questions Flashcards by Max Kümmig

As a Workspace ONE administrator, you have been tasked with creating a custom visualization for management that shows device statistics, trust network threats, and application adoption metrics in a single view.
Which feature of Workspace ONE can be used?

A. Workspace ONE Intelligence Dashboards
B. Workspace ONE Access Application View
C. Workspace ONE Intelligence Automations
D. Workspace ONE UEM Device List View

A. Workspace ONE Intelligence Dashboards

How well did you know this?

Not at all

Perfectly

Which Workspace ONE UEM feature can assist in sending event log information to a Security Information and Event Management (SIEM) tool?

A. Syslog Integration
B. Relay Server Integration
C. Certificate Authority Integration
D. File Storage Integration

A. Syslog Integration

How well did you know this?

Not at all

Perfectly

Which two steps would an administrator complete to enable auto-discovery for their Workspace ONE UEM environment? (Choose two.)

A. Enter the email domain when installing the AirWatch Cloud Connector.
B. Verify the domain by accepting the link in the email that registered auto-discovery.
C. Register email domain within Workspace ONE UEM.
D. Enter the email domain when establishing directory services.
E. Email auto-discovery@workspaceone.com with the domain the administrator wants to register.

B. Verify the domain by accepting the link in the email that registered auto-discovery.
C. Register email domain within Workspace ONE UEM.

How well did you know this?

Not at all

Perfectly

What two features of Hub Services can be enabled without enabling Workspace ONE Access and having the authentication mode set to Workspace ONE UEM?
(Choose two.)

A. enable SSO for applications
B. enable People Search
C. notifications for iOS and Android
D. Hub Virtual Assistant Chatbot
E. Hub Catalog layout

C. notifications for iOS and Android
E. Hub Catalog layout

How well did you know this?

Not at all

Perfectly

Where is Hub Services component co-located?
A. Workspace ONE Intelligence
B. Workspace ONE Access
C. Workspace ONE Airlift
D. Workspace ONE UEM

B. Workspace ONE Access

How well did you know this?

Not at all

Perfectly

Which two Workspace ONE UEM core components are required for all on-premises environments? (Choose two.)
A. Device Services
B. AirWatch Cloud Connector
C. Unified Access Gateway
D. Secure Email Gateway
E. Console Services

A. Device Services
E. Console Services

How well did you know this?

Not at all

Perfectly

An administrator would like to track these details for all Windows desktops managed by Workspace ONE UEM:
✑ driver details for a mouse driver
✑ warranty information for OS
✑ registry value of internal apps
Which Workspace ONE UEM utility can the administrator use?
A. Create LGPO and assign to Windows devices.
B. Create sensors and assign to Windows devices.
C. Create an OEM update profile and assign to Windows devices.
D. Create Application Control profile and assign to Windows devices.

B. Create sensors and assign to Windows devices.

How well did you know this?

Not at all

Perfectly

When using Workspace ONE 20.x and higher, which three ways can an administrator using UEM automatically move devices into specified organization groups?
(Choose three.)
A. user group mappings
B. device type mappings
C. location based mappings
D. IP-based mappings
E. device ownership mappings

A. user group mappings
D. IP-based mappings
E. device ownership mappings

How well did you know this?

Not at all

Perfectly

What product from Workspace ONE needs to be enabled to provide administrators a flexible method for alerting and informing end-users?
A. AirWatch Cloud Connector
B. Workspace ONE Intelligence
C. Workspace ONE Hub Services
D. VMware Tunnel

C. Workspace ONE Hub Services

How well did you know this?

Not at all

Perfectly

What component of the Hub Services can be integrated with Physical Access Control Systems to allow the Workspace ONE Intelligent app on mobile devices to act as digital badge?
A. Hub Employee Self-service
B. Hub Passport
C. Hub Catalog
D. Hub Access

B. Hub Passport

How well did you know this?

Not at all

Perfectly

Which administrative console is used to change to an organization logo (branding) in the Intelligent Hub Catalog?
A. Workspace ONE Access
B. Workspace ONE Hub Services
C. Workspace ONE
D. Workspace ONE UEM

B. Workspace ONE Hub Services

How well did you know this?

Not at all

Perfectly

Which is true about Workspace ONE compatibility when deploying content across different device types?
A. Content cannot be distributed to iOS devices.
B. Content cannot be distributed by Workspace ONE.
C. Content can be distributed to devices types including iOS, Android, Windows, and MacOS.
D. Content can be distributed to devices types including iOS, Android, and Windows.

C. Content can be distributed to devices types including iOS, Android, Windows, and MacOS.

How well did you know this?

Not at all

Perfectly

A Workspace ONE UEM administrator is migrating collections, applications, and policies from SCCM to Workspace ONE.
When using AirLift, which three of the following must the administrator allow AirLift to access on the ConfigMgr server? (Choose three.)
A. Port 443 or specified TLS port if Secure Connection is configured
B. WinRM port (typically 5985)
C. Port 3268 or the specified Global Catalog port
D. Port 389 for Active Directory
E. Interactive Login Permissions

A. Port 443 or specified TLS port if Secure Connection is configured
B. WinRM port (typically 5985)
E. Interactive Login Permissions

How well did you know this?

Not at all

Perfectly

Which protocol does Workspace ONE use to communicate with third party Identity Providers?
A. SAML
B. Kerberos
C. RADIUS
D. OAuth

A. SAML

How well did you know this?

Not at all

Perfectly

Which three Workspace ONE Edge Services are included in Unified Access Gateway? (Choose three.)
A. AirWatch Cloud Connector
B. Content Gateway
C. Secure Email Gateway
D. Workspace ONE Intelligence Connector
E. VMware Tunnel

B. Content Gateway
C. Secure Email Gateway
E. VMware Tunnel

How well did you know this?

Not at all

Perfectly

An administrator is tasked with determining the root cause for a recent outage where devices were not able to authenticate. An investigation revealed a single
AirWatch Cloud Connector (ACC) server that had a disk error which caused it to be completely unresponsive.
Which VMware resiliency recommendation would have prevented this outage?
A. High Availability
B. Disaster Recovery
C. Cloud Hosted ACC
D. Restart ACC

A. High Availability

How well did you know this?

Not at all

Perfectly

Which of the following authentication methods is needed to be enabled/configured for an administrator to leverage Day Zero Onboarding?
A. Token Auth Adapter
B. Workspace ONE UEM External Access Token
C. FIDO2
D. Certificate-based authentication
E. Verify (Intelligent Hub)

A. Token Auth Adapter

How well did you know this?

Not at all

Perfectly

When configuring a Certificate Authority in Workspace ONE, which three protocols are supported? (Choose three.)
A. ADCS
B. SCEP
C. EST
D. PKI
E. CMP

A. ADCS
B. SCEP
D. PKI

How well did you know this?

Not at all

Perfectly

Which feature of Workspace ONE UEM can be configured to allow reports to run on a schedule and have them delivered to a subset of administrators?
A. Windows Scheduled Tasks
B. Report Subscriptions
C. Timed Report Execution
D. SQL Server Reporting Services

B. Report Subscriptions

How well did you know this?

Not at all

Perfectly

A customer has decided to use VMware Workspace ONE as their primary SAAS solution for endpoint management. The customer’s security team requires all infrastructure to support High Availability (HA).
Which two components of Workspace ONE will need to be maintained by the customer? (Choose two.)
A. AirWatch Cloud Connector
B. Workspace ONE Database
C. Console Services Servers
D. Unified Access Gateway
E. Device Services Server

A. AirWatch Cloud Connector
D. Unified Access Gateway

On another page I have found the same question where only one answer is right. In this case it was UAG only.

How well did you know this?

Not at all

Perfectly

A company has BYOD iOS devices and would like to give them access to internal sites in VMware Web without requiring full device management.
Which VMware best practice configuration is needed to enable this?
A. Configure Tunnel for VMware Tunnel in the SDK settings.
B. Configure Tunnel for VMware Tunnel Proxy in the SDK settings.
C. Configure a VPN Profile for VMware Tunnel.
D. Configure a VPN Profile for VMware Tunnel Proxy.

A. Configure Tunnel for VMware Tunnel in the SDK settings.

How well did you know this?

Not at all

Perfectly

Which three are features of the Workspace ONE Content Gateway service? (Choose three.)
A. Encrypted communications using SSL/TLS.
B. Secure access to internal repositories.
C. Provides health status on external repositories.
D. Support for most corporate file servers.
E. Provides email notification for Exchange mail.

A. Encrypted communications using SSL/TLS
B. Secure access to internal repositories.
D. Support for most corporate file servers.

How well did you know this?

Not at all

Perfectly

Which is used to authenticate and encrypt traffic from individual applications on compliant devices to internal resources?
A. VMware Tunnel
B. Device Compliance
C. Workspace ONE Intelligence
D. Email Notification Service

A. VMware Tunnel

How well did you know this?

Not at all

Perfectly

Which three options are supported by Workspace ONE Access? (Choose three.)
A. Configuring Per-App VPN.
B. Configuring conditional access.
C. Configuring network segmentation.
D. Configuring Mobile SSO.
E. Configuring unified application catalog.
F. Configuring encryption.

B. Configuring conditional access.
D. Configuring Mobile SSO.
E. Configuring unified application catalog.

How well did you know this?

Not at all

Perfectly

An administrator would like to customize their admin consoles default branding to include the company logo and reflect the company's text color and background. How would the administrator accomplish this task? A. Navigate to UEM Console, All Settings, System, Branding. Click Branding and edit the settings in the Branding page as appropriate. B. Navigate to the Configurations tab on the console. Click Branding. Edit the settings in the Branding page as appropriate. C. Navigate to the Hub Service console Home page. Click Branding. Edit the settings in the Branding page as appropriate. D. Navigate to UEM Console, All Settings, Hub Services. Click Branding and edit the settings in the Branding page as appropriate.

A. Navigate to UEM Console, All Settings, System, Branding. Click Branding and edit the settings in the Branding page as appropriate.

Which two statements are true about Content Gateway and Tunnel on Unified Access Gateway? (Choose two.) A. Both can be configured with the same hostname on port 8443. B. Both can be configured with the same hostname on different ports. C. Both can be configured on port 8443 with different hostnames. D. Both can be configured with the same hostname on port 443. E. Both can be configured on port 443 with different hostnames.

B. Both can be configured with the same hostname on different ports. E. Both can be configured on port 443 with different hostnames.

An administrator has set up an iOS compliance policy for unwanted apps. Which of the following is the expected behavior when Workspace ONE UEM receives the app sample indicating the presence of the unwanted app? A. After 1 day, end user will receive the push notification. B. The concerned device will be marked as Non-compliant immediately. C. The concerned device will be unenrolled. D. After 2 days, all managed apps will be blocked/removed from the concerned device.

D. After 2 days, all managed apps will be blocked/removed from the concerned device.

Which two configuration steps must be performed when managing iOS devices? (Choose two.) A. Obtain an Apple Server Certificate. B. Obtain an Apple ID. C. Obtain an APNS certificate. D. Obtain an Apple Developer ID. E. Obtain an iCloud Account.

B. Obtain an Apple ID. C. Obtain an APNS certificate.

Which of the following is a prerequisite to deploy VMware Unified Access Gateway OVF? A. VMware vSphere B. VMware Workstation C. VMware Fusion D. VMware Horizon

A. VMware vSphere

Drag and drop the device operating system on the left into the box associated with its third party messaging solution. Select and Place: iOS Android Windows ————— FCM WNS APNS

iOS - APNS Android - FCM Windows - WNS

Which three can be used to enforce conditional access in Workspace ONE? (Choose three.) A. device ownership type B. device enrollment method C. device platform D. application specific E. network range F. user-based role

C. device Platform D. Application specific E. Network range

A customer intends to implement Android device management in their environment. Which three enrollment options would result in an end-user experience in which a dedicated container is created on the device for only business applications and contents? (Choose three.) A. Knox Container B. Device Enrollment Program (DEP) C. Work Managed Device D. Legacy enrolled E. Corporate Owned Personally Enabled (COPE) F. Work Profile

C. Work Managed Device E. Corporate Owned Personally Enabled (COPE) F. Work Profile

Question #34Topic 1 An administrator is preparing to setup email management for Office 365 in UEM. Which is VMware's recommended email deployment model for this scenario? A. VPN B. Proxy C. Indirect D. Direct

D. Direct

Which type of design is a diagram that includes network zones, network components, server locations, and hardware recommendations? A. Physical B. Logical C. Theoretical D. Conceptual

A. Physical

Which three features within Hub Services can an administrator leverage when Workspace ONE Access is configured and integrated with Workspace ONE UEM? (Choose three.) A. Email Notification B. Mobile Flows C. AirLift D. Virtual Assistant E. People

B. Mobile Flows D. Virtual Assistant E. People

An administrator is concerned with data loss on Workspace ONE managed endpoints. Which three configurations should be enabled to further improve the device security posture? (Choose three.) A. Configure compliance policies to monitor rooted and jailbroken devices. B. Configure compliance policies to monitor Roaming Cell Data Usage. C. Enable device-level data encryption. D. Enable SMTP integration. E. Enable verbose logging. F. Enable Data Loss Prevention policies.

A. Configure compliance policies to monitor rooted and jailbroken devices. C. Enable device-level data encryption. F. Enable Data Loss Prevention policies.

An organization has purchased a SaaS Workspace ONE solution and wants to implement these: ✑ integration with back-end resources like Active Directory from Microsoft to sync users and groups ✑ Kerberos authentication ✑ integration with Virtual Desktops and Applications from services (Horizon 7, Horizon Cloud, or Citrix) ✑ third party integration with RSA SecureID, RADIUS for authentication Which Workspace ONE component is required? A. VMware AirWatch Cloud Connector B. VMware Workspace ONE Access Connector C. VMware Workspace ONE Assist D. VMware Workspace Unified Access Gateway

B. VMware Workspace ONE Access Connector

A customer is managing only iOS devices using Workspace ONE. They would like to begin managing Android devices. What would be the first step an administrator needs to complete to begin managing Android Devices? A. Download and deploy Workspace ONE Unified Access Gateway. B. Complete Android EMM registration from Workspace One Console. C. Download and deploy Workspace ONE Access Connectors for Android devices. D. Configure a Workspace ONE AirLift Server-side Connector.

B. Complete Android EMM registration from Workspace One Console.

For federal clients, FIPS 140-2 and AES 256-bit encryption are applied to which three areas? (Choose three.) A. data in use B. data in flying C. data in pace D. data in rest E. data in transit

A. data in use D. data in rest E. data in transit

An administrator has received complaints from end-users not receiving consistent email notifications on their iOS devices. Email is configured on the end-users devices using only the VMware Boxer email client. Boxer is only configured from Workspace ONE to use Office 365. What can the administrator do to resolve the inconsistent email notifications? A. Configure VMware ENS v2 to provide consistent notification experience. B. Configure SEG v2 to provide a better notification experience. C. Configure Mobile SSO for VMware Boxer to prevent users from entering credentials. D. Configure VPN tunnel with a Boxer configuration, so that it is able to connect to the internal network.

A. Configure VMware ENS v2 to provide consistent notification experience.

You are an administrator configuring custom reports in Workspace ONE Intelligence. What is the maximum number of custom reports you can create per Organization Group (OG)? A. 10 B. 50 C. 99 D. 500

B. 50

An administrator wants to leverage the Workspace ONE Web application to allow end-user credentials to be passed to specific internal sites. Which security policy in Workspace ONE UEM must be configured? A. Offline Access B. Single Sign-On C. Network Access Control D. Integrated Authentication

D. Integrated Authentication

Which three are features of the ENS v2? (Choose three.) A. Supports most existing corporate file servers. B. Provides email notification for Exchange Active Sync. C. Secures access to internal content repositories. D. Updates the badge count for an unread email. E. Triggers a background sync on Workspace ONE Boxer.

B. Provides email notification for Exchange Active Sync. D. Updates the badge count for an unread email. E. Triggers a background sync on Workspace ONE Boxer.

An organization has a split network comprised of a DMZ and an internal network. Which Workspace ONE UEM edge service does VMware recommend to be deployed within the organization’s internal network? A. VMware Unified Access Gateway with (VMware Tunnel Back-End) B. VMware Unified Access Gateway with (VMware Tunnel Proxy) C. VMware Unified Access Gateway with (VMware Tunnel Front-End) D. VMware Unified Access Gateway with (SEG v2)

A. VMware Unified Access Gateway with (VMware Tunnel Back-End)

An administrator is seeing user attributes not updating in the Workspace ONE UEM console automatically. A. In Scheduler Services, restart user merge. B. In Directory Services, enable auto merge. C. In Directory Services, enable auto sync. D. In Scheduler Services, restart user sync.

B. In Directory Services, enable auto merge.

When using a third party load balancer to provide the tunnel service on the Unified Access Gateway (UAG), what should the SSL setting be on the load balancer? A. SSL Re-encryption B. SSL Encryption C. SSL Offloading D. SSL Passthrough

D. SSL Passthrough https://techzone.vmware.com/understand-and-troubleshoot-tunnel-connections#_1371939

Which Security Assertion Markup Language (SAML) configuration item is a pre-requisite to creating a third party identity provider in Workspace ONE Access? A. SAML AuthN Request B. SAML Assertion C. SAML AuthN Context D. SAML Metadata

Answer should be D It is listed under https://docs.vmware.com/en/VMware-Workspace-ONE-Access/20.01/ws1_access_authentication/GUID-0C459D5A-A0FF-4893-87A0-10ADDC4E1B8D.html In pre-requisite

When integrating Workspace ONE SDK with a productivity app, which three are required for SDK app deployment? (Choose three.) A. Targeted devices need to be enterprise wiped. B. App needs to be pushed and managed. C. App needs to be sideloaded. D. SDK Profile needs to be assigned. E. Targeted devices need to be enrolled and managed by UEM.

B. App needs to be pushed and managed. D. SDK Profile needs to be assigned. E. Targeted devices need to be enrolled and managed by UEM.

Drag and drop the device operating system on the left into the box associated with its third party messaging solution. IOS Android Windows ------------- FCM APNS WNS

IOS - APNS Android - FCM Windows - WNS https://www.hexnode.com/blogs/comparison-apple-push-notification-service-apns-gcm-fcm-wns/

An administrator is configuring the on-premises auxiliary components for a first time implementation. During initial testing the administrator notices an error and is unable to browse the environment from a work issued PC located on the internal network. While accessing other internet sites, the administrator has no issues browsing or accessing publicly available sites. After talking with the IT department, the administrator confirmed there have been no new firewall rules added. Which could be a reason the administrator is having issues accessing the newly created SaaS environment? A. The Windows 10 profile has not been pushed to the device to allow access to the environment. B. The administrator is utilizing IPv6 addressing and needs to revert to IPv4 addressing. C. The VMware IP space has not been whitelisted for access in the administrator’s firewall rules. D. The Workspace ONE environment needs to be upgraded to a compatible version with the customers firewall.

C. The VMware IP space has not been whitelisted for access in the administrator’s firewall rules. Discussions & Chat GPT vote for C

An administrator must ensure enrolled corporate owned Android Enterprise devices do not update during the holiday season. Which is VMware’s recommended best practice to accomplish this? A. Deliver ‘Restrictions’ profile that disables Play Store on devices. B. Deliver ‘System Updates’ profile with change freeze payload. C. Deliver ‘System Updates’ profile that defers updates up to 30 days. D. Deliver ‘Restrictions’ profile that disables chrome on devices.

B. Deliver ‘System Updates’ profile with change freeze payload.

Which three functions are supported by Workspace ONE Intelligence? (Choose three.) A. Conduct augmented analysis with artificial intelligence. B. Perform integration with other service platforms. C. Create a custom report. D. Set event driven automated API actions. E. Automate suggested actions based on VMware recommended practices.

B. Perform integration with other service platforms. C. Create a custom report. D. Set event driven automated API actions. Discussions choose D over E

Which underlying technology does Workspace ONE Access use to collect Workspace ONE UEM device information? A. SOAP API B. REST API C. AirWatch Cloud Connector (ACC) D. Security Assertion Markup Language (SAML)

B. REST API

Which is required to deliver a Check In, Check Out experience on an Android Device? A. Enable VMware Workspace ONE Intelligence. B. Deliver Launcher profile to the end-user. C. Use a basic user as a staging account. D. Block open enrollment into Workspace ONE UEM.

B. Deliver Launcher profile to the end-user. https://blogs.vmware.com/euc/2021/03/android-enterprise-native-check-in-check-out-now-supported-in-workspace-one-uem-android-video-series-episode-17.html

When Single Logout (SLO) is disabled in a third party identity provider configuration of Workspace ONE Access, what is the default action taken upon a user signing out of Workspace ONE Access? A. The user is redirected back to the Workspace ONE Access catalog. B. The user is redirected to the third party identity provider URL provided in metadata. C. The user is redirected to a custom URL provided in the identity provider configuration. D. The user is redirected to the default Workspace ONE Access login page.

D. The user is redirected to the default Workspace ONE Access login page.

When creating third party identity providers in Workspace ONE Access, which two SAML assertion components can be used to identify the user? (Choose two.) A. NameID Element B. SAML Attribute C. SAML EntityID D. NameID Signature E. SAML Issuer

A. NameID Element B. SAML Attribute https://docs.vmware.com/en/VMware-Workspace-ONE-Access/20.01/ws1_access_authentication/GUID-0C459D5A-A0FF-4893-87A0-10ADDC4E1B8D.html

Which is highly recommended to be installed for directory services integration in a Software as a Service environment (SaaS)? A. AitWatch Cloud Connector B. AirWatch Cloud Messaging C. Workspace ONE Adaptive Connector D. AirWatch API components

B. AirWatch Cloud Messaging

During an enrollment attempt, a user enters their email address in the initial field in the Intelligent Hub. The user receives an error stating, “Something went wrong with discovery”. Which configuration setting can be enabled to allow end users to enter an email address instead of a Server URL? A. Allow only known users B. Pre-Register devices C. Autodiscovery Enrollment D. Enrollment Token

C. Autodiscovery Enrollment

Which is used to authenticate and encrypt traffic from individual applications on compliant devices to internal resources? A. Email Notification Service B. Device Compliance C. Workspace ONE Intelligence D. VMware Tunnel

D. VMware Tunnel

Which Workspace ONE UEM console feature can be leveraged to confirm a Certificate Authority (CA) is accessible? A. Test Connection button B. PKI Validation button C. Request Dummy Cert button D. SCEP Request button

A. Test Connection button

Which auxiliary component, with a default configuration, has the ability to self-update after an upgrade? A. Workspace ONE Access Connector B. Unified Access Gateway C. Secure Email Gateway on UAG D. AirWatch Cloud Connector

D. AirWatch Cloud Connector

A certificate profile set to AUTO will expire in 2 days and no new certificates are being renewed. Which certificate template configuration can an administrator modify to start renewing these certificates sooner? A. Set or lower the certificate the private key length. B. Set or increase the certificate revocation period. C. Set or lower the certificate revocation period. D. Set or increase the certificate auto renewal period.

D. Set or increase the certificate auto renewal period.

Which three internal applications are supported by Workspace ONE UEM 20.01? (Choose three.) A. .ipa B. .apk C. .msi D. .msix E. .ppkg F. .app

A. .ipa B. .apk C. .msi

Which two are IT-driven on-boarding workflows for Windows 10 devices? (Choose two.) A. command line interface (CLI) staging B. ODBII C. manual device staging D. OOBE E. native MDM enrollment

A. command line interface (CLI) staging C. manual device staging

IT management has announced all traffic from the DMZ will be blocked unless it passes through a newly configured proxy, effective immediately. Administrators notice that SEGv2 is unable to contact the Workspace ONE API server. Which configuration will the administrators need to amend and apply to the SEGv2 servers? A. inbound proxy B. SSL offloading C. KCD integration D. outbound proxy

D. outbound proxy Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2001/WS1_SEGV2_Doc.pdf (21)

An administrator wants to use VMware Unified Access Gateway (UAG) appliance to enable devices to connect to internal resources without needing the Workspace ONE UEM SDK. Which method can the administrator use to deploy the UAG appliance? A. Manual install to a Linux Server B. PowerShell install to a Windows Server C. Manual install to a Windows Server D. PowerShell install to vSphere

D. PowerShell install to vSphere

Which two authentication methods are available in the Workspace ONE UEM console? (Choose two.) A. SAML B. Azure AD C. CAPTCHAs D. OAUTH E. Certificate Based Authentication

D. OAUTH E. Certificate Based Authentication

Which is the default service lookup when configuring and integrating Lightweight Directory Access Protocol (LDAP) in VMware Identity Manager? A. Active Directory Integrated Windows B. Active Directory over LDAP C. Enterprise OVA Connector D. Enterprise System Connector

B. Active Directory over LDAP

For macOS Software Distribution, which three file types are supported? (Choose three.) A. .IPA B. .MPKG C. .DMG D. .PKG E. .APK

B. .MPKG C. .DMG D. .PKG

Which configuration allows an administrator to create personalized reporting in Workspace ONE UEM Console? A. Workspace ONE UEM Reporting B. Workspace ONE Intelligence Custom Reporting C. Workspace ONE UEM Custom Reporting D. Workspace ONE Intelligence Widgets

B. Workspace ONE Intelligence Custom Reporting

An administrator wants to enable end-users to leverage a robust catalog, people search, notifications, and an option to create a custom tab. Which two products from the Workspace ONE platform are required to be configured to leverage the full feature Workspace ONE Intelligent Hub? (Choose two.) A. VMware Tunnel B. Workspace ONE UEM C. VMware Unified Access Gateway D. Workspace ONE Intelligence E. Workspace ONE Access

B. Workspace ONE UEM E. Workspace ONE Access

An existing Workspace ONE environment contains 20,000 users/devices. An additional 25,000 users/devices are planning to be added to the system. The total number of users will be 45,000. Which is VMware’s best practice recommendation for determining the additional hardware that may be required? A. Add an additional server at each node to ensure overhead for the new device addition. B. No scaling will be needed for the additional device count and load on the environment. C. Review the latest recommended architecture documentation for server scalability recommendations. D. Review recommended architecture documentation from any version for server scalability recommendations.

C. Review the latest recommended architecture documentation for server scalability recommendations.

Which three are fields populated by an administrator when adding SaaS Web Applications on Workspace ONE Access? (Choose three.) A. application parameters B. first name format C. username format D. username source ID E. application format F. Single Sign-On URL

A. application parameters C. username format F. Single Sign-On URL

Which three security technologies in Workspace ONE ensure endpoint data loss prevention on devices? (Choose three.) A. The device is encrypted. B. The device is made FIPs compliant. C. The device user’s directory password rotation policy is applied. D. The device is monitored with real time threat detection. E. The device has a compliant passcode.

A. The device is encrypted. D. The device is monitored with real time threat detection. E. The device has a compliant passcode.

Which component is required to communicate with AirWatch Cloud Connector? A. AirWatch REST API services B. VMware Workspace ONE Device services C. VMware Workspace ONE Console services D. AirWatch Cloud Messaging service

D. AirWatch Cloud Messaging service

Which three are features of the Email Notification Service? (Choose three.) A. Secure access to internal content repositories. B. Trigger a background sync on Workspace ONE Boxer. C. Update the badge count for an unread email. D. Provide email notification for Exchange mail. E. Support most existing corporate file servers.

B. Trigger a background sync on Workspace ONE Boxer. C. Update the badge count for an unread email. D. Provide email notification for Exchange mail.

What is the purpose of the Workspace ONE UEM Security Pin? A. Serves as a second layer of security for administrators while preventing inadvertent commands. B. Provides multi-factor authentication for users during device enrollment. C. Provides a second factor of authentication for administrators during console login. D. Serves as a second layer of security for end users while preventing inadvertent commands.

A. Serves as a second layer of security for administrators while preventing inadvertent commands.

A Workspace ONE administrator is configuring email for an organization that uses Microsoft Exchange Online (Office 365). The organization has an extreme security posture and wants to require all email attachments be encrypted. Which is needed to meet the organization’s requirement? A. Boxer with DLP enabled B. PowerShell integration with default blacklist C. Native Mail configuration with device pin based encryption D. SEGv2 with content transforms

A. Boxer with DLP enabled

A Workspace ONE UEM SaaS environment is no longer synchronizing new users with Active Directory. All configuration settings are correct and the users and groups are mapped properly in the console. Which integration server should be checked for connectivity issues? A. Secure Email Gateway B. Unified Access Gateway C. Device Services Server D. AirWatch Cloud Connector

D. AirWatch Cloud Connector

Which would an administrator use to configure the remote wiping of privileged corporate content and set notification thresholds when a minimum number of devices are wiped within a certain amount of time? A. Compromised Protection Settings B. Notification for Device Blocked C. Managed Device Wipe Protection D. Notifications for Device Enroll/Unenroll

C. Managed Device Wipe Protection

Which two preconfigured automation templates categories are available in Workspace ONE 20.01? (Choose two.) A. Workspace ONE UEM B. Bitnami C. Pivotal D. Workspace ONE Access E. Carbon Black

A. Workspace ONE UEM E. Carbon Black

Which two are needed from the directory when configuring user and group settings for Directory Service integration? (Choose two.) A. Base DN B. Group & Function Class C. Functional Level D. User & Group Object Class E. AD Server IP

A. Base DN D. User & Group Object Class

An administrator has been tasked with automating an action for the internal IT team via available APIs. Where can the administrator find a repository of all API commands with syntax and example? A. Navigate to /api/help. B. Navigate to the Intelligent HUB and find the latest API guide. C. Navigate to VMware Docs and find the latest API guide. D. Navigate to /apiv2/commands.

A. Navigate to /api/help.

An administrator is setting up the organization group (OG) hierarchy using this information: company has two departments to enroll devices into company has one Active Directory to integrate with company has only one Volume Purchase Program (VPP) account to deploy Purchased apps What is VMware’s recommended best practice for which OG should be set to Customer type? A. Global (Main) B. Company (Sub) C. Department 2 (Sub-Sub) D. Department 1 (Sub-Sub)

B. Company (Sub)

Which domain attribute must be included to meet the SAML assertion requirement for Just-in-Time (JIT) provisioning of users in the Workspace ONE Access service? A. distinguishedName B. userName C. firstName D. lastName

B. userName

An administrator wants to create a new Workspace ONE Access Policy that is specific only to a newly created IP subnet. Which three Workspace ONE Access Policy settings would the administrator set? (Choose three.) A. network range B. authentication method C. subnet range D. device type E. attribute type F. assignment method

A. network range B. authentication method D. device type https://docs.vmware.com/en/VMware-Workspace-ONE-Access/19.03/idm-administrator/GUID-C2B03912-C7D8-4524-AE6E-8E8B901B9FD6.html

When troubleshooting group syncs through the AirWatch Cloud Connector, which log file should be reviewed? A. c:LogsCloudConnector.log B. c:LogsCloudConnector_MMDDYY.log C. c:LogsACC.log D. c:LogsIDMConnector.log

A. c:LogsCloudConnector.log

Which feature of Workspace ONE UEM can be configured to allow reports to run on a schedule and have them delivered to a subset of administrators? A. SQL Server Reporting Services B. Timed Report Execution C. Report Subscriptions D. Windows Scheduled Tasks

C. Report Subscriptions

What does COPE stand for in Android Enterprise? A. corporate owned, privacy exception B. corporate owned, personally enabled C. co-owned, personally enabled D. co-owned privacy exception

B. corporate owned, personally enabled

Which service is supported when using only Legacy Connectors with Workspace ONE Access? A. Kerberos Authentication B. Directory Sync C. User Authentication D. Virtual Apps Integration

B. Directory Sync

While referencing the exhibit, which SDK profile does Security Policies belong to? A. Custom SDK Profile B. Default SDK Profile C. Application Profile D. Intune SDK Profile

B. Default SDK Profile

The CEO has informed a Workspace ONE administrator an important recurring report was not received in email. Where can the administrator review report status? A. Monitor > Reports & Analytics > Reports > Subscriptions B. Monitor > Reports & Analytics > Export C. Monitor > Error Reporting > Subscription Errors D. Monitor > Admin Panel > Error Reporting

A. Monitor > Reports & Analytics > Reports > Subscriptions

What use case is the Workspace ONE Assist unattended mode application recommended for? A. CORP Kiosk Devices B. BYO User Devices C. BYO Kiosk Devices D. COPE User Devices

A. CORP Kiosk Devices https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2005/WS1_Assist/GUID-10A87E46-05E3-447C-ACD4-187CE2015E2D.html

Which steps are necessary to configure a compliance policy once a device platform has been selected? A. Rules, Actions, Assignment, and Summary B. Rules, Assignment, Execution, and Description C. Actions, Quarantine, Plan, and Description D. Package, Alert, Escalation, and Type

A. Rules, Actions, Assignment, and Summary https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/UEM_Managing_Devices/GUID-AddACompliancePolicy.html

Which two settings are configurable in a macOS disk encryption profile? (Choose two.) A. FileVault Enterprise Certificate B. Maximum Battery Level C. TPM License Key D. Recovery Key Type E. Administrator Password Policy

A. FileVault Enterprise Certificate D. Recovery Key Type

Which is the only method to deploy Content Gateway when using Workspace ONE 20.01 and higher versions? A. Legacy Windows B. UAG C. Legacy Linux D. Standalone

B. UAG

Which component can use an AirWatch generated certificate for Inbound SSL Traffic? A. VMware Tunnel B. VMware Secure Email Gateway C. AirWatch Cloud Connector D. Reverse Proxy

A. VMware Tunnel https://resources.workspaceone.com/view/yr8n5s2b9d6qqbcfjbrw/en

An administrator is preparing to deploy an email configuration but cannot add an additional server. Which deployment method is the only option for this email configuration? A. Direct B. VPN C. Proxy D. Indirect

A. Direct

screenshot: ------------------------------------------------------------ Workspace One Access denied invalid SAML audience ------------------------------------------ The Workspace ONE Administrator has received complaints from end users that they are unable to access web applications from the Workspace ONE Access catalog. The exhibit displays the error end users received. What Security Assertion Markup Language (SAML) configuration item should the administrator review in Workspace ONE Access for accuracy to resolve the reported issue? A. SAML Sign-On URL B. SAML Recipient C. SAML Entity ID D. SAML Certificate

C. SAML Entity ID / Application ID

What are the setting options for sync frequency in Workspace ONE Access Directory? A. Manually, once per week, twice each day, every hour B. Manually, once per week, once per day, every hour C. Manually, once every other week, once per day, every hour D. Manually, once per week, once per day, every half hour

B. Manually, once per week, once per day, every hour

An organization would like to: remove and install applications from end-users devices remove and install profiles from end-users devices add new devices edit device information such as friendly name, asset number, etc. Which VMware recommended Workspace ONE UEM administrator role with the least privileges can perform the action? A. Console Administrator B. Application Management C. Helpdesk D. AirWatch Administrator

A. Console Administrator