questions

Question 1

As a Workspace ONE administrator, you have been tasked with creating a custom visualization for management that shows device statistics, trust network threats, and application adoption metrics in a single view.
Which feature of Workspace ONE can be used?

A. Workspace ONE Intelligence Dashboards
B. Workspace ONE Access Application View
C. Workspace ONE Intelligence Automations
D. Workspace ONE UEM Device List View

Answer 1

A. Workspace ONE Intelligence Dashboards

Question 2

Which Workspace ONE UEM feature can assist in sending event log information to a Security Information and Event Management (SIEM) tool?

A. Syslog Integration
B. Relay Server Integration
C. Certificate Authority Integration
D. File Storage Integration

Answer 2

A. Syslog Integration

Question 3

Which two steps would an administrator complete to enable auto-discovery for their Workspace ONE UEM environment? (Choose two.)

A. Enter the email domain when installing the AirWatch Cloud Connector.
B. Verify the domain by accepting the link in the email that registered auto-discovery.
C. Register email domain within Workspace ONE UEM.
D. Enter the email domain when establishing directory services.
E. Email auto-discovery@workspaceone.com with the domain the administrator wants to register.

Answer 3

B. Verify the domain by accepting the link in the email that registered auto-discovery.
C. Register email domain within Workspace ONE UEM.

Question 4

What two features of Hub Services can be enabled without enabling Workspace ONE Access and having the authentication mode set to Workspace ONE UEM?
(Choose two.)

A. enable SSO for applications
B. enable People Search
C. notifications for iOS and Android
D. Hub Virtual Assistant Chatbot
E. Hub Catalog layout

Answer 4

C. notifications for iOS and Android
E. Hub Catalog layout

Question 5

Where is Hub Services component co-located?
A. Workspace ONE Intelligence
B. Workspace ONE Access
C. Workspace ONE Airlift
D. Workspace ONE UEM

Answer 5

B. Workspace ONE Access

Question 6

Which two Workspace ONE UEM core components are required for all on-premises environments? (Choose two.)
A. Device Services
B. AirWatch Cloud Connector
C. Unified Access Gateway
D. Secure Email Gateway
E. Console Services

Answer 6

A. Device Services
E. Console Services

Question 7

An administrator would like to track these details for all Windows desktops managed by Workspace ONE UEM:
✑ driver details for a mouse driver
✑ warranty information for OS
✑ registry value of internal apps
Which Workspace ONE UEM utility can the administrator use?
A. Create LGPO and assign to Windows devices.
B. Create sensors and assign to Windows devices.
C. Create an OEM update profile and assign to Windows devices.
D. Create Application Control profile and assign to Windows devices.

Answer 7

B. Create sensors and assign to Windows devices.

Question 8

When using Workspace ONE 20.x and higher, which three ways can an administrator using UEM automatically move devices into specified organization groups?
(Choose three.)
A. user group mappings
B. device type mappings
C. location based mappings
D. IP-based mappings
E. device ownership mappings

Answer 8

A. user group mappings
D. IP-based mappings
E. device ownership mappings

Question 9

What product from Workspace ONE needs to be enabled to provide administrators a flexible method for alerting and informing end-users?
A. AirWatch Cloud Connector
B. Workspace ONE Intelligence
C. Workspace ONE Hub Services
D. VMware Tunnel

Answer 9

C. Workspace ONE Hub Services

Question 10

What component of the Hub Services can be integrated with Physical Access Control Systems to allow the Workspace ONE Intelligent app on mobile devices to act as digital badge?
A. Hub Employee Self-service
B. Hub Passport
C. Hub Catalog
D. Hub Access

Answer 10

B. Hub Passport

Question 11

Which administrative console is used to change to an organization logo (branding) in the Intelligent Hub Catalog?
A. Workspace ONE Access
B. Workspace ONE Hub Services
C. Workspace ONE
D. Workspace ONE UEM

Answer 11

B. Workspace ONE Hub Services

Question 12

Which is true about Workspace ONE compatibility when deploying content across different device types?
A. Content cannot be distributed to iOS devices.
B. Content cannot be distributed by Workspace ONE.
C. Content can be distributed to devices types including iOS, Android, Windows, and MacOS.
D. Content can be distributed to devices types including iOS, Android, and Windows.

Answer 12

C. Content can be distributed to devices types including iOS, Android, Windows, and MacOS.

Question 13

A Workspace ONE UEM administrator is migrating collections, applications, and policies from SCCM to Workspace ONE.
When using AirLift, which three of the following must the administrator allow AirLift to access on the ConfigMgr server? (Choose three.)
A. Port 443 or specified TLS port if Secure Connection is configured
B. WinRM port (typically 5985)
C. Port 3268 or the specified Global Catalog port
D. Port 389 for Active Directory
E. Interactive Login Permissions

Answer 13

A. Port 443 or specified TLS port if Secure Connection is configured
B. WinRM port (typically 5985)
E. Interactive Login Permissions

Question 14

Which protocol does Workspace ONE use to communicate with third party Identity Providers?
A. SAML
B. Kerberos
C. RADIUS
D. OAuth

Answer 14

A. SAML

Question 15

Which three Workspace ONE Edge Services are included in Unified Access Gateway? (Choose three.)
A. AirWatch Cloud Connector
B. Content Gateway
C. Secure Email Gateway
D. Workspace ONE Intelligence Connector
E. VMware Tunnel

Answer 15

B. Content Gateway
C. Secure Email Gateway
E. VMware Tunnel

Question 16

An administrator is tasked with determining the root cause for a recent outage where devices were not able to authenticate. An investigation revealed a single
AirWatch Cloud Connector (ACC) server that had a disk error which caused it to be completely unresponsive.
Which VMware resiliency recommendation would have prevented this outage?
A. High Availability
B. Disaster Recovery
C. Cloud Hosted ACC
D. Restart ACC

Answer 16

A. High Availability

Question 17

Which of the following authentication methods is needed to be enabled/configured for an administrator to leverage Day Zero Onboarding?
A. Token Auth Adapter
B. Workspace ONE UEM External Access Token
C. FIDO2
D. Certificate-based authentication
E. Verify (Intelligent Hub)

Answer 17

A. Token Auth Adapter

Question 18

When configuring a Certificate Authority in Workspace ONE, which three protocols are supported? (Choose three.)
A. ADCS
B. SCEP
C. EST
D. PKI
E. CMP

Answer 18

A. ADCS
B. SCEP
D. PKI

Question 19

Which feature of Workspace ONE UEM can be configured to allow reports to run on a schedule and have them delivered to a subset of administrators?
A. Windows Scheduled Tasks
B. Report Subscriptions
C. Timed Report Execution
D. SQL Server Reporting Services

Answer 19

B. Report Subscriptions

Question 20

A customer has decided to use VMware Workspace ONE as their primary SAAS solution for endpoint management. The customer’s security team requires all infrastructure to support High Availability (HA).
Which two components of Workspace ONE will need to be maintained by the customer? (Choose two.)
A. AirWatch Cloud Connector
B. Workspace ONE Database
C. Console Services Servers
D. Unified Access Gateway
E. Device Services Server

Answer 20

A. AirWatch Cloud Connector
D. Unified Access Gateway

On another page I have found the same question where only one answer is right. In this case it was UAG only.

Question 21

A company has BYOD iOS devices and would like to give them access to internal sites in VMware Web without requiring full device management.
Which VMware best practice configuration is needed to enable this?
A. Configure Tunnel for VMware Tunnel in the SDK settings.
B. Configure Tunnel for VMware Tunnel Proxy in the SDK settings.
C. Configure a VPN Profile for VMware Tunnel.
D. Configure a VPN Profile for VMware Tunnel Proxy.

Answer 21

A. Configure Tunnel for VMware Tunnel in the SDK settings.

Question 22

Which three are features of the Workspace ONE Content Gateway service? (Choose three.)
A. Encrypted communications using SSL/TLS.
B. Secure access to internal repositories.
C. Provides health status on external repositories.
D. Support for most corporate file servers.
E. Provides email notification for Exchange mail.

Answer 22

A. Encrypted communications using SSL/TLS
B. Secure access to internal repositories.
D. Support for most corporate file servers.

Question 23

Which is used to authenticate and encrypt traffic from individual applications on compliant devices to internal resources?
A. VMware Tunnel
B. Device Compliance
C. Workspace ONE Intelligence
D. Email Notification Service

Answer 23

A. VMware Tunnel

Question 24

Which three options are supported by Workspace ONE Access? (Choose three.)
A. Configuring Per-App VPN.
B. Configuring conditional access.
C. Configuring network segmentation.
D. Configuring Mobile SSO.
E. Configuring unified application catalog.
F. Configuring encryption.

Answer 24

B. Configuring conditional access.
D. Configuring Mobile SSO.
E. Configuring unified application catalog.

Question 25

An administrator would like to customize their admin consoles default branding to include the company logo and reflect the company’s text color and background.
How would the administrator accomplish this task?
A. Navigate to UEM Console, All Settings, System, Branding. Click Branding and edit the settings in the Branding page as appropriate.
B. Navigate to the Configurations tab on the console. Click Branding. Edit the settings in the Branding page as appropriate.
C. Navigate to the Hub Service console Home page. Click Branding. Edit the settings in the Branding page as appropriate.
D. Navigate to UEM Console, All Settings, Hub Services. Click Branding and edit the settings in the Branding page as appropriate.

Answer 25

A. Navigate to UEM Console, All Settings, System, Branding. Click Branding and edit the settings in the Branding page as appropriate.

Question 26

Which two statements are true about Content Gateway and Tunnel on Unified Access Gateway? (Choose two.)
A. Both can be configured with the same hostname on port 8443.
B. Both can be configured with the same hostname on different ports.
C. Both can be configured on port 8443 with different hostnames.
D. Both can be configured with the same hostname on port 443.
E. Both can be configured on port 443 with different hostnames.

Answer 26

B. Both can be configured with the same hostname on different ports.
E. Both can be configured on port 443 with different hostnames.

Question 27

An administrator has set up an iOS compliance policy for unwanted apps.
Which of the following is the expected behavior when Workspace ONE UEM receives the app sample indicating the presence of the unwanted app?
A. After 1 day, end user will receive the push notification.
B. The concerned device will be marked as Non-compliant immediately.
C. The concerned device will be unenrolled.
D. After 2 days, all managed apps will be blocked/removed from the concerned device.

Answer 27

D. After 2 days, all managed apps will be blocked/removed from the concerned device.

Question 28

Which two configuration steps must be performed when managing iOS devices? (Choose two.)
A. Obtain an Apple Server Certificate.
B. Obtain an Apple ID.
C. Obtain an APNS certificate.
D. Obtain an Apple Developer ID.
E. Obtain an iCloud Account.

Answer 28

B. Obtain an Apple ID.
C. Obtain an APNS certificate.

Question 29

Which of the following is a prerequisite to deploy VMware Unified Access Gateway OVF?
A. VMware vSphere
B. VMware Workstation
C. VMware Fusion
D. VMware Horizon

Answer 29

A. VMware vSphere

Question 30

Drag and drop the device operating system on the left into the box associated with its third party messaging solution.
Select and Place:

iOS
Android
Windows
—————
FCM
WNS
APNS

Answer 30

iOS - APNS
Android - FCM
Windows - WNS

Question 31

Which three can be used to enforce conditional access in Workspace ONE? (Choose three.)
A. device ownership type
B. device enrollment method
C. device platform
D. application specific
E. network range
F. user-based role

Answer 31

C. device Platform
D. Application specific
E. Network range

Question 32

A customer intends to implement Android device management in their environment.
Which three enrollment options would result in an end-user experience in which a dedicated container is created on the device for only business applications and contents? (Choose three.)
A. Knox Container
B. Device Enrollment Program (DEP)
C. Work Managed Device
D. Legacy enrolled
E. Corporate Owned Personally Enabled (COPE)
F. Work Profile

Answer 32

C. Work Managed Device
E. Corporate Owned Personally Enabled (COPE)
F. Work Profile

Question 33

Question #34Topic 1
An administrator is preparing to setup email management for Office 365 in UEM.
Which is VMware’s recommended email deployment model for this scenario?
A. VPN
B. Proxy
C. Indirect
D. Direct

Answer 33

D. Direct

Question 34

Which type of design is a diagram that includes network zones, network components, server locations, and hardware recommendations?
A. Physical
B. Logical
C. Theoretical
D. Conceptual

Answer 34

A. Physical

Question 35

Which three features within Hub Services can an administrator leverage when Workspace ONE Access is configured and integrated with Workspace ONE UEM?
(Choose three.)
A. Email Notification
B. Mobile Flows
C. AirLift
D. Virtual Assistant
E. People

Answer 35

B. Mobile Flows
D. Virtual Assistant
E. People

Question 36

An administrator is concerned with data loss on Workspace ONE managed endpoints.
Which three configurations should be enabled to further improve the device security posture? (Choose three.)
A. Configure compliance policies to monitor rooted and jailbroken devices.
B. Configure compliance policies to monitor Roaming Cell Data Usage.
C. Enable device-level data encryption.
D. Enable SMTP integration.
E. Enable verbose logging.
F. Enable Data Loss Prevention policies.

Answer 36

A. Configure compliance policies to monitor rooted and jailbroken devices.
C. Enable device-level data encryption.
F. Enable Data Loss Prevention policies.

Question 37

An organization has purchased a SaaS Workspace ONE solution and wants to implement these:
✑ integration with back-end resources like Active Directory from Microsoft to sync users and groups
✑ Kerberos authentication
✑ integration with Virtual Desktops and Applications from services (Horizon 7, Horizon Cloud, or Citrix)
✑ third party integration with RSA SecureID, RADIUS for authentication
Which Workspace ONE component is required?
A. VMware AirWatch Cloud Connector
B. VMware Workspace ONE Access Connector
C. VMware Workspace ONE Assist
D. VMware Workspace Unified Access Gateway

Answer 37

B. VMware Workspace ONE Access Connector

Question 38

A customer is managing only iOS devices using Workspace ONE. They would like to begin managing Android devices.
What would be the first step an administrator needs to complete to begin managing Android Devices?
A. Download and deploy Workspace ONE Unified Access Gateway.
B. Complete Android EMM registration from Workspace One Console.
C. Download and deploy Workspace ONE Access Connectors for Android devices.
D. Configure a Workspace ONE AirLift Server-side Connector.

Answer 38

B. Complete Android EMM registration from Workspace One Console.

Question 39

For federal clients, FIPS 140-2 and AES 256-bit encryption are applied to which three areas? (Choose three.)
A. data in use
B. data in flying
C. data in pace
D. data in rest
E. data in transit

Answer 39

A. data in use
D. data in rest
E. data in transit

Question 40

An administrator has received complaints from end-users not receiving consistent email notifications on their iOS devices. Email is configured on the end-users devices using only the VMware Boxer email client. Boxer is only configured from Workspace ONE to use Office 365.
What can the administrator do to resolve the inconsistent email notifications?
A. Configure VMware ENS v2 to provide consistent notification experience.
B. Configure SEG v2 to provide a better notification experience.
C. Configure Mobile SSO for VMware Boxer to prevent users from entering credentials.
D. Configure VPN tunnel with a Boxer configuration, so that it is able to connect to the internal network.

Answer 40

A. Configure VMware ENS v2 to provide consistent notification experience.

Question 41

You are an administrator configuring custom reports in Workspace ONE Intelligence.
What is the maximum number of custom reports you can create per Organization Group (OG)?
A. 10
B. 50
C. 99
D. 500

Answer 41

B. 50

Question 42

An administrator wants to leverage the Workspace ONE Web application to allow end-user credentials to be passed to specific internal sites.
Which security policy in Workspace ONE UEM must be configured?
A. Offline Access
B. Single Sign-On
C. Network Access Control
D. Integrated Authentication

Answer 42

D. Integrated Authentication

Question 43

Which three are features of the ENS v2? (Choose three.)
A. Supports most existing corporate file servers.
B. Provides email notification for Exchange Active Sync.
C. Secures access to internal content repositories.
D. Updates the badge count for an unread email.
E. Triggers a background sync on Workspace ONE Boxer.

Answer 43

B. Provides email notification for Exchange Active Sync.
D. Updates the badge count for an unread email.
E. Triggers a background sync on Workspace ONE Boxer.

Question 44

An organization has a split network comprised of a DMZ and an internal network.
Which Workspace ONE UEM edge service does VMware recommend to be deployed within the organization’s internal network?

A. VMware Unified Access Gateway with (VMware Tunnel Back-End)
B. VMware Unified Access Gateway with (VMware Tunnel Proxy)
C. VMware Unified Access Gateway with (VMware Tunnel Front-End)
D. VMware Unified Access Gateway with (SEG v2)

Answer 44

A. VMware Unified Access Gateway with (VMware Tunnel Back-End)

Question 45

An administrator is seeing user attributes not updating in the Workspace ONE UEM console automatically.

A. In Scheduler Services, restart user merge.
B. In Directory Services, enable auto merge.
C. In Directory Services, enable auto sync.
D. In Scheduler Services, restart user sync.

Answer 45

B. In Directory Services, enable auto merge.

Question 46

When using a third party load balancer to provide the tunnel service on the Unified Access Gateway (UAG), what should the SSL setting be on the load balancer?
A. SSL Re-encryption
B. SSL Encryption
C. SSL Offloading
D. SSL Passthrough

Answer 46

D. SSL Passthrough

https://techzone.vmware.com/understand-and-troubleshoot-tunnel-connections#_1371939

Question 47

Which Security Assertion Markup Language (SAML) configuration item is a pre-requisite to creating a third party identity provider in Workspace ONE Access?
A. SAML AuthN Request
B. SAML Assertion
C. SAML AuthN Context
D. SAML Metadata

Answer 47

Answer should be D

It is listed under https://docs.vmware.com/en/VMware-Workspace-ONE-Access/20.01/ws1_access_authentication/GUID-0C459D5A-A0FF-4893-87A0-10ADDC4E1B8D.html
In pre-requisite

Question 48

When integrating Workspace ONE SDK with a productivity app, which three are required for SDK app deployment? (Choose three.)
A. Targeted devices need to be enterprise wiped.
B. App needs to be pushed and managed.
C. App needs to be sideloaded.
D. SDK Profile needs to be assigned.
E. Targeted devices need to be enrolled and managed by UEM.

Answer 48

B. App needs to be pushed and managed.
D. SDK Profile needs to be assigned.
E. Targeted devices need to be enrolled and managed by UEM.

Question 49

Drag and drop the device operating system on the left into the box associated with its third party messaging solution.
IOS
Android
Windows
————-
FCM
APNS
WNS

Answer 49

IOS - APNS
Android - FCM
Windows - WNS

https://www.hexnode.com/blogs/comparison-apple-push-notification-service-apns-gcm-fcm-wns/

Question 50

An administrator is configuring the on-premises auxiliary components for a first time implementation. During initial testing the administrator notices an error and is unable to browse the environment from a work issued PC located on the internal network. While accessing other internet sites, the administrator has no issues browsing or accessing publicly available sites. After talking with the IT department, the administrator confirmed there have been no new firewall rules added.
Which could be a reason the administrator is having issues accessing the newly created SaaS environment?
A. The Windows 10 profile has not been pushed to the device to allow access to the environment.
B. The administrator is utilizing IPv6 addressing and needs to revert to IPv4 addressing.
C. The VMware IP space has not been whitelisted for access in the administrator’s firewall rules.
D. The Workspace ONE environment needs to be upgraded to a compatible version with the customers firewall.

Answer 50

C. The VMware IP space has not been whitelisted for access in the administrator’s firewall rules.

Discussions & Chat GPT vote for C

Question 51

An administrator must ensure enrolled corporate owned Android Enterprise devices do not update during the holiday season.
Which is VMware’s recommended best practice to accomplish this?
A. Deliver ‘Restrictions’ profile that disables Play Store on devices.
B. Deliver ‘System Updates’ profile with change freeze payload.
C. Deliver ‘System Updates’ profile that defers updates up to 30 days.
D. Deliver ‘Restrictions’ profile that disables chrome on devices.

Answer 51

B. Deliver ‘System Updates’ profile with change freeze payload.

Question 52

Which three functions are supported by Workspace ONE Intelligence? (Choose three.)
A. Conduct augmented analysis with artificial intelligence.
B. Perform integration with other service platforms.
C. Create a custom report.
D. Set event driven automated API actions.
E. Automate suggested actions based on VMware recommended practices.

Answer 52

B. Perform integration with other service platforms.
C. Create a custom report.
D. Set event driven automated API actions.

Discussions choose D over E

Question 53

Which underlying technology does Workspace ONE Access use to collect Workspace ONE UEM device information?
A. SOAP API
B. REST API
C. AirWatch Cloud Connector (ACC)
D. Security Assertion Markup Language (SAML)

Answer 53

B. REST API

Question 54

Which is required to deliver a Check In, Check Out experience on an Android Device?
A. Enable VMware Workspace ONE Intelligence.
B. Deliver Launcher profile to the end-user.
C. Use a basic user as a staging account.
D. Block open enrollment into Workspace ONE UEM.

Answer 54

B. Deliver Launcher profile to the end-user.

https://blogs.vmware.com/euc/2021/03/android-enterprise-native-check-in-check-out-now-supported-in-workspace-one-uem-android-video-series-episode-17.html

Question 55

When Single Logout (SLO) is disabled in a third party identity provider configuration of Workspace ONE Access, what is the default action taken upon a user signing out of Workspace ONE Access?
A. The user is redirected back to the Workspace ONE Access catalog.
B. The user is redirected to the third party identity provider URL provided in metadata.
C. The user is redirected to a custom URL provided in the identity provider configuration.
D. The user is redirected to the default Workspace ONE Access login page.

Answer 55

D. The user is redirected to the default Workspace ONE Access login page.

Question 56

When creating third party identity providers in Workspace ONE Access, which two SAML assertion components can be used to identify the user? (Choose two.)
A. NameID Element
B. SAML Attribute
C. SAML EntityID
D. NameID Signature
E. SAML Issuer

Answer 56

A. NameID Element
B. SAML Attribute

https://docs.vmware.com/en/VMware-Workspace-ONE-Access/20.01/ws1_access_authentication/GUID-0C459D5A-A0FF-4893-87A0-10ADDC4E1B8D.html

Question 57

Which is highly recommended to be installed for directory services integration in a Software as a Service environment (SaaS)?
A. AitWatch Cloud Connector
B. AirWatch Cloud Messaging
C. Workspace ONE Adaptive Connector
D. AirWatch API components

Answer 57

B. AirWatch Cloud Messaging

Question 58

During an enrollment attempt, a user enters their email address in the initial field in the Intelligent Hub. The user receives an error stating, “Something went wrong with discovery”.
Which configuration setting can be enabled to allow end users to enter an email address instead of a Server URL?
A. Allow only known users
B. Pre-Register devices
C. Autodiscovery Enrollment
D. Enrollment Token

Answer 58

C. Autodiscovery Enrollment

Question 59

Which is used to authenticate and encrypt traffic from individual applications on compliant devices to internal resources?
A. Email Notification Service
B. Device Compliance
C. Workspace ONE Intelligence
D. VMware Tunnel

Answer 59

D. VMware Tunnel

Question 60

Which Workspace ONE UEM console feature can be leveraged to confirm a Certificate Authority (CA) is accessible?
A. Test Connection button
B. PKI Validation button
C. Request Dummy Cert button
D. SCEP Request button

Answer 60

A. Test Connection button

Question 61

Which auxiliary component, with a default configuration, has the ability to self-update after an upgrade?
A. Workspace ONE Access Connector
B. Unified Access Gateway
C. Secure Email Gateway on UAG
D. AirWatch Cloud Connector

Answer 61

D. AirWatch Cloud Connector

Question 62

A certificate profile set to AUTO will expire in 2 days and no new certificates are being renewed.
Which certificate template configuration can an administrator modify to start renewing these certificates sooner?
A. Set or lower the certificate the private key length.
B. Set or increase the certificate revocation period.
C. Set or lower the certificate revocation period.
D. Set or increase the certificate auto renewal period.

Answer 62

D. Set or increase the certificate auto renewal period.

Question 63

Which three internal applications are supported by Workspace ONE UEM 20.01? (Choose three.)
A. .ipa
B. .apk
C. .msi
D. .msix
E. .ppkg
F. .app

Answer 63

A. .ipa
B. .apk
C. .msi

Question 64

Which two are IT-driven on-boarding workflows for Windows 10 devices? (Choose two.)
A. command line interface (CLI) staging
B. ODBII
C. manual device staging
D. OOBE
E. native MDM enrollment

Answer 64

A. command line interface (CLI) staging
C. manual device staging

Question 65

IT management has announced all traffic from the DMZ will be blocked unless it passes through a newly configured proxy, effective immediately. Administrators notice that SEGv2 is unable to contact the Workspace ONE API server.

Which configuration will the administrators need to amend and apply to the SEGv2 servers?
A. inbound proxy
B. SSL offloading
C. KCD integration
D. outbound proxy

Answer 65

D. outbound proxy

Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2001/WS1_SEGV2_Doc.pdf (21)

Question 66

An administrator wants to use VMware Unified Access Gateway (UAG) appliance to enable devices to connect to internal resources without needing the Workspace ONE UEM SDK.
Which method can the administrator use to deploy the UAG appliance?
A. Manual install to a Linux Server
B. PowerShell install to a Windows Server
C. Manual install to a Windows Server
D. PowerShell install to vSphere

Answer 66

D. PowerShell install to vSphere

Question 67

Which two authentication methods are available in the Workspace ONE UEM console? (Choose two.)
A. SAML
B. Azure AD
C. CAPTCHAs
D. OAUTH
E. Certificate Based Authentication

Answer 67

D. OAUTH
E. Certificate Based Authentication

Question 68

Which is the default service lookup when configuring and integrating Lightweight Directory Access Protocol (LDAP) in VMware Identity Manager?
A. Active Directory Integrated Windows
B. Active Directory over LDAP
C. Enterprise OVA Connector
D. Enterprise System Connector

Answer 68

B. Active Directory over LDAP

Question 69

For macOS Software Distribution, which three file types are supported? (Choose three.)
A. .IPA
B. .MPKG
C. .DMG
D. .PKG
E. .APK

Answer 69

B. .MPKG
C. .DMG
D. .PKG

Question 70

Which configuration allows an administrator to create personalized reporting in Workspace ONE UEM Console?
A. Workspace ONE UEM Reporting
B. Workspace ONE Intelligence Custom Reporting
C. Workspace ONE UEM Custom Reporting
D. Workspace ONE Intelligence Widgets

Answer 70

B. Workspace ONE Intelligence Custom Reporting

Question 71

An administrator wants to enable end-users to leverage a robust catalog, people search, notifications, and an option to create a custom tab.
Which two products from the Workspace ONE platform are required to be configured to leverage the full feature Workspace ONE Intelligent Hub? (Choose two.)
A. VMware Tunnel
B. Workspace ONE UEM
C. VMware Unified Access Gateway
D. Workspace ONE Intelligence
E. Workspace ONE Access

Answer 71

B. Workspace ONE UEM
E. Workspace ONE Access

Question 72

An existing Workspace ONE environment contains 20,000 users/devices. An additional 25,000 users/devices are planning to be added to the system. The total number of users will be 45,000.
Which is VMware’s best practice recommendation for determining the additional hardware that may be required?
A. Add an additional server at each node to ensure overhead for the new device addition.
B. No scaling will be needed for the additional device count and load on the environment.
C. Review the latest recommended architecture documentation for server scalability recommendations.
D. Review recommended architecture documentation from any version for server scalability recommendations.

Answer 72

C. Review the latest recommended architecture documentation for server scalability recommendations.

Question 73

Which three are fields populated by an administrator when adding SaaS Web Applications on Workspace ONE Access? (Choose three.)
A. application parameters
B. first name format
C. username format
D. username source ID
E. application format
F. Single Sign-On URL

Answer 73

A. application parameters
C. username format
F. Single Sign-On URL

Question 74

Which three security technologies in Workspace ONE ensure endpoint data loss prevention on devices? (Choose three.)
A. The device is encrypted.
B. The device is made FIPs compliant.
C. The device user’s directory password rotation policy is applied.
D. The device is monitored with real time threat detection.
E. The device has a compliant passcode.

Answer 74

A. The device is encrypted.
D. The device is monitored with real time threat detection.
E. The device has a compliant passcode.

Question 75

Which component is required to communicate with AirWatch Cloud Connector?
A. AirWatch REST API services
B. VMware Workspace ONE Device services
C. VMware Workspace ONE Console services
D. AirWatch Cloud Messaging service

Answer 75

D. AirWatch Cloud Messaging service

Question 76

Which three are features of the Email Notification Service? (Choose three.)
A. Secure access to internal content repositories.
B. Trigger a background sync on Workspace ONE Boxer.
C. Update the badge count for an unread email.
D. Provide email notification for Exchange mail.
E. Support most existing corporate file servers.

Answer 76

B. Trigger a background sync on Workspace ONE Boxer.
C. Update the badge count for an unread email.
D. Provide email notification for Exchange mail.

Question 77

What is the purpose of the Workspace ONE UEM Security Pin?
A. Serves as a second layer of security for administrators while preventing inadvertent commands.
B. Provides multi-factor authentication for users during device enrollment.
C. Provides a second factor of authentication for administrators during console login.
D. Serves as a second layer of security for end users while preventing inadvertent commands.

Answer 77

A. Serves as a second layer of security for administrators while preventing inadvertent commands.

Question 78

A Workspace ONE administrator is configuring email for an organization that uses Microsoft Exchange Online (Office 365). The organization has an extreme security posture and wants to require all email attachments be encrypted.
Which is needed to meet the organization’s requirement?
A. Boxer with DLP enabled
B. PowerShell integration with default blacklist
C. Native Mail configuration with device pin based encryption
D. SEGv2 with content transforms

Answer 78

A. Boxer with DLP enabled

Question 79

A Workspace ONE UEM SaaS environment is no longer synchronizing new users with Active Directory. All configuration settings are correct and the users and groups are mapped properly in the console.
Which integration server should be checked for connectivity issues?
A. Secure Email Gateway
B. Unified Access Gateway
C. Device Services Server
D. AirWatch Cloud Connector

Answer 79

D. AirWatch Cloud Connector

Question 80

Which would an administrator use to configure the remote wiping of privileged corporate content and set notification thresholds when a minimum number of devices are wiped within a certain amount of time?

A. Compromised Protection Settings
B. Notification for Device Blocked
C. Managed Device Wipe Protection
D. Notifications for Device Enroll/Unenroll

Answer 80

C. Managed Device Wipe Protection

Question 81

Which two preconfigured automation templates categories are available in Workspace ONE 20.01? (Choose two.)
A. Workspace ONE UEM
B. Bitnami
C. Pivotal
D. Workspace ONE Access
E. Carbon Black

Answer 81

A. Workspace ONE UEM
E. Carbon Black

Question 82

Which two are needed from the directory when configuring user and group settings for Directory Service integration? (Choose two.)
A. Base DN
B. Group & Function Class
C. Functional Level
D. User & Group Object Class
E. AD Server IP

Answer 82

A. Base DN
D. User & Group Object Class

Question 83

An administrator has been tasked with automating an action for the internal IT team via available APIs.
Where can the administrator find a repository of all API commands with syntax and example?

A. Navigate to <APIServerURL>/api/help.
B. Navigate to the Intelligent HUB and find the latest API guide.
C. Navigate to VMware Docs and find the latest API guide.
D. Navigate to <APIServerURL>/apiv2/commands.</APIServerURL></APIServerURL>

Answer 83

A. Navigate to <APIServerURL>/api/help.</APIServerURL>

Question 84

An administrator is setting up the organization group (OG) hierarchy using this information:
company has two departments to enroll devices into company has one Active Directory to integrate with company has only one Volume Purchase Program (VPP) account to deploy Purchased apps What is VMware’s recommended best practice for which OG should be set to Customer type?
A. Global (Main)
B. Company (Sub)
C. Department 2 (Sub-Sub)
D. Department 1 (Sub-Sub)

Answer 84

B. Company (Sub)

Question 85

Which domain attribute must be included to meet the SAML assertion requirement for Just-in-Time (JIT) provisioning of users in the Workspace ONE Access service?
A. distinguishedName
B. userName
C. firstName
D. lastName

Answer 85

B. userName

Question 86

An administrator wants to create a new Workspace ONE Access Policy that is specific only to a newly created IP subnet.
Which three Workspace ONE Access Policy settings would the administrator set? (Choose three.)
A. network range
B. authentication method
C. subnet range
D. device type
E. attribute type
F. assignment method

Answer 86

A. network range
B. authentication method
D. device type
https://docs.vmware.com/en/VMware-Workspace-ONE-Access/19.03/idm-administrator/GUID-C2B03912-C7D8-4524-AE6E-8E8B901B9FD6.html

Question 87

When troubleshooting group syncs through the AirWatch Cloud Connector, which log file should be reviewed?
A. c:<InstallDir>LogsCloudConnector.log
B. c:<InstallDir>LogsCloudConnector_MMDDYY.log
C. c:<InstallDir>LogsACC.log
D. c:<InstallDir>LogsIDMConnector.log</InstallDir></InstallDir></InstallDir></InstallDir>

Answer 87

A. c:<InstallDir>LogsCloudConnector.log</InstallDir>

Question 88

Which feature of Workspace ONE UEM can be configured to allow reports to run on a schedule and have them delivered to a subset of administrators?
A. SQL Server Reporting Services
B. Timed Report Execution
C. Report Subscriptions
D. Windows Scheduled Tasks

Answer 88

C. Report Subscriptions

Question 89

What does COPE stand for in Android Enterprise?
A. corporate owned, privacy exception
B. corporate owned, personally enabled
C. co-owned, personally enabled
D. co-owned privacy exception

Answer 89

B. corporate owned, personally enabled

Question 90

Which service is supported when using only Legacy Connectors with Workspace ONE Access?
A. Kerberos Authentication
B. Directory Sync
C. User Authentication
D. Virtual Apps Integration

Answer 90

B. Directory Sync

Question 91

While referencing the exhibit, which SDK profile does Security Policies belong to?
A. Custom SDK Profile
B. Default SDK Profile
C. Application Profile
D. Intune SDK Profile

Answer 91

B. Default SDK Profile

Question 92

The CEO has informed a Workspace ONE administrator an important recurring report was not received in email.
Where can the administrator review report status?
A. Monitor > Reports & Analytics > Reports > Subscriptions
B. Monitor > Reports & Analytics > Export
C. Monitor > Error Reporting > Subscription Errors
D. Monitor > Admin Panel > Error Reporting

Answer 92

A. Monitor > Reports & Analytics > Reports > Subscriptions

Question 93

What use case is the Workspace ONE Assist unattended mode application recommended for?
A. CORP Kiosk Devices
B. BYO User Devices
C. BYO Kiosk Devices
D. COPE User Devices

Answer 93

A. CORP Kiosk Devices

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2005/WS1_Assist/GUID-10A87E46-05E3-447C-ACD4-187CE2015E2D.html

Question 94

Which steps are necessary to configure a compliance policy once a device platform has been selected?
A. Rules, Actions, Assignment, and Summary
B. Rules, Assignment, Execution, and Description
C. Actions, Quarantine, Plan, and Description
D. Package, Alert, Escalation, and Type

Answer 94

A. Rules, Actions, Assignment, and Summary

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/UEM_Managing_Devices/GUID-AddACompliancePolicy.html

Question 95

Which two settings are configurable in a macOS disk encryption profile? (Choose two.)
A. FileVault Enterprise Certificate
B. Maximum Battery Level
C. TPM License Key
D. Recovery Key Type
E. Administrator Password Policy

Answer 95

A. FileVault Enterprise Certificate
D. Recovery Key Type

Question 96

Which is the only method to deploy Content Gateway when using Workspace ONE 20.01 and higher versions?
A. Legacy Windows
B. UAG
C. Legacy Linux
D. Standalone

Answer 96

B. UAG

Question 97

Which component can use an AirWatch generated certificate for Inbound SSL Traffic?
A. VMware Tunnel
B. VMware Secure Email Gateway
C. AirWatch Cloud Connector
D. Reverse Proxy

Answer 97

A. VMware Tunnel

https://resources.workspaceone.com/view/yr8n5s2b9d6qqbcfjbrw/en

Question 98

An administrator is preparing to deploy an email configuration but cannot add an additional server.
Which deployment method is the only option for this email configuration?
A. Direct
B. VPN
C. Proxy
D. Indirect

Answer 98

A. Direct

Question 99

Workspace One

Access denied
invalid SAML audience
——————————————

The Workspace ONE Administrator has received complaints from end users that they are unable to access web applications from the Workspace ONE Access catalog. The exhibit displays the error end users received.
What Security Assertion Markup Language (SAML) configuration item should the administrator review in Workspace ONE Access for accuracy to resolve the reported issue?
A. SAML Sign-On URL
B. SAML Recipient
C. SAML Entity ID
D. SAML Certificate

Answer 99

C. SAML Entity ID / Application ID

Question 100

What are the setting options for sync frequency in Workspace ONE Access Directory?
A. Manually, once per week, twice each day, every hour
B. Manually, once per week, once per day, every hour
C. Manually, once every other week, once per day, every hour
D. Manually, once per week, once per day, every half hour

Answer 100

B. Manually, once per week, once per day, every hour

Question 101

An organization would like to:
remove and install applications from end-users devices remove and install profiles from end-users devices add new devices edit device information such as friendly name, asset number, etc.
Which VMware recommended Workspace ONE UEM administrator role with the least privileges can perform the action?
A. Console Administrator
B. Application Management
C. Helpdesk
D. AirWatch Administrator

Answer 101

A. Console Administrator