Android Enterprise Expert Certification Exam Answers

Android Enterprise Expert Certification Exam Answers

Questions:

Android Architecture and Implementation

Due to the technical nature of this training, and the way that this course has been designed, it is critical that you execute the activities as instructed throughout the learning path. Before starting this training, you should have the following:

• Admin access to an EMM console that supports fully managed Android and work profile.
• Two test devices, one running Android 7.0+, the other one running Android 8.0+ and compatible with zero-touch.

Do you meet the eligibility criteria?

• Yes
• No

Ready for your first activity? Using the Glossary for reference, drag and drop each term with its corresponding definition.

Drag each answer to a box, then submit.

• Solution set: A set of enterprise features organized by use case.
• Managed Google Play: Content marketplace for Android in the enterprise. It allows Admins to select and manage apps for their organization.
• Work profile: A self-contained profile on an Android device that isolates work apps and data from personal apps and data.
• Device policy controller (DPC): An app that controls local device policies and system applications on devices.

Which is which? Below is a list of enrollment methods and identity models. Drag each method or model to the correct box, then submit.

Enrollment Methods:

• Zero-touch
• QR code
• Download DPC from the Google Play Store
• NFC
• DPC Identifier

Identity Models:

• Managed Google Accounts (G Suite or Cloud Identity)
• Managed Google Play Accounts

What are the two units that Shelby will be supporting for this device deployment?

Select the correct answer, then submit.

• Manufacturing & insurance
• Finance & healthcare
• Transportation & power
• Oil & gas

Which of the following is a primary concern of Hayden and Farah (the stakeholders at Indigo Industries)?

Select the correct answer, then submit.

• Provisioning timelines
• Interruptions to user workflows
• Budget
• Data loss prevention

What are the two solutions sets that Indigo requires for this deployment?

Select two answers, then submit.

• MAM
• Fully managed
• Work profile
• Dedicated device

Which of the following is an important policy that Indigo will need supported?

Select the correct answer, then submit.

• EMM pull notifications
• Factory reset protection
• Disable location sharing
• Prevent work to personal copy/paste

One of the challenges Shelby faces with her stakeholders is ______________.

Select the correct answer, then submit.

• Encouraging VPN use with remote employees
• Provisioning devices in a timely manner
• Replacing the devices in phases, rather than all at once
• Convincing them that Android is secure

What does Indigo’s current device investment look like?

Select the correct answer, then submit.

• All Android
• A mix of several OSes
• All iOS

The work  __________ challenge would support Indigo’s 6-digit work application password requirement.

• OS
• Management Mode
• Security
• Profile

Match each description to its corresponding method for managing user identities.

Drag each answer to a box, then submit.

Managed Google Play Accounts:

• Easy and quick to set up
• User identity managed by EMM
• Preferred method

Managed Google Accounts:

• Ideal for G Suite
• Requires company domain to be claimed
• Not designed to be used with more than one EMM

Select the appropriate identity type for each example company. You can review the developer's guide and Android Enterprise Help Center if you get stuck.

• Company A

With considerable concerns around security risks, this company needs to be able to silently push apps to end-user devices.

• Company B

As current G Suite users, Company B is looking for a way to make users manually sign in to their existing Google Account.

• Company C

This business needs a quick and easy setup without creating extra work.

Drag and drop each company to the corresponding identity type.

• Managed Google Play Accounts
  • Company A
  • Company C
• Google Accounts
  • Company B

Based on the case study details, select which identity type you would recommend for Indigo Industries.

Indigo’s Requirements.

• Identity model that provides anonymized user accounts, dynamically provisioned by the EMM
• Personally-owned (BYOD) and company-owned devices
• Seamless device setup
• Prevent work to personal copy/paste
• Disable unknown sources
• Disable USB debugging
• 6-digit work application password
• 4-digit device PIN security
• Managed Google Accounts
• Managed Google Play Accounts

Support your recommendation to use managed Google Play Accounts. Choose a case study requirement that would need managed Google Play.

Select the correct answer, then submit.

• Seamless device setup
• Identity model that provides anonymized user accounts, dynamically provisioned by the EMM
• Personally-owned (BYOD) and company-owned devices
• Disable unknown sources and USB debugging
• Prevent work to personal copy/paste
• 6-digit work application password for personally-owned devices (BYOD)
• 4-digit device PIN security

Did you successfully create an enterprise and bind it to your EMM?

• Yes
• No

Which is the minimum Android OS that lets you add a work profile from Settings?

• 8.0
• 5.1
• 6.0
• 7.0

Which is the minimum Android OS that supports zero-touch enrollment on a range of OEM devices?

• 8.0
• 5.1
• 6.0
• 7.0

Which is the minimum Android OS version that supports QR code provisioning?

• 8.0
• 5.1
• 6.0
• 7.0

What is the simplest method for provisioning Android 7.0+ devices for Indigo Industries?

• NFC
• DPC Identifier
• QR Code
• Zero-touch

What is the simplest method for provisioning Android 8.0+ devices for Indigo Industries?

• NFC
• DPC Identifier
• QR Code
• Zero-touch

Why is zero-touch enrollment recommended for Android?

Select the two correct answers, then submit.

• Zero-touch is supported on Android 5.0 and higher.
• Zero-touch is a great way to seamlessly deploy work profiles on personally-owned devices.
• Users just open the box and start using the device with management, apps and configurations all set.
• Zero-touch enrollment offers a seamless deployment method for company-owned devices.

Choose the correct benefit statements regarding zero-touch enrollment.

Select all the answers that apply, then click submit.

• There’s no need for IT to physically handle the managed devices.

• Configurations are automatically applied to devices on first boot.

• Streamlines device deployments.

Did you successfully provision two devices within your EMM instance using the appropriate provisioning method?

• Yes
• No

When two policies fulfill the same need, which one should you recommend?

Select the correct answer, then submit.

• Choose the policy that’s designated as an advanced feature.
• Choose the policy that most closely aligns with the requirement.
• Choose the policy that has the lowest OS requirement.
• Choose the policy with the highest OS requirement.

Which is the minimum Android OS version to support the Disable USB debugging policy?

• 5.1
• 7.0
• 8.0
• 6.0

Which is the minimum Android OS version to support “Disable unknown sources” security policy?

• 7.0
• 5.0
• 8.0
• 6.0

Which is the minimum Android OS to support a 6-digit work application password?

• 8.0
• 5.1
• 6.0
• 7.0

Did you successfully deploy and test all policies?

• Yes
• No

Android Enterprise _____________ EMMs are required to support standard features plus advanced features across two management sets.

• Feature
• Recommended
• Prioritized
• Highlighted

One of the advantages of using ________________________ is that the user identity is managed by the EMM.

• Managed Google Accounts.
• Managed Google Play Accounts

What’s the recommended method to provision company-owned devices on Android 8.0 and above?

• Manual DPC Install
• Zero-touch enrollment
• QR code

When a policy is not supported by your EMM provider, who should you reach out to?

• EMM provider.

True or False? The Android Enterprise feature list details minimum OS requirements of each feature and the solution set it applies to.

• True
• False

True or False? Understanding minimum OS requirements is critical for maintaining feature compatibility across devices.

• True
• False

True or False? Managed Google Play Accounts is the preferred identity type when creating an enterprise.

• True
• False

Indigo Industries can only have one version of the Android OS deployed within their organization.

Select one answer, then submit.

• True
• False

Android Enterprise Recommended devices meet elevated enterprise requirements validated by Google.

Select the correct answer, then submit.

• True
• False

When determining the minimum OS a customer needs, which of the following is true?

Select the correct answer, then submit.

• Company-owned and personally-owned devices often have the same minimum OS version requirement.
• Use company-owned device requirements for primary determination.
• Use personally-owned device requirements for primary determination.
• Company-owned and personally-owned devices can have different minimum OS version requirements.

Features and policies can go by various naming conventions throughout the Android Enterprise ecosystem.

Many of the requirements outlined in the Indigo Industries case study are identified differently within Android Enterprise resources.

Using the Android Enterprise Feature List resources, map which of the Indigo policy requirements correspond with the feature descriptions and select the ones that match.

Best practice:

• Check feature and policy offerings across all solution sets before deployment.
• Several solution sets have different OS requirements for the same feature offering.
• This is important to note when determining the minimum OS to support.

Select the four correct answers, then submit.

• Default security policies
• Compliance enforcement
• Factory reset protection
• Disable screen capture
• Work security challenge
• Disable cameras
• App license management
• Certificate management
• Cross-profile data management
• Device security challenge
• WiFi security management
• Reboot devices remotely

What’s the minimum supported OS for personally-owned devices?

What’s the minimum supported OS for company-owned devices?

Where would you direct a customer to view the device requirements for Android Enterprise Recommended?

Select the correct answer, then submit.

• Device Solutions Directory
• Android developer guides
• OEM support sites
• android.com/enterprise/recommended

each answer to a box, then submit.

Test your knowledge by indicating whether the statement is true or false.

Drag each answer to a box, then submit.

• Thumbs Up
  • The minimum OS support requirements may vary across different solution sets for the same feature offering.
  • Google Mobile Services provides a standard baseline of Android Enterprise support.
• Thumbs Down
  • Android Enterprise features are supported on all GMS and AOSP devices.

Where’s the best place to start when choosing new Android devices to deploy within an organization?

What resource should you leverage to browse the catalogue of Android Enterprise Recommended devices?

• The Device Solutions Directory
• Android Enterprise Recommended

How do GMS certified devices differ from those that are Android Enterprise Recommended?

Select the two correct answers, then submit.

• GMS supports Google apps.
• They are the same designation, just different terminology.
• Only Android Enterprise Recommended devices are listed in the Solutions Directory.
• Android Enterprise Recommended devices are validated by Google to meet an elevated set of specifications.

When managing device variety, it’s best to start with the ____________ OS.

Begin with ____________ and provisioning when determining the minimum OS to support.

True or False: Any apps or data outside the work profile are not accessible by an IT admin and remain private to the user.

Select the correct answer, then submit.

• True
• False

Name the important processes that IT admins need to be aware of when curating applications.

Select the correct answer, then submit.

• Security
• Updates
• Deployment
• All of the above

True or False: The managed Google Play Store allows IT admins to approve private and public applications, and distribute them to their users.

Select the correct answer, then submit.

• True
• False

Depending on the EMM instance you’re using, some embed managed Google Play through an iframe. Assuming the EMM instance you’re using doesn’t support this, please select where an IT Admin would perform the described actions.

Drag each answer to a box, then submit.

• Managed Google Play console and EMM Console – IT admin wants to configure access to approved apps and prevent access to unapproved apps for their device users.
• Managed Google Play console – IT admin wants to make new apps available to the company.
• EMM Console – IT admin wants to change the look and feel of the company’s Google Play Store.

IT Admins can approve public apps that exist on the Google Play store for company use, and distribute it through the managed Google Play.

Select the correct answer, then submit.

• True
• False

Choose a messenger client.

Select the three correct answers, then submit.

• Default SMS
• Slack
• Google Hangouts Chat
• Microsoft Teams

Choose the file viewer and editor apps that meet the requirements.

Select the three correct answers, then submit.

• Files
• Root Explorer
• Files by Google
• Google Chrome

Choose the secure browser apps that meet the requirements.

Select the three correct answers, then submit.

• Firefox
• EMM Secure Browser
• Microsoft Edge
• Google Chrome

Choose the email clients that work with Microsoft 365.

Select the two correct answers, then submit.

• Gmail
• Microsoft Outlook
• AOL

Determine which VPN app offers a managed configuration.

Select the correct answer, then submit.

• Cisco AnyConnect
• OpenVPN

Determine which camera app(s) meet the requirements.

Select the correct answer(s), then submit.

• Google Camera

• Open Camera

Determine which contact app(s) meet the requirements.

Select the correct answer(s), then submit.

• Outlook

• Google Contacts

Did you successfully deploy the apps to your device?

• Yes
• No

Is the iframe the best private app distribution solution for Indigo?

Select the correct answer, then submit.

• True
• False

Drag and drop the steps of publishing a private application via the Google Play Console in the correct order.

Drag items into the correct order, then submit.

• Set up Google Play Console
• Determine hosting method
• Designate the app for private distribution
• Manage version across channels

Indigo has expressed that their applications need to be distributed securely to their users and that the protection of corporate data from malicious applications is maintained on the device.

Identify which application policies/restrictions can be used via an EMM console to protect Indigo’s work data.

Select six answers, then submit.

• Enable force encryption
• Enable force verify apps
• Disable debugging
• Prevent app uninstalls
• Disable developer options
• Disable cross-profile data sharing

Match each of Indigo’s requirements with the description provided in the Solutions Directory.

Select each box and make a selection, then submit.

• Apps prevented from writing to external storage – Mass storage disabled
• Additional accounts unable to be added to the device – Work access restricted to authorized Cloud Identity accounts
• Specific applications set as mandatory – Work apps silently distributed
• Lockscreen notifications redacted for work applications – Lock screen restrictions set

Did you successfully apply the application security policies to your device?

• Yes
• No

Did you successfully apply the managed configuration to Gmail on your device?

• Yes
• No

What are the benefits of uploading an application to Google Play?

Select the correct answer, then submit.

• Malware security checks
• Increased download speeds
• Open, closed, and internal test channels
• All of the above

Which resource offers the ability to test how an app will behave in a managed context?

Select the correct answer, then submit.

• Test DPC
• Google Play EMM API
• Android Management Experience
• Google Play Console

Which resource enables the testing of enterprise features without Enterprise Mobility Management software?

Select the correct answer, then submit.

• Android Management API
• Google Play EMM API
• Android Management Experience
• Google Play Console

Complete this question by selecting the correct answer from the dropdown options.

Select each box and make a selection, then submit.

• In addition to EMM consoles, where else can you search and approve applications? – Managed Google Play Store
• What are the different methods for hosting private applications? – Google-hosted and self-hosted
• Which identifier lets you enable a private application within a given organization? – Organization ID
• How many organizations can you publish a private app to via the Play Console? - 1000

What is the primary function of the Verify Apps feature?

Select the correct answer, then submit.

• Verifies integrity of apps installed on the device
• Verifies application developers
• Injects security code into applications
• Rejects apps installed outside of Google Play

System apps are installed on devices by enforcing what policy?

Select the correct answer, then submit.

• Install system apps
• Push system apps
• Enable system apps
• System apps are already installed

Which features are included in Google Play Protect?

Select the three correct answers, then submit.

• Safe browsing
• Location tracking
• Find my device
• App verification

True or False: Certificates are a mechanism by which two entities can authenticate in a secure way.

Select the correct answer, then submit.

• True
• False

Firewalls act as one of the first lines of defense against malicious attacks from malware and hackers.

Select the correct answer, then submit.

• True
• False

What is our SSID?

Select the correct answer, then submit.

• INDY_IND
• Industry778

Is there an SSL inspection?

Select the correct answer, then submit.

• Yes
• No

How do we secure our network and what do we need to authenticate?

Select the correct answer, then submit.

• PSK
• WPA2
• Open network
• WPA

Is there a proxy server being used?

Select the correct answer, then submit.

• Yes
• No

What VPN solution do we currently use?

Select the correct answer, then submit.

• IPVanish
• NordVPN
• Cisco AnyConnect
• OpenVPN

How is our VPN secured?

Select the correct answer, then submit.

• Managed configuration
• Password
• Certificate
• Unsecured

Is it possible to configure a VPN so that traffic from only one app is allowed through?

Select the correct answer, then submit.

• Yes
• No

For the finance teams what traffic should go through VPN?

Select the correct answer, then submit.

• Only certain endpoints
• User can choose
• Specific apps only
• All traffic

Does our VPN support split tunneling to access our internal server?

Select the correct answer, then submit.

• Yes
• No

Did you successfully configure the WiFi network according to Indigo’s requirements?

• Yes
• No

You cannot create new certificates for use on Android - only manage existing ones.

Select the correct answer, then submit.

• True
• False

Which of the following certificates can be configured on Android?

Select the three correct answers, then submit.

• Root
• Intermediate
• User
• Global

Does every app require some kind of certificate authentication?

Select the correct answer, then submit.

• Yes
• No

Did you successfully configure the Gmail certificate according to Indigo’s requirements?

• Yes
• No

Which VPN configuration best fits Indigo’s needs for their finance division?

Select the correct answer, then submit.

• Always-on VPN
• Per-app VPN
• User-initiated VPN
• Per-profile VPN

Which VPN configuration best fits Indigo’s needs for their healthcare division?

Select the two correct answers, then submit.

• User-initiated VPN
• Per-app VPN
• Per-profile VPN
• Always-on VPN

Did you successfully add the Cisco AnyConnect application to your EMM instance and properly set a VPN configuration?

• Yes
• No

Which is the best VPN configuration to ensure all work data is secured?

Select the correct answer, then submit.

• Per-app VPN
• Per-profile VPN
• User-initiated VPN
• Always-on VPN

Which VPN connection type is used in instances where only a few applications or websites require a high security connection?

Select the correct answer, then submit.

• User-initiated VPN
• Per-app VPN
• Always-on VPN
• Per-profile VPN

What can Indigo Industries do within their firewall settings to ensure all traffic is behind a secure connection and encrypted?

Select the correct answer, then submit.

• Deny all traffic
• Use Google Play Protect
• Block port 80
• Enable Safe Browsing

Select the best and safest option to test your deployment in alignment with best practice for each of the scenarios below.

Select each box and make a selection, then submit.

• A safe way to test if a policy is working is to…?
• Answer – Push to a test device using the Indigo enterprise you’ve created.
• What would be the safest way to verify new devices are getting provisioned correctly?
• Answer – Factory reset your test device and check if it is provisioning correctly upon reboot.
• What should you do if you encounter deployment issues?
• Answer – Apply a problem solving framework before doing anything else.

Can you remember the right order?

Put the recommended migration steps in order.

Once complete, click submit to continue.

• Analysis
• Requirements mapping
•  Proof of concept
• Deployment

Select each box and make a selection, then submit.

Device admin has been considered a __________ management approach since Android’s fully managed device and work profile modes were introduced in Android 5.0.

Android Enterprise is the __________ management solution that will serve your organization's needs well into the future.

Match the problem-solving framework steps to its proper description.

Select each box and make a selection, then submit.

• Compare the observed behavior against the expected behavior. – Describe behavior
• Consider the most common causes identified to narrow the scope of the issue. – Process of elimination
• Eliminate conflated issues or general confusion that misdiagnose root causes. – Trust but verify
• Identify systemic problems versus localized issues. – Reproduce issue
• Ask for screen captures, bug reports, and all other relevant information. – Gather data
• Review common troubleshooting steps which may not apply to the issue or were skipped. – Review watchpoints

Can you remember the correct escalation process?

Put the escalation process in the correct order, then click submit.

• Escalate to EMM
• Escalate to OEM
• Escalate to carrier or reseller

Test your knowledge by selecting the topics most relevant to Tony’s requirements.

Select the five correct answers, then submit.

• (A) EMM
• (B) VPN
• (C) Managed Google Play
• (D) Dedicated use devices
• (E) Rugged devices
• (F) Android Open Source Project
• (G) Work profile
• (H) Work profile on company-owned
• (I) Personal devices

Does the transportation deployment need a Standard Management Set or Advanced Management Set?

Select the correct answer, then submit.

• (A) Standard Management Set

• (B) Advanced Management Set

Based on the case study details, select which identity type you would recommend for Indigo Industries’ Transportation department.

• (A) Managed Google Play Accounts

• (B) Google Accounts

Determine the minimum Android version to support each provisioning method.

Select each box and make a selection, then submit.

• QR Code

• Zero-touch enrollment

Tony at Indigo wants a simple way for users to provision devices right out of the box without needing a dedicated IT team to assist in the deployment.

Which are the two best solutions for this?

Select the two correct answers, then submit.

• QR code
• NFC
• Zero-touch
• DPC identifier

Based on what you know about Tony’s situation, determine the minimum OS version that will support the required policies for the transportation department. Remember to use your resources to map the feature support requirements.

Policies:

• Enforced 4-digit device PIN security.
• Advanced location sharing management.
• Lock down clock and timezone settings.
• Admins can lock a set of apps to the screen.
• Users can’t factory reset the device.
• Admins able to remotely wipe or lock devices.

Select each box and make a selection, then submit.

What is the minimum OS version to support the required policies?

Select the correct answer, then submit.

• (A) 5.0
• (B) 5.1
• (C) 6.0
• (D) 7.0

When planning the deployment, which of the following topics have the highest impact on the rest of the deployment?

Select the two correct answers, then submit.

• (A) Device provisioning
• (B) Device security
• (C) Device usability
• (D) Account & app management

In order to support Indigo’s policies, the minimum OS version 6.0 is required. However, the devices needed for the transportation deployment are required to be rugged as designated by Android Enterprise Recommended. What is the minimum OS to support rugged devices?

Select the correct answer, then submit.

• (A) 5.0+
• (B) 6.0+
• (C) 7.0+
• (D) 8.0+
• (E) 9.0+

Match each of Indigo’s requirements with the description provided in the Enterprise Solutions Directory. Make your selection, then click submit.

• Enforce 4-digit device PIN security – Device security challenge
• Lock down clock and timezone settings – System clock management
• Admins can lock a set of apps to the screen – Lock task mode management
• Users can’t factory reset the device – Factory reset protection management

Using your EMM instance, locate the corresponding app policy with the appropriate restrictions that could be applied. Be aware that your EMM may refer to the policy with a slightly different description or naming convention. Make a note of the minimum supported OS to complete the next activity.

Check the items off as you go.

• Enforced 4-digit device PIN security.

• Advanced location sharing management.

• Lock down clock and timezone settings.

• Admins can lock a set of apps to the screen.

• Users can’t factory reset the device.

• Admins able to remotely wipe or lock devices.

Let’s imagine that Tony is transitioning from a management solution using device admin, to a modern management solution that leverages Android Enterprise.

To complete the migration, you will need to map the policies currently handled through device admin against those now available in Android Enterprise, ensuring that the minimum OS requirements have not been affected.

Using the Device admin overview and the Android Enterprise feature list, determine the minimum OS that will allow you to:

Select each box and make a selection, then submit.

• Set complex passwords
• Alphanumeric password required
• Disable camera

What are some of the questions you will need to know about existing networking infrastructure and security to deploy devices through managed Google Play?

Which VPN configuration best fits Indigo’s needs to preserve network bandwidth for their transportation division?

Select your answer, then click Submit.

• Always-On VPN
• Per-App VPN
• User-Initiated VPN
• Per-Profile VPN

Android Enterprise Support Engineer

Match the question to its corresponding watchpoint.

Drag each question to a box, then submit.

• Select OS version/device – Are the critical apps, policies and configurations supported by the OS?
• Set device policies – Are there multiple, conflicting policies set?
• Upload apps – Did you target your private apps to your managed Google Play Accounts enterprise?
• Provision device – Does the device have network connectivity in order to update and enroll successfully?

Apply your understanding of the tools we’ve just covered by matching the following situations to the tool that would best help you troubleshoot the issue.

Drag and drop the tool to the scenario, then click submit.

• Customer reports that approved applications aren’t showing up in managed Google Play. Which tool would you use to ensure that EMMs can assign and make apps available to users in the managed Google Play store? – Android Management Experience
• Customer reports that a policy to disable the camera is only working on some devices. Which tool would you use to test policy problems? – TestDPC
• Customer reports that configured apps are crashing and policies aren’t being applied, how would you test that the EMM console is configured correctly? – Android Management API colab

Did you successfully pull a bug report?

• Yes
• No

When a customer reports an issue, what do you follow to help you gather information?

Select an answer, then submit.

• Problem-solving framework
• Watchpoints

When escalating an issue, who would usually be the first partner you should escalate to?

Select an answer, then submit.

• Google
• EMM
• OEM
• Carrier/reseller

When escalating a bug report to an EMM, best practice is to upload it to Google Drive or another cloud storage provider and share it from there.

Select an answer, then submit.

• True
• False

Match each step in the problem solving framework with its corresponding description.

Drag each answer to a box, then submit.

• Compare the observed behavior against the expected behavior.
• Ask for screen captures, bug reports, and all other relevant information.
• Eliminate conflated issues or general confusion that misdiagnose root causes.
• Review common troubleshooting steps which may not apply to the issue or were skipped.
• Consider the most common causes identified to narrow the scope of the issue.
• Identify systemic problems versus localized issues.

Match each provisioning method with its description.

Select each box and make a selection, then submit.

• NFC
• QR Code
• DPC Identifier
• Zero-touch enrollment

What is the minimum OS that supports provisioning using a QR code?

Select the correct answer, then submit.

• Android 7
• Android 8
• Android 5
• Android 6

How many different methods could you use to provision a dedicated device running Android 7.0?

Select the correct answer, then submit.

• 2
• 5
• 3
• 4

True or False: Work profiles, on personally-owned devices, can be deployed using NFC enrollment.

Select the correct answer, then submit.

• True
• False

Why is zero-touch ideal for most fully managed device deployment scenarios?

Select all answers that apply, then submit.

• There’s no need for IT to physically handle the managed devices.

• Device deployments are streamlined.

• Configurations are automatically applied to devices on the first boot.

• Users can't remove device management by simply factory resetting.

"I powered on the device and used the camera to scan the QR code but nothing happens."

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

The enrollment process should start after the device reads the QR code.

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

Since Angel has not been able to provide sufficient information, you will need to gather some more details to start troubleshooting this issue. When gathering data, both _____________and Android Management API Quickstart Colab can be used to test various enrollment methods.

Select 1 answer, then submit.

• Android Management Experience
• TestDPC

When attempting to reproduce the issue, it seems that you didn’t encounter any issue using the Android Management Experience tool. Also, provisioning works just fine when using your test device.

You attempt to reproduce the issue on a test device, using the Android Management Experience tool, however, everything appears to be working as expected.

Which of the following additional steps should you take to try and resolve the issue?

Select 2 answers, then submit.

• Reach out to a carrier/reseller for additional support
• Try on a different WiFi network, or using mobile data
• Try regenerating a new QR code
• Test to see if NFC will work instead

If you were unable to resolve the QR code issue, where should you first escalate?

Select 1 answer, then submit.

• OEM
• EMM
• Carrier/reseller

What information should you include when you escalate?

Select all answers that apply, then submit.

• Screenshot of error

• Bug report

• QR code

"I turned on the device and connected to WiFi. The device goes straight to the Google account login without engaging the zero-touch setup."

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

"I turn on my device and connect to WiFi and the zero-touch process starts."

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

Which of the following information would be appropriate to gather?

Select all answers that apply, then submit.

• Screenshot

• EMM configuration

• Bug report

• Enrollment method

• Zero-touch CSV export file

Which of the following resources could be used to troubleshoot Courtney’s zero-touch issue?

Select 1 answer, then submit.

• TestDPC
• Android Management API Quickstart Colab
• Zero-touch portal
• Android Management Experience

Which of the following additional steps should you take to try and resolve the issue?

Select 1 answer, then submit.

• Ask the customer to verify the device is showing in the zero-touch portal
• Verify that the device supports zero-touch
• Verify that EMM configuration is correct and applied
• All of the above

Checking the zero-touch portal, we can see that the EMM configuration is….

Select 1 answer, then submit.

• Not applied
• Applied

Using the screenshot of the IMEI information from the device and from the zero-touch portal, what could be the issue?

Select 1 answer, then submit.

• Zero-touch portal showing incorrect IMEI
• Issue is unrelated

Checking the screenshot of the device build information, we can also determine that...

Select 2 answers, then submit.

• Baseband version does not support WiFi
• The Kernel version does not match the OS version
• OS version does not support zero-touch
• Device model does not support zero-touch

Zero-touch isn’t triggering on a Pixel 2, you have pulled zero-touch CSV export file and the IMEI is correct, what could be the cause of the issue?

Select 1 answer, then submit.

• The zero-touch CSV lists the incorrect manufacturer
• Issue is unrelated
• The model type is not present
• The serial number of the device is not present

Where should you escalate to change the IMEI / manufacturer in the zero-touch portal?

Select 1 answer, then submit.

• EMM
• OEM
• Carrier/reseller

After installing the EMM DPC and entering the enrollment token a work profile should be created on the device.

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

It appears that the correct DPC was installed on the device, however the work profile did not provision successfully.

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

Which of the following pieces of information would be useful to collect from the device, in order to start the investigation process?

Select 1 answer, then submit.

• Bug report, captured after rebooting the device
• App package names installed on the device
• Bug report captured immediately after a failed provisioning attempt

Which of the following resources could be used to troubleshoot issues with the provisioning process?

Select the correct answer, then submit.

• Android Management Experience
• TestDPC
• EMM console, and a test device
• All of the above

Which of the following actions could be an acceptable next step to troubleshoot the issue?

Select 3 answers, then submit.

• Try provisioning a test device to make sure that everything is ok with the EMM.
• Verify that you have assigned the right policies to the device.
• Verify if the EMM binding is properly configured.
• Check that the right managed configuration is set for the DPC.
• Make sure that the device IMEI is properly configured in the zero-touch portal.
• Verify if Alex’s device supports work profile.

You have tried provisioning your test device with your account using the same enrollment token you provided to Alex, and you didn’t notice any issues with the procedure. Alex provided you with a video where you can see that he pressed the “Home” button at the “Creating Work Profile” screen, and when he returned to the DPC to complete enrollment, he saw an error, and enrollment failed.

Why is enrollment not working for Alex?

Select 1 answer, then submit.

• The Android version of the device used doesn’t support work profiles
• There is a bug in the EMM’s DPC
• The device is already managed by another organization
• The EMM services are not reachable

Following the process of elimination, you were able to identify the issue and determine that the next step to take is to escalate to your EMM.

Screenshots and videos can be instrumental to understand all of the steps taken by the user, and they can also help to pinpoint whether an error message is produced by the Android OS, Google Play, the DPC, or another app or process.

Which of the following pieces of information should you provide when escalating to your EMM?

Select 1 correct answer, then submit.

• Steps taken to reproduce the issue
• The video provided by Alex
• A bug report taken by Alex
• All of the above

Using your references, answer the following questions:

Which of the following methods allows devices to be provisioned in bulk without requiring manual setup?

Select 1 answer, then submit.

• QR Code
• DPC Identifier
• NFC
• Zero-touch

Which of the following should organizations consider while preparing to provision devices?

Select 3 answers, then submit.

• If the EMM supports the method
• If the device supports the method
• If the carrier/reseller supports the method
• If the OS supports the method

Match the description of each step in the managed configuration process to its corresponding section.

Select each box and make a selection, then submit.

• Developer
• App + Schema
• Schema
• Config
• Configured app

Either the app should already be installed, or I should be able to see the app in the managed Google Play store on my device.

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

I can’t find the private app, needed for my job, in the managed Google Play store. Also, it has not been, silently, installed on my device.

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

Which of the following information would be appropriate to gather from Jay?

Select 4 answers, then submit.

• Bug report
• Play EMM API calls
• Zero-touch CSV export file
• Organization, User, and Device IDs
• Enrollment method
• Package Names/IDs

Which of the following tools could you use to test Jay’s application problem?

Select 2 answers, then submit.

• TestDPC
• Android Management API Quickstart Colab
• Android Management Experience

Which of the following additional steps should you take to try and resolve the issue?

Select 1 answer, then submit.

• Check if users have connectivity
• Verify that there are no conflicting policies
• Confirm the app is approved in the EMM console
• All of the above

From the customer, you’ve managed to collect the above screenshots:

1. The customer's managed Google Play console.
2. Device’s Play Store.
3. The list of organization IDs in the Developer Google Play console.
4. Package ID.

With this information, we can determine that…

Select 1 answer, then submit.

• The DPC has not been properly downloaded to the device
• The target organization has not been added to the list of approved organizations
• The package ID is incorrect
• The Play Console isn’t listing the package ID

If this issue requires escalation, where should you escalate first?

Select 1 answer, then submit.

• EMM
• Carrier/reseller
• OEM

Which of the following is the best way to describe the behavior?

Select 1 answer, then submit.

• Each time users open Google Workspace applications (Docs, Sheets, Slides, etc.) the apps prompt users to log into a personal Gmail account. Customers expect them to work only in an "offline" mode.
• Customers are using Android 7.0 devices that should support Google Workspace apps, but they keep crashing.
• Google Workspace apps are crashing.
• Customers want Google Workspace apps to work on their devices.

When gathering data, what crucial data point will provide you with device make/model, list of apps on device, app permissions, and network information?

Select 1 answer, then submit.

• Bug report
• Logcat

Suppose you had none of the following tools setup. Which would be the easiest to set up and allow you to test Blake’s app issue?

Select 1 answer, then submit.

• Android Management API Quickstart Colab
• TestDPC
• Android Management Experience

Which of the following are within your ability to check when attempting to reproduce the issue?

Select 2 answers, then submit.

• Check the app's managed configuration to see if it supports an "offline" mode and if it's set correctly
• Confirm that the app is approved in the EMM console
• Verify the app permissions have been set up correctly
• Verify the user login credentials to the app are correct

Which of the following screenshots shows the correct managed configuration for Google Docs that would answer Blake's organization's requirements?

Select 1 answer, then submit.

• Image 1
• Image 2
• Image 3

What information should you include if you needed to escalate to the EMM?

Select 4 answers, then submit.

• Bug report
• Zero-touch CSV export file
• Screenshot or text of error encountered
• App policy set on EMM console
• Reproduction steps taken
• DPC Identifier

The app is available in the managed Google Play Store and it’s available for download for the users and devices selected through the EMM.

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

The application has disappeared from the managed Google Play Store and I cannot update it on my device.

Select 1 answer, then submit.

• Observed
• Expected

What data would be useful to collect to investigate the issue?

Select 2 answers, then submit.

• Provisioning QR code
• App package ID
• Bug report
• Organization ID

Which information would you collect to move forward in troubleshooting this issue?

Select the answer that applies, then submit.

• A bug report to collect info about the app and device
• Analysis of configuration differences between affected and unaffected users
• Review whether there were any recent policy changes to the group of affected users
• All of the above

Based on the noted behavior, which areas would you consider checking first?

Select 1 answer, then submit.

• Verify provisioning
• Confirm app approval in managed Google Play
• Work profile status in a bug report

Which of the following watchpoints should you consider when troubleshooting an application issue?

Select 2 answers, then submit.

• Set managed config
• Select/bind EMM
• Provision device
• Set device policies

Which tools will help to identify the source of an application issue?

Select 2 answers, then submit.

• TestDPC
• Android Management Experience
• Android Management API Quickstart Colab

True or False: Some EMMs support managed Google Play through an iFrame, providing a managed Google Play experience directly from the console.

Select 1 answer, then submit.

• True
• False

Users shouldn’t be able to connect devices to Bluetooth or access Bluetooth settings.

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

Some users are able to access Bluetooth in the settings, turn it on and connect devices.

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

Select the following information that would be appropriate to gather from Taylor.

Select 4 answers, then submit.

• Screenshot or text of error encountered
• Bug report
• Model/Manufacturer, OS version
• Policy set on EMM console
• Enrollment method

Which of the following tools could you use to test Taylor’s policy problem?

Select 2 answers, then submit.

• TestDPC
• Android Management API Quickstart Colab
• Android Management Experience

Answer the questions using the bug report snippets above as a resource.

Select each box and make a selection, then submit.

• What is the OS running on the device where Bluetooth is disabled? – 8.1.0
• What is the OS running on the device where Bluetooth is still enabled? – 7.1.2

What is the API level that corresponds to Android 8.0?

Select 1 answer, then submit.

• API level 25
• API level 26
• API level 27
• API level 28

Taking our answers from the previous activity, why would the Bluetooth policy not be applied to a number of the devices?

Select 1 answer, then submit.

• The no_config_bluetooth policy has a minimum supported OS of 8.0. So the issue will need to be escalated to the EMM.
• The bug reports indicate that both are dedicated devices so any Bluetooth policy is redundant.
• The no_bluetooth and no_config_bluetooth policies are conflicting and one needs to be removed.
• The no_bluetooth policy has a minimum supported OS of 8.0. Devices running 7.0 will need to be updated or replaced.

Which of the following additional steps should you take to try and resolve the issue?

Select 1 answer, then submit.

• Check the policy properly configured
• Verify the policy supported by the EMM
• Confirm the phone has network connectivity for the policy to be applied
• All of the above

Since the policy is not supported by the minimum OS on the device, would you resolve the issue or escalate to a partner?

Select 1 answer, then submit.

• Escalate to carrier/reseller
• Resolve issue
• Escalate to OEM
• Escalate to EMM

A WiFi configuration was pushed out via the EMM instance that would automatically connect users to the recently upgraded office network.

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

The WiFi configuration policy has been pushed out to users with incorrect data. Users can’t access the network.

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

Select the following information that would be appropriate to gather from Alex.

Select 4 answers, then submit.

• Screenshot or text of error encountered
• Zero-touch CSV export file
• Bug report
• Model/Manufacturer, OS version
• Policy set on EMM console
• Enrollment method

When reading a bug report, what section of a bug report shows which restrictions the DPC has applied?

Select 1 answer, then submit.

• DUMP OF SERVICE device_policy
• DUMP OF SERVICE account
• DUMP OF SERVICE activity

Suppose you had none of the following tools setup. Which would be the easiest to setup and allow you to test Alex’s WiFi  issue?

Select 1 answer, then submit.

• Android Management API Quickstart Colab
• TestDPC
• Android Management Experience

Which of the following additional steps should you take to try and resolve the issue?

Select 1 answer, then submit.

• Is the policy properly configured in the EMM?
• Check the EMM Solutions directory - is the policy supported by the EMM?
• Does the device/OS support the network you’re trying to configure?
• Is the correct policy set?
• Is there a policy conflict (multiple policies targeting the same device)?
• All of the above

Is the WiFi configuration correct?

Select 1 answer, then submit.

• Correct
• Incorrect

If incorrect, which part of the configuration needs to be changed?

Select 1 answer, then submit.

• WiFi password
• SSID
• Security type
• Nothing - the configuration is setup correctly

Given the troubleshooting steps taken, would you resolve or escalate to a partner?

Select 1 answer, then submit.

• Escalate to carrier/reseller
• Resolve issue
• Escalate to OEM
• Escalate to EMM

On your test device, deployed in a separate user group, the apps install successfully and are available immediately after installation is complete.

Select 1 answer, then submit.

• Expected
• Observed

You decide to proceed with a staggered rollout, starting with just 10% of the total user pool. After the first deployment, you notice that the app didn't successfully deploy, for any of the selected users.

Select 1 answer, then submit.

• Expected
• Observed

When gathering data, what crucial data point will provide you with device logs, a list of installed apps on the device, network information, and policies installed?

• Bug report
• Logcat

Which steps should you take to troubleshoot the issue?

Select 2 answers, then submit.

• Reproduce the issue: set up your test device group, with the same policies as the employees, and verify if the issue occurs on that device
• Process of elimination: continue with the rollout to check whether the issue is limited to that 10% of devices
• Gather data: collect a bug report from one of the affected devices

The app was initially installed, on your test device, without any issue. However, in an attempt to track the problem, you have reproduced the issue by setting up your test device group with the same policies as employees.

You can now pull a bug report from your device. What sections of a bug report would be the most appropriate to check?

Select 2 answers, then submit.

• DUMP OF SERVICE package
• DUMP OF SERVICE account
• DUMP OF SERVICE policy

Here is a snippet from “DUMP OF SERVICE policy” from your bug report.

By looking at the information below, can you understand what is causing the issue?

Select 1 answer, then submit.

• There is a system update pending, which is blocking the installation.
• On the device there is a no_install_apps policy configured which is preventing app installs, this conflicts with the app installation policy you just created.
• There is a maintenance window set up on the device. This policy is preventing the application from installing.

Great work. After some troubleshooting, you have determined that there is a security policy that prevents any app installs on the device.

Given the troubleshooting steps taken, would you resolve or escalate to a partner?

Select 1 answer, then submit.

• Resolve issue
• Escalate to OEM
• Escalate to EMM
• Escalate to carrier/reseller

True or False: EMM support is always the first step of escalation when troubleshooting management policies.

Select 1 answer, then submit.

• True
• False

What's a policy that can only be set on a work profile?

Select 1 answer, then submit.

• Certificate installation
• Disable screenshot
• Verify apps enforcement
• Cross profile contact sync

All Microsoft Exchange email should be visible in Gmail for all users.

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

After setting up Gmail on end-users' devices to sync their Microsoft Exchange accounts, users are reporting that they can't see some of their emails in Gmail.

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

Select the following information that would be appropriate to gather from Kennedy.

Select 6 answers, then submit.

• Play EMM API calls
• Bug report
• Affected devices model/OS
• Managed app configuration
• Zero-touch CSV export file
• Screenshots
• In-app feedback

When gathering managed app configuration data, is it best to request this from users or check the EMM console directly?

Select 1 answer, then submit.

• Check the EMM console
• Ask the user

Which of the following tools could Kennedy use to test the Gmail app?

Select 2 answers, then submit.

• Android Management API Quickstart Colab
• Android Management Experience
• TestDPC

Which of the following additional steps should you take to try and resolve the issue?

Select 1 answer, then submit.

• Check if users have connectivity
• Verify that there are no conflicting policies
• Check Gmails configurations and sync window settings
• All of the above

Kennedy has provided a screenshot of the Gmail app from a user’s device and of Gmail’s Managed Configuration settings.

Using the screenshots, identify what may be causing the issue.

Select 1 answer, then submit.

• The user logged into Gmail with an incorrect email address
• Default Sync Window is too narrow
• The email address in Managed Configuration is incorrect
• SSL Required should be off
• The username is incorrect
• The hostname is incorrect
• There’s no Login Certificate Alias
• There’s no default email signature

What setting would you recommend for Kennedy’s organization to use to resolve the issue and enable users to receive emails on their devices in real time?

Select 1 answer, then submit.

• 1
• 2
• 5
• 0
• 4
• 3

If this doesn’t resolve the issue, it will require escalation. Where should you escalate first?

Select 1 answer, then submit.

• Escalate to EMM
• Escalate to OEM
• Escalate to carrier/reseller

What information should you include if you needed to escalate to the EMM?

• Play EMM API calls
• Bug report
• App policy set on EMM console
• Reproduction steps taken

Jordan should be able to search for work contacts from the personal contacts app, and work contact info should display when calls are received from work contacts.

Is this behavior:

Select 1 answer, then submit.

• Observed
• Expected

Work contacts are not found when searched for, and caller ID does not display information for work contacts when calls are received.

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

Select the following information that would be appropriate to gather if we need to escalate the issue.

• Policy details

• Contacts / dialer app information

• Bug report

• Screenshot

When gathering data, where could you pull the policy information from?

Select 2 answers, then submit.

• EMM console
• Bug report
• Zero-touch CSV export file
• Logcat

Checking the bug report, where would you expect to see if a policy restriction had been pushed to the device?

Select 1 answer, then submit.

• DUMP OF SERVICE account
• DUMP OF SERVICE device_policy
• DUMP OF SERVICE crossprofileapps
• DUMP OF SERVICE connectivity

Using the feature list resource, select the feature that controls contact sharing from a work profile.

Select 1 answer, then submit.

• Cross-profile contact management
• Cross-profile data management

From the above bug report snippet, has the policy been applied?

Select 1 answer, then submit.

• The policy has been applied to the device but isn’t working
• The policy has not been applied to the device

If policies have not been applied would you escalate or resolve the issue?

Select 1 answer, then submit.

• Escalate to OEM / app developer
• Resolve issue
• Escalate to carrier/reseller
• Escalate to EMM

If policies have been correctly applied but contacts are still not searchable, where would you escalate this issue?

Select 2 answers, then submit.

• Resolve issue
• Escalate to OEM / app developer
• Escalate to EMM
• Escalate to carrier/reseller

When the user brings their company-owned device to their workplace, it connects to the corporate WiFi network.

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

After setting up their devices, users report that when at work, the devices do not connect to the corporate WiFi network.

Is this behavior:

Select 1 answer, then submit.

• Expected
• Observed

Select the following information that would be appropriate to gather from one of the affected users.

Select 4 answers, then submit.

• Managed WiFi configuration
• In-app feedback
• Bug report
• Screenshots
• Affected devices model/OS
• Play EMM API calls
• Zero-touch CSV export file

When gathering managed WiFi configuration data, is it best to request this from users or check the EMM console directly?

Select 1 answer, then submit.

• Ask the user
• Check the EMM console

Which of the following tools could Kennedy use to test the managed WiFi configuration?

Select 2 answers, then submit.

• Android Management API Quickstart Colab
• TestDPC
• Android Management Experience

Which of the following additional steps should you take to try and resolve the issue?

Select 1 answer, then submit.

• Check if users have WiFi turned on and can see the corporate WiFi network in the list of WiFi networks in Settings
• Verify that there are no conflicting policies
• Check that users’ devices, which are personally-enabled, are enrolled correctly using the bug report
• All of the above

Kennedy has provided a screenshot of the bug report from an affected user’s device, and one from their device, which is working correctly.

Using the screenshots, identify what may be causing the issue on the affected device.

Select 1 answer, then submit.

• The device is not enrolled in management
• The device is enrolled in a work profile
• The bug report doesn’t tell us why it’s not working - they are identical
• The device was not enrolled as a company-owned for personal use
• No Global Proxy is set for the device
• WiFi is not enabled

What would you recommend for Kennedy’s organization to do to resolve the issue and enable users with work profile on company-owned devices to connect to the corporate WiFi network?

Select 1 answer, then submit.

• Downgrade the version of Android on the device and re-enroll the work profile
• Walk the user through manually adding the corporate WiFi network in their Settings
• Delete the work profile from device and re-enroll it in work profile
• Factory Reset the device and enroll in full device management
• Factory Reset the device and re-enroll in work profile from the Setup Wizard

Android Enterprise Expert Certification Exam

-You will have 120 minutes to complete the exam. At 120 minutes, if you are still in the exam, the exam will close and your score will be automatically calculated.
-The exam consists of 50 multiple choice questions and no practical exam. You can’t review or edit answers once you have submitted your exam.
-Remember, you will need to get 80% or more correct to successfully complete this assessment and receive your certification.

An ISV (Independent Software Vendor) wants to build a data loss prevention solution in their existing EMM, one of the features is to control clipboard data transfer between the personal side and the work profile.
Which policy can they use to implement this feature?

• DISALLOW_CROSS_PROFILE_COPY_PASTE
• DISALLOW_CLIPBOARD_COPY_PASTE
• DISALLOW_CROSS_PROFILE_CLIPBOARD
• DISALLOW_CROSS_PROFILE_DATA_TRANSFER

A company policy requires no camera usage within the R&D center area. One day an IT admin finds that a BYOD device didn't get its camera disabled in the main profile (personal space).
The device in question is a personal device, owned by the employee, running Android 7 and enrolled with EMM with a work profile installed.
What is the most likely cause of this?

• User lost connection to the network to receive EMM policy for disabling camera.
• Disabling camera in main profile (personal space) is only works on Android OS 8 and above
• Disabling camera in the personal profile is only available on Fully Managed device or Dedicated device
• User has modified the Android OS so it can bypass EMM policy.

Nicky explains that Android is flexible and there are a few options for enterprises to host and publish their corporate applications on managed devices with managed Google Play.
Which one of the following hosting and publishing methods are NOT supported by managed Google Play?

• Google-hosted private apps.
• Side-loaded by a business website.
• Publish public applications.
• Self hosted private apps on a business server.

A customer has developed a new application targeting API level 30 (Android 11.0). What will be the expected behavior when they attempt to upload their app to Google Play?

• The application will be allowed on Play but will only be displayed for Android 11.0 devices and lower in the Play Store.
• The application will be rejected because new apps uploaded to Google Play must target an Android API level within one year from the latest major Android OS version.
• Assuming there are no security issues with the app, it will be allowed on Play and can subsequently be whitelisted for the enterprise.
• The application will be allowed on Google Play, showing a warning about using deprecated APIs on Android 12.0 devices and higher.

Lina, the IT lead of Dodo Inc. decided to adopt a BYOD strategy for their Enterprise Mobility implementation to save operation costs, however she’s not really sure what is the preferred method to enroll BYOD devices into EMM.
As the Android Enterprise Expert, what would you recommend to Lina as the preferred method to enroll her BYOD fleets into the corporate EMM?

• Zero-touch
• Manual: Install the EMM agent from the Google Play Store, login and enroll
• EMM Token
• QR Code

Your customer has previously been using a containerized solution on Device Administrator, and they are planning their migration to Android Enterprise. One of the customer requirements, coming from their IT team, is to set and enforce a security challenge for their BYOD users within the work profile that is separate and has different requirements from the device security challenges.
Taking into account this requirement, what would you recommend?

• Recommend the IT Team that they only support BYOD on devices running Android 6.0+
• Recommend the organisation instead deploy fully managed devices with work profile, as this Android Enterprise feature is only supported in this management mode
• Recommend the IT Team that they only support BYOD on devices running Android 7.0+
• Recommend the IT Team that they only support BYOD on devices running Android 5.1+

What API level corresponds with Andorid 11.0?

• API level 27
• API level 20
• API level 30
• API level 34

A few years ago Google initiated Project Treble to further improve how Android was updated and secured.
Which of the following statements correctly describes how Project Treble contributes to device security?

• Project Treble randomizes key locations in memory, meaning that exploits cannot be reused.
• Project Treble is a form of encryption for work profiles.
• Project Treble separates device specific software from the OS, making it easier to update the OS, so that devices benefit from security updates quicker.
• Project Treble reduces the number of processes that can access the SoC to three so that they are checked for integrity before executing.

An OEM is looking to build new devices that will support a large enterprise customer, who wants to be able to leverage Android Enterprise functionality to manage their devices. What is the minimum requirement they need to comply with to support Android Enterprise?

• Google Mobile Services (GMS) Certification
• Frequent Security Patches
• Android Enterprise Recommended
• Android Open Source Project (AOSP)

Android provides flexibility to the ecosystem, which allows OEMs to build exclusive features on top of what Android provides. For example, ABC mobile is an OEM that has developed specific enterprise features built-in to the device, to differentiate their devices from another brand. However, one of the key challenges is the need for other ecosystem partners (like EMMs) to integrate these features, so they can be managed by the IT Admin (customer).
What requirements need to be fulfilled by the OEM and/or the other ecosystem partners to address this challenge?

• ABC Mobile as an OEM needs to build APIs for EMM providers to develop and integrate with their software before Enterprise customers are able to use it. The availability of this feature varies depending on the EMM provider's integration.
• ABC Mobile as an OEM needs to develop this feature with OEM config. With that, their features will be immediately available on every EMMs that supports managed configurations.
• ABC Mobile as an OEM has to be part of Android Enterprise Recommended program before they can create any exclusive features. Android Enterprise Recommended allows OEMs to use OEM Config features that Android Enterprise offers.
• ABC Mobile as an OEM can't create exclusive features, if they want to create a new feature, they have to submit a feature request to Google. Once it is approved ,Google will make it available in all Android Devices.

Tomoka, the IT consultant, is explaining to one of their customers that starting from Android 10, Android devices must use File Based Encryption and are no longer able to use Full Disk Encryption, File Based Encryption provides better security capability.
Do you know how File Based Encryption works?

• File Based Encryption allows an IT Admin to modify the encryption key and save it in a unique location in the file system, making it difficult for the attacker to find the key.
• "File Based Encryption allows different components in Android to be encrypted with different keys. This allows the work profile key to be ejected from memory while the personal profile is still in use."
• All are correct.
• File Based Encryption allows IT admin to separate the encryption key from the device. The IT Admin can put the encryption key in their private cloud and let devices access the encryption key in the cloud before they can use the device.

Users are reporting that they cannot connect to their company's WiFi. Which of the following pieces of information should be collected to eliminate the "Set device policies" watchpoint?

• The EMM being used, because it may not support setting WiFi configurations
• The users home SSID to ensure there is no conflict
• The model of the device, because it may not support that WiFi network
• The WiFi configuration set, because it may be incorrect

Your customer is reporting that users can enable Bluetooth, despite having set a company-wide policy that should disable Bluetooth. Which of the following would you choose to troubleshoot this policy issue? Select the two correct answers.

Select All Correct Responses

• Set device policies
• Set managed config
• Provision device
• Select OS version/device

Your customer is trying to enroll Pixel 3 phones using zero-touch enrollment. Despite the device having an active connection to WiFi or data, the DPC isn't downloading. Which is the appropriate troubleshooting step to take next?

• Verify that the device is running Android 7 or above
• Verify that the users have been correctly configured on the EMM console
• Verify that the IMEIs in the zero-touch portal match the phones they are using
• Verify the DPC Extras are complete and correct

Some users are complaining that they cannot add their personal Gmail account to their fully managed devices. Why might this be the case?

• Android Enterprise only supports one account per Google application
• Android Enterprise only supports company GMail accounts
• Gmail app is not updated to the latest version
• Adding personal accounts is disabled as per company policy

Users are reporting that they are not able to use the Barcode Scanner app. The application ID for Barcode Scanner is 'com.google.zxing.client.android'. Refer to the following bug report and select the reason why this might be the case: copy and paste the following link to open bug report:http://tiny.cc/crqwcz

• Use of the camera has been blocked
• The device is not being managed
• Barcode Scanner requires a Google Account, and the device is using a Managed Google Play Account
• Barcode Scanner is not installed

Please take a look at below Log snippet:

Owner Services:
User: 0
com.google.android.apps.work.clouddpc/.vanilla.services.admin.CloudDeviceAdminService [bound] [connected]
Next backoff(sec): 3600
Enabled Device Admins (User 0, provisioningState: 3):
com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver:
userRestrictions:
ensure_verify_apps
no_add_managed_profile
no_install_apps

What information can you find from the above log snippet?

• All of the system apps are disabled in the device
• Device is installed with Work Profile
• User: 0 means there is no Google account provisioned in the device
• App installation is not allowed

Using the bug report provided, please identify three non-System apps on the device.
Copy and paste the following link to open in new browser window bug report 2:
http://tiny.cc/occwcz

• Documents UI, Messaging, HTML Viewer
• Docs, Translate, Keep
• Chrome, Gmail, YouTube
• Calendar, Quicksearchbox, Camera

Let's take a look at this log: Log.txt
Search and find information about Google Messages application in the given log.
Which one below is CORRECT information about Google Messages application from the given log? Copy and paste this URL in your browser to open the bug report Log.txt

• The application not allowed to send SMS
• The package name of the Google Messages application is: com.google.android.apps.dynamite
• The application is installed in Personal Space but it is hidden
• The application is not installed in Work Profile

Using the bug report provided, please identify three apps installed in the work profile. Copy and paste the following link to open in New browser window bug report 1: http://tiny.cc/2s1uxz

• Sheets, Gmail, Files by Google
• Dropbox, Translate, Skype
• YouTube, Docs, Chrome
• Keep, Slides, Earth

One of your users is experiencing issues with their device. As their IT Admin, you need to retrieve the logs from the affected devices to troubleshoot this issue. Which one of the following approaches should you take, according to Google's best practices?

• Factory reset the device and restore the user configuration to verify if the issue persist
• Go into developer mode on the device, and download the logs to the device internal storage
• Plug the device into a computer and retrieve the logs by running adb bugreport in a terminal
• Download a "log retriever" application, then email the logs to yourself

Which section of a bug report tells you about application information/policies?

• Combined logs
• Packages
• DUMP OF SERVICE package
• Raw Bug report

What section of a bug report tells you if there is a work profile on the device?

• Packages:
• Combined logs
• DUMP OF SERVICE (account or device_policy)
• Raw Bug report

Gathering data is one of the crucial steps that provides useful information for the IT Admin.
Which data source provides the IT Admin with the device make/model, a list of apps on the device, app permissions and network information?

• Interview the user
• Application log
• Bug Report
• Logcat

Users are reporting an issue on their devices. You ask your customer to pull some logs from an affected device, but their device policy is preventing them from capturing the requested logging. Which of the following policies enables/disables a user's ability to generate Android bug reports?

• FREE_THE_LOGS
• ENABLE_ADB_DEBUG
• DISALLOW_TROUBLESHOOTING_TOOLS
• DISALLOW_DEBUGGING_FEATURES

What is “user 10” from the Android bug report log?

• It is the 10th user account in the device
• It is the Main Profile
• It is the 11th user account in the device
• It is the Work Profile

Your EMM, who uses a Custom DPC, doesn't have a settings toggle that you notice has been available since 7.0 as per the developer documentation. What is the best next step to get access to that feature?

• Raise a feature request with the EMM to support the toggle
• Speak to your OEM to bring support for the toggle within their OEM Config application
• Create a small app yourself using the developer documentation and toggle it via app config
• Raise the request with Google

You're provisioning dedicated devices, and notice that lock task mode policy is failing to apply on a subset of them. Which of the following tools would it be appropriate to use to troubleshoot the problematic devices?

Select All Correct Responses

• EMM console
• Test DPC
• Android Management API Colab
• Android Enterprise Management Demo

A customer is reporting an issue when provisioning devices through zero-touch. By following the problem-solving framework, you have concluded that the core issue is related to the IMEIs. Whom would you contact to help resolve this?

• Customer's procurement team
• Reseller/carrier
• EMM
• OEM

You identified an issue with a device and pulled a bug report. Your next step is to share the bug report with the EMM provider. Which of the following aligns with Google's recommended best practice for sharing bug reports?

• Email the bug report to Google support
• Delete any user identifiable data from the bug report, then share it with your EMM provider
• Upload the bug report to a cloud storage provider and share it with individuals who need access to the content
• Never share bug reports

A customer reaches out to you with a specific set of requirements for their device management. They have requested your help selecting an EMM. What Android resources would you leverage to help them finding the EMM that best fits their needs?

• Android Enterprise terminology documentation and Solutions glossary
• Enterprise Solutions Directory and Android Enterprise feature list
• developer.android.com
• Compatibility Definition Document (CDD)

Which API can EMMs use to deploy apps via Managed Google Play? Select the two answers that apply.

Select All Correct Responses

• Firebase Management API
• Google Play EMM API
• Android Management API
• App Engine Admin API

Skyline LTD is an Microsoft 365 customer, who is looking to deploy 1000 devices on Android Enterprise. You need to advise them on the best choice of identity model before they can move forward with their deployment. What identity model would you recommend, according to Google best practices?

• Recommend that the end users create their own accounts
• Managed Google Play Accounts
• A 3rd party identity model provider that is compatible with Microsoft 365
• Google Accounts

Your customer is provisioning devices via zero-touch enrollment deploying multiple configurations. They report that a group of devices is not enrolling automatically into their EMM, while other devices have enrolled successfully. You have already confirmed that the devices are listed in the zero-touch console. The end-user reports seeing an EMM-branded screen on the device, but is unable to login. What would be the next troubleshooting step you would advise?

• Re-upload the devices in the zero-touch console
• Go to admin.google.com and remove the domain binding to their EMM
• Go to their EMM console, remove and add the binding to the Managed Google Play account
• Check that the DPC extras are correct according to the EMM

You are planning the staging of a large quantity of devices prior to distributing them to their final destination. Which of the following items should you be wary of when staging a large number of devices in one space?

• Network bandwidth
• Location services will be enforced
• Charging points for all of your devices
• Devices on the latest version of Android

An IT Admin notices that enrollment consistently fails when updating Google Play services over Wi-Fi. This issue occurs during deployment, on a variety of different devices. The Admin notes that when the devices are on cellular data, enrollment is successful. What next step would you take to try to resolve this issue?

• Check that all required ports are open in the firewall
• Check that managed configurations on Google Play services are set up correctly
• Disable all SSL inspection on the network
• Check the ADB logs on one of the affected devices

Your customer has a requirement to prevent certain apps from using an active VPN on a fully-managed device. Which one would be the recommended way to configure this?

• Create a work profile on the fully managed device and route all traffic through the whole work profile
• Block traffic to and from the app on the local network
• Add the applications that should go through the VPN to the allowlist
• Assign managed application configurations to the applications on the denylist with policies to prevent use of the VPN

Your customer wants to ensure that their corporate browser always goes through VPN, but at the same time, they want to implement the best configuration to reduce unnecessary traffic over the corporate VPN. What VPN configuration would best fit the customer's specific requirements?

• Per-Profile VPN
• Per-App VPN
• User-Initiated VPN
• Always-On VPN

Your customer is planning their migration from Device Admin to Android Enterprise, and they have some questions around VPN configuration. Which of the following is one advantage that Android Enterprise has over Device Admin when configuring a VPN?

• In using Device Admin you can leverage app wrapping to push any VPN configuration to your app
• In Android Enterprise, you can leverage Managed Configurations to push VPN configurations
• Device Administrator offers an easier path to integration for EMMs
• There is no fundamental difference in the way that VPN are configured

Your customer is deploying devices that will be used at a university. One of the requirements is to monitor traffic for unauthorized content. They wish to implement SSL inspection to fulfill this requirement. What would be your recommendation based on Google's best practices?

• The customer can configure SSL inspection, as long as traffic to Google services bypasses the proxy
• The customer can use any SSL proxy solution out of the box, as none of them will interfere with their Android deployment
• The customer should configure all traffic to hosts connecting on port 443 to bypass the proxy
• The customer should configure traffic on ports other than 443 to bypass the proxy

Hector from Horybell Inc. states that “Using managed Google Play is not enough to protect my device from PHAs.”. He does not appear to fully understand how managed Google Play protects devices from PHAs.
As a solutions consultant, which of the following statements might you use to respond to Hector’s objection above?

• Google Play ensures that app updates are always signed by the original developer, avoiding app hijacking.
• Google Play has a proven track record of minimizing the risk of PHAs being installed on Android devices.
• Devices that install apps exclusively from Google Play, rather than sideload apps, are at much lower risk of installing PHAs.
• All of these.

Your customer is reporting that applications on a group of their devices are not updating consistently. You want to advise them on Android best practices around managing app updates from the Play Store. Which of the following are two of the default guidelines for updates to happen promptly? Select the two correct answers.

Select All Correct Responses

• Location services must be turned on
• Devices are connected to a Wi-Fi network
• Devices on a secure WiFi (WPA2 and above)
• Devices are charging

A customer reported that their applications are not being installed silently on their users' devices. Which of the following troubleshooting areas should you consider when working on an "application install" issue? Select the two correct answers.

Select All Correct Responses

• Approve/assign apps
• Configure provisioning
• Create/sync users or groups
• Provision device

An Independent Software Vendor (ISV) has developed a private app for your customer. They uploaded it through the Google Play developer console, but your customer does not see it in their managed Google Play store. After doing some troubleshooting, you realize that the ISV has not correctly assigned the app in the Google Play console. Which of the following identifiers should you provide to the ISV so that they can assign the app correctly?

• User ID
• Organization ID
• Device ID
• Company ID

Users are reporting that they are seeing the consumer Play Store on their fully managed work devices. Which of the following would be valid troubleshooting steps for this issue? Select the two answers that apply.

Select All Correct Responses

• Ensure that the IT admin has set the correct managed configuration for the Google Play Store
• Verify that the EMM is still bound to the user's company
• Ensure that the IT admin has set an application allowlist instead of allowing an open Play Store
• Verify that the IT admin has uploaded the company's apps to the Google Play Developer Console

How do you create allowlist for public applications into your organization?

• From Managed Play Publishing Console
• From Managed Play iframe, accessible from your supported EMM Console
• All of the above
• Sideload before enrolling in EMM

What is the advantages of an OEM leveraging 'OEMConfig' for application development?

• OEMConfig can be distributed to devices without having to go through managed Google Play
• OEMConfig allows OEMs to address customer needs without requiring 3rd party developer support
• OEMConfig allows all OEMs access to vendor APIs
• OEMConfig is supported by all EMMs

Acme inc. needs one of their applications to be able to communicate across work profile boundaries, they heard that Google has released this feature recently, however they are not sure about the minimum OS version that supports this feature.
As the solution consultant, would you be able to tell Acme inc. what is the minimum OS version that supports this feature?

• Android 10
• Android 12
• Android 9
• Android 11

Based on this app package name: com.google.android.apps.chromecast.app what is the corresponding Application?

• Google Chrome
• Google ChromeCast
• Google Home
• Google Chromebook

A customer is uploading a new application to Google Play and wants to reuse the Application ID of another unlisted app. What is the expected behavior?

• The application will be rejected because Google Play only allows a single instance of an Application ID
• Google Play will silently replace the old application with the new application
• As long as the old app is unlisted, Google Play will allow upload of the new app, which reuses the same Application ID
• Google Play will automatically generate a new Application ID and allow the app to be uploaded
  

More certification answers: https://www.certificationanswers.com/en/exams-answers/