Android Enterprise Professional Answers 2021 (Updated)

Below you will find answers to the Pre-Assessment, Lesson Exercises, Lesson Quizzes and the Post-Assessment.

Course URL – https://googlepartnertraining.fathomed.com/plans/5d42f01fe922dc0907bc3227

Android Enterprise Professional Pre-Assessment

Q.1 – The identity method that is preferred for G-Suite customers:

(A) Managed Google Play Account

(B) Managed Google Account

(C) EMM Enhanced Account

(D) Gmail Account

Q.2 – The following enrollment methods are supported with Android Enterprise:

(A) NFC

(B) QR Code

(C) Zero-Touch

(D) All of the above

Q.3 – Restricting applications from communicating directly to each other is an example of what Android security principle:

(A) Verified Boot

(B) Safety Net

(C) Application Sandboxing

(D) Address Space Layout Randomization (ASLR)

Q.4 – Google recommends which of the following methods to securely manage, deploy or host in-house company applications?

(A) Sideloading

(B) Android admin console

(C) Zero Touch Portal

(D) Managed Google Play Store

Q.5 – Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:

(A) Device Admin API’s have been marked deprecated and will eventually not be supported

(B) Device Admin API’s provided an outdated security model and management approach

(C) Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.

(D) All of the above

Module 1 – OS Platform and Security Lesson 6 – Activity: Hardware backed security Quiz Answers

Q.1 – __________________ ensures key generation, key import, signing and verification services are kept separate from the OS.

(A) Pin verification process

(B) Trusted execution environment (TEE)

(C) Version binding

(D) Rollback prevention

(E) Key ejection

Q.2 – Android 8.0+ includes ___________ to not allow downgrading OS to an older less secure version or patch level.

(A) Version binding

(B) Key ejection

(C) Trusted execution environment (TEE)

(D) Pin verification process

(E) Rollback prevention

Q.3 – ____________ ensures keys created with a newer OS cannot be used by older OS versions.

(A) Version binding

(B) Pin verification process

(C) Rollback prevention

(D) Trusted execution environment (TEE)

(E) Key ejection

Q.4 – Using a pin + hardware key to derive encryption keys is called ________________.

(A) Rollback prevention

(B) Trusted execution environment (TEE)

(C) Key ejection

(D) Pin verification process

(E) Version binding

Module 1 – OS Platform And Security Lesson 8 – Let’s Review Answers

Q.1 – As it pertains to shared device use cases, support for _____________ was added in Android Pie (9.0) kiosk mode.

(A) Multiple Apps

(B) Work profile

(C) Multiple DPC’s

(D) Multiple containers

Q.2 – During the ____________  process, each bootstage cryptographically verifies the integrity and authenticity of the next stage before executing it.

(A) Verified Boot

(B) Kernel checking

(C) Hashtagging

(D) System check

Q.3 – Android Enterprise Recommended ensures devices are up to date with regular security patches delivered within _________. Android Enterprise Recommended devices are also guaranteed to get at least ______________.

(A) 90 days, 1 additional major OS update

(B) 90 days, 2 additional major OS updates

(C) 60 days, 1 additional major OS update

(D) 45 days, 2 additional major OS updates

Q.4 – All Android OEM’s that opt to use Google Mobile Services (GMS) must adhere to a _________ and successfully pass ____________.

(A) Enterprise Recommended Document (ERD) and Compatibility Test Suite (CTS)

(B) Compatibility Definition Document (CDD), Compatibility Test Suite (CTS)

(C) Compatibility Definition Document (CDD), Android Device Test (ADT)

(D) Compatibility Definition Document (CDD), Android Test Suite (ATS)

Q.5 – Android devices utilize a __________, to run privileged or security-sensitive operations such as PIN verification, secure storage of encryption keys and Verified Boot.

(A) Tamper Resistant Zone

(B) Trusted Encryption Zone

(C) Trusted Execution Environment

(D) Secure Execution Environment

Q.6 – Restricting applications from communicating directly to each other is an example of what Android security principle:

(A) Safety Net

(B) Application Sandboxing

(C) Verified Boot

(D) Address Space Layout Randomization (ASLR)

Q.7 – ___________ is a collection of Google applications and APIs that help support functionality across devices and a requirement for Android Enterprise.

(A) Compatibility Test Suite (CTS)

(B) Android Compatibility Services (ACS)

(C) Android Managed Services (AMS)

(D) Google Mobile Services (GMS)

Q.8 – Google Play Protect scans ___________ apps that are installed onto a device:

(A) Only Google Play store

(B) Only sideloaded

(C) Third party

(D) All

Q.9 – To make Android even safer, Google shares source code for security fixes every ______ days with partners and publish updates for Nexus and Pixel devices.

(A) 180

(B) Dessert release

(C) 30

(D) 90

Q.10 – As users are the first line of defense against any mobile threat, EMM’s can employ policies that can force:

(A) Continuous SMS and call monitoring

(B) Verified Boot

(C) Passphrase to recover lost email accounts

(D) Strong PIN, pattern or password lock

Module 2 – Managed Google Play Lesson 4 Activity Match Cards Answers

No need to sign in, user never sees the actual account –  Managed Google Play Account

Need to verify ownership of the domain –  G Suite or Cloud Identity account

Appropriate for G suite and Chrome OS customers – G Suite or Cloud Identity account

Additional steps required for API integration – G Suite or Cloud Identity account

Automatically generates a random service account at enrollment –  Managed Google Play Account

Need a public facing IDP for SSO – G Suite or Cloud Identity account

It is not possible to bind your domain to more than one EMM – G Suite or Cloud Identity account

Employees may have signed up for a Google Account using @mycompany.com email – G Suite or Cloud Identity account

Register your organization in a few seconds from your EMM console – Managed Google Play Account

Accounts from Google console must be manually pasted into EMM console – G Suite or Cloud Identity account

Supports multiple EMMs in same organization – Managed Google Play Account

Module 2 – Managed Google Play Lesson 7 Let’s Review Answers

Q.1 – Google recommends which of the following methods to securely manage, deploy or host in-house company applications?

(A) Sideloading

(B) Android admin console

(C) Zero Touch Portal

(D) Managed Google Play Store

Q.2 – What are the are two identities that can be used with Android Enterprise?

(A) Gmail & Managed Google Account

(B) Managed Google Play Account & Gmail

(C) Managed EMM Account

(D) G Suite or Cloud Identity account & Managed Google Play Account

Q.3 – How many Managed Google Play accounts can a customer get for free from Google for use with their EMM?

(A) 35

(B) 5

(C) As many as needed

(D) 20

Q.4 – Please select the most accurate statement as it pertains to Managed Google Play accounts:

(A) Managed Google Play accounts are quick and easy to attain obfuscated identities that can be claimed for as many users as needed

(B) Managed Google Play accounts are quick and easy to claim and require organizations to register their actual name with Google

(C) Manage Google Play accounts provide end users with identities that allows them to sign in to Google services such as G-Suite

(D) Managed Google Play accounts are easy to claim but require a 1 week approval period from Google

Q.5 – Managed Google Play provides organizations complete control over app visibility and distribution by:

(A) Allowing whitelisting and silent app push

(B) Making full Google Play store available to all user

(C) Easy sideloading of select apps

(D) Providing application user data to admins

Q.6 – Some of the advantages of hosting private apps on Managed Google Play are:

(A) Security, cross platform application support and competitive pricing

(B) Application scanning, delta upgrades, free app hosting

(C) Hosting private apps on Google Play is not recommended

(D) Security, easy administration and being able to host apps from any platform

Module 3 – Deployment Lesson 4 Activity Match Them Answers

“Saving the enterprise money is important, as is providing our employees privacy.” – BYOD

“Full control over apps and data on devices is most important.” – Fully Managed

“Flexibility of using full device management with a work profile.” – Fully Managed, Personally Enabled

“Remote updates and a locked mode for a specific tasks.” – Dedicated Device

Module 3 – Deployment Lesson 6 Activity Match Enrollment Answers

Google Account – User enters Google Account username & password. Availability: all versions the EMM support  

Hashtag ID – User or admin afw#<EMMcode>. Availability 6.0+

QR code – User or admin scans. Availability 7.0+

NFC  – Admin bump. Availability 5.1+ NFC support

 Zero-touch enrollment – Device driven flow. Availability 7.0+ Pixel only, 8.0+ selected devices

Module 3 – Deployment Lesson 7 Let’s Review Answers

Q.1 – When enrolling devices using the NFC method, organizations can use __________ to transfer configurations to a new device:

(A) A pre-programmed master device

(B) Android Enterprise does not support NFC enrollment

(C) Either a pre-programmed master device or NFC tag

(D) Only a pre-programmed NFC tag

Q.2 – Devices with a work profile differentiate work apps from personal apps by a:

(A) Badged hashtag

(B) Badged star

(C) Badged briefcase

(D) Badged dot

Q.3 – The following enrollment methods are supported with Android Enterprise:

(A) NFC

(B) QR Code

(C) Zero-Touch

(D) All of the above

Q.4 – Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:

(A) Device Admin API’s have been marked deprecated and will eventually not be supported

(B) Device Admin API’s provided an outdated security model and management approach

(C) Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.

(D) All of the above

Q.5 – The newest enrollment method with the launch of  __________ is ___________:

(A) Android 8.0, Zero Touch

(B) Android 6.0, Managed Deployment

(C) Android 9.0, Single Touch

(D) Android 7.0, Easy Scale

Q.6 – ________________  can add IMEI or serial numbers to the zero-touch portal.

(A) End-Users

(B) Resellers

(C) Resellers and carrier partners

(D) Customers

Q.7 – What is the proper method a user should follow in order to add a work profile to their personal device?

(A) Enroll device in Zero Touch portal, inform IT so they can configure, follow the setup wizard.

(B) Hard reset the device, send it into IT department for set up, retrieve device when ready.

(C) Download EMM app from Google Play, enter corporate credentials, follow the setup wizard to complete.

(D) Clear all personal data from device, download EMM app from Play Store, follow the setup wizard to complete.

Module 4 – Deployment Best Practices Lesson 7 Let’s Review Answers

Q.1 – In order to gain user buy in for work profiles, explain to users that IT cannot monitor ____________ . (select all that apply)

(A) Call Logs

(B) SMS

(C) Personal App Installs

(D) Personal Photos

Q.2 – True or false: During deployment planning, it is important to determine scope of testing and timelines for different stages of the deployment.

(A) True

(B) False

Q.3 – _____________ establishes best practices and common requirements for devices and services, backed by a thorough testing process conducted by Google.

(A) Zero-touch

(B) Android Enterprise Recommended

(C) Managed Google Play

(D) Android profiles

Q.4 – Before deploying Android in a no connectivity environment, you should strongly consider:

(A) Android Enterprise devices must be able to access the Managed Google Play store to get apps and updates, and Google Play Protect security services.

(B) Android Enterprise devices require special permissions and policies to run in such environments

(C) The devices running in these environments must be running Android Oreo (8.0) or higher

(D) None of the above

Android Enterprise Professional Post-Assessment

Q.1 – Restricting applications from communicating directly to each other is an example of what Android security principle:

(A) Verified Boot

(B) Safety Net

(C) Application Sandboxing

(D) Address Space Layout Randomization (ASLR)

Q.2 – Google Play Protect scans ___________ apps that are installed onto a device:

(A) Only Google Play store

(B) All

(C) Only sideloaded

(D) Third party

Q.3 – Google recommends which of the following methods to securely manage, deploy or host in-house company applications?

(A) Sideloading

(B) Android admin console

(C) Zero Touch Portal

(D) Managed Google Play Store

Q.4 – During the ____________ process, each bootstage cryptographically verifies the integrity and authenticity of the next stage before executing it.

(A) Verified Boot

(B) Kernel checking

(C) Hashtagging

(D) System check

Q.5 – The identity method that is preferred for G-Suite customers is referred to as:

(A) Managed Google Play Account & Gmail

(B) Managed Google Account

(C) EMM Enhanced Account

(D) Gmail

Q.6 – How many Managed Google Play accounts can a customer get for free from Google for use with their EMM?

(A) As many as needed

(B) 5

(C) 20

(D) 35

Q.7 – Please select the most accurate statement as it pertains to Managed Google Play accounts:

(A) Managed Google Play accounts are quick and easy to claim and require organizations to register their actual name with Google

(B) Managed Google Play accounts are easy to claim but require a 1 week approval period from Google

(C) Managed Google Play accounts are quick and easy to attain obfuscated identities that can be claimed for as many users as needed

(D) Manage Google Play accounts provide end users with identities that allows them to sign in to Google services such as G-Suite

Q.8 – The newest enrollment method with the launch of __________ is ___________:

(A) Android P, Fast Touch

(B) Android O, Zero Touch

(C) Android N, Easy Scale

(D) Android M, Managed Deployment

Q.9 – ________________ can add IMEI or serial numbers to the Zero Touch portal.

(A) End-Users

(B) Resellers

(C) Resellers and carrier partners

(D) Customers

Q.10 – The following enrollment methods are supported with Android Enterprise:

(A) NFC

(B) QR Code

(C) Zero-Touch

(D) All of the above

Q.11 – Managed Google Play provides organizations complete control over app visibility and distribution by:

(A) Allowing whitelisting and silent app push

(B) Providing application user data to admins

(C) Easy sideloading of select apps

(D) Making full Google Play store available to all user

Q.12 – Some of the advantages of hosting private apps on Managed Google Play are:

(A) Application scanning, delta upgrades, free app hosting

(B) Security, cross platform application support and competitive pricing

(C) Security, easy administration and being able to host apps from any platform

(D) Hosting private apps on Google Play is not recommended

Q.13 – ___________ is a collection of Google applications and APIs that help support functionality across devices and a requirement for Android Enterprise.

(A) Android Managed Services (AMS)

(B) Google Mobile Services (GMS)

(C) Android Compatibility Services (ACS)

(D) Compatibility Test Suite (CTS)

Q.14 – As it pertains to shared device use cases, support for _____________ was added in Android Pie (9.0) kiosk mode.

(A) Work profile

(B) Multiple containers

(C) Multiple Apps

(D) Multiple DPC’s

Q.15 – When enrolling devices using the NFC method, organizations can use __________ to transfer configurations to a new device:

(A) Either a pre-programmed master device or NFC tag

(B) A pre-programmed master device

(C) Only a pre-programmed NFC tag

(D) Android Enterprise does not support NFC enrollment

Q.16 – Devices with a work profile differentiate work apps from personal apps by a:

(A) Badged hashtag

(B) Badged dot

(C) Badged star

(D) Badged briefcase

Q.17 – As users are the first line of defense against any mobile threat, EMM’s can employ policies that can force:

(A) Verified Boot

(B) Strong PIN, pattern or password lock

(C) Continuous SMS and call monitoring

(D) Passphrase to recover lost email accounts

Q.18 – All Android OEM’s that opt to use Google Mobile Services (GMS) must adhere to a _________ and successfully pass ____________.

(A) Compatibility Definition Document (CDD), Compatibility Test Suite (CTS)

(B) Compatibility Definition Document (CDD), Android Test Suite (ATS)

(C) Enterprise Recommended Document (ERD) and Compatibility Test Suite (CTS)

(D) Compatibility Definition Document (CDD), Android Device Test (ADT)

Q.19 – Android Enterprise Recommended ensures devices are up to date with regular security patches delivered within _________. Android Enterprise Recommended devices are also guaranteed to get at least ______________.

(A) 45 days, 2 additional major OS updates

(B) 90 days, 1 additional major OS update

(C) 60 days, 1 additional major OS update

(D) 90 days, 2 additional major OS updates

Q.20 – Android devices utilize a __________, to run privileged or security-sensitive operations such as PIN verification, secure storage of encryption keys and Verified Boot.

(A) Tamper Resistant Zone

(B) Trusted Execution Environment

(C) Trusted Encryption Zone

(D) Secure Execution Environment

Q.21 – To make Android even safer, Google shares source code for security fixes every ______ days with partners and publish updates for Nexus and Pixel devices.

(A) 30

(B) 90

(C) 180

(D) Dessert release

Q.22 – What is the proper method a user should follow in order to add a work profile to their personal device?

(A) Clear all personal data from device, download EMM app from Play Store, follow the setup wizard to complete.

(B) Download EMM app from Google Play, enter corporate credentials, follow the setup wizard to complete.

(C) Hard reset the device, send it into IT department for set up, retrieve device when ready.

(D) Enroll device in Zero Touch portal, inform IT so they can configure, follow the setup wizard.

Q.23 – Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:

(A) Device Admin API’s have been marked deprecated and will eventually not be supported

(B) Device Admin API’s provided an outdated security model and management approach

(C) Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.

(D) All of the above

Q.24 – Before deploying Android in a no connectivity environment, you should strongly consider:

(A) Android Enterprise devices must be able to access the Managed Google Play store to get apps and updates, and Google Play Protect security services.

(B) Android Enterprise devices require special permissions and policies to run in such environments

(C) The devices running in these environments must be running Android Oreo (8.0) or higher

(D) None of the above

What is Android Enterprise Professional?

This assessment is conducted by Google Partner training through the Fathomed platform. This assessment tests your basic understanding of the Android Enterprise, what makes it so secure for use in businesses and enterprises, the available device modes, and the available use cases.

You need to score 80% or higher to pass and earn the certificate. The certificate is valid for a period of 12 months and if you fail in your first try then you can retake the exam immediately.

Exam Requirements

There are three main requirements for applying to this exam:

(1) You should own a Smartphone or Computer with an active Internet connection.

(2) You should have a free Google Account.

(3) You will need to register with a company email.

Course Modules of the Exam

There are a total of 4 modules on which you are tested in this exam.

(1) OS Platform and Security.

(2) Managed Google Play.

(3) Deployment.

(4) Deployment Best Practices.

Key Features Of This Exam

The main features of this course are:

(1) It is designed by Google itself so the information provided is of high quality.

(2) It provides a Certificate which has recognition in the job industry.

(3) A user has unlimited access to the exam and it’s totally free.

Conclusion

This article provides all the answers with a detailed explanation so that you don’t just get the correct answers but you actually understand the reason behind the answers. You can get the answers to other Android Enterprise Professional exams in our Android Enterprise Professional Pre-Assessment Answers page, and Android Enterprise Professional Post-Assessment Answers page.

You should also check out our answers to the Android Enterprise Associate exams in our Android Enterprise Associate Pre-Assessment Answers page, Android Enterprise Associate Post-Assessment Answers page, and Android Enterprise Associate Answers page. Also, don’t forget to check out the answers to Zero-Touch Assessment, Android Enterprise Security & Privacy Final Exam Answers page, and Android Enterprise Experts Certification Exam Answers page.