Android Enterprise Platform Professional Assessment Answers

Android Enterprise Platform Professional Assessment Answers

https://www.certificationanswers.com/en/category/academy-for-ads/android-enterprise-platform-professional-assessment-answers/

The language of the answers are in English.

Some Questions:

Google recommends which of the following methods to securely manage, deploy or host in-house company applications?

Sideloading

Android admin console

Zero Touch Portal

Managed Google Play Store

Restricting applications from communicating directly to each other is an example of what Android security principle:

Verified Boot

Safety Net

Application Sandboxing

Address Space Layout Randomization (ASLR)

The identity method that is preferred for G-Suite customers:

Managed Google Play Account

Managed Google Account

EMM Enhanced Account

Gmail Account

The following enrollment methods are supported with Android Enterprise:

NFC

QR Code

Zero-Touch

All of the above

Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:

Device Admin API’s have been marked deprecated and will eventually not be supported

Device Admin API’s provided an outdated security model and management approach

Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.

All of the above

Can be more complex than device password

Optional remote password change

Optional 2nd password for work profile

Single password

The Android open source software stack is built on:

__________________ is a standard for enterprise customers to recognize Android devices that perform 4 against enterprise-grade testing and integrate with enterprise-focused features. (fill in the blank)

__________________ ensures key generation, key import, signing and verification services are kept separate from the OS.

Android 8.0+ includes ___________ to not allow downgrading OS to an older less secure version or patch level.

____________ ensures keys created with a newer OS cannot be used by older OS versions.

Using a pin + hardware key to derive encryption keys is called ________________.

Google Play Protect includes: (select all that apply)

Real-time malware detection

Daily scan of apps on devices

Blocking of harmful apps

__________________ ensures key generation, key import, signing and verification services are kept separate from the OS. (fill in the blank)

Trusted execution environment (TEE)

Hardware-backed security does which of the following? (select all that apply)

Mitigates exploitation

Prevents brute force attacks

Protects the boot process

Keeps data safe from physical attacks

Need to verify ownership of the domain

Supports multiple EMMs in same organization 

Need a public facing IDP for SSO

Additional steps required for API integration

Automatically generates a random service account at enrollment

Appropriate for G suite and Chrome OS customers 

Accounts from Google console must be manually pasted into EMM console

It is not possible to bind your domain to more than one EMM

Employees may have signed up for a Google Account using @mycompany.com email

Register your organization in a few seconds from your EMM console 

No need to sign in, user never sees the actual account 

'Sideloading' is the #1 risk for introducing malware and PHAs onto your device.

The advantages of hosting private apps on Google Play include: (select all that apply)

Saving the enterprise money is important, as is providing our employees privacy.

Flexibility of using full device management with a work profile.

Full control over apps and data on devices is most important.

Remote updates and a locked mode for a specific tasks.

User enters Google Account username & password. Availability: all versions the EMM support with “Google Account”

User or admin afw#. Availability 6.0

User or admin scans. Availability 7.0

Admin bump. Availability 5.1+ NFC support

Device driven flow. Availability 7.0+ Pixel only, 8.0+ selected devices

COPE devices provide: (select all that apply)

__________________ enables large-scale Android 9 deployments across multiple device makers with no manual set up. (fill in the blank)

The feature that gives IT control over company data while allowing workers to keep their pictures and apps private is called:

In order to gain user buy in for work profiles, explain to users that IT cannot monitor ____________ . (select all that apply)

Call logs

Personal photos

Personal app installs

SMS

True or false: During deployment planning, determine scope of testing and timelines for different stages of the deployment.

_____________ establishes best practices and common requirements for devices and services, backed by a thorough testing process conducted by Google.

The newest enrollment method with the launch of __________ is ___________:

Android P, Fast Touch

Android O, Zero Touch

Android N, Easy Scale

Android M, Managed Deployment

As users are the first line of defense against any mobile threat, EMM’s 12 can employ policies that can force:

Verified Boot

Strong PIN, pattern or password lock

Continuous SMS and call monitoring

Passphrase to recover lost email accounts

________________ can add IMEI or serial numbers to the Zero Touch portal?

End-Users

Resellers

Resellers and carrier partners

Customers

Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:

Device Admin API’s have been marked deprecated and will eventually not be supported

Device Admin API’s provided an outdated security model and management approach

Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.

All of the above

___________ is a collection of Google applications and APIs that help support functionality across devices and a requirement for Android Enterprise.

Android Managed Services (AMS)

Google Mobile Services (GMS)

Android Compatibility Services (ACS)

Compatibility Test Suite (CTS)

The identity method that is preferred for G-Suite customers:

Managed Google Play Account

Managed Google Account

EMM Enhanced Account

Gmail Account

To make Android even safer, Google shares source code for security fixes every ______ days with partners and publish updates for Nexus and Pixel devices.

30

90

180

Dessert release

As it pertains to shared device use cases, support for _____________ was added in Android Pie (9.0) kiosk mode.

Work profile

Multiple containers

Multiple Apps

Multiple DPC’s

Google Play Protect scans ___________ apps that are installed onto a device:

Only Google Play store

All

Only sideloaded

Third party

All Android OEM’s that opt to use Google Mobile Services (GMS) must adhere to a _________ and successfully pass ____________.

Compatibility Definition Document (CDD), Compatibility Test Suite (CTS)

Compatibility Definition Document (CDD), Android Test Suite (ATS)

Enterprise Recommended Document (ERD) and Compatibility Test Suite (CTS)

Compatibility Definition Document (CDD), Android Device Test (ADT)

Compatibility Definition Document (CDD), Android Device Test (ADT)

Android Enterprise Recommended ensures devices are up to date with regular security patches delivered within _________. Android Enterprise Recommended devices are also guaranteed to get at least______________.

45 days, 2 additional major OS updates

90 days, 1 additional major OS update

60 days, 1 additional major OS update

90 days, 2 additional major OS updates

How many Managed Google Play accounts can a customer get for free from Google for use with their EMM?

As many as needed

5

20

35

Please select the most accurate statement as it pertains to Managed Google Play accounts:

Managed Google Play accounts are quick and easy to claim and require organizations to register their actual name with Google Managed Google Play accounts are easy to claim but require a 1 week approval period from Google

Managed Google Play accounts are quick and easy to attain obfuscated identities that can be claimed for as many users as needed

Manage Google Play accounts provide end users with identities that allows them to sign in to Google services such as G-Suite

Some of the advantages of hosting private apps on Managed Google Play are:

Application scanning, delta upgrades, free app hosting

Security, cross platform application support and competitive pricing

Security, easy administration and being able to host apps from any platform

Hosting private apps on Google Play is not recommended

The following enrollment methods are supported with Android Enterprise:

NFC

QR Code

Zero-Touch

All of the above

Google recommends which of the following methods to securely manage, deploy or host in-house company applications?

Sideloading

Android admin console

Zero Touch Portal

Managed Google Play Store

Devices with a work profile differentiate work apps from personal apps by a:

Badged hashtag

Badged dot

Badged star

Badged briefcase

Restricting applications from communicating directly to each other is an example of what Android security principle:

Verified Boot

Safety Net

Application Sandboxing

Address Space Layout Randomization (ASLR)

What are the are two identities that can be used with Android Enterprise?

Managed Google Play Account & Gmail

Gmail & Managed Google Account

Managed Google Account & Managed Google Play Account

Managed EMM Account

What is the proper method a user should follow in order to add a work profile to their personal device?

Clear all personal data from device, download EMM app from Play Store, follow the setup wizard to complete.

Download EMM app from Google Play, enter corporate credentials, follow the setup wizard to complete.

Hard reset the device, send it into IT department for set up, retrieve device when ready

Enroll device in Zero Touch portal, inform IT so they can configure, follow the setup wizard.

Before deploying Android in a no connectivity environment, you should strongly consider:

Android Enterprise devices must be able to access the Managed Google Play store to get apps and updates, and Google Play Protect security services.

Android Enterprise devices require special permissions and policies to run in such environments

The devices running in these environments must be running Android Oreo (8.0) or higher

None of the above

Android devices utilize a __________, to run privileged or security-sensitive operations such as PIN verification, secure storage of encryption keys and Verified Boot.

Tamper Resistant Zone

Trusted Execution Environment

Trusted Encryption Zone

Secure Execution Environment

During the ____________ process, each bootstage cryptographically verifies the integrity and authenticity of the next stage before executing it.

Verified Boot

Kernel checking

Hashtagging

System check

When enrolling devices using the NFC method, organizations can use __________ to transfer configurations to a new device:

Either a pre-programmed master device or NFC tag

A pre-programmed master device

Only a pre-programmed NFC tag

Android Enterprise does not support NFC enrollment

Managed Google Play provides organizations complete control over app visibility and distribution by:

Allowing whitelisting and silent app push

Providing application user data to admins

Easy sideloading of select apps

Making full Google Play store available to all user

More info about the certification:

academy.exceedlms.com/student/path/9736

More info of other products in:

https://www.certificationanswers.com/en/exams-answers-2/#ert_pane1-5