Android Enterprise Experts Certification Exam Answers

2 ratings

https://en.certificationanswers.com/android-enterprise-experts-certification-exam-answers/

You can download all answers to the latest Android Enterprise Expert certification program and get certified in minutes.

This pack includes all final certification exam questions and answers. Also, answers to all activities needed to unlock this exam (4 PDF files in one pack):

Expert Certification Answers
Architecture & Implementation
LABS certification
Support Engineer

Questions and Time Limit – 50 Questions and time limit is 120 minutes.

Some questions:

Users are reporting that they cannot connect to their company’s WiFi. Which of the following pieces of information should be collected to eliminate the “Set device policies” watchpoint?

The model of the device, because it may not support that WiFi network
The EMM being used, because it may not support setting WiFi configurations
The users home SSID to ensure there is no conflict
The WiFi configuration set, because it may be incorrect

A new customer is looking to enroll dedicated devices running Android 7.0. Which methods of provisioning could they use to enroll the devices? Select the three correct answers.

NFC
QR Code
Zero-touch
EMM Identifier

A customer is reporting an issue when provisioning devices through zero-touch. By following the problem-solving framework, you have concluded that the core issue is related to the IMEIs. Whom would you contact to help resolve this?

EMM
Reseller/carrier
OEM
Customer’s procurement team

“A few years ago Google initiated Project Treble to further improve how Android was updated and secured. Which of the following statements correctly describes how Project Treble contributes to device security?”

Project Treble is a form of encryption for work profiles.
Project Treble reduces the number of processes that can access the SoC to three so that they are checked for integrity before executing.
Project Treble separates device specific software from the OS, making it easier to update the OS, so that devices benefit from security updates quicker.
Project Treble randomizes key locations in memory, meaning that exploits cannot be reused.

How do you create allowlist for public applications into your organization?

From Managed Play iframe, accessible from your supported EMM Console
Sideload before enrolling in EMM
From Managed Play Publishing Console
All of the above

“Android provides flexibility to the ecosystem, which allows OEMs to build exclusive features on top of what Android provides. For example, ABC mobile is an OEM that has developed specific enterprise features built-in to the device, to differentiate their devices from another brand. However, one of the key challenges is the need for other ecosystem partners (like EMMs) to integrate these features, so they can be managed by the IT Admin (customer). What requirements need to be fulfilled by the OEM and/or the other ecosystem partners to address this challenge?”

ABC Mobile as an OEM needs to develop this feature with OEM config. With that, their features will be immediately available on every EMMs that supports managed configurations.
ABC Mobile as an OEM needs to build APIs for EMM providers to develop and integrate with their software before Enterprise customers are able to use it. The availability of this feature varies depending on the EMM provider’s integration.
ABC Mobile as an OEM can’t create exclusive features, if they want to create a new feature, they have to submit a feature request to Google. Once it is approved ,Google will make it available in all Android Devices.
ABC Mobile as an OEM has to be part of Android Enterprise Recommended program before they can create any exclusive features. Android Enterprise Recommended allows OEMs to use OEM Config features that Android Enterprise offers.

“Nicky explains that Android is flexible and there are a few options for enterprises to host and publish their corporate applications on managed devices with managed Google Play. Which one of the following hosting and publishing methods are NOT supported by managed Google Play?”

Side-loaded by a business website.
Self hosted private apps on a business server.
Publish public applications.
Google-hosted private apps.

“Tomoka, the IT consultant, is explaining to one of their customers that starting from Android 10, Android devices must use File Based Encryption and are no longer able to use Full Disk Encryption, File Based Encryption provides better security capability. Do you know how File Based Encryption works?”

All of the answers above (A, B and C) are correct.
“File Based Encryption allows different components in Android to be encrypted with different keys. This allows the work profile key to be ejected from memory while the personal profile is still in use.”
File Based Encryption allows IT admin to separate the encryption key from the device. The IT Admin can put the encryption key in their private cloud and let devices access the encryption key in the cloud before they can use the device.
File Based Encryption allows an IT Admin to modify the encryption key and save it in a unique location in the file system, making it difficult for the attacker to find the key.

“A customer is asking about blocking applications installation policy on Android devices. Which is the best answer pertaining to the blocking application policy?”

EMM can use PersonalApplicationPolicy from Google Play EMM API to block applications installation in main profile (personal space), this is only applicable for company owned devices with work profile management mode.
EMM can use PersonalApplicationPolicy from Google Play EMM API to block applications installation in work profile, this is applicable for company owned devices with work profile management mode or BYOD model.
EMM can use PersonalApplicationPolicy from Android Management API to block applications installation in main profile (personal profile), this is only applicable for company owned devices with work profile management mode.
EMM can use PersonalApplicationPolicy from Android Management API to block applications installation in work profile, this is only applicable for company owned devices with work profile management mode or BYOD model.

“Gathering data is one of the crucial steps that provides useful information for the IT Admin. Which data source provides the IT Admin with the device make/model, a list of apps on the device, app permissions and network information?”

Bug Report
Application log
Interview the user
Logcat

An Independent Software Vendor (ISV) has developed and distributed a private application to multiple customers. They are now in the process of distributing the application to an additional customer, but they are unable to. What could be causing this?

To further distribute a private app the majority (75%+) of currently targeted devices need to be running the latest version of the app.
They have hit the limit of 1000 customers using one private app.
To further distribute a private app the majority (50%+) of currently targeted devices need to be running the latest version of the app.
They have hit the limit of 75 customers using one private app.

Let’s take a look at this log: http://tiny.cc/2dawcz. Search and find information about Google Messages application in the given log. Which one below is CORRECT information about Google Messages application from the given log? Copy and paste this URL in your browser to open the bug report—

The application not allowed to send SMS
The application is installed in Personal Space but it is hidden
The application is not installed in Work Profile
The package name of the Google Messages application is: com.google.android.apps.dynamite

What is “user 10” from the Android bug report log?

It is the 10th user account in the device
It is the Main Profile
It is the 11th user account in the device
It is the Work Profile

“Acme inc. needs one of their applications to be able to communicate across work profile boundaries, they heard that Google has released this feature recently, however they are not sure about the minimum OS version that supports this feature. As the solution consultant, would you be able to tell Acme inc. what is the minimum OS version that supports this feature?”

Android 9
Android 12
Android 11
Android 10

“Let’s take a look at the following log snippet:

Build: PQ3A.190801.002
Build fingerprint: ‘google/taimen/taimen:9/PQ3A.190801.002/5670241:user/release-keys’
Bootloader: TMZ20r
Radio: g8998-00008-1902121845
Network: (unknown)
Kernel: Linux version 4.4.169-g09a041b17c60 (android-build@abfarm700) (Android clang version 5.0.300080 (based on LLVM 5.0.300080)) #1 SMP PREEMPT Wed Jun 5 22:23:19 UTC 2019
Which of the following statements is CORRECT, based on the log snippet above?”

This device is running Android 5.0.30080
“Network: (unknown) That means: this device is broken”
The device was manufactured in 2019
This device is running Android 9

Users are reporting that they cannot connect to their company’s WiFi. Which of the following pieces of information should be collected to eliminate the “Set device policies” watchpoint?

The model of the device, because it may not support that WiFi network
The EMM being used, because it may not support setting WiFi configurations
The users home SSID to ensure there is no conflict
The WiFi configuration set, because it may be incorrect

A new customer is looking to enroll dedicated devices running Android 7.0. Which methods of provisioning could they use to enroll the devices? Select the three correct answers.

NFC
QR Code
Zero-touch
EMM Identifier

Using the bug report provided, please identify three User Restrictions applied to the device. Copy and paste the following link to open bug report 2: http://tiny.cc/occwcz

ensure_verify_apps, no_user_switch, no_usb_file_transfer
no_uninstall_apps, no_system_error_dialogs, no_sms
no_share_location, no_set_wallpaper, no_safe_boot
no_config_cell_broadcasts, no_add_managed_profile, no_config_wifi

A customer is reporting an issue when provisioning devices through zero-touch. By following the problem-solving framework, you have concluded that the core issue is related to the IMEIs. Whom would you contact to help resolve this?

EMM
Reseller/carrier
OEM
Customer’s procurement team

A customer reaches out to you with a specific set of requirements for their device management. They have requested your help selecting an EMM. What Android resources would you leverage to help them finding the EMM that best fits their needs?

Compatibility Definition Document (CDD)
Enterprise Solutions Directory and Android Enterprise feature list
Android Enterprise terminology documentation and Solutions glossary
developer.android.com

Skyline LTD is an Microsoft 365 customer, who is looking to deploy 1000 devices on Android Enterprise. You need to advise them on the best choice of identity model before they can move forward with their deployment. What identity model would you recommend, according to Google best practices?

Google Accounts
Managed Google Play Accounts
A 3rd party identity model provider that is compatible with Microsoft 365
Recommend that the end users create their own accounts

Users are reporting that Gmail won’t sync mail from their Microsoft Exchange account. What could be the cause of this?

The users’ EMM may not support managed configurations
EAS 16 may not be supported on an older device
The QR code used to enroll the device may have an expired enrollment token
The value set for the Exchange server may be wrong

You identified an issue with a device and pulled a bug report. Your next step is to share the bug report with the EMM provider. Which of the following aligns with Google’s recommended best practice for sharing bug reports?

Delete any user identifiable data from the bug report, then share it with your EMM provider
Upload the bug report to a cloud storage provider and share it with individuals who need access to the content
Email the bug report to Google support
Do a screensharing session to show the EMM provider the bug report

Users are reporting that they are not able to use the Barcode Scanner app. The application ID for Barcode Scanner is ‘com.google.zxing.client.android’. Refer to the following bug report and select the reason why this might be the case: copy and paste the following link to open bug report: —

Use of the camera has been blocked
Barcode Scanner requires a Google Account, and the device is using a Managed Google Play Account
Barcode Scanner is not installed
The device is not being managed

Your customer has a newer version of one of their private apps, and they would like to test the updated version with a small group of users (<100) before a full rollout. What is the best way for them to test the newer version of the application?

Upload the app with two different application IDs and share one of them with the test group only
Temporarily change restriction on the devices of the test group to allow them sideloading the app for testing
Ensure you upload the updated application via an EMM that has integrated the iFrame. This will enable version control within the EMM console allowing you to target the device(s) you wish the latest version to be installed to
Create an internal or closed test track in the developer Play Console and invite a subset of users to test this version

Your customer is planning their migration from Device Admin to Android Enterprise, and they have some questions around VPN configuration. Which of the following is one advantage that Android Enterprise has over Device Admin when configuring a VPN?

In using Device Admin you can leverage app wrapping to push any VPN configuration to your app
There is no fundamental difference in the way that VPN are configured
In Android Enterprise, you can leverage Managed Configurations to push VPN configurations
Device Administrator offers an easier path to integration for EMMs

You’re an IT admin, and you want to initiate the trial of an app developed by an Independent Software Vendor (ISV). What identifier must be provided to the ISV for them to grant access to the application within your company’s managed Google Play?

User ID
Android device ID
Organization ID
IMEI

A VPN provider is looking to offer better support for their Android customers who are migrating from Device Administrator to Android Enterprise. Their customers have previously been complaining that their application has not been receiving the configurations to resolve the VPN host. What is Google’s suggested best practice to support this functionality?

Externally readable ini file
Managed configurations via managed Google Play
Insert the VPN configuration as part of DPC extras
Configure it within the WiFi details for NFC bump

Your customer would like to enroll several hundred Nexus 6P devices as fully managed as quickly as possible. These devices run Android 6.0 out of the box. Which of the following enrollment methods would you recommend the customer use to complete provisioning as quickly as possible?

Zero-touch enrollment
EMM Identifier
NFC provisioning
QR code provisioning

An IT Admin notices that enrollment consistently fails when updating Google Play services over Wi-Fi. This issue occurs during deployment, on a variety of different devices. The Admin notes that when the devices are on cellular data, enrollment is successful. What next step would you take to try to resolve this issue?

Disable all SSL inspection on the network
Check that all required ports are open in the firewall
Check the ADB logs on one of the affected devices
Check that managed configurations on Google Play services are set up correctly

Your customer has a requirement to prevent certain apps from using an active VPN on a fully-managed device. Which one would be the recommended way to configure this?

Add the applications that should go through the VPN to the allowlist
Assign managed application configurations to the applications on the denylist with policies to prevent use of the VPN
Block traffic to and from the app on the local network
Create a work profile on the fully managed device and route all traffic through the whole work profile

Users are reporting an issue on their devices. You ask your customer to pull some logs from an affected device, but their device policy is preventing them from capturing the requested logging. Which of the following policies enables/disables a user’s ability to generate Android bug reports?

DISALLOW_TROUBLESHOOTING_TOOLS
DISALLOW_DEBUGGING_FEATURES
ENABLE_ADB_DEBUG
FREE_THE_LOGS

Users are reporting that they are seeing the consumer Play Store on their fully managed work devices. Which of the following would be valid troubleshooting steps for this issue? Select the two answers that apply.

Verify that the EMM is still bound to the user’s company
Verify that the IT admin has uploaded the company’s apps to the Google Play Developer Console
Ensure that the IT admin has set an application allowlist instead of allowing an open Play Store
Ensure that the IT admin has set the correct managed configuration for the Google Play Store

Some users are complaining that they cannot add their personal Gmail account to their fully managed devices. Why might this be the case?

Android Enterprise only supports company Gmail accounts
Gmail app is not updated to the latest version
Adding personal accounts is disabled as per company policy
Android Enterprise only supports one account per Google application

Your EMM, who uses a Custom DPC, doesn’t have a settings toggle that you notice has been available since 7.0 as per the developer documentation. What is the best next step to get access to that feature?

Raise a feature request with the EMM to support the toggle
Speak to your OEM to bring support for the toggle within their OEM Config application
Raise the request with Google
Create a small app yourself using the developer documentation and toggle it via app config

Your customer has previously been using a containerized solution on Device Administrator, and they are planning their migration to Android Enterprise. One of the customer requirements, coming from their IT team, is to set and enforce a security challenge for their BYOD users within the work profile that is separate and has different requirements from the device security challenges. Taking into account this requirement, what would you recommend?

Recommend the IT Team that they only support BYOD on devices running Android 6.0+
Recommend the organisation instead deploy fully managed devices with work profile, as this Android Enterprise feature is only supported in this management mode
Recommend the IT Team that they only support BYOD on devices running Android 5.1+
Recommend the IT Team that they only support BYOD on devices running Android 7.0+

Using the bug report provided, please identify three apps installed in the work profile. Copy and paste the following link to open bug report 1: —

YouTube, Docs, Chrome
Sheets, Gmail, Files by Google
Dropbox, Translate, Skype
Keep, Slides, Earth

One of your customers is concerned about security on their Android devices, specifically in regards to key generation, key import, signing & verification services. Which of the following security features of Android can you leverage as a good starting point for your conversation?

Verified Boot
Rollback Prevention
Application Sandboxing
Trusted Execution Environment

Some users are reporting that they cannot connect to the corporate WiFi. You notice in your EMM console that your WiFi certificate has failed to install on the affected devices. What might be the cause of this?

The EMM DPC has a pending update
Device passcode has not been set
The device has a pending update
Device is unable to see the SSID the certificate is trying to validate against

One of your customers is reporting that a subset of their devices is not getting provisioned correctly through QR code. You need to help them troubleshoot this issue. Which of the following areas should you look into when troubleshooting a provisioning issue? Select the two correct answers.

Set device policies
Provision device
Select OS version/device
Set managed config

Using the bug report provided, please identify three User Restrictions applied to the work profile. Copy and paste the following link to open bug report 1:

no_add_user, no_autofill, no_config_credentials
ensure_verify_apps, no_bluetooth_sharing, no_install_unknown_sources
no_config_location, no_config_vpn, no_content_suggestions
no_cross_profile_copy_paste, no_debugging_features, no_unified_password

What are the benefits of using Android Enterprise over Device Admin? Select the two correct answers.

If you choose Android Enterprise, you get free Google Cloud storage
Android Enterprise offers more flexible provisioning methods over Device Admin
Android Enterprise supports application configuration
Android Enterprise offers customers free technical support direct from Google

What is one of the advantages of an OEM leveraging ‘OEMConfig’ for application development? Select the correct answer.

OEMConfig allows all OEMs access to vendor APIs
OEMConfig is supported by all EMMs
OEMConfig allows OEMs to address customer needs without requiring 3rd party developer support
OEMConfig can be distributed to devices without having to go through managed Google Play

Your customer is reporting that users can enable Bluetooth, despite having set a company-wide policy that should disable Bluetooth. Which of the following would you choose to troubleshoot this policy issue? Select the two correct answers.

Select OS version/device
Set managed config
Provision device
Set device policies

You’re provisioning dedicated devices, and notice that lock task mode policy is failing to apply on a subset of them. Which of the following tools would it be appropriate to use to troubleshoot the problematic devices?

Android Management API Colab
Test DPC
Android Management Experience
EMM console

A customer has developed a private application that is targeting API level 23 (Android 6.0). What will be the expected behaviour when they attempt to upload their app to Google Play?

Assuming there are no security issues with the app, it will be allowed on Play and can subsequently be whitelisted for the enterprise
The application will be allowed on Play but will only be displayed for Android 6.0 devices and lower in the Play Store
The application will be rejected because apps uploaded to Google Play need to target a minimum API level 29 from August 2020
The application will be allowed on Google Play but will show a warning about using deprecated APIs on Android 8.0 devices and higher

A customer is uploading a new application to Google Play and wants to reuse the Application ID of another unlisted app. What is the expected behavior?

Google Play will silently replace the old application with the new application
As long as the old app is unlisted, Google Play will allow upload of the new app, which reuses the same Application ID
Google Play will automatically generate a new Application ID and allow the app to be uploaded
The application will be rejected because Google Play only allows a single instance of an Application ID

Your customer is reporting that some users can enable Bluetooth, despite having set a company-wide policy that should disable Bluetooth. Referring to the UserManager developers’ documentation, in which version of Android was support for disabling Bluetooth introduced?

9.0
8.0
7.0
6.0

Users reported that an app is crashing when launched from the work profile. What two pieces of information are critical to collect when escalating to the app developer?

Application ID and bug report
Enterprise ID and User ID
Identity model (Google Account vs Managed Google Play Account) and bug report
Enterprise ID and Application name

Your customer is reporting that applications on a group of their devices are not updating consistently. You want to advise them on Android best practices around managing app updates from the Play Store. Which of the following are two of the default guidelines for updates to happen promptly? Select the two correct answers.

Devices are charging
Devices on a secure WiFi (WPA2 and above)
Devices are connected to a Wi-Fi network
Location services must be turned on

Your customer wants to ensure that their corporate browser always goes through VPN, but at the same time, they want to implement the best configuration to reduce unnecessary traffic over the corporate VPN. What VPN configuration would best fit the customer’s specific requirements?

Always-On VPN
Per-Profile VPN
User-Initiated VPN
Per-App VPN

Your customer is provisioning devices via zero-touch enrollment deploying multiple configurations. They report that a group of devices is not enrolling automatically into their EMM, while other devices have enrolled successfully. You have already confirmed that the devices are listed in the zero-touch console. The end-user reports seeing an EMM-branded screen on the device, but is unable to login. What would be the next troubleshooting step you would advise?

Check that the DPC extras are correct according to the EMM
Re-upload the devices in the zero-touch console
Go to admin.google.com and remove the domain binding to their EMM
Go to their EMM console, remove and add the binding to the Managed Google Play account

An OEM is looking to build new devices that will support a large enterprise customer, who wants to be able to leverage Android Enterprise functionality to manage their devices. What is the minimum requirement they need to comply with to support Android Enterprise?

Google Mobile Services (GMS) Certification
Android Enterprise Recommended
Frequent Security Patches
Android Open Source Project (AOSP)

You are uploading an APK via the managed iFrame, the APK uploads successfully. You go to the managed Play Store, the next day, to begin the app distribution process only to find the app removed from the store. What would be the reason for this?

The APK is unsigned
The application ID is incorrect
The APK exceeds the maximum file size limit allowed
Google Play Protect detected this as a potentially harmful app

Which API can EMMs use to deploy apps via Managed Google Play? Select the two answers that apply.

Firebase Management API
App Engine Admin API
Android Management API
Google Play EMM API

A customer reported that their applications are not being installed silently on their users’ devices. Which of the following troubleshooting areas should you consider when working on an “application install” issue? Select the two correct answers.

Configure provisioning
Approve/assign apps
Provision device
Create/sync users or groups

Using the bug report provided, please identify three non-System apps on the device. Copy and paste the following link to open bug report 2:

Docs, Translate, Keep
Chrome, Gmail, YouTube
Calendar, Quicksearchbox, Camera
Documents UI, Messaging, HTML Viewer

You are planning the staging of a large quantity of devices prior to distributing them to their final destination. Which of the following items should you be wary of when staging a large number of devices in one space?

Network bandwidth
Charging points for all of your devices
Devices on the latest version of Android
Location services will be enforced

Your customer is deploying devices that will be used at a university. One of the requirements is to monitor traffic for unauthorized content. They wish to implement SSL inspection to fulfill this requirement. What would be your recommendation based on Google’s best practices?

The customer can use any SSL proxy solution out of the box, as none of them will interfere with their Android deployment
The customer can configure SSL inspection, as long as traffic to Google services bypasses the proxy
The customer should configure traffic on ports other than 443 to bypass the proxy
The customer should configure all traffic to hosts connecting on port 443 to bypass the proxy

An Independent Software Vendor (ISV) has developed a private app for your customer. They uploaded it through the Google Play developer console, but your customer does not see it in their managed Google Play store. After doing some troubleshooting, you realize that the ISV has not correctly assigned the app in the Google Play console. Which of the following identifiers should you provide to the ISV so that they can assign the app correctly?

Organization ID
Device ID
Company ID
User ID

Your customer is deploying Android Enterprise on their Android 11.0 devices. They are in the process of testing their private apps on the new devices, and one of their applications is throwing exceptions. The same application appears to work correctly on Android 8.0 devices. How would you explain this behavior?

The application has not been coded towards the correct API level
The application package name is not compatible with Android 11.0
The application has not passed the security checks for Android 11.0
They need to install an older version of the application then upgrade it

Your customer is trying to enroll Pixel 3 phones using zero-touch enrollment. Despite the device having an active connection to WiFi or data, the DPC isn’t downloading. Which is the appropriate troubleshooting step to take next?

Verify that the IMEIs in the zero-touch portal match the phones they are using
Verify that the users have been correctly configured on the EMM console
Verify the DPC Extras are complete and correct
Verify that the device is running Android 7 or above

One of your users is experiencing issues with their device. As their IT Admin, you need to retrieve the logs from the affected devices to troubleshoot this issue. Which one of the following approaches should you take, according to Google’s best practices?

Download a “log retriever” application, then email the logs to yourself
Plug the device into a computer and retrieve the logs by running adb bugreport in a terminal
Go into developer mode on the device, and download the logs to the device internal storage
Factory reset the device and restore the user configuration to verify if the issue persist

What section of a bug report tells you if there is a work profile on the device?

Combined logs
Raw Bug report
DUMP OF SERVICE (account or device_policy)
Packages:

Which of the following is a reason to choose Android Enterprise over Device Admin?

Device Admin is deprecated, and the associated APIs are being progressively removed
Android Enterprise has the ability to push apps to enduser devices, while this cannot be achieved when using Device Admin
Android Enterprise is comparable to Device Admin and there is no reason to choose one over the other
Devices can migrate over to Device Administrator from Android Enterprise in the future should IT Admins change their mind on the management type

What API level corresponds with Andorid 11.0?

API level 30
API level 20
API level 27
API level 34

What is Fully Managed Device management mode?

It is a management mode for Company Owned Device use-case, and the deployment can be done only from Zero-touch enrollment.
It is a management mode for BYOD use-case, and the deployment can be done from one of these methods: QR Code, Zero Touch, DPC Token and NFC
It is a management mode for Company Owned Device use-case, and the deployment can be done from one of these methods: QR Code, Zero Touch, DPC Token and EMM client enrollment from Google Play Store
It is a management mode for Company Owned Device use-case, and the deployment can be done from one of these methods: QR Code, Zero Touch, DPC Token and NFC

“An in-house software developer of a company created two separate applications for two different purposes: User Acceptance Test (UAT) and a Production version. They need to publish the UAT version to a separate group of people within the organization, and there is no requirement for them to test the UAT and production version at the same time/side-by-side in the same device. They uploaded both applications in managed Google Play so their users can choose/install the version that they want. Do you think this is the best approach to test and publish applications in Managed Google Play?”

No, the Developer should use the closed testing track feature to test their application before promoting it to production.
Yes, there will be two different versions of the application with the same package name, the IT Admin can assign each of the versions to different users accordingly.
No, the Developer should sideload the UAT version of the application into particular devices for UAT testing.
Yes, there will be two different applications with two different package names, the IT Admin can assign each of the applications to different users accordingly.

“A company policy requires no camera usage within the R&D center area. One day an IT admin finds that a BYOD device didn’t get its camera disabled in the main profile (personal space).
The device in question is a personal device, owned by the employee, running Android 7 and enrolled with EMM with a work profile installed.
What is the most likely cause of this?”

Disabling camera in the personal profile is only available on Fully Managed device or Dedicated device
User lost connection to the network to receive EMM policy for disabling camera.
User has modified the Android OS so it can bypass EMM policy.
Disabling camera in main profile (personal space) is only works on Android OS 8 and above

“An IT Admin asked to test a private application that was developed by a 3rd party ISV vendor to a certain group of testers within the organization. With Android Enterprise, what are the right steps/plan to execute this activity?”

Share the organization ID to the ISV and ask the ISV to publish the app to the organization ID in a closed testing track. Later, the IT admin can assign the version of the app uploaded to the testing track to the group of people that need to test from their EMM console
Ask the ISV to develop a separate beta version of the app with a different package name, then publish it through managed Google Play to a certain group of people.
Ask the ISV to share the apk file and sideload it to another device to test
Ask the ISV to develop a separate beta version of the app with a different package name, send the apk file to the tester, and ask them to sideload the app for testing.

“What are two key benefits or features from the list below that you would highlight to customers that are looking to deploy public or private applications via managed Google Play? ” Select All Correct Responses

Removes the need for app wrapping.
Prevents IT admins from setting applications‘ permissions.
Allows IT admins to approve and publish public applications in Google Play Store.
Safeguards devices by preventing private app deployment.

“Hector from Horybell Inc. states that “Using managed Google Play is not enough to protect my device from PHAs.”. He does not appear to fully understand how managed Google Play protects devices from PHAs. As a solutions consultant, which of the following statements might you use to respond to Hector’s objection above?”

All of these.
Devices that install apps exclusively from Google Play, rather than sideload apps, are at much lower risk of installing PHAs.
Google Play ensures that app updates are always signed by the original developer, avoiding app hijacking.
Google Play has a proven track record of minimizing the risk of PHAs being installed on Android devices.

An ISV (Independent Software Vendor) wants to build a data loss prevention solution in their existing EMM, one of the features is to control clipboard data transfer between the personal side and the work profile. Which policy can they use to implement this feature?

DISALLOW_CROSS_PROFILE_COPY_PASTE
DISALLOW_CLIPBOARD_COPY_PASTE
DISALLOW_CROSS_PROFILE_DATA_TRANSFER
DISALLOW_CROSS_PROFILE_CLIPBOARD

Which section of a bug report tells you about application information/policies?

Raw Bug report
DUMP OF SERVICE package
Combined logs
Packages

“Please take a look at below Log snippet:
Owner Services:
User: 0
com.google.android.apps.work.clouddpc/.vanilla.services.admin.CloudDeviceAdminService [bound] [connected]
Next backoff(sec): 3600
Enabled Device Admins (User 0, provisioningState: 3):
com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver:
userRestrictions:
ensure_verify_apps
no_add_managed_profile
no_install_apps

What information can you find from the above log snippet?”

Device is installed with Work Profile
App installation is not allowed
All of the system apps are disabled in the device
User: 0 means there is no Google account provisioned in the device

“Kernel address space layout randomization (KASLR) is one of the security features introduced in Android. How does KASLR work?”

It separates the HAL from the process to sit in between the process and the drivers and it only communicates with 1 driver in isolation
It works by randomizing the location where the application is loaded, making code reuse attacks more difficult to carry out, especially remotely.
It works by randomizing the location where kernel code is loaded on each boot, making code reuse attacks more difficult to carry out, especially remotely.
It works by randomizing the passcode hash on each boot, making code reuse attacks more difficult to guess the user passcode.

Based on this app package name: com.google.android.apps.chromecast.app what is the corresponding Application?

Google ChromeCast
Google Home
Google Chrome
Google Chromebook

Using the bug report provided, please identify three apps installed in the work profile. Copy and paste the following link to open in New browser window bug report 1:

Dropbox, Translate, Skype
YouTube, Docs, Chrome
Keep, Slides, Earth
Sheets, Gmail, Files by Google

What two methods can you use to generate bug reports from devices? Select All Correct Responses

From Android Debug Bridge (ADB).
Go to Bootloader and turn on safe mode in the device then connect to your laptop.
From Android System file explorer, you need to root the device to access this file.
From Developer Options in the device settings.

Previous questions:

Q.1 – Users are reporting that they cannot connect to their company’s WiFi. Which of the following pieces of information should be collected to eliminate the “Set device policies” watchpoint?

(A) The model of the device, because it may not support that WiFi network

(B) The EMM being used, because it may not support setting WiFi configurations

(D) The WiFi configuration set, because it may be incorrect

Q.2 – Users are reporting that Gmail won’t sync mail from their Microsoft Exchange account. What could be the cause of this?

(A) The users’ EMM may not support managed configurations

(B) EAS 16 may not be supported on an older device

(D) The value set for the Exchange server may be wrong

Q.3 – What section of a bug report tells you if there is a work profile on the device?

(A) Combined logs

(B) Raw Bug report

(D) Packages:

Q.4 – What is one of the advantages of an OEM leveraging ‘OEMConfig’ for application development? Select the correct answer.

(A) OEMConfig allows all OEMs access to vendor APIs

(B) OEMConfig is supported by all EMMs

(D) OEMConfig can be distributed to devices without having to go through managed Google Play

Q.5 – Some users are complaining that they cannot add their personal Gmail account to their fully managed devices. Why might this be the case?

(A) Android Enterprise only supports company Gmail accounts

(B) Gmail app is not updated to the latest version

(D) Android Enterprise only supports one account per Google application

Q.6 – A customer has developed a private application that is targeting API level 23 (Android 6.0). What will be the expected behaviour when they attempt to upload their app to Google Play?

(A) Assuming there are no security issues with the app, it will be allowed on Play and can subsequently be whitelisted for the enterprise

(B) The application will be allowed on Play but will only be displayed for Android 6.0 devices and lower in the Play Store

(C) The application will be rejected because apps uploaded to Google Play need to target a minimum API level 29 from August 2020

(D) The application will be allowed on Google Play but will show a warning about using deprecated APIs on Android 8.0 devices and higher

Q.7 – Your customer would like to enroll several hundred Nexus 6P devices as fully managed as quickly as possible. These devices run Android 6.0 out of the box. Which of the following enrollment methods would you recommend the customer use to complete provisioning as quickly as possible?

(A) Zero-touch enrollment

(B) EMM Identifier

(D) QR code provisioning

Q.8 – Users reported that an app is crashing when launched from the work profile. What two pieces of information are critical to collect when escalating to the app developer?

(A) Application ID and bug report

(B) Enterprise ID and User ID

(D) Enterprise ID and Application name

Q.9 – What are the benefits of using Android Enterprise over Device Admin? Select the two correct answers.

(A) If you choose Android Enterprise, you get free Google Cloud storage

(B) Android Enterprise offers more flexible provisioning methods over Device Admin

(D) Android Enterprise offers customers free technical support direct from Google

Q.10 – Skyline LTD is an Microsoft 365 customer, who is looking to deploy 1000 devices on Android Enterprise. You need to advise them on the best choice of identity model before they can move forward with their deployment. What identity model would you recommend, according to Google best practices?

(A) Google Accounts

(B) Managed Google Play Accounts

(D) Recommend that the end users create their own accounts

Q.11 – Your customer has a newer version of one of their private apps, and they would like to test the updated version with a small group of users (<100) before a full rollout. What is the best way for them to test the newer version of the application?

(A) Upload the app with two different application IDs and share one of them with the test group only

(B) Temporarily change restriction on the devices of the test group to allow them sideloading the app for testing

(C) Ensure you upload the updated application via an EMM that has integrated the iFrame. This will enable version control within the EMM console allowing you to target the device(s) you wish the latest version to be installed to

(D) Create an internal or closed test track in the developer Play Console and invite a subset of users to test this version

Q.12 – Users are reporting that they are not able to use the Barcode Scanner app. The application ID for Barcode Scanner is ‘com.google.zxing.client.android’. Refer to the following bug report and select the reason why this might be the case: copy and paste the following link to open bug report: http://tiny.cc/crqwcz

(A) Use of the camera has been blocked

(B) Barcode Scanner requires a Google Account, and the device is using a Managed Google Play Account

(D) The device is not being managed

Q.13 – Your customer wants to ensure that their corporate browser always goes through VPN, but at the same time, they want to implement the best configuration to reduce unnecessary traffic over the corporate VPN. What VPN configuration would best fit the customer’s specific requirements?

(A) Always-On VPN

(B) Per-Profile VPN

(D) Per-App VPN

Q.14 – A VPN provider is looking to offer better support for their Android customers who are migrating from Device Administrator to Android Enterprise. Their customers have previously been complaining that their application has not been receiving the configurations to resolve the VPN host. What is Google’s suggested best practice to support this functionality?

(A) Externally readable ini file

(B) Managed configurations via managed Google Play

(D) Configure it within the WiFi details for NFC bump

Q.15 – Your customer is deploying Android Enterprise on their Android 11.0 devices. They are in the process of testing their private apps on the new devices, and one of their applications is throwing exceptions. The same application appears to work correctly on Android 8.0 devices. How would you explain this behavior?

(A) The application has not been coded towards the correct API level

(B) The application package name is not compatible with Android 11.0

(D) They need to install an older version of the application then upgrade it

Q.16 – One of your customers is concerned about security on their Android devices, specifically in regards to key generation, key import, signing & verification services. Which of the following security features of Android can you leverage as a good starting point for your conversation?

(A) Verified Boot

(B) Rollback Prevention

(D) Trusted Execution Environment

Q.17 – You’re an IT admin, and you want to initiate the trial of an app developed by an Independent Software Vendor (ISV). What identifier must be provided to the ISV for them to grant access to the application within your company’s managed Google Play?

(A) User ID

(B) Android device ID

(D) IMEI

Q.18 – You are uploading an APK via the managed iFrame, the APK uploads successfully. You go to the managed Play Store, the next day, to begin the app distribution process only to find the app removed from the store. What would be the reason for this?

(A) The APK is unsigned

(B) The application ID is incorrect

(D) Google Play Protect detected this as a potentially harmful app

Q.19 – Using the bug report provided, please identify three non-System apps on the device. Copy and paste the following link to open bug report 2: http://tiny.cc/occwcz

(A) Docs, Translate, Keep

(B) Chrome, Gmail, YouTube

(D) Documents UI, Messaging, HTML Viewer

Q.20 – A customer is uploading a new application to Google Play and wants to reuse the Application ID of another unlisted app. What is the expected behavior?

(A) Google Play will silently replace the old application with the new application

(B) As long as the old app is unlisted, Google Play will allow upload of the new app, which reuses the same Application ID

(D) The application will be rejected because Google Play only allows a single instance of an Application ID

Q.21 – One of your users is experiencing issues with their device. As their IT Admin, you need to retrieve the logs from the affected devices to troubleshoot this issue. Which one of the following approaches should you take, according to Google’s best practices?

(A) Download a “log retriever” application, then email the logs to yourself

(B) Plug the device into a computer and retrieve the logs by running adb bugreport in a terminal

(D) Factory reset the device and restore the user configuration to verify if the issue persist

Q.22 – Users are reporting an issue on their devices. You ask your customer to pull some logs from an affected device, but their device policy is preventing them from capturing the requested logging. Which of the following policies enables/disables a user’s ability to generate Android bug reports?

(A) DISALLOW_TROUBLESHOOTING_TOOLS

(B) DISALLOW_DEBUGGING_FEATURES

(D) FREE_THE_LOGS

Q.23 – Your customer is trying to enroll Pixel 3 phones using zero-touch enrollment. Despite the device having an active connection to WiFi or data, the DPC isn’t downloading. Which is the appropriate troubleshooting step to take next?

(A) Verify that the IMEIs in the zero-touch portal match the phones they are using

(B) Verify that the users have been correctly configured on the EMM console

(D) Verify that the device is running Android 7 or above

Q.24 – Your customer is reporting that users can enable Bluetooth, despite having set a company-wide policy that should disable Bluetooth. Which of the following would you choose to troubleshoot this policy issue? Select the two correct answers.

(A) Select OS version/device

(B) Set managed config

(D) Set device policies

Q.25 – Users are reporting that they are seeing the consumer Play Store on their fully managed work devices. Which of the following would be valid troubleshooting steps for this issue? Select the two answers that apply.

(A) Verify that the EMM is still bound to the user’s company

(B) Verify that the IT admin has uploaded the company’s apps to the Google Play Developer Console

(D) Ensure that the IT admin has set the correct managed configuration for the Google Play Store

Q.26 – You identified an issue with a device and pulled a bug report. Your next step is to share the bug report with the EMM provider. Which of the following aligns with Google’s recommended best practice for sharing bug reports?

(A) Delete any user identifiable data from the bug report, then share it with your EMM provider

(B) Upload the bug report to a cloud storage provider and share it with individuals who need access to the content

(D) Do a screensharing session to show the EMM provider the bug report

Q.27 – Using the bug report provided, please identify three apps installed in the work profile. Copy and paste the following link to open bug report 1: http://tiny.cc/2dawcz

(A) YouTube, Docs, Chrome

(B) Sheets, Gmail, Files by Google

(D) Keep, Slides, Earth

Q.28 – An Independent Software Vendor (ISV) has developed a private app for your customer. They uploaded it through the Google Play developer console, but your customer does not see it in their managed Google Play store. After doing some troubleshooting, you realize that the ISV has not correctly assigned the app in the Google Play console. Which of the following identifiers should you provide to the ISV so that they can assign the app correctly?

(A) Organization ID

(B) Device ID

(D) User ID

Q.29 – A new customer is looking to enroll dedicated devices running Android 7.0. Which methods of provisioning could they use to enroll the devices? Select the three correct answers.

(A) NFC

(B) QR Code

(D) EMM Identifier

Q.30 – A customer is reporting an issue when provisioning devices through zero-touch. By following the problem-solving framework, you have concluded that the core issue is related to the IMEIs. Whom would you contact to help resolve this?

(A) EMM

(B) Reseller/carrier

(D) Customer’s procurement team

Q.31 – Your customer is provisioning devices via zero-touch enrollment deploying multiple configurations. They report that a group of devices is not enrolling automatically into their EMM, while other devices have enrolled successfully. You have already confirmed that the devices are listed in the zero-touch console. The end-user reports seeing an EMM-branded screen on the device, but is unable to login. What would be the next troubleshooting step you would advise?

(A) Check that the DPC extras are correct according to the EMM

(B) Re-upload the devices in the zero-touch console

(D) Go to their EMM console, remove and add the binding to the Managed Google Play account

Q.32 – Your customer is deploying devices that will be used at a university. One of the requirements is to monitor traffic for unauthorized content. They wish to implement SSL inspection to fulfill this requirement. What would be your recommendation based on Google’s best practices?

(A) The customer can use any SSL proxy solution out of the box, as none of them will interfere with their Android deployment

(B) The customer can configure SSL inspection, as long as traffic to Google services bypasses the proxy

(D) The customer should configure all traffic to hosts connecting on port 443 to bypass the proxy

Q.33 – Your EMM, who uses a Custom DPC, doesn’t have a settings toggle that you notice has been available since 7.0 as per the developer documentation. What is the best next step to get access to that feature?

(A) Raise a feature request with the EMM to support the toggle

(B) Speak to your OEM to bring support for the toggle within their OEM Config application

(D) Create a small app yourself using the developer documentation and toggle it via app config

Q.34 – An OEM is looking to build new devices that will support a large enterprise customer, who wants to be able to leverage Android Enterprise functionality to manage their devices. What is the minimum requirement they need to comply with to support Android Enterprise?

(A) Google Mobile Services (GMS) Certification

(B) Android Enterprise Recommended

(D) Android Open Source Project (AOSP)

Q.35 – Using the bug report provided, please identify three User Restrictions applied to the work profile. Copy and paste the following link to open bug report 1: http://tiny.cc/2dawcz

(A) no_add_user, no_autofill, no_config_credentials

(B) ensure_verify_apps, no_bluetooth_sharing, no_install_unknown_sources

(D) no_cross_profile_copy_paste, no_debugging_features, no_unified_password

Q.36 – Which of the following is a reason to choose Android Enterprise over Device Admin?

(A) Device Admin is deprecated, and the associated APIs are being progressively removed

(B) Android Enterprise has the ability to push apps to enduser devices, while this cannot be achieved when using Device Admin

(D) Devices can migrate over to Device Administrator from Android Enterprise in the future should IT Admins change their mind on the management type

Q.37 – An IT Admin notices that enrollment consistently fails when updating Google Play services over Wi-Fi. This issue occurs during deployment, on a variety of different devices. The Admin notes that when the devices are on cellular data, enrollment is successful. What next step would you take to try to resolve this issue?

(A) Disable all SSL inspection on the network

(B) Check that all required ports are open in the firewall

(D) Check that managed configurations on Google Play services are set up correctly

Q.38 – Which API can EMMs use to deploy apps via Managed Google Play? Select the two answers that apply.

(A) Firebase Management API

(B) App Engine Admin API

(D) Google Play EMM API

Q.39 – Some users are reporting that they cannot connect to the corporate WiFi. You notice in your EMM console that your WiFi certificate has failed to install on the affected devices. What might be the cause of this?

(A) The EMM DPC has a pending update

(B) Device passcode has not been set

(D) Device is unable to see the SSID the certificate is trying to validate against

Q.40 – Your customer has previously been using a containerized solution on Device Administrator, and they are planning their migration to Android Enterprise. One of the customer requirements, coming from their IT team, is to set and enforce a security challenge for their BYOD users within the work profile that is separate and has different requirements from the device security challenges. Taking into account this requirement, what would you recommend?

(A) Recommend the IT Team that they only support BYOD on devices running Android 6.0+

(B) Recommend the organisation instead deploy fully managed devices with work profile, as this Android Enterprise feature is only supported in this management mode

(D) Recommend the IT Team that they only support BYOD on devices running Android 7.0+

Q.41 – A customer reported that their applications are not being installed silently on their users’ devices. Which of the following troubleshooting areas should you consider when working on an “application install” issue? Select the two correct answers.

(A) Configure provisioning

(B) Approve/assign apps

(D) Create/sync users or groups

Q.42 – Your customer has a requirement to prevent certain apps from using an active VPN on a fully-managed device. Which one would be the recommended way to configure this?

(A) Add the applications that should go through the VPN to the allowlist

(B) Assign managed application configurations to the applications on the denylist with policies to prevent use of the VPN

(D) Create a work profile on the fully managed device and route all traffic through the whole work profile

Q.43 – Using the bug report provided, please identify three User Restrictions applied to the device. Copy and paste the following link to open bug report 2: http://tiny.cc/occwcz

(A) ensure_verify_apps, no_user_switch, no_usb_file_transfer

(B) no_uninstall_apps, no_system_error_dialogs, no_sms

(D) no_config_cell_broadcasts, no_add_managed_profile, no_config_wifi

Q.44 – Your customer is reporting that some users can enable Bluetooth, despite having set a company-wide policy that should disable Bluetooth. Referring to the UserManager developers’ documentation, in which version of Android was support for disabling Bluetooth introduced?

(A) 9.0

(B) 8.0

(D) 6.0

Q.45 – You’re provisioning dedicated devices, and notice that lock task mode policy is failing to apply on a subset of them. Which of the following tools would it be appropriate to use to troubleshoot the problematic devices?

(A) Android Management API Colab

(B) Test DPC

(D) EMM console

Q.46 – You are planning the staging of a large quantity of devices prior to distributing them to their final destination. Which of the following items should you be wary of when staging a large number of devices in one space?

(A) Network bandwidth

(B) Charging points for all of your devices

(D) Location services will be enforced

Q.47 – A customer reaches out to you with a specific set of requirements for their device management. They have requested your help selecting an EMM. What Android resources would you leverage to help them finding the EMM that best fits their needs?

(A) Compatibility Definition Document (CDD)

(B) Enterprise Solutions Directory and Android Enterprise feature list

(D) developer.android.com

Q.48 – One of your customers is reporting that a subset of their devices is not getting provisioned correctly through QR code. You need to help them troubleshoot this issue. Which of the following areas should you look into when troubleshooting a provisioning issue? Select the two correct answers.

(A) Set device policies

(B) Provision device

(D) Set managed config

Q.49 – Your customer is reporting that applications on a group of their devices are not updating consistently. You want to advise them on Android best practices around managing app updates from the Play Store. Which of the following are two of the default guidelines for updates to happen promptly? Select the two correct answers.

(A) Devices are charging

(B) Devices on a secure WiFi (WPA2 and above)

(D) Location services must be turned on

Q.50 – Your customer is planning their migration from Device Admin to Android Enterprise, and they have some questions around VPN configuration. Which of the following is one advantage that Android Enterprise has over Device Admin when configuring a VPN?

(A) In using Device Admin you can leverage app wrapping to push any VPN configuration to your app

(B) There is no fundamental difference in the way that VPN are configured

(D) Device Administrator offers an easier path to integration for EMMs

Ratings

5.0

(2 ratings)

5 stars

100%

4 stars

3 stars

2 stars

1 star