Managing Device Network Configurations

Question 1

What do you use to connect Apple devices to networks that use 802.1X EAP-TLS authentication?

A. A configuration profile
B. A PAC file
C. A .plist file

Answer 1

A. A configuration profile

To connect Apple devices to networks that use 802.1X EAP-TLS authentication, MDM administrators must create the appropriate settings for their networks in configuration profiles and then push them to their devices.

Question 2

Which security type do you use to configure managed Apple devices to connect to 802.1X networks?

A. WEP
B. WPA3 Enterprise
C. WPA3 Personal

Answer 2

B. WPA3 Enterprise

Configuring your managed Apple devices with this type gives them access to a broad range of 802.1X authentication environments.

Question 3

You can use WPA2/WPA3 Enterprise authentication at the login window of macOS.

A. True
B. False

Answer 3

A. True

You can authenticate to a network from the login window when your Mac is set up with a compatible directory service and configured to use this mode with MDM.

Question 4

You’re using your MDM solution to configure iPhone and iPad devices to connect to Wi-Fi networks using EAP-TLS.

Which of these types of certificates payloads can you use for authentication?

A. Active Directory Certificate
B. PKCS #12 Certificate
C. S/MIME Certificate

Answer 4

B. PKCS #12 Certificate

You can use a PKCS #12 identity certificate (.p12 or .pfx) payload or a SCEP payload for authentication to Wi-Fi networks using EAP-TLS on iPhone and iPad devices.

Question 5

How does a PAC file influence the way an Apple device communicates over a network?

A. The device uses the authentication credentials defined in the PAC file to connect to servers.
B. The device follows the PAC file rules that define the proxy server’s location and traffic allowed to connect directly.
C. The device constructs a list of approved websites by using the web addresses that the PAC file defines.

Answer 5

B. The device follows the PAC file rules that define the proxy server’s location and traffic allowed to connect directly.

The proxy server’s location and rules for allowed direct traffic defined in the PAC file manage the way an Apple device communicates over a network.

Question 6

Which of these alternatives to a proxy server URL could you use to configure a payload with proxy settings for an Apple device?

A. A .plist file with allowed websites
B. A domains restriction
C. WPAD using DHCP option 252

Answer 6

C. WPAD using DHCP option 252

When configuring an Apple device to use a proxy, you can use WPAD using DHCP option 252 instead of a proxy server URL.

Question 7

What must the server identity certificate contain in the SubjectAltName field?

A. The CA name
B. The rest of the trust chain
C. The user’s group name
D. The server’s DNS name or IP address

Answer 7

D. The server’s DNS name or IP address

The server identity certificate must contain the server’s DNS name or IP address in the SubjectAltName field.

Question 8

What must users of an MDM solution install so that custom VPN works on Apple devices?

A. Profile Manager and VPN Manager
B. The appropriate authentication app
C. Configuration profile and VPN Manager
D. VPN Manager and User Authentication Profile

Answer 8

B. The appropriate authentication app

You need the vendor’s VPN app.

Question 9

Which VPN connection type provides more granular control over which data goes through VPN?

A. Per-App VPN
B. VPN On Demand
C. Always-On VPN

Answer 9

A. Per-App VPN

Per-App VPN connections are established on a per-app basis, which provides more granular control over which data goes through VPN.