Android Enterprise Professional (Updated) Post-exam Answers 2021

Before you get to the answers below here are some facts about the exam.

Exam Name – Android Enterprise Professional Post-exam.

Total Questions and Passing Score – 50 Questions and the Passing score is 80%

Exam URL – https://googlepartnertraining.fathomed.com/plans/5d42f01fe922dc0907bc3227

Android Enterprise Professional Post-Exam Answers (New Updated Questions)

Contents of Article

1 Android Enterprise Professional Post-Exam Answers (New Updated Questions)
2 About Android Enterprise Professional Post-Assessment
3 Exam Requirements
4 Course Modules of the Exam
5 Key Features Of This Exam
6 Conclusion

Q.1 – Verified Boot has been on Android devices since version 4.4. Mark, an attacker, installs a custom bootloader on a stolen device with Android version 8. When it boots up, Mark sees an error on the screen that the device cannot boot. What is preventing the device from booting up?

(A) Mark needs to boot the device from safeboot by using hard buttons at boot time

(B) The root of trust stored in hardware does not match the newly installed bootloader

(D) Mark simply just needs to restart the bootloader one more time after installing

Q.2 – A customer has a requirement to enroll Android tablets with no carrier connectivity. Additionally, they do not want use an open WiFi with a simple pre-shared password for the enrollment. Is there a solution to help the customer?

(A) Tell the customer to use a QR code based provisioning method that can pass WIFI EAP credentials including Certificates.

(B) Tell the customer to upload their WiFi certificates to the Zero-Touch portal for automatic delivery during enrollment.

(D) Tell the customer that they must set up an open WiFi due to restrictions on how enrollment works.

Q.3 – What are the steps to setup Closed Testing track for your Enterprise applications?

(A) Assign your applications to your organization(s) for it to appear in Managed Google Play.

(B) Use the EMM to assign the testing app to the users.

(C) Assign it to countries/regions.

(D) Create a closed testing release, upload your APK file, and rollout.

Q.4 – Which deployment method is not supported for work profile company owned devices during initial setup?

(A) QR Code

(B) DPC Identifier

(D) NFC

Q.5 – Which two statements given here are correct regarding the Compatibility Test Suite (CTS)?

(A) The Compatibility Test Suite is a free, commercial-grade test suite that is used during device development and is designed to evaluate and reveal incompatibilities with the CDD.

(B) The CTS is only valid for modern Android devices and was designed to help ensure all devices were able to use Android Enterprise APIs.

(C) The Compatibility Test Suite is for application developers building financial apps to ensure they use approved SSL modules for connecting to servers.

(D) A valid CTS result must be maintained in order for a device to move to the next level, obtaining a Google Mobile Service (GMS) Certification and License.

Q.6 – What are some of the advantages of TLS 1.3 over previous versions? (Select 2)

(A) Prevents certificates signed with SHA1 hashes.

(B) It allows users to change their devices DNS settings.

(D) It’s up to 40% faster.

Q.7 – What are the provisioning options supported for company-owned devices during initial setup?

(A) QR Code

(B) Zero Touch

(D) None of the above

Q.8 – Who can use Managed Google Accounts?

(A) Organizations that use Cloud Identity or Google Workspace

(B) Organizations that use Google Workspace

(D) Organizations that use Cloud Identity

Q.9 – Which of the following is correct for Default update behaviour?

(A) Apps are updated when the device is:

– Connected to a Wi-Fi network

– User manually press update

– Not actively used

(B) Apps are updated when the device is:

– Connected to a Wi-Fi network

– Charging

– Not actively used

– Connected to a Wi-Fi network

– Charging

– At night time

(D) Apps are updated when the device is:

– At home based on GPS location

– Charging

– Not actively used

Q.10 – Mike, Head of Mobility Security at Bank Ltd, wants to disable all fingerprint authentication from devices. He believes that an image of the biometric data is extracted from the devices and stored in Google Cloud. Which of the following facts would you use to easy Mike’s concern? (Select 2)

(A) The device does not take an image of the print but a biometric model that then uses an algorithm to create a mathematical template.

(B) Fingerprint images are stored in a database on the users filesystem. That makes them inaccessible to Google.

(C) A biometric template cannot be copied to another device because it is signed with a device specific key when stored in the TEE.

(D) You assure Mike that it’s a common practice for all cloud companies to store biometric data for compliance.

Q.11 – After an internal review of a potentially compromised BYOD device, it’s determined that the user side-loaded a malicious app on the personal profile that harvested their contacts. Why was none of the data in the work profile accessible?

(A) Work profile sandboxing and app isolation prevented any access to the work data.

(B) The user detected unusual activity before the app had time to infect the work profile and turned off the phone.

(C) The IT admin noticed unusual activity in the personal profile and asked the user to bring IT the phone in for review.

(D) The device had a weak 4 digit device passcode policy so the app was able to access all information.

Q.12 – Identify the features of Managed Google Play Application Management.

(A) Managed Apps permission pre-acceptance

(B) Mandatory install and optional apps

(D) Allowlist – only IT approved apps are displayed

Q.13 – What are the identities that you can use for Managed Google Play?

(A) Managed Google Account

(B) Google Account

(D) Managed Google Play Account

Q.14 – Which of the following are NOT processes that the TEE performs? (Select 2)

(A) Lock screen passcode verification.

(B) Biometric template matching.

(D) Data loss protection.

Q.15 – Which of the following types of applications can you push to users from Managed Google Play?

(A) Public Applications

(B) Web Applications

(D) Private Applications

Q.16 – What are the three update modes available for Enterprise?

(A) Postponed

(B) High Priority

(C) Default

(D) Partial

Q.17 – Which of the following files do you upload to Managed Google Play while publishing a self-hosted application?

(A) .txt file that contains Application’s metadata

(B) .csv file that contains application’s metadata

(D) App’s JSON metadata file

Q.18 – Which of the following statements is incorrect about Private Applications?

(A) You can publish self-hosted private applications from Managed Play iframe or Custom App Publishing API.

(B) You can publish both Self-Hosted and Google Hosted private applications from Play Publishing console.

(C) You can test private applications with Closed Testing Track. However, it is only applicable for Google Hosted private apps.

(D) The easiest way to publish private application is from Managed Play iframe – upload .apk file and give it a title.

Q.19 – What is managed Google Play?

(A) It is an online gaming platform, where you can blocklist people you don’t like to play with.

(B) It is a generic application distribution platform that is available on any modern OS to distribute Enterprise Applications to any devices.

(C) It is an application distribution platform in Android for Enterprise, where the IT admin can manage and distribute public and private enterprise applications.

(D) It is the largest application distribution platform, where you can download and install an application on your Android devices.

Q.20 – Phone Ltd. is building a new device with Android 11. Which of the following accurately describes the steps needed for them to obtain a GMS license from Google?

(A) Download the source code from source.android.com, adhere to CDD, pass CTS, apply for GMS license.

(B) Download source code from source.android.com, adhere to AER requirements, pass CTS, apply for GMS license.

(D) Download source code from source.android.com, adhere to CDD, pass CTS, sideload GMS servers into the system.

Q.21 – What are some of the App management features of managed Google Play?

(A) Web app distribution

(B) App approval

(C) App permissions approval

(D) App distribution

Q.22 – What is AOSP?

(A) AOSP is an open source software stack owned by Google and supplied to the ecosystem for a wide array of devices with different form factors.

(B) AOSP is an open source OS that Google does not own.

(D) AOSP ensures Android Enterprise APIs are present in all OEM Android implementations.

Q.23 – The Source and Distribution platforms are the important aspects in deploying trusted applications. What aspects should you consider while deploying apps?

(A) Test your Applications on a trusted Platform: Google Play provides comprehensive Testing Track feature to ensure the app is working properly before it goes into production.

(B) Recognize the developers: Google Play identifies every single developer that publishes their apps through Google Play Store.

(C) Review the source-code: Reviewing the application source-code helps to check the details and identify what’s under the hood (what the application does).

(D) Install/distribute your applications only from trusted sources like Google Play: Installing an application from an unknown sources or sideloading leads into a serious security issue as such an application is vulnerable to compromise.

Q.24 – Which of the following statements is correct in relation to Testing Tracks for private apps?

(A) Open Track: Surface your app’s test version on Google Play. This is applicable for Public and Private Apps.

(B) All of above

(C) Internal Track: Quickly distribute your app for internal testing and quality assurance checks. This is applicable for Public and Private Apps. This is applicable for Public and Private Apps.

(D) Closed Track: Test pre-release versions of your app with a larger set of testers. You can assign this track to organization(s) for Google hosted private apps and publish it to Managed Google Play. This is applicable for Public and Private Apps.

Q.25 – Which of the following best describes Managed Configuration, one of the features introduced in Managed Google Play?

(A) Managed Configuration allows end-users to manage ‘the approved’ applications’ configurations by themselves without asking for the IT Admin permits.

(B) Managed Configuration is not a feature in Managed Google Play.

(C) Managed Configuration allows the IT Admin to set (and enforce) specific parameters in certain applications automatically. The configurable parameters are defined by the app developers.

(D) Managed Configuration is a set of configuration available in Managed Google Play for the IT Admin to control.

Q.26 – Which of the following could potentially be a Managed Google Account?

(A) it.admin@company.com

(B) it admin

(D) 807343127731897072334701702@android-for-work.gserviceaccount.com

Q.27 – What type of keystore implementation would prevent complicated forensic data extractions and analysis of lost or stolen devices for example, leaking information via power, timing, electromagnetic radiation, and thermal radiation examination?

(A) StrongBox.

(B) HeavyChip.

(D) SQLite SB.

Q.28 – Which statement most accurately describes the CDD?

(A) The CDD provides guidance on how to add Google Apps to an Android device and defines an easy path for application management.

(B) The CDD is an optional guide that contains best practices around building a device with Android.

(C) The CDD represents the ‘policy’ aspect of Android compatibility set by Google. It outlines the requirements a device must meet to be considered compatible.

(D) The CDD was developed by Google when Android was originally released and gets updated every 4 years.

Q.29 – How can an organization ensure applications are only installed from known trusted sources?

(A) Disallow unknown sources via policy using an EMM.

(B) Inform their employees not to install applications from locations other than the Google Play Store.

(D) Specify device unlock or work profile security challenge.

Q.30 – When can you use Managed Google Account?

(A) You need employees to have access to other Google services.

(B) You want it simple, easy, and immediately available.

(D) You are an existing Google Workspace user.

Q.31 – Excerpt from Helpdesk / User chat: User: I was searching for information about a project and a weird error in Chrome came up ‘Your device has Malware’ Helpdesk: You see this error on a webpage in Chrome? User: Yes Helpdesk: Did you get see a RED warning page in Chrome that it was not safe to continue? User: Yes, I thought it was ok since it gave me the option to proceed anyway. What Chrome policy can the admin set that would prevent this issue from occuring in the future? (Select 2)

(A) Disable Chrome in the work profle.

(B) Create a Terms of Service banner that tells users not to open suspicious websites.

(D) Set a managed configuration on Chrome to prevent users from disabling incognito mode.

Q.32 – Android uses Security Enhanced Linux (SELinux). What component of the SELinux kernel confines and reduces the impact of an exploited vulnerability to a single area?

(A) Security Domains.

(B) Secure memory blocks (SMB).

(D) System on a Chip (SoC).

Q.33 – Which of the following are suitable for the QR code provisioning method?

(A) Any device where users can log in using Gmail account information

(B) Scenarios where devices are distributed remotely and a programmer device is not available

(C) Devices that don’t support NFC

(D) All of above

Q.34 – Which is NOT an Android Enterprise Recommended program core requirement?

(A) It validates advanced features across multiple management sets.

(B) It demonstrates technical leadership.

(D) It ensures support for Device Admin support remains in tact for customers.

Q.35 – Identify the features that are related to Managed Google Play accounts.

(A) Easy to register and available immediately

(B) Obfuscated

(D) Auto Account provisioning upon EMM enrollment

Q.36 – What process provides strong proof that a certificate being presented to a server for authentication from an Android device was stored in hardware and has not been compromised or spoofed?

(A) Key Attestation.

(B) Verify Apps.

(D) Network Access Control services.

Q.37 – A customer tells you they are concerned their custom app could be tricked to use a fraudulent certificate that gets installed on their Android devices. What technology would you discuss with them?

(A) Certificate Binding

(B) File-Based Encryption

(D) Certificate Pinning

Q.38 – Which interface can you use to create and publish web apps into Managed Google Play?

(A) Play Publishing console Accessible from https://play.google.com/console

(B) Managed Play iframe Accessible from your EMM console

(D) All of above

Q.39 – Mary leaves her Android phone in a Cab. John, the cab driver, is a nefarious character and tries to break into the phone versus returning it. He tries to install a custom version of Android on the device to gain access to Mary’s data. What security principal would prevent this from instance?

(A) A work profile passcode (work challenge)

(B) Using Android Protected Confirmation

(C) Rollback protection

(D) Factory Reset Protection

Q.40 – What are the three ways to publish your enterprise applications in Managed Google Play?

(A) From Custom App Publishing API: Accessible from your own internal system upon integration

(B) From Play Publishing console: Accessible from https://play.google.com/console

(C) From Managed Play console: Accessible from https://play.google.com/work

(D) From Managed Play iframe: Accessible from your EMM console

Q.41 – How can you manage Testing Tracks for your Enterprise applications?

(A) From Custom App Publishing API: Accessible from your own internal system upon integration

(B) From Managed Play iframe: Accessible from your EMM console

(C) From Managed Play console: Accessible from https://play.google.com/work

(D) From Play Publishing console: Accessible from https://play.google.com/console

Q.42 – Which of the following features is not supported by Managed Google Play?

(A) Web Applications

(B) All of the above

(C) Paid Applications

(D) Private Applications

Q.43 – What are the benefits of Google-Hosted applications as opposed to Self-Hosted Applications?

(A) Enables managed security and infrastructure, including SSL/TLS implementation, prevent poor coding practice, no clear text password, Trademark infringement, and PHA detection.

(B) Supports sharing private apps up to 100 domains/Enterprises and Silent push feature.

(D) Global infrastructure with cached repository and Reduced Data consumption with delta update.

Q.44 – Can you use your Gmail account as a Managed Google Play identity?

(A) No, even though it’s technically possible, Google positioned Gmail only for consumer users.

(B) Yes, it is possible. However, it’s not recommended because of the advance setup and limitation against certain Managed Google Play features.

(D) Yes, Gmail is part of Managed Google Play account that you can use as an identity in Managed Google Play.

Q.45 – What are the steps to setup Managed Google Play?

(A) Binding Enterprise: An Organization ID is created automatically and bounded with EMM and Enterprise Service Account.

(B) Registration/Creation of Enterprise: IT creates a Gmail account (corp.it.admin@gmail.com) and uses it to register and create enterprise.

(D) Identity and User Mapping: During operation, EMM will automatically send commands to ESA to create Managed Google Play Accounts and map them to EMM user Accounts.

Q.46 – What are the two benefits that you would highlight for a customer looking to deploy applications via Managed Google Play?

(A) Prevents Admins from setting permissions to ensure app safety

(B) Allows Admins to create allow and block lists for public apps

(D) Removes the need for App wrapping

Q.47 – Identify the best practices for using Managed Google Play Accounts for administrative purposes.

(A) Setup two-factor authentication for increased security.

(B) Add additional owners to maintain redundancy.

(D) Create a new Gmail account and set a backup email on this account to a group in your IT department.

Q.48 – Android devices with an implementation of the Keymaster HAL that resides in a hardware security module use true random number generators (TRNG). What is one of the advantages TRNG has over pseudo-random number generators (PRNG)?

(A) TRNGs uses strong mathematical functions to secure key generation.

(B) TRNGs are better because they use external sources of information for entropy, such as electrical circuit noise.

(D) TRNGs are more efficient and use less battery power. This can help extend battery life considerably.

Q.49 – Anthony is approaching Customs in a foreign country and is immediately asked for his Android phone. What can Mike do very quickly to help secure his phone?

(A) Smash the phone on the floor

(B) Enable Lockdown Mode

(D) Perform a factory reset

Q.50 – Which of the following is a network consideration when deploying Android Enterprise?

(A) Traffic to Google endpoints should also bypass SSL inspection. SSL intercepted traffic to Google services are often interpreted to be man-in-the-middle attacks and are blocked.

(B) Enable an inbound traffic connection to the EMM server, because Google needs to verify the EMM environment and its availability.

(D) As long as the device and EMM can go to https://www.google.com it should be enough to satisfy the network requirements.

Q.51 – Restricting applications from communicating directly to each other is an example of what Android security principle:

(A) Verified Boot

(B) Safety Net

(C) Application Sandboxing

(D) Address Space Layout Randomization (ASLR)

Q.52 – Google Play Protect scans ___________ apps that are installed onto a device:

(A) Only Google Play store

(B) All

(D) Third party

Q.53 – Google recommends which of the following methods to securely manage, deploy or host in-house company applications?

(A) Sideloading

(B) Android admin console

(D) Managed Google Play Store

Q.54 – During the ____________ process, each bootstage cryptographically verifies the integrity and authenticity of the next stage before executing it.

(A) Verified Boot

(B) Kernel checking

(D) System check

Q.55 – The identity method that is preferred for G-Suite customers is referred to as:

(A) Managed Google Play Account & Gmail

(B) Managed Google Account

(D) Gmail

Q.56 – How many Managed Google Play accounts can a customer get for free from Google for use with their EMM?

(A) As many as needed

(B) 5

(D) 35

Q.57 – Please select the most accurate statement as it pertains to Managed Google Play accounts:

(A) Managed Google Play accounts are quick and easy to claim and require organizations to register their actual name with Google

(B) Managed Google Play accounts are easy to claim but require a 1 week approval period from Google

(C) Managed Google Play accounts are quick and easy to attain obfuscated identities that can be claimed for as many users as needed

(D) Manage Google Play accounts provide end users with identities that allows them to sign in to Google services such as G-Suite

Q.58 – The newest enrollment method with the launch of __________ is ___________:

(A) Android P, Fast Touch

(B) Android O, Zero Touch

(D) Android M, Managed Deployment

Q.59 – ________________ can add IMEI or serial numbers to the Zero Touch portal.

(A) End-Users

(B) Resellers

(C) Resellers and carrier partners

(D) Customers

Q.60 – The following enrollment methods are supported with Android Enterprise:

(A) NFC

(B) QR Code

(D) All of the above

Q.61 – Managed Google Play provides organizations complete control over app visibility and distribution by:

(A) Allowing whitelisting and silent app push

(B) Providing application user data to admins

(D) Making full Google Play store available to all user

Q.62 – Some of the advantages of hosting private apps on Managed Google Play are:

(A) Application scanning, delta upgrades, free app hosting

(B) Security, cross platform application support and competitive pricing

(D) Hosting private apps on Google Play is not recommended

Q.63 – ___________ is a collection of Google applications and APIs that help support functionality across devices and a requirement for Android Enterprise.

(A) Android Managed Services (AMS)

(B) Google Mobile Services (GMS)

(D) Compatibility Test Suite (CTS)

Q.64 – As it pertains to shared device use cases, support for _____________ was added in Android Pie (9.0) kiosk mode.

(A) Work profile

(B) Multiple containers

(C) Multiple Apps

(D) Multiple DPC’s

Q.65 – When enrolling devices using the NFC method, organizations can use __________ to transfer configurations to a new device:

(A) Either a pre-programmed master device or NFC tag

(B) A pre-programmed master device

(D) Android Enterprise does not support NFC enrollment

Q.66 – Devices with a work profile differentiate work apps from personal apps by a:

(A) Badged hashtag

(B) Badged dot

(D) Badged briefcase

Q.67 – As users are the first line of defense against any mobile threat, EMM’s can employ policies that can force:

(A) Verified Boot

(B) Strong PIN, pattern or password lock

(D) Passphrase to recover lost email accounts

Q.68 – All Android OEM’s that opt to use Google Mobile Services (GMS) must adhere to a _________ and successfully pass ____________.

(A) Compatibility Definition Document (CDD), Compatibility Test Suite (CTS)

(B) Compatibility Definition Document (CDD), Android Test Suite (ATS)

(D) Compatibility Definition Document (CDD), Android Device Test (ADT)

Q.69 – Android Enterprise Recommended ensures devices are up to date with regular security patches delivered within _________. Android Enterprise Recommended devices are also guaranteed to get at least ______________.

(A) 45 days, 2 additional major OS updates

(B) 90 days, 1 additional major OS update

(D) 90 days, 2 additional major OS updates

Q.70 – Android devices utilize a __________, to run privileged or security-sensitive operations such as PIN verification, secure storage of encryption keys and Verified Boot.

(A) Tamper Resistant Zone

(B) Trusted Execution Environment

(D) Secure Execution Environment

Q.71 – To make Android even safer, Google shares source code for security fixes every ______ days with partners and publish updates for Nexus and Pixel devices.

(A) 30

(B) 90

(D) Dessert release

Q.72 – What is the proper method a user should follow in order to add a work profile to their personal device?

(A) Clear all personal data from device, download EMM app from Play Store, follow the setup wizard to complete.

(B) Download EMM app from Google Play, enter corporate credentials, follow the setup wizard to complete.

(D) Enroll device in Zero Touch portal, inform IT so they can configure, follow the setup wizard.

Q.73 – Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:

(A) Device Admin API’s have been marked deprecated and will eventually not be supported

(B) Device Admin API’s provided an outdated security model and management approach

(C) Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.

(D) All of the above

Q.74 – Before deploying Android in a no connectivity environment, you should strongly consider:

(A) Android Enterprise devices must be able to access the Managed Google Play store to get apps and updates, and Google Play Protect security services.

(B) Android Enterprise devices require special permissions and policies to run in such environments

(D) None of the above

About Android Enterprise Professional Post-Assessment

This assessment is conducted by Google Partner training through the Fathomed platform. This assessment tests your basic understanding of the Android Enterprise, what makes it so secure for use in businesses and enterprises, the available device modes, and the available use cases.

This exam consists of a total of 50 questions and there is no time limit to complete the exam. Once, you select and save an answer, you can go back and edit your answer. You need to score 80% or higher to pass and earn the certificate. The certificate is valid for a period of 12 months and if you fail in your first try then you can retake the exam immediately.

Exam Requirements

There are three main requirements for applying to this exam:

(1) You should own a Smartphone or Computer with an active Internet connection.

(2) You should have a free Google Account.

(3) You will need to register with a company email.

Course Modules of the Exam

There are a total of 4 modules on which you are tested in this exam.

(1) OS Platform and Security.

(2) Managed Google Play.

(3) Deployment.

(4) Deployment Best Practices.

Key Features Of This Exam

The main features of this course are:

(1) It is designed by Google itself so the information provided is of high quality.

(2) It provides a Certificate which has recognition in the job industry.

(3) A user has unlimited access to the exam and it’s totally free.

Conclusion

This article provides all the answers with a detailed explanation so that you don’t just get the correct answers but you actually understand the reason behind the answers. You can get the answers to other Android Enterprise Professional exams in our Android Enterprise Professional Pre-Assessment Answers page, and Android Enterprise Professional Answers page.

You should also check out our answers to the Android Enterprise Associate exams in our Android Enterprise Associate Pre-Assessment Answers page, Android Enterprise Associate Post-Assessment Answers page, and Android Enterprise Associate Answers page. Also, don’t forget to check out the answers to Android Enterprise Architecture and Implementation, Zero-Touch Assessment, Android 11 Assessment, Android Mobile Certification, and Android Support Engineer Assessment, Android Enterprise Security & Privacy Final Exam Answers page, and Android Enterprise Experts Certification Exam Answers page.