Android Enterprise Platform Professional Assessment Answers
Android Enterprise Platform Professional Assessment Answers
The language of the answers are in English.
Questions:
Google recommends which of the following methods to securely manage, deploy or host in-house company applications?
Sideloading
Android admin console
Zero Touch Portal
Managed Google Play Store
Restricting applications from communicating directly to each other is an example of what Android security principle:
Verified Boot
Safety Net
Application Sandboxing
Address Space Layout Randomization (ASLR)
The identity method that is preferred for G-Suite customers:
Managed Google Play Account
Managed Google Account
EMM Enhanced Account
Gmail Account
The following enrollment methods are supported with Android Enterprise:
NFC
QR Code
Zero-Touch
All of the above
Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:
Device Admin API’s have been marked deprecated and will eventually not be supported
Device Admin API’s provided an outdated security model and management approach
Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.
All of the above
Can be more complex than device password
Optional remote password change
Optional 2nd password for work profile
Single password
The Android open source software stack is built on:
__________________ is a standard for enterprise customers to recognize Android devices that perform 4 against enterprise-grade testing and integrate with enterprise-focused features. (fill in the blank)
__________________ ensures key generation, key import, signing and verification services are kept separate from the OS.
Android 8.0+ includes ___________ to not allow downgrading OS to an older less secure version or patch level.
____________ ensures keys created with a newer OS cannot be used by older OS versions.
Using a pin + hardware key to derive encryption keys is called ________________.
Google Play Protect includes: (select all that apply)
Real-time malware detection
Daily scan of apps on devices
Blocking of harmful apps
__________________ ensures key generation, key import, signing and verification services are kept separate from the OS. (fill in the blank)
Trusted execution environment (TEE)
Hardware-backed security does which of the following? (select all that apply)
Mitigates exploitation
Prevents brute force attacks
Protects the boot process
Keeps data safe from physical attacks
Need to verify ownership of the domain
Supports multiple EMMs in same organization
Need a public facing IDP for SSO
Additional steps required for API integration
Automatically generates a random service account at enrollment
Appropriate for G suite and Chrome OS customers
Accounts from Google console must be manually pasted into EMM console
It is not possible to bind your domain to more than one EMM
Employees may have signed up for a Google Account using @mycompany.com email
Register your organization in a few seconds from your EMM console
No need to sign in, user never sees the actual account
'Sideloading' is the #1 risk for introducing malware and PHAs onto your device.
The advantages of hosting private apps on Google Play include: (select all that apply)
Saving the enterprise money is important, as is providing our employees privacy.
Flexibility of using full device management with a work profile.
Full control over apps and data on devices is most important.
Remote updates and a locked mode for a specific tasks.
User enters Google Account username & password. Availability: all versions the EMM support with “Google Account”
User or admin afw#. Availability 6.0
User or admin scans. Availability 7.0
Admin bump. Availability 5.1+ NFC support
Device driven flow. Availability 7.0+ Pixel only, 8.0+ selected devices
COPE devices provide: (select all that apply)
__________________ enables large-scale Android 9 deployments across multiple device makers with no manual set up. (fill in the blank)
The feature that gives IT control over company data while allowing workers to keep their pictures and apps private is called:
In order to gain user buy in for work profiles, explain to users that IT cannot monitor ____________ . (select all that apply)
Call logs
Personal photos
Personal app installs
SMS
True or false: During deployment planning, determine scope of testing and timelines for different stages of the deployment.
_____________ establishes best practices and common requirements for devices and services, backed by a thorough testing process conducted by Google.
The newest enrollment method with the launch of __________ is ___________:
Android P, Fast Touch
Android O, Zero Touch
Android N, Easy Scale
Android M, Managed Deployment
As users are the first line of defense against any mobile threat, EMM’s 12 can employ policies that can force:
Verified Boot
Strong PIN, pattern or password lock
Continuous SMS and call monitoring
Passphrase to recover lost email accounts
________________ can add IMEI or serial numbers to the Zero Touch portal?
End-Users
Resellers
Resellers and carrier partners
Customers
Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:
Device Admin API’s have been marked deprecated and will eventually not be supported
Device Admin API’s provided an outdated security model and management approach
Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.
All of the above
___________ is a collection of Google applications and APIs that help support functionality across devices and a requirement for Android Enterprise.
Android Managed Services (AMS)
Google Mobile Services (GMS)
Android Compatibility Services (ACS)
Compatibility Test Suite (CTS)
The identity method that is preferred for G-Suite customers:
Managed Google Play Account
Managed Google Account
EMM Enhanced Account
Gmail Account
To make Android even safer, Google shares source code for security fixes every ______ days with partners and publish updates for Nexus and Pixel devices.
30
90
180
Dessert release
As it pertains to shared device use cases, support for _____________ was added in Android Pie (9.0) kiosk mode.
Work profile
Multiple containers
Multiple Apps
Multiple DPC’s
Google Play Protect scans ___________ apps that are installed onto a device:
Only Google Play store
All
Only sideloaded
Third party
All Android OEM’s that opt to use Google Mobile Services (GMS) must adhere to a _________ and successfully pass ____________.
Compatibility Definition Document (CDD), Compatibility Test Suite (CTS)
Compatibility Definition Document (CDD), Android Test Suite (ATS)
Enterprise Recommended Document (ERD) and Compatibility Test Suite (CTS)
Compatibility Definition Document (CDD), Android Device Test (ADT)
Compatibility Definition Document (CDD), Android Device Test (ADT)
Android Enterprise Recommended ensures devices are up to date with regular security patches delivered within _________. Android Enterprise Recommended devices are also guaranteed to get at least______________.
45 days, 2 additional major OS updates
90 days, 1 additional major OS update
60 days, 1 additional major OS update
90 days, 2 additional major OS updates
How many Managed Google Play accounts can a customer get for free from Google for use with their EMM?
As many as needed
5
20
35
Please select the most accurate statement as it pertains to Managed Google Play accounts:
Managed Google Play accounts are quick and easy to claim and require organizations to register their actual name with Google Managed Google Play accounts are easy to claim but require a 1 week approval period from Google
Managed Google Play accounts are quick and easy to attain obfuscated identities that can be claimed for as many users as needed
Manage Google Play accounts provide end users with identities that allows them to sign in to Google services such as G-Suite
Some of the advantages of hosting private apps on Managed Google Play are:
Application scanning, delta upgrades, free app hosting
Security, cross platform application support and competitive pricing
Security, easy administration and being able to host apps from any platform
Hosting private apps on Google Play is not recommended
The following enrollment methods are supported with Android Enterprise:
NFC
QR Code
Zero-Touch
All of the above
Google recommends which of the following methods to securely manage, deploy or host in-house company applications?
Sideloading
Android admin console
Zero Touch Portal
Managed Google Play Store
Devices with a work profile differentiate work apps from personal apps by a:
Badged hashtag
Badged dot
Badged star
Badged briefcase
Restricting applications from communicating directly to each other is an example of what Android security principle:
Verified Boot
Safety Net
Application Sandboxing
Address Space Layout Randomization (ASLR)
What are the are two identities that can be used with Android Enterprise?
Managed Google Play Account & Gmail
Gmail & Managed Google Account
Managed Google Account & Managed Google Play Account
Managed EMM Account
What is the proper method a user should follow in order to add a work profile to their personal device?
Clear all personal data from device, download EMM app from Play Store, follow the setup wizard to complete.
Download EMM app from Google Play, enter corporate credentials, follow the setup wizard to complete.
Hard reset the device, send it into IT department for set up, retrieve device when ready
Enroll device in Zero Touch portal, inform IT so they can configure, follow the setup wizard.
Before deploying Android in a no connectivity environment, you should strongly consider:
Android Enterprise devices must be able to access the Managed Google Play store to get apps and updates, and Google Play Protect security services.
Android Enterprise devices require special permissions and policies to run in such environments
The devices running in these environments must be running Android Oreo (8.0) or higher
None of the above
Android devices utilize a __________, to run privileged or security-sensitive operations such as PIN verification, secure storage of encryption keys and Verified Boot.
Tamper Resistant Zone
Trusted Execution Environment
Trusted Encryption Zone
Secure Execution Environment
During the ____________ process, each bootstage cryptographically verifies the integrity and authenticity of the next stage before executing it.
Verified Boot
Kernel checking
Hashtagging
System check
When enrolling devices using the NFC method, organizations can use __________ to transfer configurations to a new device:
Either a pre-programmed master device or NFC tag
A pre-programmed master device
Only a pre-programmed NFC tag
Android Enterprise does not support NFC enrollment
Managed Google Play provides organizations complete control over app visibility and distribution by:
Allowing whitelisting and silent app push
Providing application user data to admins
Easy sideloading of select apps
Making full Google Play store available to all user
More info of other products in:
https://www.certificationanswers.com/en/exams-answers-2/#ert_pane1-5