Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Apple Deployment and Management (DEP-2025) > Exam > Flashcards

Exam Flashcards

1
Q

You’re assigning books that were bought in Apple Business Manager.
Which of these can you assign the books to?
A. Shared iPad devices
B. iPhone and iPad devices
C. Users with a Managed Apple Account
D. Mac computers

A

C. Users with a Managed Apple Account

Explanation:
Books in Apple Business Manager are assigned to users with Managed Apple Accounts, not directly to devices, allowing access across multiple devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What must you upload to MDM so that you can distribute App Store apps to your MDM-enrolled devices?
A. Content token
B. Distribution token
C. Server token
D. App token

A

A. Content token

Explanation:
The content token authorizes the MDM server to manage and distribute App Store apps via Apple Business Manager or School Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What should be escrowed in MDM to enable resetting the password on a user’s File Vault-encrypted Mac?
A. Personal recovery key
B. Institutional recovery key
C. Secure token
D. Bootstrap token

A

A. Personal recovery key

Explanation:
The personal recovery key should be escrowed in MDM as it allows administrators to reset the password on a FileVault-encrypted Mac without needing the user’s personal recovery key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do you use to manually add a device to Apple Business Manager or Apple School Manager?
A. Profile Manager
B. Apple Remote Desktop
C. Mac Evaluation Utility
D. Apple Configurator

A

D. Apple Configurator

Explanation:
Apple Configurator is used to manually add devices to Apple Business Manager or Apple School Manager. It allows administrators to supervise devices and associate them with an organization’s MDM for management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many enrollment profiles are supported for a managed Apple device?
A. Three
B. Two
C. Unlimited
D. One

A

D. One

Explanation:
A managed Apple device supports only one enrollment profile at a time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What must a user have to be able to upgrade macOS on their iMac?
A. Volume ownership
B. An MDM bootstrap token
C. Local administrator rights
D. A Managed Apple Account

A

A. Volume ownership

Explanation:
To upgrade macOS on an iMac, the user must have Volume Ownership.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can you do with Apple Configurator for Mac in iPad deployments?
A. Supervise devices
B. Replace iCloud for backing up biometric data on iPad devices
C. Remotely control devices without requiring physical access to them
D. Update Apple device operating systems without using the internet

A

A. Supervise devices

Explanation:
Apple Configurator for Mac allows you to supervise iPad devices, enabling advanced management features such as restrictions, configuration profiles, and enrollment in an MDM system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which MDM command restricts access to Startup Security Utility on a Mac?
A. SetRecoveryLock
B. SetFirmwarePassword
C. SetFDESetup
D. SetAccessUtility

A

A. SetRecoveryLock

Explanation:
The SetRecoveryLock MDM command restricts access to the Startup Security Utility on a Mac by requiring a firmware password. This enhances security by preventing unauthorized changes to the startup settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your organization bought new iPhone devices from Apple. You have Automated Device Enrollment configured, but the iPhone devices aren’t asked to enroll.
What might be the cause?

A. The iPhone devices are waiting for approval in Apple Business Manager before they can enroll in MDM.

B. Someone in your organization must manually reset the iPhone devices before they can enroll in MDM.

C. The iPhone devices don’t have a default MDM server assignment.

D. Someone in your organization added the iPhone devices to the wrong location in Apple Business Manager.

A

C. The iPhone devices don’t have a default MDM server assignment.

Explanation:
If the devices don’t have a default MDM server assignment in Apple Business Manager, they won’t automatically enroll in MDM during setup. Assigning a default MDM server ensures that all newly purchased devices are automatically linked to the correct MDM configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What must you download from Apple Business Manager and then upload to MDM to configure Managed Distribution of apps?
A. A content token
B. A device token
C. A public key certificate
D. A private key certificate

A

A. A content token

Explanation:
To configure Managed Distribution of apps, a content token must be downloaded from Apple Business Manager and uploaded to the MDM. This token allows the MDM to manage app licenses and distribute them to devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which two enrollment types result in cryptographic separation of organization and personal data on iPhone and iPad devices?
Select two.
A. Account-driven User Enrollment
B. Account-driven Device Enrollment
C. Authenticated Enrollment
D. Automated Device Enrollment
E. Profile-based Device Enrollment

A

A. Account-driven User Enrollment
B. Account-driven Device Enrollment

Explanation:

Account-driven User Enrollment provides cryptographic separation of personal and organizational data by creating a managed Apple ID container on the device.
Same for Account-driven Device Enrollment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which action helps you reduce local network traffic when you deploy a content caching server?
A. Use an MDM restriction to prevent content caching from being turned off for every user’s managed Mac.
B. Use AssetCacheManagerUtil IoadCache to preload commonly downloaded apps every night.
C. Use assetcachelocatorutil to define your content caching server location for every user’s managed device.
D. Use an MDM restriction to prevent content caching from being turned on for every user’s managed Mac.

A

D. Use an MDM restriction to prevent content caching from being turned off for every user’s managed Mac.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A user reports that their managed Mac is asking for a six-digit PIN after an unexpected restart.
What explains this?
A. You turned on Activation Lock.
B. You sent the EraseDevice command.
C. You sent the Lock a Mac command.
D. You turned on Managed Lost Mode.

A

C. You sent the Lock a Mac command.

Explanation:
When the Lock a Mac command is sent via MDM, the Mac is locked with a six-digit PIN. This ensures the device cannot be accessed without the PIN, typically used as a security measure in case of loss or theft. -> (it is not Managed Lost Mode because that feature applies only to iOS and iPadOS devices)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which threat does Managed Device Attestation help protect against?
A. Private key extraction for use on a rogue device
B. Bypassing kernel permissions to allow writability of critical system files
C. A compromised device disabling Activation Lock
D. An unauthorized user inserting malicious code during a software update

A

A. Private key extraction for use on a rogue device

Explanation:
Managed Device Attestation ensures the authenticity of a device by verifying its cryptographic identity. This helps protect against threats like private key extraction, which could allow a rogue device to impersonate a legitimate one in a managed environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which organization data is separated from user data when an iPhone enrolls in MDM with User Enrollment?
A. Safari profiles
B. Safari bookmarks
C. Notes
D. Contacts

A

C. Notes

Explanation:
When an iPhone enrolls in MDM with User Enrollment, organization data such as notes is stored separately from personal data. This ensures cryptographic separation between work and personal information, allowing users to maintain privacy while enabling IT to manage business-related resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A device doesn’t meet your MDM configured minimum operating system, and it tries to enroll using Automated Device Enrollment.
What happens?
A. The device updates and resumes Setup Assistant automatically.
B. The device doesn’t enroll.
C. The device updates after completing Setup Assistant.
D. The device enrolls and allows the update to be deferred up to seven days.

A

A. The device updates and resumes Setup Assistant automatically.

Explanation:
If a device doesn’t meet the MDM-configured minimum operating system requirement during Automated Device Enrollment, the device is prompted to update its operating system. Once updated, the Setup Assistant process resumes, and the device can complete enrollment. This ensures the device complies with the MDM policy before being enrolled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does the Bonjour zero-configuration networking architecture support?
A. Opportunistic Wireless Encryption
В. МАС address randomization
C. Discovering services on a local area network
D. RADIUS authentication

A

C. Discovering services on a local area network

Explanation:
The Bonjour zero-configuration networking architecture supports the discovery of services on a local area network (LAN). It allows devices to find printers, file shares, and other resources without needing manual configuration, making networking simple and seamless within the local netwo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is true when you transfer licenses to another location in Apple Business Manager?
A. Apple Business Manager installs the latest available version of macOS.
B. License transfers require approval for both the sending and receiving locations.
C. Both the sending and receiving locations must be part of the same organization.
D. You can transfer licenses even if they are currently assigned to devices.

A

C. Both the sending and receiving locations must be part of the same organization.

Explanation:
In Apple Business Manager, license transfers are only allowed between locations that belong to the same organization. This ensures that license management remains secure and compliant within the organization’s structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which MDM payload can you configure to prioritize traffic using Cisco Fastlane enhanced Quality of Service on Mac computers?
A. VPN
B. Restrictions
C. Wi-Fi
D. Network Usage Rules

A

C. Wi-Fi
Explanation:
The Wi-Fi payload allows you to configure and prioritize traffic for specific apps or services using Cisco Fastlane enhanced Quality of Service (QoS) on Mac computers. This ensures critical business apps receive the necessary bandwidth and priority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A user enrolled their personally owned iPhone in your MDM solution to access organizational services.
Which of these is cryptographically separated for managed and personal data?
A. Keychain items
B. Safari profiles
C. Safari bookmarks
D. Contacts

A

A. Keychain items

Explanation:
When a personally owned iPhone is enrolled in MDM using User Enrollment, cryptographic separation is applied to managed and personal Keychain items. This ensures that sensitive organizational credentials and data stored in the managed Keychain remain separate from the user’s personal Keychain data, protecting both privacy and security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A user enrolled their personal iPhone in your organization’s MDM solution.
Which of these management capabilities does your organization’s MDM solution have on the user’s iPhone?
A. Install and configure apps
B. Access device location
C. Remotely wipe the device
D. Enable Activation Lock

A

A. Install and configure apps

Explanation:
With User Enrollment, MDM can manage work-related apps and configurations but cannot access personal data or control the entire device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which common technology is Enterprise SSO (Single Sign-On) in iOS, iPadOS, and macOS based on?
A. Kerberos
B. Passkeys
C. Gatekeeper
D. Keychain

A

A. Kerberos

Explanation:
Enterprise Single Sign On in iOS, iPadOS, and macOS is based on Kerberos, a widely used authentication protocol that enables seamless and secure access to enterprise resources without requiring users to enter their credentials repeatedly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which technology can you use to streamline authentication flows for users enrolling devices using account-driven enrollment into MDM?
A. Biometric authentication
B. Sign in with Apple at Work & School
C. Sign in with Apple
D. Enrollment single sign-on (SSO) for iPhone and iPad

A

D. Enrollment single sign-on (SSO) for iPhone and iPad

Explanation:
Enrollment SSO simplifies authentication during account-driven enrollment by allowing users to authenticate once and use the same credentials across various steps of the enrollment process, streamlining the experience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Where are bypass codes for Apple devices stored when you use organization-linked Activation Lock?
A. In Apple Business Manager or Apple School Manager
B. In the user’s personal Apple Account
C. In the MDM solution
D. In the user’s Managed Apple Account

A

C. In the MDM solution

Explanation:
Bypass codes for organization-linked Activation Lock are stored in the MDM solution. These codes allow administrators to unlock a device if the Activation Lock is preventing access, ensuring easy management of locked devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Which of these is a valid consideration when organizations buy content in Apple Business Manager? A. Licenses for purchased apps can be transferred to another location. B. Organizations must negotiate a license directly with the publisher when buying free content. C. Content is automatically assigned to user accounts. D. Only IT administrators can make purchases on behalf of the organization.
A. Licenses for purchased apps can be transferred to another location. Explanation: In Apple Business Manager, organizations can transfer app licenses between locations within the same organization. This flexibility supports resource management and reallocation as needed.
26
Which MDM management capabilities are available on an iPhone enrolled using account-driven User Enrollment? A. Require a passcode B. Access device location C. Remotely wipe the entire device D. Disable Activation Lock
A. Require a passcode Explanation: With account-driven User Enrollment, MDM can enforce policies such as requiring a passcode for security, but it cannot access personal data, disable Activation Lock, or wipe the entire device to respect user privacy.
27
Which statement is true about account-driven User Enrollment? A. Users sign in to their personal Apple Account. B. Service discovery is used to identify the MDM enrollment URL. C. The device serial number must appear in Apple Business Manager. D. It doesn't support federated authentication.
B. Service discovery is used to identify the MDM enrollment URL. Explanation: Account-driven User Enrollment uses service discovery to automatically locate the MDM enrollment URL, streamlining the enrollment process for users without requiring manual input.
28
What must be installed on a device so you can manage it with MDM? A. A provisioning profile B. A supervision identity C. An enrollment profile D. Apple Configurator
C. An enrollment profile Explanation: An enrollment profile must be installed on a device to establish a connection with the MDM solution, allowing it to manage the device's settings, apps, and policies.
29
Where is content cached when you simultaneously provision tethered iPad devices using Apple Configurator? A. On the iCloud server B. On the MDM content caching server C. On the MDM server that the iPad devices are tethered to D. On the Mac that the iPad devices are tethered to
D. On the Mac that the iPad devices are tethered to Explanation: When provisioning tethered iPad devices using Apple Configurator, content is cached on the Mac they are connected to. This speeds up the provisioning process by avoiding repeated downloads from the internet.
30
You're adding a user to Apple Business Manager. Which roles give the new user the ability to add Locations? A. Device Enrollment Manager and Location Manager B. Administrator and People Manager C. Device Enrollment Manager and Content Manager D. Administrator and Location Manager
B. Administrator and People Manager Explanation: In Apple Business Manager, users with the Administrator or People Manager roles have the ability to add and manage Locations. These roles include permissions for organizational setup and location-specific configurations.
31
You used your organization's MDM solution to change the password of a managed administrator account that's secure token enabled. What is the result? A. The secure token password is updated, not the login password. B. The login password is updated, not the secure token password. C. The login and secure token passwords are updated. D. The login password can't be changed.
B. The login password is updated, not the secure token password. Explanation: When you use MDM to change the password of a secure token-enabled managed administrator account, only the login password and the secure token password is updated.
32
What provides a consistent set of management tools for Apple devices to all MDM vendors? A. Automated Device Enrollment B. Apple's MDM framework C. Managed service configuration files D. Apple Push Notification service
B. Apple's MDM framework Explanation: Apple's MDM framework provides a standardized set of APIs and management tools that all MDM vendors use to manage Apple devices consistently, ensuring compatibility and uniform functionality across different solutions.
33
You bought new app licenses in Apple Business Manager, but they're not available in your MDM solution. What might cause this? A. A password change to the MDM administrator account B. APNs token annual expiration C. Content token annual expiration D. Creation of a new Content Manager
C. Content token annual expiration Explanation: If the content token in Apple Business Manager expires, app licenses won’t sync to the MDM solution. Renewing the token resolves this issue.
34
You manage the content caching server for your organization. You want the content caching server to cache only software and app updates. Which option should you choose from the Cache menu? A. Only Shared Content B. All Content C. Only iCloud Content D. All Updates
A. Only Shared Content Explanation: Selecting Only Share Contact ensures that the content caching server only caches software and app updates, helping optimize the use of network resources and ensuring devices receive the latest updates efficiently.
35
Which feature can MDM manage to prevent re-use of a lost or stolen Mac? A. Activation Lock B. Managed Find My C. Managed Lost Mode D. Device Lock
A. Activation Lock Explanation: Activation Lock helps prevent the re-use of a lost or stolen Mac by tying the device to the owner's Apple ID, ensuring it cannot be erased or reactivated without the correct credentials.
36
Which order would iPhone use to automatically join a Wi-Fi network? A. Preferred network, private networks, public network B. Private networks, preferred network, public network C. Public network, preferred network, private networks D. Preferred network, public network, private networks
A. Preferred network, private networks, public network
37
Which two content caching settings could you use to optimize internet bandwidth for Apple devices over three network subnets? Select two. A. Cache content for: devices using custom local networks B. Cache content for: devices using the same local networks C. Cache content for: Only iCloud Content D. Cache content for: devices using the same public IP address E. Cache content for: Only Shared Content
A. Cache content for: devices using the custom local networks D. Cache content for: devices using the same public IP address
38
You're using Apple Configurator for Mac to manually add Apple devices to Apple Business Manager or Apple School Manager. When does the 30-day provisional period begin? A. After the device enrolls in the MDM server. B. After you assign the devices to the MDM server. C. After the device is available in Apple Business Manager or Apple School Manager. D. After you assign the devices to users in an MDM solution.
A. After the device enrolls in the MDM server. Explanation: If the device is given to a user, they have a 30-day provisional period to release the device from Apple Business Manager, supervision, and MDM. This 30-day provisional period begins after the device is successfully assigned to and enrolled in: A third-party MDM server linked to Apple Business Manager.
39
Which apps are published through the App Store but are discoverable only with a direct link? A. Provisional B. Managed C. Unlisted D. TestFlight
C. Unlisted Explanation: Unlisted apps are available on the App Store but can only be accessed via a direct link. (For example you upload a private app)
40
You use MDM to convert unmanaged apps to managed. Then you deploy an app to a supervised device that already has the app installed as unmanaged. What happens? A. The unmanaged app converts to managed without user interaction. B. The unmanaged app asks the user to convert it to managed. C. The unmanaged app is removed and the managed app is installed. D. The unmanaged app converts to managed and sends a notification.
A. The unmanaged app converts to managed without user interaction. Explanation: When you use MDM to convert an unmanaged app to a managed one, the app is automatically converted to managed on the supervised device without requiring user interaction. This ensures that the app is now fully under MDM management, including policy enforcement and updates.
41
Which enrollment type can supervise an iPad? A. Account-driven User Enrollment B. Automated Device Enrollment C. Profile-driven Enrollment D. Account-driven Device Enrollment
B. Automated Device Enrollment Explanation: Automated Device Enrollment (formerly known as DEP) allows for the supervision of iPads, providing additional management features such as mandatory MDM enrollment, configuration, and security controls that are not available through other enrollment types.
42
Users report slow Wi-Fi after moving from their offices to the conference room. You notice that their devices aren't joining the closer access point. Why don't the devices associate with the closer access point? A. The signal strength hasn't met the device's trigger threshold. B. The broadcast signal of the first access point has a higher maximum data rate. C. The trigger thresholds aren't properly configured in the Wi-Fi profile. D. Fast roaming isn't turned on for the wireless access controller.
A. The signal strength hasn’t met the device’s trigger threshold. Explanation: Most client devices maintain their current connection until the Wi-Fi signal drops below a specific “roam trigger” threshold. If the signal from the existing access point (AP) still appears “good enough,” the device may not bother to associate with a new, closer AP—even if that would provide a faster connection. Once the signal strength of the original AP drops below the threshold, the device evaluates other nearby APs and roams as needed.
43
You used Apple Business Manager to assign enrolled iPhone and iPad devices to a new MDM solution. What must you do to enroll the devices in the new MDM solution using Automated Device Enrollment? A. Erase the devices. B. Release the devices in Apple Business Manager. C. Send a remote-wipe command from Apple Business Manager. D. Revive the devices.
A. Erase the devices. Explanation: To force an iPhone or iPad to enroll into a new MDM solution through Automated Device Enrollment, you must erase it (return it to factory settings). This triggers the Setup Assistant, which connects to Apple Business Manager and enrolls the device in the newly assigned MDM server.
44
Which declarative device management declarations can an MDM server use to store values on a device? A. Activations B. Devices C. Enrollments D. Security
A. Activations Explanation: MDM servers can use Devices declarations to store values on a device. This includes Activations, Management, Assets, Configurations
45
What validates face and fingerprint data from Face ID and Touch ID sensors in Apple devices? A. Process data from Face ID and Touch ID sensors. B. Encrypt mail, web, and other internet traffic. C. Secure MDM communications and APNs notifications. D. Encrypt tokens for Recovery Lock, Bypass Code, and Personal Recovery Key.
A. Process data from Face ID and Touch ID sensors. Explanation: In Apple devices, the Secure Enclave is responsible for validating biometric data from Face ID and Touch ID sensors. It processes and stores this sensitive information in an isolated, hardware-based environment, ensuring secure authentication.
46
What is required for your organization to distribute Custom Apps in Apple Business Manager? A. The app developer submits the app to AppleCare for review. B. The app must be signed by a valid organization certificate. C. The app developer assigns the app to the organization. D. The app developer asks AppleCare to assign the app.
C. The app developer assigns the app to the organization. Explanation: To distribute a Custom App (sometimes called a “Custom B2B App”) in Apple Business Manager, the developer must specifically designate your organization’s Apple Business Manager ID (often called the “Organization ID”) when they publish or update the app. That process “assigns” the Custom App to your organization, making it available for purchase and distribution through Apple Business Manager.
47
You are using your MDM solution to distribute Managed apps. Which statement is correct? A. Apps can be revoked or reassigned. B. Apps can be distributed to only users, not devices. C. Books can be distributed to only devices, not users. D. Apps can't be assigned without a Managed Apple Account.
A. Apps can be revoked or reassigned. Explanation: With Managed Distribution through Apple Business Manager (or Apple School Manager), your MDM solution can assign app licenses to users or devices. Those app licenses can later be revoked or reassigned (for example, if an employee leaves or a device is retired). This flexibility helps organizations efficiently manage their volume-purchased apps.
48
A user forgot their password for their organization-owned Mac. Their Mac has FileVault turned on, and the key is escrowed to the MDM solution. What can the user use in macOS Recovery to reset their password? A. Personal recovery key B. Institutional recovery key C. Secure token D. Bootstrap token
A. Personal recovery key Explanation: When FileVault is enabled, the user can reset their password by providing the personal recovery key. Because the key is escrowed with the MDM solution, the user (or IT administrator) can retrieve it from the MDM portal and use it within macOS Recovery to reset the account password.
49
Which MDM option gives you the ability to keep the same eSIM service for an iPhone that you redeploy? A. Redeploy with eSIM B. Remote wipe C. Rapid deployment D. Managed erase
B. Remote wipe Explanation: MDM can issue a Remote wipe (the EraseDevice command) in which you set the preserveDataPlan option to keep the existing eSIM active. This feature makes it faster to redeploy the iPhone because the cellular service remains intact without having to reactivate or provision the eSIM again.
50
You're remotely erasing a supervised iPad. What can you preserve to speed up redeployment? A. Device passcode B. Installed apps C. Existing eSIM D. User data and settings
C. Existing eSIM Explanation: When you send a remote erase command to a supervised iPad, you can choose to preserve the existing eSIM if the device supports it. This means the cellular data plan remains active and doesn’t require reactivation—helping speed up the redeployment process.
51
What Return to Service benefit gives you the ability to quickly redeploy devices to users? A. Automatic software updates B. Interactive authentication during enrollment C. Automatic progression to the Home Screen after erasing D. Automatic creation of an Apple Account
C. Automatic progression to the Home Screen after erasing Explanation: When using a Return to Service workflow, you can configure the device so that after it’s erased, it automatically skips the Setup Assistant screens and proceeds directly to the Home Screen. This “Auto Advance” behavior allows you to quickly redeploy the device to a new user without extra manual setup steps.
52
How can organizations enable and manage access to beta releases of Apple operating systems through MDM? A. Enroll devices in Mac Evaluation Utility using MDM. B. Configure MDM to access Feedback Assistant. C. Enroll devices in the Apple Beta Software Program using MDM. D. Configure MDM to restrict Mac Evaluation Utility.
C. Enroll devices in the Apple Beta Software Program using MDM. Explanation: Organizations can manage beta access by using an MDM profile that includes the appropriate beta software update settings. Specifically, they can configure MDM to allow or disallow the installation of beta releases by pushing a profile that sets the “AllowBetaSoftwareUpdates” key (or similar functionality). This effectively “enrolls” the device in the Apple Beta Software Program, enabling it to receive and install prerelease OS updates.
53
Your organization begins buying from a new Apple Authorized Reseller. What information do you give the reseller to ensure that your devices appear in Apple Business Manager or Apple School Manager? A. D-U-N-S Number B. Organization ID C. Reseller Number D. Purchase Order Number
B. Organization ID Explanation: When you start purchasing from a new Apple Authorized Reseller, you must give them your Organization ID (sometimes called your “Org ID” in Apple School Manager or Apple Business Manager). This is how the reseller knows which organization to assign the newly purchased devices to, ensuring they appear in your Apple Business Manager or Apple School Manager portal.
54
Which two of these can MDM provide with an EraseDevice command when using the Return to Service workflow? Select two. A. Wi-Fi payload B. Enrollment profile C. Location Services D. Managed Apple Account E. App preservation
A. Wi-Fi payload B. Enrollment profile Explanation: When you issue an EraseDevice command and use the Return to Service workflow, you can include: A Wi-Fi payload, so the device automatically joins the specified network after being erased. An enrollment profile, so the device automatically enrolls in MDM again without user intervention.
55
When does an MDM server token expire? A. When new Terms and Conditions are accepted B. Every 12 months C. When the Managed Apple Account password is changed D. Every 6 months
B. Every 12 months Explanation: The MDM server token (downloaded from Apple Business Manager or Apple School Manager) expires after 12 months. After it expires, you must renew it by downloading a new token and uploading it to your MDM solution to maintain the device enrollment and management connection.
56
Which setting is required when you use the Global HTTP Proxy payload for automatic proxy configuration? A. Managed Apple Account user name and password B. Proxy type C. Proxy server URL D. Port
C. Proxy server URL Explanation: When setting a Global HTTP Proxy to use automatic proxy configuration, you must provide the URL for the proxy auto-configuration (PAC) file. This URL tells the device where to retrieve the PAC file, which contains the rules for directing traffic through the proxy.
57
What is required to enroll a device using account-driven Device Enrollment? A. A passkey B. A personal Apple Account C. A Managed Apple Account D. A User Enrollment Token
C. A Managed Apple Account Explanation: Account-driven Device Enrollment requires the user to sign in with a Managed Apple ID during device setup. When the user does so, the device is automatically enrolled in the organization’s MDM through Apple Business Manager, provided that the device has been assigned to the organization’s MDM server.
58
What is required to enroll a device using account-driven User Enrollment? A. A Managed Apple Account B. A personal Apple Account with a signed enrollment profile C. An enrollment profile from a customized URL, mail message, or other means D. An enrollment certificate assigned to the account
A. A Managed Apple Account Explanation: Account-driven User Enrollment requires the user to sign in with a Managed Apple ID on the device. This enables a user-based MDM environment that keeps personal and organizational data separated on the same device, while still allowing limited device management via the MDM solution.
59
What is a feature of Apple Configurator for Mac? A. Enable Managed Lost Mode. B. Push profile updates over the air. C. Create a Blueprint for your devices. D. Buy apps and books.
C. Create a Blueprint for your devices. Explanation: Apple Configurator for Mac allows you to create Blueprints—templates containing settings, apps, and profiles—that can be applied to iPhones, iPads, or Macs during configuration. This streamlines device setup and ensures consistent configurations for multiple devices.
60
Your organization buys devices from a new Apple Authorized Reseller. You want to ensure that your devices appear in Apple Business Manager or Apple School Manager. What information do you need to add in Apple Business Manager or Apple School Manager? A. Purchase Order Number B. Organization ID C. D-U-N-S Number D. Reseller Number
D. Reseller Number Explanation: When you add a new Apple Authorized Reseller to Apple Business Manager (ABM) or Apple School Manager (ASM), you need to provide the Reseller Number (also referred to as the reseller’s “Apple Customer Number” or an equivalent ID provided by the reseller). This allows the reseller to automatically register the devices you purchase so they appear in your ABM or ASM portal.
61
A user signed in to their iPhone with their personal Apple Account in Settings. Then they enrolled the same iPhone using their Managed Apple Account. iCloud is enabled in the organization and the user turned on iCloud drive. Which of these could be a result? Choose the best answer. A. An additional iCloud Drive appears in Files. B. Personal iCloud Drive data is merged with organization data. C. The personal iCloud Drive is unavailable until the device is unenrolled. D. The user is prompted to keep personal iCloud Drive data or remove it from iPhone.
A. An additional iCloud Drive appears in Files. Explanation: When a user has both a personal Apple ID and a Managed Apple ID on the same device (using User Enrollment), each account has its own separate iCloud container. In the Files app, the user sees two iCloud Drives: one for personal data (linked to the personal Apple ID) and another for managed data (linked to the organization’s Managed Apple ID). These remain separate and do not merge.
62
You're using Apple Business Manager or Apple School Manager. Which two account roles can manage the federation process, but can't sign in using federated authentication? Select two. A. Administrator B. People Manager C. Content Manager D. Device Enrollment Manager E. Manager
A. Administrator B. People Manager Explanation: In Apple Business Manager or Apple School Manager, Administrators and People Managers can manage the federation process (for example, configuring domains and settings for federated authentication). However, they themselves can’t sign in using federated authentication. Their accounts remain local to Apple Business Manager or Apple School Manager.
63
Your organization has new devices in Apple Business Manager. During deployment, the new Mac computers enroll in MDM, but the new iPhone devices don't enroll. What might be the cause? A. Someone in your organization must manually reset the iPhone devices before they can enroll in MDM. B. The iPhone devices are waiting for approval in Apple Business Manager before they can enroll in MDM. C. The iPhone devices don't have an MDM server assignment. D. The iPhone devices are connected using only 5G.
C. The iPhone devices don't have an MDM server assignment. Explanation: For new Apple devices to enroll automatically in MDM via Apple Business Manager (ABM), each device must be assigned to an MDM server within ABM. If the new iPhones aren’t enrolling, it’s likely because they were never assigned to the MDM server in ABM (unlike the new Macs).
64
Which type of 802.1X configuration allows Mac computers to connect to Wi-Fi before login and user authentication after login? A. System+User Mode B. System+Login Window Mode C. User Mode D. System Mode
A. System+User Mode Explanation: In a System+User mode 802.1X configuration, the Mac uses system-level credentials to connect to Wi-Fi before any user logs in (e.g., at the login window), and then shifts to using the user’s credentials after login. This setup ensures network connectivity at all stages, allowing for management tasks and user-based authentication on the same network.
65
What is the status of Location Services after enrollment if you configured Setup Assistant to skip Location Services? A. It is shown during Setup Assistant and turned off, but a local administrator can turn it on. B. It is hidden during Setup Assistant and turned off, but a local administrator can turn it on. C. It is shown during Setup Assistant and turned off, but a user can turn it on. D. It is hidden during Setup Assistant and turned off, but a user can turn it on.
B. It is hidden during Setup Assistant and turned off, but a local administrator can turn it on. Explanation: When you configure Setup Assistant to skip the Location Services pane, the user is never prompted to enable it. As a result, Location Services remains off by default after enrollment. The admin user can still manually enable Location Services later in Settings.
66
Which Wi-Fi standard helps devices join Wi-Fi networks and roam more quickly and effectively between access points? A. 802.11q B. 802.11r C. FastLane D. 802.11 ad
B. 802.11r Explanation: 802.11r—often called “Fast BSS Transition”—enables devices to roam more quickly between access points on the same network by reducing the overhead of authentication. This results in a more seamless Wi‑Fi experience and is especially helpful in enterprise or campus environments with multiple access points.
67
What can Platform Single Sign-on (Platform SSO) for macOS give users the ability to do? A. Synchronize local account credentials with an identity provider (IdP). B. Turn on Kerberos SSO. C. Get a Federated Managed Apple Account. D. Leverage IdP passkey support in iCloud Keychain.
A. Synchronize local account credentials with an identity provider (IdP). Explanation: Platform Single Sign-On (Platform SSO) enables macOS devices to integrate with an IdP so that users can authenticate once with their corporate credentials. One major benefit is that the local user account password can be synchronized with the IdP password. This ensures the user has a consistent login experience across the Mac and the organization’s identity system.
68
A user receives their organization-owned iPhone and completes the setup. What's the Location Services status if you configured Setup Assistant to skip the Location Services pane? A. It's off, but the user can turn it on in Settings. B. The user is prompted to configure it. C. It's off, and the user can't turn it on. D. It's on by default.
A. It's off, but the user can turn it on in Settings. Explanation: When the Location Services pane is skipped in the Setup Assistant, iOS doesn’t prompt the user to turn on location services, so it remains off by default. However, the user is still able to manually enable or disable Location Services later in Settings.
69
What happens if your Automated Device Enrollment profile is configured to skip the creation of a local macOS account? A. The user logs in using a network account or another account created outside of Setup Assistant. B. The user is notified their Mac is partially set up, and they must erase and start again. C. The user's Managed Apple Account is used as a local account. D. The setup process fails.
A. The user logs in using a network account or another account created outside of Setup Assistant. Explanation: If your Automated Device Enrollment (ADE) profile is configured to skip local account creation on macOS, the device won’t create a local user during Setup Assistant. Instead, you must provide an alternate means of authentication, such as logging in with a directory-based network account or another type of local account that was set up outside the Setup Assistant process.
70
How can you identify if a Rapid Security Response was applied to iOS? A. A single-letter identifier is appended to the operating system version. B. A single-digit identifier is appended to the operating system version. C. The letters " rst" are appended to the operating system version. D. The letters " cve" are appended to the operating system version.
A. A single-letter identifier is appended to the operating system version. Explanation: When Apple releases a Rapid Security Response, it appends a single-letter identifier—such as “(a)”—to the existing iOS version number (for example, iOS 16.4.1 (a)). This indicates that the update is a Rapid Security Response rather than a standard incremental software update.
71
Which MDM feature skips all Setup Assistant panes automatically on a Mac that's plugged into Ethernet? A. Auto Advance B. Quick Setup C. Fast Track D. Express Setup
A. Auto Advance Explanation: Auto Advance is an Apple feature that automatically skips all Setup Assistant panes on a newly set up or erased Mac when it’s connected to an Ethernet network. This allows you to quickly prepare or deploy a Mac without manually clicking through the Setup Assistant.
72
Which Terminal command can you use to test network responsiveness inside and outside your network? A. networkQuality B. networkUsage C. networksetup D. netstat
A. networkQuality Explanation: The networkQuality command (introduced in macOS Monterey) measures both upload and download responsiveness by performing continuous network tests. It provides real-time insight into your network’s performance inside and outside your local network.
73
What file downloaded from MDM must be uploaded to Apple Business Manager to generate a server token? A. Public key B. Content token C. Private key D. MDM Intermediate Certificate
A. Public key Explanation: To link your MDM server with Apple Business Manager (for Device Enrollment), your MDM generates a public key file. You then upload this public key to Apple Business Manager, which uses it to create the server token (sometimes referred to as the “DEP token”). You later download and install that server token in your MDM solution to complete the enrollment connection.
74
A Mac user deferred a managed software update after the deadline for the update passed. What happens next? A. The user receives a reminder that they can still defer the update for up to 30 days. B. The user receives notifications that the update is overdue and needs immediate attention. C. All update notifications are disabled to reduce user distraction. D. The update automatically installs without the user's intervention if the deadline is missed.
D. The update automatically installs without the user's intervention if the deadline is missed. Explanation: When a user defers a managed software update after the MDM-enforced deadline has passed, macOS will install the update automatically. This ensures devices remain up to date with critical patches and security improvements, even if the user does not initiate the installation.
75
You try to start in macOS Recovery. You're asked to choose a user and enter a password. Why are you asked to choose a user and enter a password? A. Lockdown Mode is turned on. B. FileVault is turned on. C. Startup Security Utility is set to Full Security. D. Recovery Lock is enabled.
B. FileVault is turned on Explanation: When FileVault is enabled, the startup disk is encrypted. In order to access macOS Recovery on an encrypted disk, you must first authenticate with a FileVault-enabled user account. This ensures that only authorized users can decrypt and access the contents of the startup disk.
76
You're resetting several iPad devices for new users. The iPad devices don't progress past the Apple logo after restart. Which of these should you do? A. Use Apple Configurator for iPhone to restore the iPad devices. B. Send the Return to Service command from the MDM solution. C. Get a bypass code from the MDM administrator to clear Activation Lock. D. Use Apple Configurator for Mac to restore the iPad devices.
D. Use Apple Configurator for Mac to restore the iPad devices. Explanation: If an iPad is stuck on the Apple logo during the restart or setup process, you can connect it to a Mac running Apple Configurator and perform a full restore. This is especially useful in a Return to Service scenario or whenever devices fail to complete a normal boot process.
77
A user has an iPhone that was enrolled using account-driven User Enrollment. They use their Managed Apple Account to back up their iPhone to iCloud. Which data is backed up? A. Only data from Managed Apps B. Only data from personal apps C. All app data D. All data
A. Only data from Managed Apps Explanation: Under User Enrollment—whether initiated via profile-based enrollment or account-driven enrollment—the device effectively has two separate “containers”: one for personal data (linked to a personal Apple ID) and one for managed data (linked to the Managed Apple ID). If a user signs in with their Managed Apple ID and performs an iCloud backup, only the data in the managed container (i.e., Managed Apps and related data) is backed up. Personal data remains associated with the personal Apple ID and is neither visible to the organization nor backed up to the organization’s iCloud storage.
78
Which feature or technology locks a supervised iPad until the feature is turned off? A. Return to Service B. Managed Device Attestation C. Activation Lock D. Managed Lost Mode
D. Managed Lost Mode Explanation: Managed Lost Mode, available on supervised devices, locks the iPad until an administrator disables the feature through the MDM solution. Unlike Activation Lock (which requires the Apple ID and password that enabled it), Managed Lost Mode can only be exited through the MDM platform.
79
What can you optionally include when you prepare a device for a Return to Service? A. Device wallpaper B. Home Screen layout C. Wi-Fi profile D. Installed apps list
C. Wi-Fi profile Explanation: When preparing a device for Return to Service (often to make it ready for a new user), you can optionally include a Wi-Fi profile. This allows the device to automatically connect to a specified network after being erased or reset, which facilitates reconfiguration or enrollment processes without requiring manual network setup.
80
Which feature can you use with Shared iPad? A. AirDrop B. Universal Control C. Continuity Camera D. Sidecar
A. AirDrop Explanation: Shared iPad supports certain features that don’t require a single user’s personal Apple ID to function. AirDrop, for example, continues to work on Shared iPad, allowing users to share files between devices. Continuity features like Universal Control, Continuity Camera, and Sidecar require a single user’s personal Apple ID session, which isn’t the typical setup in a Shared iPad environment.
81
Which Apple technology can an identity provider (IdP) use to implement modern authentication protocols for iPhone, iPad, and Mac? A. Single sign-on (SSO) extensions B. Network Relay C. IPSec D. WireGuar
A. Single sign-on (SSO) extensions Explanation: Apple’s single sign-on (SSO) extensions allow identity providers (IdPs) to integrate modern authentication protocols (like OAuth 2.0 or OpenID Connect) directly into iOS, iPadOS, and macOS. This streamlines the login process for users, reducing the need to re-enter credentials and enhancing overall security.
82
What can a bootstrap token authorize? A. Setting a recovery-lock passcode B. Setting a File Vault personal recovery-key C. App installations, when managed with MDM D. Software updates, when managed with MDM
D. Software updates, when managed with MDM Explanation: A bootstrap token allows MDM solutions to perform certain SecureToken-related tasks, such as updating macOS.
83
What can be used to report state changes without requiring MDM device polling? A. Network relay B. Device supervision status C. Declarative device management D. Automated Device Enrollmen
C. Declarative device management Explanation: Declarative Device Management enables iOS and iPadOS devices to proactively report state changes to the MDM solution without waiting for periodic polling. This provides a more efficient approach for keeping device configurations and status current.
84
What is required to use Managed Lost Mode? A. Supervision B. Managed Apple Account C. Find My D. Activation Lock
A. Supervision Explanation: Managed Lost Mode is an MDM feature that helps locate a lost or stolen device. To use this feature, the device must be supervised. Supervision provides additional management capabilities on Apple devices and is required for certain MDM commands, including enabling Managed Lost Mode.

Apple Deployment and Management (DEP-2025) (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions