Apple DEP - 2024

Question 1

Relays

Answer 1

An array of dictionaries that describes one or more relay servers that can be chained together.

Question 2

RelayUUID

Answer 2

A globally-unique identifier for this relay configuration. This UUID is used to route Managed Apps through the servers contained in Relays.

Question 3

Match domains

Answer 3

A list of domain strings used to determine which connection should be routed through the servers contained in Relays. Any connection that matches the domain exactly or that is a subdomain of the listed domain will use the relay servers, unless they match an excluded domain. If no domains are listed, traffic to all domains, except those matching an excluded domain, is routed to the relay servers.

Question 4

Excluded domains

Answer 4

A list of domain strings that shouldn’t be routed through the servers contained in Relays. Any connection that matches the domain exactly or that is a subdomain of the listed domain will not use the relay server.

Question 5

APNS

Answer 5

TCP port 5223, 443, 2197 and IP range - 17.0.0.0/8

Question 6

Declarative Device Management

Answer 6

It uses declarations to asynchronously update the device settings, restrictions, assets, and more. With status channels, devices proactively report the status of objects like passcode compliance and MDM-installed apps — without constant polling from the MDM server.

With declarative device management, the device asynchronously applies settings and reports the status back to the MDM solution without constant polling.

Question 7

macOS Recovery on a Mac with Apple silicon Available Apps

Answer 7

Time Machine System Restore
Install macOS
Safari
Disk Utility
Startup Security Utility
Terminal
Share Disk
Startup Disk

Question 8

Organization ID - Apple Business manager

Answer 8

Your Organization ID can be used to associate reseller-purchased devices or custom apps from third-party developers with Apple Business Manager

Question 9

Federated Authentication - Apple Business manager

Answer 9

Federated authentication allows your users to sign in to their Managed Apple ID by signing into their Identity Provider
Google Workspace
Microsoft Entra ID
using their own Identity Provider

Question 10

MDM Server Assignment -Apple Business manager

Answer 10

MDM server token download to upload to MDM

Question 11

declarative device management

Answer 11

a device can apply management logic to itself without cues from the server and report important state changes to the server as they happen. The server doesn’t need to cue or poll the device.

Question 12

Automated Device Enrollment

Answer 12

provides a zero-touch process with the most automated and scalable approach to procure, distribute, enroll, and manage organization-owned devices with MDM. Devices must be in your Apple Business Manager or Apple School Manager portal, and devices your organization purchases directly from Apple or a participating Apple Authorized Reseller or carrier are automatically added. You can add other organization-owned devices to the portal manually. Never add user-owned devices to your Apple Business Manager or Apple School Manager portal.

Question 13

Device Enrollment

Answer 13

covers organization-owned devices that aren’t eligible for Automated Device Enrollment. Organizations use Device Enrollment to manually enroll devices in their MDM solutions. Examples include donated devices, devices set up by the user that are already in use, and devices bought outside official Apple procurement channels. Anyone with access to your MDM solution’s enrollment portal can enroll or reenroll devices already deployed. Unlike Automated Device Enrollment, a user can remove management from the device after enrollment.

Question 14

User Enrollment

Answer 14

is for user-owned devices and requires an organization-provided Managed Apple ID. To enroll their devices in MDM, users either use their Managed Apple ID or manually install a user enrollment profile. If a user removes the enrollment profile, the MDM configuration profiles, settings, and managed apps are removed with it.

Question 15

Apple Configurator on a Mac

Answer 15

to add iPhone, iPad, and Apple TV devices to your Apple Business Manager or Apple School Manager account

Question 16

Apple Configurator app for iPhone

Answer 16

to add a Mac, iPhone, or iPad

Question 17

user-owned device

Answer 17

You can’t manage Find My, Activation Lock, or Managed Lost Mode

Question 18

Account-Based User Enrollment

Answer 18

users sign in to their work or school account on their device using their Managed Apple ID. If the account is federated, the user is redirected to the federated identity provider. Service discovery identifies the MDM solution’s enrollment URL. The MDM solution sends an enrollment profile to the device.

Question 19

Profile-Based User Enrollment

Answer 19

the organization provides users with a URL or a self-service app and users then take the following steps:

Open the self-service app or open the URL in a browser. The device downloads the enrollment profile and any configuration profiles.

Agree to install the downloaded configuration profiles and enroll in MDM. This process on the Mac differs from the process on iPhone and iPad.

Sign in with their Managed Apple ID. If the account is federated, users are redirected to the federated identity provider.

When enrollment completes, users have an additional account in Settings on their iPhone, iPad, or Mac.

Question 20

apple silicon how to block users from recovery mode

Answer 20

You can set Recovery Lock for computers with Apple silicon

Question 21

DNS

Answer 21

An MDM solution must use a fully qualified domain name that can be resolved from both inside and outside the organization’s network.

Question 22

IP address

Answer 22

Most MDM solutions require a static IP address.

Question 23

Apple devices use a wide range of 802.1X wireless authentication protocols

Answer 23

Apple devices into many Remote Authentication Dial-In User Service (RADIUS) authentication environments.

Question 24

authenticate wireless devices to your network using one of these strategies:

Answer 24

Open networks/Public
Captive networks
Wi-Fi Protected Access 2 (WPA2) Personal
Wi-Fi Protected Access 3 (WPA3) Personal
WPA2 Enterprise
WPA3 Enterprise

Configuration method (iOS 16.4, iPadOS 16.4, and macOS Ventura 13.3 or later): Private networks configured using a mobile device management (MDM) profile are preferred over manually joined networks.

Highest supported Wi-Fi standard: For example, Wi-Fi 6 networks are preferred over Wi-Fi 5 networks.

Frequency band: 6 GHz, then 5 GHz, then 5 GHz (DFS), then 2.4 GHz.

Security: WPA Enterprise, then WPA Personal, then WEP.

Signal strength: Learn more about RSSI and wireless roaming for enterprise.

Question 25

standard VPN protocols

Answer 25

IKEv2, Cisco IPsec, and L2TP over IPsec

Question 26

Bonjour zero-configuration network protocol

Answer 26

With Bonjour, devices can automatically find services on a network
iPhone, iPad, and Mac can use Bonjour to connect to AirPrint-compatible printers and to AirPlay-compatible devices like Apple TV. Some apps and built-in iOS, iPadOS, and macOS features also use Bonjour to discover other devices for collaboration and sharing. However, you can configure both AirPrint and AirPlay to be fully functional in an organization without the use of Bonjour. For example, you can manage AirPrint destinations using DNS records within an organization, whereas AirPlay uses a direct peer-to-peer connectivity model by default.

Question 27

Platform SSO

Answer 27

With macOS 13 or later, SSO extensions are available to the login window. Users can unlock their Mac computer with their identity provider (IdP) credentials, then automatically sign in to apps and websites. The local account password and the IdP password are kept in sync, and users can continue to unlock their Mac computers with Touch ID and Apple Watch.

Question 28

Mac computers using macOS 13 or later also limit the profiles command-line tool to 10 of the following requests per 24 hours for devices owned by an organization that appear in Apple School Manager, Apple Business Manager, or Apple Business Essentials:

Answer 28

profiles show

profiles validate

profiles renew

Question 29

How Apple separates user data from organization data

Answer 29

App data containers
Calendar
Keychain items
Mail attachments and body of the mail message
Notes
Reminders
icloud

Question 30

MDM solution to convert unmanaged apps to managed apps

Answer 30

If the device is supervised, the switch to a managed app from an unmanaged app happens without user interaction
If the MDM solution requests it. If the device isn’t supervised, the user must formally accept management.

Question 31

Managed Open In restrictions (iOS and iPadOS)

Answer 31

Allow documents from unmanaged sources in managed destinations
Allow documents from managed sources in unmanaged destinations
Managed pasteboard
Mark apps as nonremovable
Prevent Managed Apps from backing up data
Use app configuration settings
Use app feedback settings that can be read by MDM
Download managed documents from Safari
Prevent Managed Apps from storing data in iCloud

Question 32

A Managed Apple ID

Answer 32

Using account-driven Device Enrollment to enroll iPhone and iPad devices and Mac computers in management without a user needing to manually install a profile
Configuring access management to control where Managed Apple IDs can sign in and what apps and services they can use

Question 33

Your passcode policies can include these requirements on iPhone, iPad, and Mac

Answer 33

An alphanumeric value

Minimum passcode length

Minimum number of complex characters

Maximum passcode age

Time before autolock

Passcode history (unable to use previous passwords)

Grace period for device lock

Maximum number of failed attempts before a device is erased

Question 34

Touch ID doesn’t replace the need for a device passcode or user password

Answer 34

which is still required after device startup, restart, or logout (on a Mac)
However, a device passcode or user password is always required in some scenarios (for example, to change an existing device passcode or user password or to remove existing fingerprint enrollments or create new ones)

Question 35

The four stages of User Enrollment into MDM are

Answer 35

Service discovery: The device identifies itself to the MDM solution.

User enrollment: The user provides credentials to an identity provider (IdP) for authorization to enroll in the MDM solution.

Session token: A session token is issued to the device to allow ongoing authentication.

MDM enrollment: The enrollment profile is sent to the device with payloads configured by the MDM administrator.

Question 36

Apple School manager

Answer 36

Are integrated with a Student Information System (SIS) or uploading .csv files (Apple School Manager only) SFTP

Question 37

An MDM solution can identify the following for User Enrollment

Answer 37

Device name

Serial number

Model name and number

Capacity and space available

Operating system version number

Installed apps

Question 38

An MDM solution can’t identify the following for User Enrollment

Answer 38

Email, calendars, and contacts

SMS or iMessage

Safari browser history

FaceTime or phone call logs

Personal reminders and notes

Frequency of app use

Device location

Question 39

Apple bypass code generator

Answer 39

The MDM solution creates its own bypass code, and sends it to Apple servers

Question 40

Apple Customer Number

Answer 40

The Apple Customer Number is the account number (or numbers) assigned to your organization by Apple, used to purchase Apple hardware or software. It’s required in order to verify your organization’s eligibility for certain programs. If you don’t know the numbers, contact your purchasing agent, finance department, or Apple account team. This number isn’t the same as your GSX account number.

Note: When entering your Apple Customer Number, omit any leading zeros.

Question 41

Reseller Number

Answer 41

A Reseller Number is a unique identifier for each Apple Authorized Reseller or cellular carrier who participates in Apple School Manager. When you add a participating Apple Authorized Reseller’s or carrier’s Reseller Number to your account profile (and you give that reseller your Organization ID), you authorize that reseller to submit devices you purchased through them to Apple so their serial numbers appear in Apple School Manager.

Question 42

Organization ID

Answer 42

An Organization ID is your unique identifier in Apple School Manager. When you give a participating Apple Authorized Reseller or cellular carrier your Organization ID (and you add that reseller’s Number to your account profile), you authorize that reseller to submit devices you purchased through them to Apple so their serial numbers appear in Apple School Manager. The Organization ID can also be used with app developers so they can distribute Custom Apps specific to your organization.

Question 43

Apple School Manager

Answer 43

Sync user accounts from your Student Information System(SIS), Google Workspace, Microsoft Entra ID, or your identity provider, or with files you create and upload using SFTP.

Question 44

Apple Business Manager Non Federated Accounts

Answer 44

Users with the role of Administrator or People Manager can’t sign in using federated authentication; they can only manage the federation process.

Question 45

Apple Business Manager Server Setup

Answer 45

Download the public key certificate file from your MDM solution.
Saving a public certificate to Apple Business Manager generates a server token you upload into your MDM Solution

Question 46

Manual Added device into ABM 30 day counter

Answer 46

This 30-day provisional period begins after you assign the device to and enroll it in a third-party MDM server linked to Apple Business Manager, Apple Business Essentials, or Apple School Manager.

Question 47

Apple School Manager Roles

Answer 47

Administrator
Site Manager
People Manager
Device Enrollment Manager
Content Manager
Manager
Staff
Instructor
Student

Question 48

Apple Business Manager Roles

Answer 48

Administrator
People Manager
Device Enrollment Manager
Content Manager
Staff

Question 49

tethered caching.

Answer 49

Data is stored on the mac device

Question 50

New apple devices into ABM

Answer 50

You must enter your Apple Customer Numbers or the Reseller Numbers of your participating Apple Authorized Reseller or carrier

Question 51

Auto Advance for Mac or Apple TV

Answer 51

Auto Advance allows you to skip all Mac or Apple TV Setup Assistant panes automatically.

Question 52

What is Classroom

Answer 52

App for teachers - When teaching in class, you can launch a specific app, website, or textbook page. You can also send documents to and receive them from your students, and share student work locally on a TV, monitor, or projector using Apple TV. Finally, you can see which apps students are working in and, at the end of the class, view a summary of how students spent their time

Question 53

Use of cameras is restricted

Answer 53

Cameras are disabled and the Camera icon is removed from the Home Screen in iOS and iPadOS. Users can’t take photographs or videos.

Question 54

Install apps using App Store restricted

Answer 54

App Store is disabled and its icon is removed from the Home Screen. Users can’t install or update apps.

Question 55

four types of MDM queries

Answer 55

1 device information
2 operating system
3 installed app
4 security

Question 56

Network test

Answer 56

Network Quality- Tests upload and download speeds

Netstat - generates displays that show network status and protocol statistics

Question 57

Always on VPN

Answer 57

protocol IKEv2

Question 58

Rapid Security Responses and MDM

Answer 58

MDM solutions can use the following restriction keys on supervised iPhone, iPad and Mac devices:

allowRapidSecurityResponseInstallation: To disable the responses from being applied.

allowRapidSecurityResponseRemoval: To block the user from being able to remove the responses.

Question 59

Lockdown Mode

Answer 59

Configuration profiles can’t be installed, and the device can’t be enrolled in Mobile Device Management or device supervision while in Lockdown Mode.

Question 60

Enrollment type

Answer 60

Question 61

types enforce supervision on Mac computers running macOS 11 or later?

Answer 61

Automated Device Enrollment
Device Enrollment

Question 62

Your organization has 50 Apple devices deployed over three network subnets.
You want to turn on content caching on a Mac mini to optimize your internet bandwidth for all three network subnets.
Which setting should you use in the content caching advanced options?

Answer 62

Cache content for: devices using the same public IP address
Use custom public IP addresses
Devices using custom local networks

Question 63

App notifications

Answer 63

disable HTTPS Interception
entire 17.0.0.0/8 address block

Question 64

MacOS Recovery

Answer 64

Need to enter Admin password before getting to the recovery options