Sample Questions Flashcards
You upload your MDM solution’s certificate to Business Manager. What does ABM generate?
- Private Key
- Server Token
- MDM Intermediate Certificate
- Content Token
Server Token
What do you need to do before you can sync Microsoft Entra ID user data with Apple Business Manager?
- A. Configure a Federation Manager account.
- B. Link Microsoft Intune to Apple Business Manager.
- C. Configure a People Manager account.
- D. Configure and turn on federated authentication.
Configure and turn on federated authentication
Which authentication protocol do you use in Apple Business Manager to sync user accounts from your identity provider?
- A. OpenID Connect
- B. RADIUS
- C. MS-CHAP
- D. Kerberos Connect
A. OpenID Connect
Users in your organization visit a web address to enroll devices. They also use the same Apple ID to install apps.
Which two changes should your organization implement for a more efficient workflow?
Select two.
* A. Multiple personal Apple IDs
* B. Managed distribution
* C. Automated Device Enrollment
* D. Device groups for management
* E. Federated authentication
C. Automated Device Enrollment
B. Managed distribution
Which two features are available in both Apple Business Manager and Apple School Manager?
Select two.
* A. Directory Sync
* B. SIS/SFTP support
* C. Inspect a user account
* D. Bulk app purchases
* E. App redemption codes
A. Directory Sync
E. App redemption codes
Which of these account roles in Apple Business Manager or Apple School Manager can enable federated authentication?
* A. Content Manager
* B. People Manager
* C. Authentication Manager
* D. Device Enrollment Manager
B. People Manager
&* Site Manager
Which statement is true about Managed Distribution for books?
* A. Books can be distributed only to devices.
* B. Books can be distributed only to a personal Apple ID.
* C. Books can be distributed only to users.
* D. Books can be distributed only to a Managed Apple ID.
C. Books can be distributed only to users.
When does the 30-day provisional period begin after you manually add Apple devices to Apple School Manager?
* A. After the device is available in Apple School Manager
* B. After you assign the devices to the MDM solution
* C. After you assign the device to a location
* D. After you enroll the devices in the MDM solution
D. After you enroll the devices in the MDM solution
Which app do you use to manually add iPad devices to Apple Business Manager or Apple School Manager?
* A. Mac Configuration Utility
* B. Apple Configurator for Mac
* C. Apple Configurator for iPhone
* D. iPad Configuration Utility
B. Apple Configurator for Mac
What must you upload to your MDM solution so that you can distribute Apps and Books Store content?
* A. Managed certificate
* B. Content token
* C. Distribution certificate
* D. Server token
B. Content token
Where do you upload the content token to enable Managed Distribution of apps and books?
* A. Your MDM solution
* B. Apple Configurator for iPhone
* C. Your Apple Business Manager account
* D. Managed Distribution Utility
A. Your MDM solution
Which two roles can transfer app licenses in Apple Business Manager or Apple School Manager?
Select two.
* A. Staff
* B. Device Enrollment Manager
* C. App Manager
* D. Administrator
* E. Content Manager
- D. Administrator
- E. Content Manager
Which two settings should you confirm are configured on your network to ensure that users get notifications from APNs?
Select two.
* A. Turn on HTTPS Interception
* B. Allow inbound connections from 17.0.0.0/8 or apple.com
* C. Turn off HTTPS Interception
* D. Allow outbound connections to 17.0.0.0/8 or apple.com
* E. Turn on client isolation from 17.0.0.0/8 or apple.com*
C. Turn off HTTPS Interception
D. Allow outbound connections to 17.0.0.0/8 or apple.com
What must be implemented on a network to allow iPad screen monitoring to work with Apple Classroom?
* A. Mobile device management
* B. Client isolation
* C. Client-to-client communication
* D. Apple School Manager
C. Client-to-client communication
Your Apple devices are configured to send all traffic through an HTTP proxy. The devices aren’t receiving MDM requests.
Which service must be allowed on your network to allow your Apple devices to communicate with your MDM solution?
* A. APNS
* B. Federated Managed Apple ID
* C. SSH
* D. NAT
A. APNS
Which two content caching settings could you use to optimize internet bandwidth for Apple devices over three network subnets?
Select two.
* A. Cache content for: Only iCloud Content
* B. Cache content for: devices using the same local networks
* C. Cache content for: devices using the same public IP address
* D. Cache content for: Only Shared Content
* E. Cache content for: devices using custom local networks
- B. Cache content for: devices using the same local networks
- C. Cache content for: devices using the same public IP address
In which order do iPhone, iPad, and Mac devices automatically join a Wi-Fi network?
* A. Public network, preferred network, private networks
* B. Private networks, preferred network, public network
* C. Preferred network, public network, private networks
* D. Preferred network, private networks, public network
D. Preferred network, private networks, public network
Which type of 802.1X configuration allows Mac computers to connect to Wi-Fi before login and user authentication after login?
* A. System+User Mode
* B. System+Login Window Mode
* C. User Mode
* D. System Mode
D. System Mode
Mac users received a recently deployed Wi-Fi profile from MDM. They report they can no longer join the 802.1X network.
What is the most likely reason users can no longer join the Wi-Fi network?
* A. Trust to the RADIUS server wasn’t established.
* B. The user accounts are locked.
* C. The Wi-Fi network wasn’t configured to auto-join.
* D. Network users forgot their passwords.
A. Trust to the RADIUS server wasn’t established.
Which protocol should your organization use for Always-On VPN on iPhone and iPad devices?
* A. L2TP over IPsec
* B. SSL VPN
* C. IKEv2
* D. Cisco IPsec
C. IKEv2
You use MDM to ensure that managed iPhone traffic, destined for your organization domain and subdomains, is tunneled securely.
Which two settings should you configure in the Relay payload?
Select two.
* A. Excluded domains
* B. Match domains
* C. Relay domains
* D. Relays
* E. RelayUUID
- D. Relays
- E. RelayUUID
Which MDM payload can you configure to prioritize traffic using Cisco Fastlane enhanced Quality of Service on Mac computers?
* A. Network Usage Rules
* B. Wi-Fi
* C. VPN
* D. Restrictions
B. Wi-Fi
Which setting is required when you use the Global HTTP Proxy payload for automatic proxy configuration?
* A. Managed Apple ID user name and password
* B. Port
* C. Proxy type
* D. Proxy server URL
D. Proxy server URL
You’re assisting the network team in troubleshooting an issue in communications with Apple services and APNs.
Which range should you exclude from routing filters to ensure full functionality?
* A. 17.0.0.0/8
* В. 16.0.0.0 - 16.0.0.24
* С. 192.0.0.0/8
* D. 127.0.0.1 - 127.255.255.255
A. 17.0.0.0/8
Which setting directs app traffic through a network relay for managed iPhone devices?
* A. Excluded domains
* B. RelayUUID of the relay
* C. Match domains
* D. DomainUUID of the relay
B. RelayUUID of the relay
Which ports should you open on your router for full Apple Push Notification service functionality?
* A. UDP ports 443, 2197, and 5223
* B. TCP ports 80, 548, and 5223
* C. UDP ports 80, 548, and 5223
* D. TCP ports 443, 2197, and 5223
D. TCP ports 443, 2197, and 5223
Which wireless measurement determines the point at which Apple devices scan for roaming candidates?
* A. Channel
* B. Tx Rate
* C. RSSI
* D. Noise
C. RSSI
Which two Apple technologies use Bonjour for discovery?
Select two.
* A. AirPrint
* B. AirPlay
* C. AirDrop
* D. SharePlay
* E. SharePrint
- A. AirPrint
- B. AirPlay
Where are two places you can review website passwords that you saved using Safari on your Mac?
Select two.
A. In Privacy & Security in System Settings
* B. In Passwords in System Settings
* C. In Privacy in Safari Settings
* D. In Passwords in Safari Settings
* E. In the Secure Keychain app in the Utilities folder
B. In Passwords in System Settings
D. In Passwords in Safari Settings
Which two apps are available only when your Mac starts up in macOS Recovery?
Select two.
* A. Disk Utility
* B. Share Disk
* C. Safari
* D. Startup Security Utility
* E. Terminal
A. Disk Utility
D. Startup Security Utility
Where is content cached when you simultaneously provision tethered iPad devices using Apple Configurator?
* A. On the Mac that the iPad devices are tethered to
* B. On the MDM server that the iPad devices are tethered to
* C. On the iCloud server
* D. On the MDM content caching server
A. On the Mac that the iPad devices are tethered to
Which Mac app gives you the ability to query network responsiveness and quality?
* A. Terminal
* B. Network Utility
* C. Apple Diagnostics
* D. Activity Monitor
A. Terminal
You added macOS content caching to your network.
Which two content types can the server cache for users on your network?
Select two.
* A. Operating system updates
* B. Frequently requested web content and files
* C. Sharepoint files for Managed Apple IDs
* D. Apple Books content
* E. Apple Music content
A. Operating system updates
D. Apple Books content
You start up your MacBook Pro by pressing and holding the power button. Then you click System Settings. You’re asked to select a user and enter that user’s password.
Why are you asked to select a user and enter that user’s password?
* A. File Vault is turned on.
* B. Lockdown Mode is turned on.
* C. Startup Security Utility is set to Full Security.
* D. Recovery Lock is enabled.
D. Recovery Lock is enabled.
You’re resetting the password for the only account on a Mac. File Vault was enabled through MDM.
What do you need from your MDM solution?
* A. Personal recovery key
* B. User name and password of the account that created the MDM server token
* C. Institutional recovery key
* D. FileVault token
A. Personal recovery key
Which Content Caching setting caches only operating system and app updates?
* A. Only operating system Updates and App Content
* B. Only Shared Content
* C. App and operating system Updates
* D. Only Apple Content
B. Only Shared Content
Your organization’s security team wants you to disable AirDrop on managed iPhone devices from your MDM solution.
Which requirement must each iPhone meet so that you can disable AirDrop?
* A. They must be supervised.
* B. They must use a Managed Apple ID.
* C. They must be enrolled using account-driven User Enrollment.
* D. They must be enrolled using account-driven Device Enrollment.
A. They must be supervised.
What should you do to prevent camera use on a supervised iPhone or iPad?
* A. Set the allowCamera restriction to true.
* E. Set the allowCamera restriction to false.
* C. Deploy Camera as a managed app.
* D. Use Managed Open In restrictions to control the Camera app.
E. Set the allowCamera restriction to false.
You enabled File Vault for organization-owned Mac computers. You also need to be able to reset user passwords on those Mac computers.
What should you escrow to the MDM server?
* A. Institutional recovery key
* B. Secure token
* C. Bypass code
* D. Personal recovery key
B. Secure token
A user reports that they lost their supervised iPhone.
What should you do to protect the organization’s data?
* A. Enable Lost Mode in Apple Business Manager or Apple School Manager.
* B. Enable Find My in Apple Business Manager or Apple School Manager.
* C. Enable Lost Mode in the MDM server.
* D. Enable Find My in the MDM server.
C. Enable Lost Mode in the MDM server.
Which MDM command restricts access to Startup Security Utility on a Mac with Apple silicon?
* A. SetRecoveryLock
* B. SetFirmwarePassword
* C. SetFDESetup
* D. SetAccessSSUtility
A. SetRecoveryLock
You used MDM to set organization-linked Activation Lock. You can’t remove Activation Lock from a device that a user returned.
Which account user name and password gives you the ability to remove Activation Lock?
* A. The Managed Apple ID of the previous user of the device.
* B. The Apple ID used for the Apple Push Notification service.
* C. The account that created the device enrollment token that links to the MDM solution.
* D. The Apple ID of the previous user of the device.
C. The account that created the device enrollment token that links to the MDM solution.
When are you required to enter your password on a Mac with Touch ID turned on?
* A. After your Mac is locked for 24 hours
* B. After you update macOS
* C. When you install a downloaded application
* D. When Safari autofills passwords
B. After you update macOS
What are two functions of Secure Enclave?
Select two.
* A. Provide secure generation and storage of keys for encrypting data at rest.
* B. Encrypt tokens for Recovery Lock, Bypass Code, and Personal Recovery Key.
* C. Process data from Face ID and Touch ID sensors.
* D. Secure MDM communications and APNs notifications.
* E. Store certificates to secure mail, web, and other internet traffic.
A. Provide secure generation and storage of keys for encrypting data at rest.
C. Process data from Face ID and Touch ID sensors
You deploy a managed app to a supervised iPad that had an unmanaged version of the app installed.
What happens?
* A. The user is prompted to accept the app.
* B. The unmanaged app converts to managed.
* C. The app remains unmanaged.
* D. Both copies of the app remain on the supervised iPad.
A. The user is prompted to accept the app.
Which profile type connects a device to MDM?
* A. Assignment
* B. Supervision
* C. Provisioning
* D. Enrollment
D. Enrollment
Your organization is migrating to na new MDM solution. iPhone and iPad devices were previously enrolled using Automated Device Enrollment. What must you do before you can enroll the devices in a new MDM solution using Automated Device Enrollment?
* A. Send a remote wipe command from Apple School Manager or Apple Business Manager.
*B. Release the devices in Apple School Manager or Apple Business Manager.
* C. Erase the devices.
* D. Revive the devices.
C. Erase the devices.
What must you enter on a device for account-driven User Enrollment?
* A. A personal Apple ID
* B. The MDM solution enrollment URL
* C. The Apple Business Manager or Apple School Manager enrollment URL
* D. A Managed Apple ID
D. A Managed Apple ID
Lockdown Mode prevents which type of profile from being installed on a device from an MDM solution?
* A. Enrollment
* B. Supervision
* C. Configuration
* D. Provisioning
C. Configuration
What must you do to allow Auto Advance during Automated Device Enrollment for Mac?
* A. Press and hold the power button for up to 10 seconds.
* B. Press and hold Shift-Up Arrow on the right side of the keyboard.
* C. Connect the Mac to an active Ethernet connection.
* D. Connect the Mac to a power source.
C. Connect the Mac to an active Ethernet connection.
Which data can MDM solutions access when an iPhone is enrolled using account-driven Device Enrollment?
* A. Device location and Significant Locations
* B. Safari browsing history
* C. Phone call logs
* D. Capacity and space available
D. Capacity and space available
Which enrollment type gives you the ability to send the iPad Home Screen Layout payload?
* A. Account-driven User Enrollment
* B. Automated Device Enrollment
* C. Account-driven Device Enrollment
* D. Automated User Enrollment
B. Automated Device Enrollment
Which two of these devices can Apple Configurator for Mac add to Apple School Manager or Apple Business Manager?
Select two.
* A. Mac
* B. Apple TV
* C. iPad
* D. Apple Watch
* E. Apple Vision Pro
- B. Apple TV
- C. iPad
You configure a Setup Assistant payload to skip the Location Services pane.
What is the Location Services status during and after enrollment?
* A. Location Services is shown during Setup Assistant and turned off, but an administrator can turn it on.
* B. Location Services is hidden during Setup Assistant and turned off, but an administrator can turn it on.
* C. Location Services is hidden during Setup Assistant and turned off, but a user can turn it on.
* D. Location Services is shown during Setup Assistant and turned off, but a user can turn it on.
B. Location Services is hidden during Setup Assistant and turned off, but an administrator can turn it on.
Which enrollment type for Mac results in supervision and also cryptographically separates organization keychain items from personal keychain items?
* A. Automated User Enrollment
* B. Account-driven User Enrollment
* C. Automated Device Enrollment
* D. Account-driven Device Enrollment
D. Account-driven Device Enrollment
Which two enrollment types result in cryptographic separation of organization Calendar and personal Calendar data on iPhone and iPad devices?
Select two.
* A. Account-driven Device Enrollment
* B. Automated User Enrollment
* C. Profile-driven User Enrollment
* D. Account-driven User Enrollment
* E. Automated Device Enrollment
A. Account-driven Device Enrollment
D. Account-driven User Enrollment
You push a restriction payload to prevent the developer team from using Camera on their iPhone devices. You also push a restriction payload without a camera restriction for the marketing team on their iPhone devices. One user is assigned to both teams.
What is the user’s experience?
* A. The user can use Camera in unmanaged apps only.
* B. The user can use Camera in managed apps only.
* C. The user can’t use Camera.
* D. The user can use Camera.
C. The user can’t use Camera.
Which restriction can you push to a supervised iPad to remove the App Store icon from the Home Screen?
* A. Modify account settings
* B. Allow app installation from a website
* C. Automatic app downloads
* D. Install apps using App Store
D. Install apps using App Store
Your organization’s custom app delivers internal security alerts.
Which two MDM settings do you need to ensure delivery of internal security alerts on managed iPhone devices?
Select two.
* A. Configure the notifications MDM payload.
* B. Prevent removal of system apps, including Settings.
* C. Use the Enable Automatic Proxy Configuration payload to prioritize the app’s traffic.
* D. Enable Safari pop-up windows for the app’s domain.
* E. Mark the app as nonremovable.
A. Configure the notifications MDM payload.
E. Mark the app as nonremovable.
Which Rapid Security Response payload setting can you deploy from an MDM solution?
* A. Allow MDM to disable responses
* B. Allow MDM to remove responses
* C. Allow MDM to delay responses
* D. Allow MDM to install responses
A. Allow MDM to disable responses
Which MDM restriction prevents the copying and pasting of data between managed sources in unmanaged destinations?
* A. Managed Pasteboard
* B. Restrict App Privacy Settings
* C. Managed Clipboard
* D. Restrict App Configuration Settings
C. Managed Clipboard
You want to require your users to enter a complex password during device setup.
Which enrollment type should you use?
* A. Automated User Enrollment
* B. Automated Device Enrollment
*C. Account-driven User Enrollment
* D. Account-driven Device Enrollment
B. Automated Device Enrollment
You pushed these two payloads to your iPad devices:
-An MDM passcode policy that requires a simple passcode with a minimum of 15 characters
-A Microsoft Exchange policy that requires a complex passcode with a minimum of eight characters
What’s enforced?
* A. A complex passcode with a minimum of 15 characters
* B. A simple passcode with a minimum of eight characters
*C. A simple passcode with a minimum of 15 characters
* D. A complex passcode with a minimum of eight characters
C. A simple passcode with a minimum of 15 characters
What contacts Apple servers directly to unlock a managed Apple device that’s locked with an organization-linked Activation Lock?
* A. Apple ID Activation Service
* B. Apple Push Notification service (APNs)
* C. The MDM solution
* D. Apple Business Manager or Apple School Manager
C. The MDM solution
What is required to enable Managed Lost Mode using MDM?
* A. Supervision
* B. Location Services
* C. Find My
* D. Managed Apple ID
A. Supervision
What is the maximum number of days that you can defer software updates and upgrades when you use MDM?
* A. 180
* B. 365
* C. 90
* D. 256
C. 90
What can you deploy from MDM to prevent users from accessing a specific app on managed iPhone devices?
* A. Restriction payloads
* B. Access control lists
* C. Access control entries
* D. Supervision payload
A. Restriction payloads
Which two of these can MDM optionally provide with the EraseDevice command when you use the Return to Service workflow?
Select two.
* A. Wi-Fi payload
* B. Location Services
* C. Register data plan
* D. Preserve supervision status
* E. MDM Configuration profile
A. Wi-Fi payload
C. Register data plan
What can be provided in response to an MDM query of user-enrolled devices?
* A. Safari browser history
* B. Device location
* C. Managed apps status
* D. Lost Mode status
C. Managed apps status
Which action helps you reduce local network traffic when you deploy a content caching server?
* A. Use the AssetCacheManagerUtil loadCache command to preload commonly downloaded apps every night.
* B. Use an MDM restriction to prevent content caching from being turned off for every user’s managed Mac.
* C. Use an MDM restriction to prevent content caching from being turned on for every user’s managed Mac.
* D. Use the assetcachelocatorutil command to define your content caching server location for every user’s managed device.
B. Use an MDM restriction to prevent content caching from being turned off for every user’s managed Mac. (to be verified)
You used MDM to disable “allow pairing with non-Apple Configurator hosts” on the organization’s managed iPad devices. When you use a USB cable to connect a managed iPad to a Mac, the iPad doesn’t connect.
What must be on the Mac to allow the iPad to connect?
* A. Intermediate Certificate
* B. Configuration Identity
* C. Server Token
* D. Supervision Identity
D. Supervision Identity
You used account-driven Device Enrollment to enroll your iPhone.
Which two of these data types cryptographically separates organizational and personal data?
Select two.
* A. Safari bookmarks
* B. Notes
* C. Contacts
* D. Visual Voicemail messages
* E. Calendar
C. Contacts
E. Calendar
You’re signed in to your personal Apple ID on your iPhone. You used your Managed Apple ID to enroll your iPhone.
What is the result?
* A. You’re automatically signed out of your personal Apple ID.
* B. Your personal iCloud Drive is replaced with your organizational Cloud Drive until you unenroll your iPhone.
* C. An additional iCloud Drive appears in the Files app.
* D. You’re prompted to sign out of your personal Apple ID.
C. An additional iCloud Drive appears in the Files app.
Which technology, commonly used for Active Directory or Open Directory, does enterprise single sign-on support in iOS, iPadOS, and macOS?
* A. User-driven password resets
* B. Kerberos
* C. Automatic File Vault rotation
* D. Passkeys
B. Kerberos
Which technology synchronizes local account credentials with an identity provider?
* A. Kerberos SSO
* B. Active Directory
* C. Microsoft Entra ID
* D. Platform SSO
A. Kerberos SSO
Which two Apple devices support the Network Usage Rules MDM payload?
Select two.
* A. iPad
* B. Mac
* C. Apple Watch
* D. iPhone
* E. Apple TV
A. iPad
D. iPhone
What is required to enroll a device using account-driven Device Enrollment?
* A. An identity provider (IdP)
* B. A Managed Apple ID
* C. A passkey
* D. A Personal Apple ID
B. A Managed Apple ID
Your Mac is supervised.
Which two enrollment types might have been used to enroll your Mac?
Select two.
* A. Account-driven User Enrollment
* B. Declaration-driven Device Enrollment
* C. Automated Device Enrollment
* D. Account-driven Device Enrollment
* E. Manual Enrollment
- C. Automated Device Enrollment
- D. Account-driven Device Enrollment
Your organization wants to prevent devices from being unenrolled from the MDM server.
Which enrollment type can you configure to prevent unenrollment?
* A. Account-driven Device Enrollment
* B. Profile-based User Enrollment
* C. Automated User Enrollment
* D. Automated Device Enrollment
D. Automated Device Enrollment
Your organization begins buying from a new Apple Authorized Reseller.
What information do you give the reseller to ensure that your devices appear in Apple Business Manager or Apple School Manager?
* A. Purchase Order Number
* B. Reseller Number
* C. Organization ID
* D. D-U-N-S Number
C. Organization ID
Your organization buys devices from a new Apple Authorized Reseller. You want to ensure that your devices appear in Apple Business Manager or Apple School Manager.
What information do you need to add in Apple Business Manager or Apple School Manager?
* A. D-U-N-S Number
* B. Reseller Number
* C. Organization ID
* D. Purchase Order Number
B. Reseller Number
You’re resetting several iPad devices for new users. The iPad devices don’t progress past the Apple logo after restart.
Which of these should you do?
* A. Send the Return to Service command from the MDM solution.
* B. Use Apple Configurator for Mac to restore the iPad devices.
* C. Use Apple Configurator for iPhone to restore the iPad devices.
* D. Get a bypass code from the MDM administrator to clear Activation Lock.
B. Use Apple Configurator for Mac to restore the iPad devices.
What allows a device to asynchronously apply settings and report status to the MDM solution without constant polling?
* A. Declarative device management
* B. Apple async notification server
* C. Supervision
* D. Automated Device Enrollment
A. Declarative device management
Which type of declaration isn’t supported in declarative device management?
* A. Enrollments
* B. Activations
* C. Configurations
* D. Assets
A. Enrollments
Which of these is a reason a user can’t change firewall settings on their organization-owned managed Mac?
* A. XProtect manages the firewall.
* B. Gatekeeper manages the firewall.
* C. Secure Enclave manages the firewall.
* D. MDM manages the firewall.
D. MDM manages the firewall.
Which two capabilities does Apple’s MDM framework provide on an organization-owned managed device?
Select two.
* A. Diagnosing hardware issues
* B. Reading SMS messages
* C. Reporting user browser history
* D. Remotely wiping or locking
* E. Updating software
- D. Remotely wiping or locking
- E. Updating software
Which type of enrollment results in a Mac that’s managed and unsupervised?
* A. Profile-based Device Enrollment
* B. Automated Device Enrollment
* C. Account-driven User Enrollment
* D. Account-driven Device Enrollment
C. Account-driven User Enrollment
