Planning for Implementation Flashcards
What do you need to consider when evaluating MDM solutions?
A. Support for a wireless infrastructure
B. Pricing structure and subscription model
C. A device’s life cycle and trade-in value
B. Pricing structure and subscription model
Understand your organization’s budget and growth projections, then compare MDM solution pricing and subscription options.
Which is a deployment model to consider as part of your device management goals?
A. Application Programming Interface (API)
B. Over-the-air (OTA) enrollment
C. One-to-one
C. One-to-one
Also known as personally enabled, one-to-one is a deployment model you can consider when understanding your organization’s needs.
Which is an important user authentication feature of an MDM solution that you should consider?
A. Support and integration with your identity provider or directory service
B. Support for future versions of macOS, iOS, and iPadOS
C. Support for the BYOD deployment model
A. Support and integration with your identity provider or directory service
Verify if the MDM solution supports your current identity provider or directory service.
Which aspect of your organization’s infrastructure should you evaluate to ensure that your organization meets the network roaming needs of users throughout a building?
A. Number of devices per user
B. Wi-Fi coverage and capacity
C. Adequate number of access points per device
D. Sources of interference caused by construction materials
B. Wi-Fi coverage and capacity
Evaluating Wi-Fi coverage and capacity helps you strategically place wireless access points that have enough power to meet the roaming needs throughout your organization’s facilities.
Which type of network uses individual user credentials or device- and/or user-based certificates to control who or which devices can use the network?
A. Provisioning network
B. WPA2 Personal network
C. WPA2 Enterprise network
C. WPA2 Enterprise network
WPA2 Enterprise network uses individual user credentials or device- and/or user-based certificates to control who or what devices can use the network.
Which functions require Apple devices to continuously access APNs?
A. Bonjour access, content caching, and internet connection sharing
B. SSO, VPN connectivity, and Wi-Fi network roaming
C. Notifications of operating-system and app updates, MDM policies, and messages
D. Ad and location tracking, Keychain data backup, and app suggestions
C. Notifications of operating-system and app updates, MDM policies, and messages
Apple devices learn of operating-system and app updates, MDM policies, and incoming messages through continuous access to APNs. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.
What should you do to ensure that Apple devices can access APNs and other Apple services on your organization’s network?
A. Configure all devices to auto-establish secure VPN access to Apple’s network.
B. Deploy devices with an SSO payload that are configured to allow access to Apple’s network.
C. Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.
D. Set up your network to work with Bonjour so that devices can connect to APNs and Apple services.
C. Adjust network configurations on web proxies or firewall ports to allow access to Apple’s network.
For Apple devices to access APNs and Apple services, you might need to adjust network configurations on web proxies or firewall ports to allow network traffic access to Apple’s network. Make sure that your organization allows network traffic access to Apple’s network on the entire 17.0.0.0/8 address block on port 5223, with a fallback option of port 443.
What’s the most commonly deployed authentication technology that both AD and SSO use?
A. Kerberos
B. MSCHAPv2
C. OAuth
D. SAML
A. Kerberos
Kerberos is the most commonly deployed authentication technology that both AD and SSO use.
Which Kerberos feature allows users to sign in once and access multiple authenticated services?
A. Sign in with Apple at Work & School
B. OAuth
C. Ticket-granting ticket (TGT)
D. SAML
C. Ticket-granting ticket (TGT)
TGT generates a ticket for the use of any resource that supports Kerberos without requiring the user to authenticate again.
Which feature allows administrators to streamline the creation of Managed Apple IDs based on existing Google Workspace or Entra ID data?
A. MSCHAPv2
B. Federated Authentication
C. Active Directory
D. SAML
B. Federated Authentication
Federated authentication can link Apple Business Manager, Apple Business Essentials, or Apple School Manager to your instance of Google Workspace or Entra ID to automatically create Managed Apple IDs for your users.
What’s a benefit of using Apple Business Manager or Apple School Manager to automate MDM enrollment during initial setup of managed Apple devices?
A. You can track the location of managed devices.
B. You can make the enrollment mandatory and nonremovable on user-owned devices.
C. You can make the enrollment mandatory and nonremovable on organization-owned devices.
C. You can make the enrollment mandatory and nonremovable on organization-owned devices.
Using Apple Business Manager or Apple School Manager provides additional enrollment options for managed, organization-owned Apple devices.
Which strategy would be most effective in a scenario where an organization wants to ensure that users always have the apps they need on their devices and to control the access and exchange of the organization’s sensitive information?
A. Deploy devices to users in shared mode.
B. Install a nonremovable managed app onto the devices.
C. Convert all unmanaged apps on the devices to managed apps.
B. Install a nonremovable managed app onto the devices.
Nonremovable managed apps are ideal for deployment scenarios where an organization wants to ensure that users always have the apps they need on their devices and to control the access and exchange of the organization’s sensitive information.
What’s the main benefit of using Managed Device Attestation when deploying Apple devices in an organization?
A. It allows the MDM administrator to use a bypass code to erase a device and assign it to a new user.
B. It allows a user to unlock the storage on APFS volumes that require a secure token and then become owners of the volume.
C. It provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.
C. It provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.
Managed Device Attestation provides a strong assurance to MDM administrators of device properties that can be evaluated as part of a client certificate identity enrollment request.
Why might you create a security policy that enforces the use of FileVault for data encryption on a managed Mac?
A. This policy ensures that users can’t disable FileVault.
B. When you use an MDM solution to enable FileVault, it adds a Recovery Key to a user’s iCloud account.
C. FileVault is compatible with any Apple device.
D. You can use third-party encryption algorithms to configure FileVault.
A. This policy ensures that users can’t disable FileVault.
Users can’t disable FileVault if you enforce it with a configuration profile on managed Mac computers.
Which benefit helps IT administrators reduce the need to perform extensive configurations on Apple devices?
A. Many security features are turned on by default.
B. Users can select a security profile in Setup Assistant.
C. IT administrators can deliver and enforce policies without an MDM solution.
D. IT administrators can issue remote commands to devices to erase all private information.
A. Many security features are turned on by default.
Because many security features on Apple devices are turned on by default, administrators save time when they configure devices.
