Managing Device Security Flashcards
On a Mac, which type of account is required to perform software upgrades?
A. Local administrator
B. Network
C. Shared
D. Standard
A. Local administrator
A local administrator account is required to perform a software upgrade on a Mac.
Why would you defer software updates on Apple devices?
A. To roll back an update if itâs unsuccessful
B. To test critical apps and infrastructure before deploying the update
C. To verify that your organizationâs iPhone and iPad devices are managed
B. To test critical apps and infrastructure before deploying the update
Testing apps and infrastructure before deployment is critical.
What is the maximum number of days that you can defer software updates on Apple devices?
A. 30
B. 60
C. 90
D. 99
C. 90
You can defer software updates up to 90 days.
Which payload manages the ability to schedule a scan of a managed Apple device?
A. Content Filter
B. Restrictions
C. Security & Privacy
D. Software Update
D. Software Update
Use the Software Update payload to manage the installation of macOS beta releases and automatic installation of macOS updates or app updates from the App Store.
How are security fixes distributed to Apple devices in a Rapid Security Response?
A. In minor software updates
B. In major software upgrades
C. In both major upgrades and minor updates
A. In minor software updates
Rapid Security Responses distribute security fixes in minor software updates.
Which payload do you use to configure specific rules when users create a password or passcode on their enrolled device?
A. Passcode
B. Password
C. Restrictions
D. Security & Privacy
A. Passcode
You choose the Passcode payload to configure specific rules for the creation of passwords or passcodes on enrolled devices.
What is the purpose of configuring a Passcode payload?
A. It helps retrieve a userâs passcode if the user canât sign in for some reason.
B. It requires that users set passcodes for all apps that they use on their devices.
C. It enables your organization to change a userâs passcode remotely if a device is lost or stolen.
D. It enforces passcode rules that help prevent unauthorized access to your organizationâs devices and data.
D. It enforces passcode rules that help prevent unauthorized access to your organizationâs devices and data.
You configure a Passcode payload with specific rules that users must follow when creating a device passcode or password.
The Passcode payload configures passcode rules for iPhone and iPad devices, whereas the Password payload configures password rules for Mac computers.
A. True
B. False
B. False
The Passcode payload configures passcode rules for iPhone and iPad, as well as password rules for Mac.
What must a user do when you install the Passcode payload on the userâs iPhone?
A. The user must enter a passcode using the specified settings within 60 minutes.
B. The user must accept the payload to permit the specified settings to take effect.
C. The user must restart the device to install the payload, then enter a new passcode.
A. The user must enter a passcode using the specified settings within 60 minutes.
If the user doesnât do so within that time frame, the payload forces the user to enter a passcode using the specified settings.
How can you tell if a restriction applies only to a supervised device?
A. The restriction description contains â(supervised only).â
B. The restriction displays only if a device is supervised.
C. The restriction is dimmed on unsupervised devices.
D. The restriction appears in the group named Supervised Restrictions.
A. The restriction description contains â(supervised only).â
MDM solutions indicate when a restriction applies only to supervised devices.
What is the purpose of configuring a Restrictions payload for Apple devices?
A. Restrictions prevent users from unenrolling a device from MDM.
B. Restrictions prevent unauthorized users from accessing a device.
C. Restrictions prevent users from accessing a specific app, service, or function of a device.
C. Restrictions prevent users from accessing a specific app, service, or function of a device.
You configure a Restrictions payload to prevent access to a specific app, service, or function on a device.
What happens if you select â(supervised only)â restriction settings for an unsupervised device?
A. The â(supervised only)â settings donât take effect unless you have previously supervised the device.
B. The â(supervised only)â settings override any configuration that the user sets on the unsupervised device.
C. The â(supervised only)â settings require you to turn on device supervision before you can save the payload.
A. The â(supervised only)â settings donât take effect unless you have previously supervised the device.
You can select â(supervised only)â settings for unsupervised devices, but the settings donât take effect unless the device is supervised.
Which MDM restriction lets you manage a userâs ability to connect Thunderbolt or USB devices to a Mac?
A. Allow connected accessories while locked
B. Automatically enable accessory connections
C. Allow Thunderbolt or USB device connections
C. Allow Thunderbolt or USB device connections
The MDM restriction âAllow Thunderbolt or USB device connectionsâ lets you manage a userâs ability to connect Thunderbolt or USB devices to a Mac by disabling the âAllow accessories to connectâ setting in System Settings > Privacy & Security.
What happens when you select the âAllow connected accessories while lockedâ restriction and an iPhone or iPad device is connected to a computer with a compatible Ethernet adapter?
A. The device maintains a data connection to a connected network only when a user unlocks it.
B. The device maintains a data connection to a connected network before a user unlocks it.
C. The device automatically unlocks after an hour so that you can refresh it using MDM.
B. The device maintains a data connection to a connected network before a user unlocks it.
When you select the âAllow connected accessories while lockedâ restriction and an iPhone or iPad device is connected to a computer with a compatible Ethernet adapter, the device maintains a data connection even before a user unlocks it.
Whatâs required before you can restrict accessory connections on iPhone or iPad?
A. Device supervision
B. A Managed Apple ID
C. An unsupervised Apple device
A. Device supervision
Configurations to restrict accessory connections require that your iPhone and iPad devices be supervised.
How do you ensure that only trusted host computers can pair with your organizationâs iPhone and iPad devices?
A. Allow pairing with only Mac computers.
B. Distribute the correct digital certificate to usersâ groups and devices.
C. Distribute the correct supervision identities to usersâ devices.
C. Distribute the correct supervision identities to usersâ devices.
When you deselect the âPair with non-Apple Configurator hostsâ restriction â and distribute the correct supervision identities to usersâ devices â you ensure that only trusted computers holding a valid supervision host certificate are allowed to access iPhone or iPad over Thunderbolt or USB.
Which of the following can you use to distribute a certificate identity to a device in a configuration profile?
A. A .p12 file
B. A PKI token
C. An MD5 hash file
A. A .p12 file
You can put a certificate identity into a PKCS #12 file protected with a password, and push the file to the device in a configuration profile.
When you compose a Mail message on a managed Apple device, what happens when Mail finds the certificate for a recipient email?
A. The user is asked to choose a certificate to sign the message.
B. A âSign this messageâ option appears left of the âTo:â field.
C. A padlock icon appears to the right of the recipientâs contact name, and the address text is blue.
C. A padlock icon appears to the right of the recipientâs contact name, and the address text is blue.
Mail consults the GAL to discover the recipientâs S/MIME certificate. When Mail finds the certificate for your recipient, a padlock icon appears to the right of the recipientâs contact name, and the address text is blue.
What do managed Apple devices require to send signed messages in Mail using S/MIME?
A. Your email address must be in the recipientâs GAL.
B. You must have your identityâs private key in your keychain.
C. Recipients must have your identityâs private key in their keychains.
B. You must have your identityâs private key in your keychain.
Private keys are important for signing messages in Mail. To send signed messages in Mail using S/MIME on a managed Apple device, you must have your identityâs private key in your keychain.
What do managed Apple devices require to send encrypted messages in Mail using S/MIME?
A. The public key from the recipientâs certificate
B. An encryption extension in the recipientâs certificate
C. A restriction payload with the âAllow sending encrypted messages using S/MIMEâ setting selected
A. The public key from the recipientâs certificate
Public keys are important for encrypting messages in Mail. To send encrypted messages in Mail using S/MIME on a managed Apple device, you must have the public key from the recipientâs certificate in your keychain.
What happens when you use Safari on iPhone or iPad to visit a site with a revoked certificate?
A. You are asked to delete the certificate.
B. You are directed to the CAâs website to update the certificate.
C. âThis Connection Is Not Privateâ appears instead of the contents of the site.
C. âThis Connection Is Not Privateâ appears instead of the contents of the site.
When you use Safari on iPhone or iPad to visit a site with a revoked certificate, âThis Connection Is Not Privateâ appears instead of the contents of the site.
Which type of query can you use to list all installed apps on a device?
A. Security
B. Installed app
C. Device information
D. Operating system
C. Device information
Device information queries return a deviceâs information about apps installed, battery level, and device name.
Which type of query can you use to find information about Find My and FileVault settings?
A. Security
B. Installed app
C. Device information
D. Operating system
A. Security
Security queries return a deviceâs information about whether it has the following enabled: Activation Lock, Find My, FileVault, Firmware password (for Intel-based Mac computers), and more.
Which type of query can you use to list all devices that need to be updated to new system software?
A. Security
B. Installed app
C. Device information
D. Operating system
D. Operating system
Operating system queries return a deviceâs information about the product version and whether specific update options are enabled.
