal?

A. It enables the MDM server to securely send email through the portal.
B. It configures two-step verification between your MDM server and the portal.
C. It contains a public key that the MDM server uses to encrypt the portal server token.

A

C. It contains a public key that the MDM server uses to encrypt the portal server token.

You upload the public key certificate file to Apple Business Manager or Apple School Manager when you add your MDM server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

After you add your MDM server in your Apple Business Manager or Apple School Manager portal, what must you do so that the MDM server securely connects to the portal?

A. Enter the encryption key that the portal generates into the MDM server.
B. Verify that the secure URL for your MDM server in the portal is correct.
C. Download the server token from the portal and upload it to the MDM server.

A

C. Download the server token from the portal and upload it to the MDM server.

The server token is a P7M file that your MDM server uses to securely connect to Apple Business Manager or Apple School Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which Apple Configurator tool do you use to add donated iPhone and iPad devices to Apple Business Manager or Apple School Manager?

A. Device Assignments
B. Blueprints
C. Profile Editor
D. Prepare Assistant

A

D. Prepare Assistant

You can manually add iPhone and iPad devices to Apple Business Manager or Apple School Manager using Apple Configurator with Prepare Assistant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What happens if a Wi-Fi payload is not included in a configuration profile when manually adding iPhone or iPad to Apple Business Manager or Apple School Manager?

A. The device is added to Apple Business Manager or Apple School Manager, but won’t be able to connect to Wi-Fi.

B. Adding the device fails with a network error.

C. Apple Configurator continues to try to add the device to Apple Business Manager or Apple School Manager until you click Cancel.

A

B. Adding the device fails with a network error.

Because iPhone and iPad devices require an internet connection to be added to Apple Business Manager or Apple School Manager, you must install a configuration profile with a Wi-Fi payload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

How can you see more detailed information about devices in Apple Configurator after you start adding them manually?

A. From the Apple Configurator menu bar, choose View > Show Status Bar.

B. From the Apple Configurator menu bar, choose File > Get Info after choosing a device from the Apple Configurator main window.

C. From the Apple Configurator menu bar, choose Window > Activity.

A

C. From the Apple Configurator menu bar, choose Window > Activity.

The Activity window shows detailed information about the device, including activation status, enrollment status, and errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

You want to integrate your MDM solution with Apps and Books for managed distribution to your devices.

What must you download in Apple Business Manager and then upload to your MDM solution?

A. A server token
B. A public key certificate
C. A CSV file containing all device serial numbers
D. Your organization’s Apple Customer ID

A

A. A server token

The server token is a file that connects your MDM solution to the volume purchasing feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Your organization wants to retain full ownership and control of apps that you purchased through Apps and Books.

Which license type should you choose?

A. Custom licenses
B. Managed licenses
C. Redemption codes
D. Supervised licenses

A

B. Managed licenses

Choose Managed when you purchase licenses for managed distribution. Your organization retains full ownership and control of apps through assignment with your MDM solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

You purchase books and choose licenses for managed distribution.

What happens to ownership of the books when you distribute them?

A. Book ownership always transfers to users. You can’t revoke or reassign books.
B. You choose whether you want to retain or transfer ownership of books when you distribute them.
C. The organization retains full ownership and control, so you can revoke and reassign them later.

A

A. Book ownership always transfers to users. You can’t revoke or reassign books.

Regardless of whether you choose licenses for managed distribution or redemption codes, book ownership always transfers to the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What must multiple subnets share so that a network can use a single content cache, without requiring DNS changes?

A. DNS
B. Subnet
C. Bandwidth
D. Public IP Address

A

D. Public IP Address

You can set the caching server to provide content caching for subnets of the local network that share a common public IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

When an iPhone device on your network tries to download Apple content that could be cached, the Apple content server instructs the device to check with the local network’s cache first.

A. True
B. False

A

A. True

With content caching, when an iPhone device on your network downloads an iOS update from the App Store, content caching keeps a copy of the update.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which issue could arise when multiple devices request the same data and caching is NOT turned on?

A. Data becomes less secure.
B. Bandwidth consumption increases.
C. Only the first device can download the requested data.
D. No issue — each device downloads the requested data.

A

B. Bandwidth consumption increases.

When the second device requests the same content, the bandwidth consumption doubles because the second device also needs to download the content from the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

For best results, deploy content caching on a Mac that has a single wired Ethernet connection as its only network connection.

A. True
B. False

A

A. True

Use an Ethernet connection to the network for best results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Where do you turn on content caching on your Mac?

A. System Preferences > Security & Privacy
B. System Preferences > Sharing
C. System Preferences > Network
D. System Preferences > Profiles

A

B. System Preferences > Sharing

Use the Content Caching option in Sharing preferences to manage content caching on your Mac.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which setting should you select to prevent your computer from going to sleep and interfering with content caching?

A. Wake for network access
B. Put hard disks to sleep when possible
C. Enable Power Nap while plugged into a power adapter
D. Prevent computer from sleeping automatically when the display is off

A

D. Prevent computer from sleeping automatically when the display is off

Content caching requires the Mac to be turned on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

With internet connection sharing, you can use a Mac computer’s internet connection to cache content for iPhone or iPad devices that are physically connected to the Mac through USB.

A. True
B. False

A

A. True

A Mac with internet connection sharing turned on and with an Ethernet connection can cache content for iPhone and iPad devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which advanced option do you use to set the cache size?

A. Peers
B. Storage
C. Clients
D. Parents

A

B. Storage

You view and set the cache size in the Storage tab.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

When you use Activity Monitor to check performance statistics for content caching, which comparison can tell you whether content caching is helping?

A. The closer the Maximum Cache Pressure value is to the Data Served value, the more content caching is helping.

B. The further the Maximum Cache Pressure value is from the Data Served value, the more content caching is helping.

C. The closer the Data Served From Cache values are to the Data Served values, the more content caching is helping.

D. The further the Data Served From Cache values are from the Data Served values, the more content caching is helping.

A

C. The closer the Data Served From Cache values are to the Data Served values, the more content caching is helping.

Comparing the closeness of these two values is the best way to determine how content cache is helping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Where does the content caching service send log messages?

A. To the main system.log
B. To the subsystem com.apple.AssetCache
C. To the subsystem com.apple.ContentCache
D. To the subsystem com.apple.AssetCacheManagerUtil

A

B. To the subsystem com.apple.AssetCache

Specifying this subsystem in the log command filters the displayed results to those associated with content caching.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which command can you use to configure advanced settings for content caching?

A. defaults write
B. AssetCacheManagerUtil status
C. AssetCacheManagerUtil settings

A

A. defaults write

When used with sudo, the defaults write command allows you to configure advanced settings for content caching.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which tool can you use to display advanced settings for the content caching service?

A. Activity Monitor
B. Console
C. System Preferences
D. Terminal

A

D. Terminal

You can use the command line interface in Terminal to configure all settings, both basic and advanced, for content caching.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which statement about entering Apple Customer Numbers and Reseller Numbers is correct?

A. You can enter both an Apple Customer Number and a Reseller Number.
B. You can enter an Apple Customer Number or a Reseller Number but not both.
C. You can enter only one Apple Customer Number, but multiple Reseller Numbers.

A

A. You can enter both an Apple Customer Number and a Reseller Number.

You can enter both an Apple Customer Number and a Reseller ID and even add multiple numbers if you need them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Your organization has multiple MDM servers linked in Apple Business Manager or Apple School Manager.

What should you do to automatically assign iPhone devices and Mac computers to different MDM servers?

A. Choose your preferred assignment method in MDM Server Assignment, then select the default MDM server for each device type.

B. Edit the assignment options in Default MDM Server Assignment settings and choose a different server for iPhone devices and Mac computers.

C. Upload a CSV file containing iPhone device serial numbers and assign them to one MDM server, then Upload a CSV file for Mac computers and assign them to a different MDM server.

A

B. Edit the assignment options in Default MDM Server Assignment settings and choose a different server for iPhone devices and Mac computers.

If you have linked more than one MDM server, you can choose default assignments by device type in Default MDM Server Assignment settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

You made multiple orders for new iPhone devices and want the devices from one order assigned to a different MDM server than the others.

What’s the best way to do that?

A. Use MDM Server Assignment to change the Default MDM Server Assignment for iPhone.

B. Select Devices, filter by order number and device type, then select all devices to change assignments.

C. Use MDM Server Assignment to enter a new Reseller Number for the order to filter device assignments.

D. Use Devices to download a CSV file containing iPhone device serial numbers for that order only. Edit the file and upload it with the unique server assignment for the iPhone devices in that order.

A

B. Select Devices, filter by order number and device type, then select all devices to change assignments.

You can select All Devices to edit the MDM Server assignments of all devices matching the search criteria.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

You’re responsible for managing 10 identical iPad devices that your organization uses in a training classroom and networking isn’t available onsite. Each week you need to retrieve the files stored on each device by the recent students and set up the devices for a new class.

Which approach is best for this task?

A. Apple Configurator for Mac
B. Apple Configurator for Mac with Shared iPad
C. Apple Configurator for Mac with your MDM solution

A

A. Apple Configurator for Mac

You can use Apple Configurator for Mac to create a single backup image that you apply to all the devices at the start of class, and use it to retrieve files at the end.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which type of content can you assign with Apple Configurator for Mac?

A. Apps
B. User settings
C. Purchased music
D. Podcasts

A

A. Apps

Distributing apps to multiple Apple devices simplifies deployment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

You can add content to a Blueprint or to devices in Apple Configurator for Mac only by dragging and dropping.

A. True
B. False

A

B. False

You can also add content to a Blueprint or a device through menu and toolbar options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which type of information about iPad can you view in Apple Configurator for Mac?

A. Camera status
B. iPad location
C. Console log
D. Ebook licenses

A

C. Console log

You can find the Console log by choosing File > Get Info from the Apple Configurator for Mac menu bar.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

How do you install the cfgutil tool?

A. From the App Store
B. From Apple Configurator for Mac
C. From Profile Manager
D. From /Applications/Utilities on your Mac

A

B. From Apple Configurator for Mac

The cfgutil tool is one of the automation tools that you can install from Apple Configurator for Mac.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Which tool can you use to automate configurations with shell scripts?

A. Blueprints
B. Automator app
C. Command-line tool cfgutil

A

C. Command-line tool cfgutil

The command-line tool cfgutil in the Terminal app helps you write shell scripts and automate specific processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Which tool can you use to create your own workflows for bulk deployments?

A. Blueprints
B. Automator app
C. Command-line tool

A

B. Automator app

You can use the Automator app to create automated workflows for others to use when configuring devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Which tool can you use to automate configurations with a template tool to add configuration profiles and apps?

A. Blueprints
B. Automator app
C. Command-line tool

A

A. Blueprints

Blueprints use template tools to record actions that you can then apply to devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What is a configuration profile?

A. A System Report file with hardware and software configuration from a device
B. An automation file to script Apple Configurator actions
C. A file with user data from Apple devices
D. A file with payloads for Apple devices

A

D. A file with payloads for Apple devices

A profile is a file with payloads that contain settings and authorization information for Apple devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Which method can you use to build configuration profiles with payloads specific to macOS?

A. Apple Configurator
B. Apple Business Manager
C. An MDM solution

A

C. An MDM solution

To create custom configuration profiles that contain settings specific to macOS, use an MDM solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Which tool can you use to set up payloads for Apple TV?

A. Profile Editor
B. Prepare Assistant
C. Setup Assistant
D. Blueprints

A

A. Profile Editor

Use the Profile Editor to create configuration profiles for Apple TV as well as iPhone and iPad devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

An MDM solution is the only way to create and distribute a configuration profile.

A. True
B. False

A

B. False

You can also create a configuration profile with Apple Configurator and then distribute it using a message, a web page, Apple Configurator, or an MDM solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is the benefit of signing configuration profiles?

A. A signed profile prevents users from removing the profile from the device.
B. Signing a configuration profile makes it more resistant to tampering during distribution.
C. Signing a configuration profile allows a device to communicate securely with an MDM solution.

A

B. Signing a configuration profile makes it more resistant to tampering during distribution.

If someone modifies a profile after you sign it, the MDM framework won’t allow that profile to be installed on a device.

72
Q

Which payload prevents a user from later configuring an option that is hidden in Setup Assistant during device setup?

A. App Configuration
B. Parental Controls
C. Restrictions
D. Security & Privacy

A

C. Restrictions

Configure Restrictions to restrict functions for Setup Assistant options that you hide during device setup. Restrictions remain in place until they’re removed.

73
Q

Which of the following lets you configure what Setup Assistant panes users see during device setup?

A. App Configuration
B. Require credentials for enrollment
C. Assign devices to your MDM solution in Apple Business Manager or Apple School Manager.
D. Security & Privacy

A

C. Assign devices to your MDM solution in Apple Business Manager or Apple School Manager.

You must configure them to enroll during setup.

74
Q

Users can complete Setup Assistant on a Mac without a network connection.

A. True
B. False

A

A. True

Users can complete Setup Assistant on a Mac without a network connection, which prevents MDM enrollment at that time. When the Mac connects to a network after setup is complete, macOS notifies users to enroll in the MDM solution and reminds them periodically until they enroll.

75
Q

Before you can configure Setup Assistant options, you must configure devices to enroll in device management during setup.

A. True
B. False

A

A. True

After you configure devices to enroll in MDM during setup, you can configure Setup Assistant options.

76
Q

How can you ensure only authorized users can enroll a device?

A. Select the Setup Assistant payload for iOS devices.
B. Select the Setup Assistant options that you want to display.
C. Select the option to require user authentication during enrollment.

A

C. Select the option to require user authentication during enrollment.

The user will need to authenticate in order to enroll.

77
Q

Setup Assistant guides users through setting up their Apple devices after they access the Home Screen.

A. True
B. False

A

B. False

Setup Assistant guides users before they get to the Home Screen.

78
Q

You can manage user devices through your MDM solution and still give users some freedom to personalize the configuration.

A. True
B. False

A

A. True

You can use your MDM solution to manage devices but still permit users to personalize some settings.

79
Q

You downloaded a configuration profile on iPhone from a website or an email message. Where on the device do you install it?

A. Install the profile in the Settings app.
B. Delete the attachment, and go to a webpage.
C. Don’t do anything because the profile installs automatically.

A

A. Install the profile in the Settings app.

Users install the profile in the Settings app.

80
Q

What happens when the user manually enrolls a device in the MDM solution?

A. Nothing happens until the user restarts the device.
B. The MDM solution records information about the device, such as the serial number and installed apps.
C. The user receives a web address where they can download the enrollment profile.
D. The user receives a web address where they can download the configuration profile.

A

B. The MDM solution records information about the device, such as the serial number and installed apps.

When the user connects to the MDM solution using the device, the MDM solution records information about the device.

81
Q

When a user removes an enrollment profile from their device, what else is also removed?

A. User data
B. The current operating system
C. Organization data
D. Managed apps based on that configuration profile

A

D. Managed apps based on that configuration profile

A user can remove an enrollment profile from their device, including all configuration profiles and their settings, as well as managed apps based on that enrollment profile.

82
Q

If users with their own personal devices leave a company, what do they do to disassociate their devices from an MDM solution?

A. Reset Location & Privacy settings.
B. Download a removal token.
C. Remove the Remote Management configuration profile from Settings in iOS and iPadOS or System Preferences in macOS.
D. Visit a specified self-service site to unenroll.

A

C. Remove the Remote Management configuration profile from Settings in iOS and iPadOS or System Preferences in macOS.

If users bring their own devices, they can remove the configuration profiles to disassociate from an organization’s MDM solution.

83
Q

As an IT administrator, how would you send new settings to user devices?

A. Send users a self-service URL.
B. Change and send the updated configuration profile.
C. Remove the configuration profile and send a new one.
D. Email users a link for a new configuration profile.

A

B. Change and send the updated configuration profile.

The easiest way to send new settings is to use your MDM solution to change and send an updated configuration profile to users.

84
Q

Your organization has a BYOD policy. As the IT administrator, what MDM enrollment options can you give users?

A. Send an enrollment profile by email or SMS.
B. Provide a self-service portal if supported.
C. All of the above

A

C. All of the above

Sending an enrollment profile by email or SMS and setting up a self-service portal are two common options you can offer users to enroll their devices.

85
Q

Which iPad is compatible with Shared iPad?

A. iPad Pro
B. iPad Air
C. iPad 4th generation
D. iPad mini 3

A

A. iPad Pro

86
Q

Which service can you configure on a Mac to temporarily store iCloud user data from shared iPad devices?

A. iCloud
B. Content Caching
C. Internet Sharing

A

B. Content Caching

When you have a Mac with the Content Caching service turned on, Shared iPad can locally save iCloud user data in addition to iPadOS and app updates.

87
Q

Where can you find apps that are “Optimized for Shared iPad”?

A. Apple Configurator
B. Classroom
C. Apps and Books

A

C. Apps and Books

88
Q

Which additional option is available when you configure Shared iPad?

A. Maximum amount of storage
B. Quota size per user
C. Maximum number of apps

A

B. Quota size per user

When you enroll iPad devices into Shared iPad, configure the quota size per user based on the iPad storage you think that your users will need.

89
Q

Which option is skipped when you configure Shared iPad successfully?

A. Wi-Fi
B. Setup Assistant
C. Restrictions

A

B. Setup Assistant

Setup Assistant is skipped if you configure Shared iPad successfully.

90
Q

Which Shared iPad feature allows users to sign in as a guest?

A. Classroom
B. Guest User
C. Temporary sessions

A

C. Temporary sessions

When you configure iPad devices for temporary sessions, a user can sign in to the device by tapping Guest at the sign-in screen.

91
Q

You can ship devices directly to users without touching or preparing the devices if your organization purchases them directly from a participating Apple Authorized Reseller or carrier and you automatically enroll them in MDM with Apple Business Manager or Apple School Manager.

A. True
B. False

A

A. True

Organizations that purchase devices directly from a participating Apple Authorized Reseller or carrier can enroll the devices automatically into an MDM solution with Apple Business Manager or Apple School Manager.

92
Q

When you set up a device with Setup Assistant, which of the following might you be asked to enter to complete the enrollment in MDM?

A. iCloud account credentials
B. Personal Apple ID credentials
C. Organizational credentials

A

C. Organizational credentials

If your organizaton requires your credentials, they provide additional device security to confirm the identity of authorized users.

93
Q

With help from a self-support site or app, what is a task that a user can complete?

A. Download internal business apps
B. Purchase apps from the App Store
C. Install personalized apps on a device
D. Enroll a device in Apple Business Manager or Apple School Manager

A

A. Download internal business apps

If an organization provides self-support sites, these sites can allow users to access device enrollment in MDM, downloads of internal business apps, and other device management services.

94
Q

What do you use to connect Apple devices to networks that use 802.1X EAP-TLS authentication?

A. A configuration profile
B. A PAC file
C. A .plist file

A

A. A configuration profile

To connect Apple devices to networks that use 802.1X EAP-TLS authentication, MDM administrators must create the appropriate settings for their networks in configuration profiles and then push them to their devices.

95
Q

Which security type do you use to configure managed Apple devices to connect to 802.1X networks?

A. WEP
B. WPA3 Enterprise
C. WPA3 Personal

A

C. WPA3 Enterprise

Configuring your managed Apple devices with this type gives them access to a broad range of 802.1X authentication environments.

96
Q

You can use WPA2/WPA3 Enterprise authentication at the login window of macOS.

A. True
B. False

A

A. True

You can authenticate to a network from the login window when your Mac is set up with a compatible directory service and configured to use this mode with MDM.

97
Q

EAP-TLS authentication uses a certificate identity that’s shared among all clients.

A. True
B. False

A

False

When authenticating Apple devices to EAP-TLS–protected networks, each client uses a unique certificate identity.

98
Q

How does a PAC file influence the way an Apple device communicates over a network?

A. The device uses the authentication credentials defined in the PAC file to connect to servers.
B. The device follows the PAC file rules that define the proxy server’s location and traffic allowed to connect directly.
C. The device constructs a list of approved websites by using the web addresses that the PAC file defines.

A

B. The device follows the PAC file rules that define the proxy server’s location and traffic allowed to connect directly.

The proxy server’s location and rules for allowed direct traffic defined in the PAC file manage the way an Apple device communicates over a network.

99
Q

Which of these alternatives to a proxy server URL could you use to configure a payload with proxy settings for an Apple device?

A. A .plist file with allowed websites
B. A domains restriction
C. WPAD using DHCP option 252

A

C. WPAD using DHCP option 252

When configuring an Apple device to use a proxy, you can use WPAD using DHCP option 252 instead of a proxy server URL.

100
Q

What must the server identity certificate contain in the SubjectAltName field?

A. The CA name
B. The rest of the trust chain
C. The user’s group name
D. The server’s DNS name or IP address

A

D. The server’s DNS name or IP address

The server identity certificate must contain the server’s DNS name or IP address in the SubjectAltName field.

101
Q

What must users of an MDM solution install so that custom VPN works on Apple devices?

A. Profile Manager and VPN Manager
B. The appropriate authentication app
C. Configuration profile and VPN Manager
D. VPN Manager and User Authentication Profile

A

B. The appropriate authentication app

You need the vendor’s VPN app.

102
Q

Which VPN connection type provides more granular control over which data goes through VPN?

A. Per-App VPN
B. VPN On Demand
C. Always-On VPN

A

A. Per-App VPN

Per-App VPN connections are established on a per-app basis, which provides more granular control over which data goes through VPN.

103
Q

How do you enable managed distribution?

A. Enroll devices in MDM.
B. Download a spreadsheet of app licenses.
C. Link your MDM solution to at least one location in Apple Business Manager or Apple School Manager.
D. Purchase content through Apps and Books in Apple Business Manager or Apple School Manager.

A

C. Link your MDM solution to at least one location in Apple Business Manager or Apple School Manager.

To enable managed distribution, you link your MDM solution to at least one location in your Apple Business Manager or Apple School Manager account.

104
Q

Which distribution model permanently transfers apps to users?

A. Custom apps
B. Redemption codes
C. Managed distribution to users
D. Managed distribution to devices

A

B. Redemption codes

Distributing app licenses through redemption codes transfers ownership of an app to the user who redeems the code.

105
Q

Your organization wants developers to read a software architecture book that you should purchase from Apps and Books. Funding is limited, so the engineering lead wants to know if books can be transfered between employees after they finish reading it.

Who has the authority to revoke a book license after distribution?

A. No one
B. The user
C. The content manager
D. The MDM administrator

A

A. No one

When you distribute books, ownership permanently transfers to the users; you can’t revoke or reassign book licenses.

106
Q

When you use managed distribution to assign apps directly to devices, your organization retains full control and ownership of the app licenses.

A.True
B. False

A

A.True

Using managed distribution with MDM, your organization retains full control and ownership of app licenses with the ability to assign, revoke, and then reassign apps to devices.

107
Q

How is an app installed on a user’s device after the app is assigned to that device?

A. The user must accept the app installation.
B. Your MDM solution automatically pushes the app to the device.
C. The user receives an invitation to download and install the app from the App Store.

A

B. Your MDM solution automatically pushes the app to the device.

Your MDM solution can automatically push it to that device without requiring user invitation or acceptance.

108
Q

When does the number of available app licenses for supervised devices change in your MDM solution apps library?

A. After the user installs or deletes the app
B. After the device user accepts or rejects the installation
C. After you assign or revoke an app to a device or device group

A

C. After you assign or revoke an app to a device or device group

After you assign or revoke an app using your MDM solution, the number of app licenses available for assignment adjusts accordingly.

109
Q

What must a user do before you can assign apps to them with managed distribution?

A. Install a managed distribution profile on their device
B. Accept an invitation to enroll in managed distribution
C. Sign in to an MDM solution and create a Managed Apple ID
D. Sign in to Apple Business Manager or Apple School Manager and enroll in Apps and Books

A

B. Accept an invitation to enroll in managed distribution

The user must accept the invitation by signing in with their Apple ID and agreeing to the terms and conditions.

110
Q

When you assign an app to a group for managed distribution, who must accept the invitation to enroll in managed distribution?

A. Your MDM solution administrator
B. Each individual user in the group
C. The Apple Business Manager or Apple School Manager administrator

A

B. Each individual user in the group

Each user in the group receives an invitation to enroll in managed distribution.

111
Q

How long must you wait to reassign an app after you’ve revoked it from a device or user?

A. You can reassign the app immediately.
B. You must wait 24 hours before reassigning the app.
C. You must wait 60 minutes before reassigning the app.
D. You can reassign the app to a device immediately, but you must wait 24 hours for a user assignment.

A

A. You can reassign the app immediately.

You can reassign an app immediately after you revoke it.

112
Q

What is one way to revoke all app licenses that you’ve assigned to a user?

A. Remove the MDM profile on the device.
B. Reassign the apps to another user or device.
C. Change the assigned location in Apple Business Manager or Apple School Manager.
D. Remove the user from managed distribution.

A

D. Remove the user from managed distribution.

Removing a user from managed distribution revokes all assigned app licenses and they must accept a new invitation to receive new app licenses. If you expect to assign app licenses to the user in the future, don’t remove them from managed distribution — revoke the individual licenses.

113
Q

What happens to an app’s function on a device when you revoke it from the user?

A. The user receives a notification on the device, and the app is removed immediately.
B. The app remains on the device, but it stops working as soon as it’s been revoked.
C. The App Store notifies the user that the app has been revoked and requires the user to purchase the app.
D. The App Store notifies the user that the app has been revoked, but the app continues to work for at least 30 days after it’s revoked.

A

D. The App Store notifies the user that the app has been revoked, but the app continues to work for at least 30 days after it’s revoked.

30 days after the notification, the app either stops working or continues to run, depending on whether the app developer opted to have the app stop working when revoked.

114
Q

What do you use on a managed, user-owned iPhone or iPad to prevent users from opening unmanaged attachments or documents in managed sources?

A. A restriction
B. A managed domain
C. A managed account

A

A. A restriction

Open In management uses a set of restrictions to prevent users from opening attachments or documents from managed sources in unmanaged destinations on a managed iPhone or iPad.

115
Q

On a user-owned iPhone enrolled in your MDM solution, you can prevent users from opening unmanaged attachments or documents in managed sources.

A. True
B. False

A

A. True

On a managed iPhone or iPad, you can prevent users from opening attachments or documents from managed sources in unmanaged destinations.

116
Q

Which condition applies when a managed pasteboard restriction is installed on a managed device?

A. The Paste button is dimmed.
B. The Paste button doesn’t appear.
C. A “Paste Not Allowed” notification displays.

A

C. A “Paste Not Allowed” notification displays.

If the user isn’t allowed to paste content in an app due to the restriction, they get a “Paste Not Allowed” notification that includes the organization name.

117
Q

Which type of payload do you use to prevent a user from removing system apps on iPhone?

A. Restrictions
B. Security & Privacy
C. Software Updates

A

A. Restrictions

Use a Restrictions payload to prevent users from removing system apps on iPhone.

118
Q

When you use MDM, you can prevent a Mac user from uninstalling a managed app.

A. True
B. False

A

B. False

When you use MDM to install a managed app, you can set the Removable attribute to prevent a user from uninstalling it from iPhone or iPad.

119
Q

Which types of apps are still available to download to the device?

A. Games and Reader apps
B. All free apps that don’t have in-app purchases
C. Managed Apps, MDM-installed apps, system apps, and updates to those apps

A

C. Managed Apps, MDM-installed apps, system apps, and updates to those apps

The device can still receive managed apps, MDM-installed apps, system apps, and updates to those apps despite restrictions on access to the App Store.

120
Q

An app that a user manually installs on a device — for example from the App Store — isn’t managed.

A. True
B. False

A

A. True

Only apps installed with an MDM solution are considered managed. MDM can take over management of a user-installed app, prompting the user to accept on an unsupervised device.

121
Q

Which apps can users use to open the email attachment in the organization account after Managed Open In restrictions are in place?

A. Only apps that the user installs
B. Any app installed on the device
C. Only apps installed from the App Store
D. Only managed apps that the MDM solution installs

A

D. Only managed apps that the MDM solution installs

Apps that the MDM solution installs are considered managed. You can apply restrictions to managed apps that limit how users can share attachments with unmanaged apps.

122
Q

Where can you confirm whether iCloud restrictions have been applied to a managed Mac?

A. In Keychain Access under iCloud
B. In System Preferences in the Profiles preference pane
C. In System Information under Restrictions
D. In the Apple menu under About This Mac

A

B. In System Preferences in the Profiles preference pane

After you’ve used MDM to push restrictions to your devices, the profile displays those restrictions. Using System Preferences, you can review the restrictions by choosing the profile containing the restrictions.

123
Q

Which profile setting can you use to prevent a managed app from backing up data in iCloud?

A. Allow iCloud Drive
B. Allow managed apps to store data in iCloud
C. Allow documents from managed sources in unmanaged destinations
D. Allow documents from unmanaged sources in managed destinations

A

B. Allow managed apps to store data in iCloud

Apple’s device management framework supports several restrictions for managing iCloud. You use this setting when you want to prevent a managed app from backing up data in iCloud.

124
Q

What is a benefit of enabling FileVault on a Mac startup volume?

A. Additional security by requiring a login password to decrypt data
B. Increased encryption by increasing the number of bits in the key from 0 to 128
C. Enhanced privacy by encoding all data sent over a Mac computer’s network connections

A

A. Additional security by requiring a login password to decrypt data

On Mac computers with Apple silicon or the T2 chip, data is always encrypted on the startup volume. Turning on FileVault provides additional security by requiring a login password to decrypt data.

125
Q

What is the purpose of a PRK?

A. To initiate an “Erase All Content and Settings” command
B. To unlock the startup disk if the user forgets their login password
C. To authorize the installation of macOS software updates and upgrades

A

B. To unlock the startup disk if the user forgets their login password

When you first turn on FileVault on an individual unmanaged Mac, you choose how you want to unlock the startup disk if the user forgets their login password: with the Apple ID they use for iCloud or with a PRK.

126
Q

When managing FileVault using MDM, which of the following is required?

A. The managed Mac must be supervised.
B. An IRK must be installed on the managed Mac.
C. A user must log in on the managed Mac using an administrator account.

A

A. The managed Mac must be supervised.

You can manage FileVault settings on Mac computers that are enrolled in, and supervised by, your MDM solution, using either Automated Device Enrollment or Device Enrollment.

127
Q

Why would you defer software updates on Apple devices?

A. To roll back an update if it’s unsuccessful
B. To verify that your organization’s iPhone and iPad devices are managed
C. To test critical apps and infrastructure before deploying the update

A

C. To test critical apps and infrastructure before deploying the update

Testing apps and infrastructure before deployment is critical.

128
Q

What is the maximum number of days that you can defer software updates on Apple devices?

A. 30
B. 60
C. 90
D. 99

A

C. 90

You can defer software updates up to 90 days.

129
Q

What payload manages the ability to install macOS beta releases?

A. Content Filter
B. Restrictions
C. Security & Privacy
D. Software Update

A

D. Software Update

Use the Software Update payload to manage the installation of macOS beta releases and automatic installation of macOS updates or app updates from the App Store.

130
Q

How can you tell if a restriction applies only to a supervised device?

A. The restriction description contains “(supervised only).”
B. The restriction displays only if a device is supervised.
C. The restriction is dimmed if the device isn’t supervised.
D. The restriction appears in the group named Supervised Restrictions.

A

A. The restriction description contains “(supervised only).”

MDM solutions indicate when a restriction applies only to supervised devices.

131
Q

Which payload do you use to configure specific rules when users create a password or passcode on their enrolled devices?

A. Passcode
B. Password
C. Restrictions
D. Security & Privacy

A

A. Passcode

You choose the Passcode payload to configure specific rules for the creation of passwords or passcodes on enrolled devices.

132
Q

Which of the following options can you configure for Gatekeeper?

A. Set accessibility and passcodes
B. Login items and macOS security
C. macOS restrictions and accessibility
D. Prevent manual override and restrict to App Store apps only

A

D. Prevent manual override and restrict to App Store apps only

You can enable Gatekeeper, restrict to App Store apps, and prevent manual override.

133
Q

What is the purpose of configuring a Passcode payload?

A. It helps retrieve a user’s passcode if the user can’t sign in for some reason.
B. It requires that users set passcodes for all apps that they use on their devices.
C. It enables your organization to change a user’s passcode remotely if a device is lost or stolen.
D. It enforces passcode rules that help prevent unauthorized access to your organization’s devices and data.

A

D. It enforces passcode rules that help prevent unauthorized access to your organization’s devices and data.

You configure a Passcode payload with specific rules users must follow when creating a device passcode or password.

134
Q

The Passcode payload configures passcode rules for iPhone and iPad devices, while the Password payload configures password rules for Mac computers.

A. True
B. False

A

B. False

The Passcode payload configures passcode rules for iPhone and iPad, as well as password rules for Mac.

135
Q

What must a user do when you install the Passcode payload on the user’s iPhone?

A. The user must enter a passcode using the specified settings within 60 minutes.
B. The user must accept the payload to permit the specified settings to take effect.
C. The user must restart the device to install the payload, and then enter a new passcode.

A

A. The user must enter a passcode using the specified settings within 60 minutes.

If the user doesn’t do so within that time frame, the payload forces the user to enter a passcode using the specified settings.

136
Q

What is the purpose of configuring a Restrictions payload for Apple devices?

A. Restrictions prevent users from unenrolling a device from MDM.
B. Restrictions prevent unauthorized users from accessing a device.
C. Restrictions prevent users from accessing a specific app, service, or function of a device.

A

C. Restrictions prevent users from accessing a specific app, service, or function of a device.

You configure a Restrictions payload to prevent access to a specific app, service, or function on a device.

137
Q

What happens if you select “(supervised only)” restriction settings for an unsupervised device?

A. The “(supervised only)” settings don’t take effect unless you have previously supervised the device.
B. The “(supervised only)” settings override any configuration the user sets on the unsupervised device.
C. The “(supervised only)” settings require you to turn on device supervision before you can save the payload.

A

A. The “(supervised only)” settings don’t take effect unless you have previously supervised the device.

You can select “(supervised only)” settings for unsupervised devices, but the settings don’t take effect unless the device is supervised.

138
Q

What happens when you select the “Allow USB accessories while device is locked (supervised only)” restriction and an iPhone or iPad device is connected to a computer with a compatible Ethernet adapter?

A. The device maintains a data connection to a connected network only when a user unlocks it.
B. The device maintains a data connection to a connected network before a user unlocks it.
C. The device automatically unlocks after an hour so that you can refresh it using MDM.

A

B. The device maintains a data connection to a connected network before a user unlocks it.

When you select the “Allow USB accessories while device is locked (supervised only)” restriction and an iPhone or iPad device is connected to a computer with a compatible Ethernet adapter, the device maintains a data connection even before a user unlocks it.

139
Q

What is required before you can manage a USB restriction?

A. Supervision
B. A Managed Apple ID
C. An unsupervised Apple device

A

A. Supervision

Both pairing restrictions in the Restrictions payload require that your iPhone and iPad devices be supervised.

140
Q

How do you ensure that only trusted host computers can pair with your organization’s iPhone and iPad devices?

A. Allow pairing with only Mac computers.
B. Distribute the correct digital certificate to users’ groups and devices.
C. Distribute the correct supervision identities to users’ devices.

A

C. Distribute the correct supervision identities to users’ devices.

When you deselect the “Allow pairing with non-Configurator hosts (supervised only)” restriction — and distribute the correct supervision identities to users’ devices — you ensure that only trusted computers holding a valid supervision host certificate are allowed to access iPhone or iPad over USB.

141
Q

Which of the following can you use to distribute a certificate identity to a device in a configuration profile?

A. A .p12 file
B. A PKI token
C. An MD5 hash file

A

A. A .p12 file

You can put a certificate identity into a PKCS #12 file protected with a password, and push the file to the device in a configuration profile.

142
Q

When you compose a Mail message on a managed Apple device, what happens when Mail finds the certificate for a recipient email?

The user is asked to choose a certificate to sign the message.

A “Sign this message” option appears left of the “To:” field.

A lock icon appears to the right of the recipient’s contact name, and the address text is blue.

A

A lock icon appears to the right of the recipient’s contact name, and the address text is blue.

Mail consults the GAL to discover the recipient’s S/MIME certificate. When Mail finds the certificate for your recipient, a lock icon appears to the right of the recipient’s contact name, and the address text is blue.

143
Q

What do managed Apple devices require to send signed messages in Mail using S/MIME?

A. Your email address must be in the recipient’s GAL.
B. You must have your identity’s private key in your keychain.
C. Recipients must have your identity’s private key in their keychains.

A

B. You must have your identity’s private key in your keychain.

Private keys are important for signing messages in Mail. To send signed messages in Mail using S/MIME on a managed Apple device, you must have your identity’s private key in your keychain.

144
Q

What do managed Apple devices require to send encrypted messages in Mail using S/MIME?

A. The public key from the recipient’s certificate
B. An encryption extension in the recipient’s certificate
C. A restriction payload with the “Allow sending encrypted messages using S/MIME” setting selected

A

A. The public key from the recipient’s certificate

Public keys are important for encrypting messages in Mail. To send encrypted messages in Mail using S/MIME on a managed Apple device, you must have the public key from the recipient’s certificate in your keychain.

145
Q

What happens when you use Safari on iPhone or iPad to visit a site with a revoked certificate?

A. You are asked to delete the certificate.
B. You are directed to the CA’s website to update the certificate.
C. “This Connection Is Not Private” appears instead of the contents of the site.

A

C. “This Connection Is Not Private” appears instead of the contents of the site.

When you use Safari on iPhone or iPad to visit a site with a revoked certificate, “This Connection Is Not Private” appears instead of the contents of the site.

146
Q

Which prioritization method ensures that the most important app data always gets the best possible bandwidth, even if the network is congested with other traffic?

A. Proxies
B. Restrictions
C. Fastlane QoS marking

A

C. Fastlane QoS marking

Fastlane QoS marking ensures that the most important app data always gets the best possible bandwidth.

147
Q

What is the main benefit of using a proxy server on your network?

A. The ability to encrypt content
B. The ability to specify how managed apps use cellular data
C. The ability to filter content or manage available bandwidth

A

C. The ability to filter content or manage available bandwidth

You can use a proxy server to control the routing of traffic between your local intranet and the internet.

148
Q

Which MDM payload contains the settings that specify how managed apps use cellular data?

A. Cellular
B. Proxy server
C. Content Caching
D. Network Usage Rules

A

D. Network Usage Rules

You can configure the Network Usage Rules payload settings to specify how managed apps use cellular data.

149
Q

Which MDM payload contains the settings that enable QoS support on your managed devices?

A. Wi-Fi
B. Proxy
C. Content Caching
D. Network Usage Rules

A

A. Wi-Fi

Apps with enabled QoS support automatically take priority over low-priority apps such as those used for syncing documents in the background.

150
Q

Where do you add allowed apps?

A. The Security Type pop-up menu
B. The Restrict Fast Lane QoS Marking pop-up menu
C. The Proxy Setup pop-up menu

A

B. The Restrict Fast Lane QoS Marking pop-up menu

The Restrict Fast Lane QoS Marking pop-up menu leads to the option of searching the App Store for apps to allow.

151
Q

Which is a requirement for QoS prioritization?

A. The network service type
B. Accurate proxy settings
C. The QoS app

A

A. The network service type

The developer must mark the network service type for QoS to use it.

152
Q

Which payload do you use to set QoS priorities?

A. Wi-Fi
B. Network
C. Certificate
D. Restrictions

A

B. Network

You set QoS priorities with a Network payload.

153
Q

Which statement about Managed Lost Mode is true?

A. Managed Lost Mode requires Find My to be turned on.
B. You can use MDM to put an unsupervised iPhone or iPad device into Managed Lost Mode.
C. MDM remotely queries a lost device for its location the last time that the device was online.

A

C. MDM remotely queries a lost device for its location the last time that the device was online.

With Managed Lost Mode, you can find a supervised iPhone or iPad device that is lost or stolen because the MDM solution remotely queries for its location when the device connects to a network that both the managed device and the MDM solution can access.

154
Q

What can you do when you use your MDM solution to enable Lost Mode on a device?

A. You can customize the Lock Screen with a message, add a contact phone number, and include a note.
B. You can customize the Lock Screen with a bypass code, add a contact phone number, and include a note.
C. You can customize the Lock Screen with only a contact phone number and a message.

A

A. You can customize the Lock Screen with a message, add a contact phone number, and include a note.

When you enable Lost Mode on a device, you can customize the Lock Screen with a message, a contact phone number, and a note.

155
Q

Which of these statements is true?

A. When an MDM solution remotely disables Managed Lost Mode, it locks the device. It also notifies the user upon locking the device screen that the MDM solution enabled Managed Lost Mode and collected the device’s location.

B. You can use your MDM solution to issue commands to disable Lost Mode on an unmanaged iPhone or iPad device.

C. You can disable Lost Mode if it’s erroneously enabled or enabled on a retrieved device.

A

C. You can disable Lost Mode if it’s erroneously enabled or enabled on a retrieved device.

You can disable Lost Mode if it’s erroneously enabled or enabled on a retrieved device.

156
Q

Using your MDM solution, you enabled Lost Mode for a lost iPad. The next day, the verified user recovered the device, and you disabled Lost Mode.

What notification does the user see when they unlock their iPad?

A. MDM enabled Managed Lost Mode and collected the device location.
B. MDM disabled Managed Lost Mode and Activation Lock.
C. MDM enabled recovery mode and restored the device data and settings.

A

A. MDM enabled Managed Lost Mode and collected the device location.

When an MDM solution administrator remotely disables Managed Lost Mode, the user sees a message that the device was locked and the MDM solution collected its location.

157
Q

What happens when you use your MDM solution to remotely disable Lost Mode?

A. It removes the Lost Mode profile.
B. It wipes the device remotely.
C. It unlocks the device.

A

C. It unlocks the device.

When you use your MDM solution to remotely disable Lost Mode, it unlocks the device, collects its location, and notifies the user that Lost Mode is disabled.

158
Q

What happens when you enable Lost Mode for a missing device?

A. MDM locks the device.
B. MDM wipes the device remotely.
C. MDM issues a bypass code.

A

A. MDM locks the device.

When you enable Lost Mode for a missing device with your MDM solution, it locks the device, displays your custom message, and determines the device location.

159
Q

What happens if Find My is enabled for a managed device and your MDM solution allows Activation Lock?

A. Activation Lock is enabled.
B. The device is locked, and its location is collected.
C. The user is notified that Activation Lock is enabled.

A

A. Activation Lock is enabled.

If Find My is enabled when your MDM solution allows Activation Lock on managed devices, Activation Lock is automatically enabled at that point.

160
Q

What happens if Find My is disabled for a managed device when your MDM solution allows Activation Lock?

A. Activation Lock is enabled at that point.
B. The device is locked, and its location is collected.
C. The user is notified that Activation Lock is disabled.
D. Activation Lock is enabled the next time that the user enables Find My.

A

D. Activation Lock is enabled the next time that the user enables Find My.

If Find My is disabled when your MDM solution allows Activation Lock on managed devices, Activation Lock is enabled the next time that the user enables Find My.

161
Q

Your organization decides that to deter thefts, the organization-owned iPad and iPhone devices must have Activation Lock on and be managed using an MDM solution.

Which initial configuration would you use to enforce Activation Lock for the supervised devices with an MDM solution?

A. Allow Activation Lock
B. Allow Activation Lock only if a bypass code is available.
C. Enable Activation Lock

A

C. Enable Activation Lock

When an MDM solution enables Activation Lock, the user can’t disable Activation Lock. The organization uses the MDM solution, which interacts directly with Apple servers to enable or disable Activation Lock.

162
Q

Your organization wants to encourage users to set Activation Lock to deter thefts of supervised iPad and iPhone devices and Mac computers. However, the organization also needs to manage Activation Lock if users can’t access their devices.

Which initial Activation Lock configuration achieves this setup with an MDM solution?

A. Allow Activation Lock
B. Allow Activation Lock only if a bypass code is available.
C. Enable Activation Lock

A

B. Allow Activation Lock only if a bypass code is available.

The organization’s MDM solution can disable Activation Lock with the bypass code, without user interaction.

163
Q

If Activation Lock is turned on for a wiped iPhone, you can turn off Activation Lock with a bypass code.

A. True
B. False

A

A. True

You can turn off Activation Lock to prepare the device for reuse.

164
Q

What happens when you use MDM to wipe a Mac?

A. The keys in Effaceable Storage are deleted, and user data is cryptographically inaccessible.
B. User settings are saved.
C. You must reinstall macOS.
D. A disk image of user data is saved.

A

A. The keys in Effaceable Storage are deleted, and user data is cryptographically inaccessible.

After you remotely wipe a Mac, the keys in Effaceable Storage are deleted, and user data is cryptographically inaccessible.

165
Q

What happens when you use an MDM solution to wipe iPhone?

A. Wiping iPhone or iPad restores the device to its factory settings while preserving the last installed iOS or iPadOS version.

B. Wiping iPhone automatically backs up user data and settings to iCloud before restoring factory settings.

C. Wiping iPhone puts the device in recovery mode, and you must reinstall iOS.

A

A. Wiping iPhone or iPad restores the device to its factory settings while preserving the last installed iOS or iPadOS version.

Wiping iPhone or iPad removes all user data and settings and restores factory settings, preserving the last installed iOS or iPadOS version.

166
Q

Where do you enter the Activation Lock bypass code on a wiped iPhone or iPad?

A. On the Activation Lock screen in Setup Assistant, you enter the bypass code in the Apple ID field.
B. On the Activation Lock screen in Setup Assistant, you enter the bypass code in the Passcode field.
C. On the Activation Lock screen in Setup Assistant, tap Activation Lock Help, and enter the bypass code when asked.
D. On the Activation Lock screen in Setup Assistant, enter the bypass code in the Apple ID field and the device passcode in the Passcode field.

A

B. On the Activation Lock screen in Setup Assistant, you enter the bypass code in the Passcode field.

You enter the bypass code in the Passcode field.

167
Q

Which type of query can you use to list all installed apps on a device?

A. Device
B. Device network
C. Security

A

A. Device

Device queries return specific information about a device, such as apps installed.

168
Q

When is information about a managed device updated in an MDM solution?

A. When the user completes Setup Assistant
B. Every time the device connects to the network
C. Every time the device contacts the MDM solution
D. According to the settings in the management profile installed on the device

A

C. Every time the device contacts the MDM solution

MDM solutions update device information when a device contacts the MDM solution. Typically, devices contact the MDM solution when they receive an APNs notification to check in with the MDM solution.

169
Q

Someone turns in a managed iPhone that was purchased from a reseller other than Apple or participating Apple Authorized Resellers or carriers.

Which tool do you use to add it your organization’s Apple Business Manager or Apple School Manager account?

A. Apple Configurator for Mac
B. Apple Configurator for iPhone
C. startosinstall

A

A. Apple Configurator for Mac

You use Apple Configurator for Mac to assign iPhone, iPad, or Apple TV to your organization in Apple Business Manager or Apple School Manager.

170
Q

A user turns in an iPhone device and a Mac. Both have managed apps installed. You use your MDM solution to erase the content and settings and disable Activation Lock, then revoke the app licenses.

Can you immediately reassign the app licenses?

A. Yes
B. No

A

A. Yes

You can reassign revoked licenses for managed apps to other users or devices.

171
Q

Where can you find the startosinstall tool?

A. In the App Store
B. In Apple Configurator
C. In the macOS Installer package bundle
D. In /Applications/Utilities on your Mac

A

C. In the macOS Installer package bundle

startosinstall is located inside the macOS installer’s Contents and Resources folder.

172
Q

You’re writing a startosinstall script to prepare Mac computers for redeployment and need to install multiple packages. Some packages depend on other packages already being installed.

A. What’s the best way to ensure that packages are installed in a specific order with –installpackage?

B. Use a loop, and call startosinstall multiple times with different –installpackage arguments for each package in order.

C. Write separate startosinstall commands with –installpackage for each package, and specify a –rebootdelay.

D. Determine the necessary sequence, and call startosinstall with multiple –installpackage arguments for each package in order.

A

D. Determine the necessary sequence, and call startosinstall with multiple –installpackage arguments for each package in order.

–installpackage installs all packages passed to it in the order in which they’re passed to the command.

173
Q

Your organization retires six iPhone devices and turns them in for credit toward new devices through the Apple Trade In program. Three of the iPhone devices aren’t eligible for credit. What happens to those devices?

A. Apple recycles the devices.
B. Apple ships the devices back to you.
C. Apple deducts a recycling fee from your credit.
D. Apple ships the devices to the recycling facility of your choice.

A

A. Apple recycles the devices.

Apple recycles the devices through its recycling partners.

174
Q

What happens to trade-in devices that Apple receives through the Apple Trade In program?

A. Apple refurbishes and resells all devices.
B. Apple sends all devices to its recycling partners.
C. Apple refurbishes devices that are in good shape and recycles the rest.

A

C. Apple refurbishes devices that are in good shape and recycles the rest.

Apple refurbishes reusable devices.

175
Q

You should first back up devices and erase all content and settings before redeploying or recycling them. If you are recycling devices, you must then release them from management in Apple Business Manager or Apple School Manager and remove them from your MDM solution.

A. True
B. False

A

A. True

You don’t have to, but you should wipe your devices first, then you can release them from management in Apple Business Manager or Apple School Manager and remove them from MDM.

Apple Device Support / Deployment and Management / Business Essentials Tutorials Questions (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions