Planning for Implementation Flashcards

1
Q

What do you need to consider when evaluating MDM solutions?

A. Support for a wireless infrastructure
B. Pricing structure and subscription model
C. A device’s life cycle and trade-in value

A

B. Pricing structure and subscription model

Understand your organization’s budget and growth projections, then compare MDM solution pricing and subscription options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which is a deployment model to consider as part of your device management goals?

A. Application Programming Interface (API)
B. Over-the-air (OTA) enrollment
C. One-to-one

A

C. One-to-one

Also known as personally enabled, one-to-one is a deployment model you can consider when understanding your organization’s needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which is an important user authentication feature of an MDM solution that you should consider?

A. Support and integration with your identity provider or directory service
B. Support for future versions of macOS, iOS, and iPadOS
C. Support for the BYOD deployment model

A

A. Support and integration with your identity provider or directory service

Verify if the MDM solution supports your current identity provider or directory service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which aspect of your organization’s infrastructure should you evaluate to ensure that your organization meets the network roaming needs of users throughout a building?

A. Number of devices per user
B. Wi-Fi coverage and capacity
C. Adequate number of access points per device
D. Sources of interference caused by construction materials

A

B. Wi-Fi coverage and capacity

Evaluating Wi-Fi coverage and capacity helps you strategically place wireless access points that have enough power to meet the roaming needs throughout your organization’s facilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of network uses individual user credentials or device- and/or user-based certificates to control who or which devices can use the network?

A. Provisioning network
B. WPA2 Personal network
C. WPA2 Enterprise network

A

C. WPA2 Enterprise network

WPA2 Enterprise network uses individual user credentials or device- and/or user-based certificates to control who or what devices can use the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which functions require Apple devices to continuously access APNs?

A. Bonjour access, content caching, and internet connection sharing
B. SSO, VPN connectivity, and Wi-Fi network roaming
C. Notifications of operating-system and app updates, MDM policies, and messages
D. Ad and location tracking, Keychain data backup, and app suggestions

A

C. Notifications of operating-system and app updates, MDM policies, and messages

Apple devices learn of operating-system and app updates, MDM policies, and incoming messages through continuous access to APNs. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What should you do to ensure that Apple devices can access APNs and other Apple services on your organization’s network?

A. Configure all devices to auto-establish secure VPN access to Apple’s network.
B. Deploy devices with an SSO payload that are configured to allow access to Apple’s network.
C. Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.
D. Set up your network to work with Bonjour so that devices can connect to APNs and Apple services.

A

C. Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.

For Apple devices to access APNs and Apple services, you might need to adjust network configurations on web proxies or firewall ports to allow network traffic access to Apple’s network. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What’s the most commonly deployed authentication technology that both AD and SSO use?

A. Kerberos
B. MSCHAPv2
C. OAuth
D. SAML

A

A. Kerberos

Kerberos is the most commonly deployed authentication technology that both AD and SSO use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which Kerberos feature allows users to sign in once and access multiple authenticated services?

A. Sign in with Apple at Work & School
B. OAuth
C. Ticket-granting ticket (TGT)
D. SAML

A

C. Ticket-granting ticket (TGT)

TGT generates a ticket for the use of any resource that supports Kerberos without requiring the user to authenticate again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which feature allows administrators to streamline the creation of Managed Apple IDs based on existing Google Workspace or Entra ID data?

A. MSCHAPv2
B. Federated Authentication
C. Active Directory
D. SAML

A

B. Federated Authentication

Federated authentication can link Apple Business Manager, Apple Business Essentials, or Apple School Manager to your instance of Google Workspace or Entra ID to automatically create Managed Apple IDs for your users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What’s a benefit of using Apple Business Manager or Apple School Manager to automate MDM enrollment during initial setup of managed Apple devices?

A. You can track the location of managed devices.
B. You can make the enrollment mandatory and nonremovable on user-owned devices.
C. You can make the enrollment mandatory and nonremovable on organization-owned devices.

A

C. You can make the enrollment mandatory and nonremovable on organization-owned devices.

Using Apple Business Manager or Apple School Manager provides additional enrollment options for managed, organization-owned Apple devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which strategy would be most effective in a scenario where an organization wants to ensure that users always have the apps they need on their devices and to control the access and exchange of the organization’s sensitive information?

A. Deploy devices to users in shared mode.
B. Install a nonremovable managed app onto the devices.
C. Convert all unmanaged apps on the devices to managed apps.

A

B. Install a nonremovable managed app onto the devices.

Nonremovable managed apps are ideal for deployment scenarios where an organization wants to ensure that users always have the apps they need on their devices and to control the access and exchange of the organization’s sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What’s the main benefit of using Managed Device Attestation when deploying Apple devices in an organization?

A. It allows the MDM administrator to use a bypass code to erase a device and assign it to a new user.
B. It allows a user to unlock the storage on APFS volumes that require a secure token and then become owners of the volume.
C. It provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.

A

C. It provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.

Managed Device Attestation provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why might you create a security policy that enforces the use of FileVault for data encryption on a managed Mac?

A. This policy ensures that users can’t disable FileVault.
B. When you use an MDM solution to enable FileVault, it adds a Recovery Key to a user’s iCloud account.
C. FileVault is compatible with any Apple device.
D. You can use third-party encryption algorithms to configure FileVault.

A

A. This policy ensures that users can’t disable FileVault.

Users can’t disable FileVault if you enforce it with a configuration profile on managed Mac computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which benefit helps IT administrators reduce the need to perform extensive configurations on Apple devices?

A. Many security features are turned on by default.
B. Users can select a security profile in Setup Assistant.
C. IT administrators can deliver and enforce policies without an MDM solution.
D. IT administrators can issue remote commands to devices to erase all private information.

A

A. Many security features are turned on by default.

Because many security features on Apple devices are turned on by default, administrators save time when they configure devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What happens if your Apple device can’t validate the trust chain of a signing CA?

A. The service encounters an error.
B. The CA is added to the unapproved list.
C. The user is asked to enter the device password or passcode.

A

A. The service encounters an error.

If your Apple device can’t validate the trust chain of a signing CA, the service encounters an error.

17
Q

Which MDM payload setting can you use to turn off updating certificates wirelessly for iPhone and iPad devices?

A. Automatic sync while roaming
B. Allow users to accept untrusted TLS certificates
C. Allow automatic updates to certificate trust settings

A

C. Allow automatic updates to certificate trust settings

When you deselect this option and push the payload to your device, you prevent wireless certificate updates.

18
Q

You’ve installed a payload on your managed Apple device that prevents users from accepting untrusted TLS certificates.

What happens when users try to access a webpage that uses an untrusted TLS certificate and then tap Show Details?

A. They’re asked to contact the issuing CA to validate the certificate.
B. They can tap “view the certificate,” but they can’t trust this certificate or visit the site.
C. They can’t tap “view the certificate,” and they can view only the unsecured version of the webpage.

A

B. They can tap “view the certificate,” but they can’t trust this certificate or visit the site.

When you deselect the option “Allow users to accept untrusted TLS certificates,” users can’t accept untrusted TLS certificates or visit sites that use untrusted certificates.