Android Enterprise Expert Certification Exam Answers

This file contains all possible real exam questions with 100% correct and verified answers. Free updates included. Save your time.





Below you’ll find some selected questions from the latest real certification exam. You can get an idea about the exam format and prepare for it smarter. Need all exam questions with answers? Consider downloading our file.

“A few years ago Google initiated Project Treble to further improve how Android was updated and secured. Which of the following statements correctly describes how Project Treble contributes to device security?”

  • Project Treble is a form of encryption for work profiles.
  • Project Treble reduces the number of processes that can access the SoC to three so that they are checked for integrity before executing.
  • Project Treble separates device specific software from the OS, making it easier to update the OS, so that devices benefit from security updates quicker.
  • Project Treble randomizes key locations in memory, meaning that exploits cannot be reused.

How do you create allowlist for public applications into your organization?

  • From Managed Play iframe, accessible from your supported EMM Console
  • Sideload before enrolling in EMM
  • From Managed Play Publishing Console
  • All of the above

“Android provides flexibility to the ecosystem, which allows OEMs to build exclusive features on top of what Android provides. For example, ABC mobile is an OEM that has developed specific enterprise features built-in to the device, to differentiate their devices from another brand. However, one of the key challenges is the need for other ecosystem partners (like EMMs) to integrate these features, so they can be managed by the IT Admin (customer). What requirements need to be fulfilled by the OEM and/or the other ecosystem partners to address this challenge?”

  • ABC Mobile as an OEM needs to develop this feature with OEM config. With that, their features will be immediately available on every EMMs that supports managed configurations.
  • ABC Mobile as an OEM needs to build APIs for EMM providers to develop and integrate with their software before Enterprise customers are able to use it. The availability of this feature varies depending on the EMM provider’s integration.
  • ABC Mobile as an OEM can’t create exclusive features, if they want to create a new feature, they have to submit a feature request to Google. Once it is approved ,Google will make it available in all Android Devices.
  • ABC Mobile as an OEM has to be part of Android Enterprise Recommended program before they can create any exclusive features. Android Enterprise Recommended allows OEMs to use OEM Config features that Android Enterprise offers.

“Nicky explains that Android is flexible and there are a few options for enterprises to host and publish their corporate applications on managed devices with managed Google Play. Which one of the following hosting and publishing methods are NOT supported by managed Google Play?”

  • Side-loaded by a business website.
  • Self hosted private apps on a business server.
  • Publish public applications.
  • Google-hosted private apps.

“Tomoka, the IT consultant, is explaining to one of their customers that starting from Android 10, Android devices must use File Based Encryption and are no longer able to use Full Disk Encryption, File Based Encryption provides better security capability. Do you know how File Based Encryption works?”

  • All of the answers above (A, B and C) are correct.
  • “File Based Encryption allows different components in Android to be encrypted with different keys. This allows the work profile key to be ejected from memory while the personal profile is still in use.”
  • File Based Encryption allows IT admin to separate the encryption key from the device. The IT Admin can put the encryption key in their private cloud and let devices access the encryption key in the cloud before they can use the device.
  • File Based Encryption allows an IT Admin to modify the encryption key and save it in a unique location in the file system, making it difficult for the attacker to find the key.

“A customer is asking about blocking applications installation policy on Android devices. Which is the best answer pertaining to the blocking application policy?”

  • EMM can use PersonalApplicationPolicy from Google Play EMM API to block applications installation in main profile (personal space), this is only applicable for company owned devices with work profile management mode.
  • EMM can use PersonalApplicationPolicy from Google Play EMM API to block applications installation in work profile, this is applicable for company owned devices with work profile management mode or BYOD model.
  • EMM can use PersonalApplicationPolicy from Android Management API to block applications installation in main profile (personal profile), this is only applicable for company owned devices with work profile management mode.
  • EMM can use PersonalApplicationPolicy from Android Management API to block applications installation in work profile, this is only applicable for company owned devices with work profile management mode or BYOD model.

“Gathering data is one of the crucial steps that provides useful information for the IT Admin. Which data source provides the IT Admin with the device make/model, a list of apps on the device, app permissions and network information?”

  • Bug Report
  • Application log
  • Interview the user
  • Logcat

An Independent Software Vendor (ISV) has developed and distributed a private application to multiple customers. They are now in the process of distributing the application to an additional customer, but they are unable to. What could be causing this?

  • To further distribute a private app the majority (75%+) of currently targeted devices need to be running the latest version of the app.
  • They have hit the limit of 1000 customers using one private app.
  • To further distribute a private app the majority (50%+) of currently targeted devices need to be running the latest version of the app.
  • They have hit the limit of 75 customers using one private app.

Let’s take a look at this log: -. Search and find information about Google Messages application in the given log. Which one below is CORRECT information about Google Messages application from the given log? Copy and paste this URL in your browser to open the bug report -

  • The application not allowed to send SMS
  • The application is installed in Personal Space but it is hidden
  • The application is not installed in Work Profile
  • The package name of the Google Messages application is: com.google.android.apps.dynamite

What is “user 10” from the Android bug report log?

  • It is the 10th user account in the device
  • It is the Main Profile
  • It is the 11th user account in the device
  • It is the Work Profile


Passing exams is not a workout. Multiple attempts won’t make you stronger.

Save your time with our answer-sheets. Get certified in minutes.



“Acme inc. needs one of their applications to be able to communicate across work profile boundaries, they heard that Google has released this feature recently, however they are not sure about the minimum OS version that supports this feature. As the solution consultant, would you be able to tell Acme inc. what is the minimum OS version that supports this feature?”

  • Android 9
  • Android 12
  • Android 11
  • Android 10

“Let’s take a look at the following log snippet:

Build: PQ3A.190801.002
Build fingerprint: 'google/taimen/taimen:9/PQ3A.190801.002/5670241:user/release-keys'
Bootloader: TMZ20r
Radio: g8998-00008-1902121845
Network: (unknown)
Kernel: Linux version 4.4.169-g09a041b17c60 (android-build@abfarm700) (Android clang version 5.0.300080 (based on LLVM 5.0.300080)) #1 SMP PREEMPT Wed Jun 5 22:23:19 UTC 2019

Which of the following statements is CORRECT, based on the log snippet above?”

  • This device is running Android 5.0.30080
  • “Network: (unknown) That means: this device is broken”
  • The device was manufactured in 2019
  • This device is running Android 9

Users are reporting that they cannot connect to their company’s WiFi. Which of the following pieces of information should be collected to eliminate the “Set device policies” watchpoint?

  • The model of the device, because it may not support that WiFi network
  • The EMM being used, because it may not support setting WiFi configurations
  • The users home SSID to ensure there is no conflict
  • The WiFi configuration set, because it may be incorrect

A new customer is looking to enroll dedicated devices running Android 7.0. Which methods of provisioning could they use to enroll the devices? Select the three correct answers.

  • NFC
  • QR Code
  • Zero-touch
  • EMM Identifier
  • ensure_verify_apps, no_user_switch, no_usb_file_transfer
  • no_uninstall_apps, no_system_error_dialogs, no_sms
  • no_share_location, no_set_wallpaper, no_safe_boot
  • no_config_cell_broadcasts, no_add_managed_profile, no_config_wifi
  • EMM
  • Reseller/carrier
  • OEM
  • Customer’s procurement team

A customer reaches out to you with a specific set of requirements for their device management. They have requested your help selecting an EMM. What Android resources would you leverage to help them finding the EMM that best fits their needs?

  • Compatibility Definition Document (CDD)
  • Enterprise Solutions Directory and Android Enterprise feature list
  • Android Enterprise terminology documentation and Solutions glossary
  • developer.android.com

Skyline LTD is an Microsoft 365 customer, who is looking to deploy 1000 devices on Android Enterprise. You need to advise them on the best choice of identity model before they can move forward with their deployment. What identity model would you recommend, according to Google best practices?

  • Google Accounts
  • Managed Google Play Accounts
  • A 3rd party identity model provider that is compatible with Microsoft 365
  • Recommend that the end users create their own accounts

Users are reporting that Gmail won’t sync mail from their Microsoft Exchange account. What could be the cause of this?

  • The users’ EMM may not support managed configurations
  • EAS 16 may not be supported on an older device
  • The QR code used to enroll the device may have an expired enrollment token
  • The value set for the Exchange server may be wrong
  • Delete any user identifiable data from the bug report, then share it with your EMM provider
  • Upload the bug report to a cloud storage provider and share it with individuals who need access to the content
  • Email the bug report to Google support
  • Do a screensharing session to show the EMM provider the bug report
  • Use of the camera has been blocked
  • Barcode Scanner requires a Google Account, and the device is using a Managed Google Play Account
  • Barcode Scanner is not installed
  • The device is not being managed

Your customer has a newer version of one of their private apps, and they would like to test the updated version with a small group of users (<100) before a full rollout. What is the best way for them to test the newer version of the application?

  • Upload the app with two different application IDs and share one of them with the test group only
  • Temporarily change restriction on the devices of the test group to allow them sideloading the app for testing
  • Ensure you upload the updated application via an EMM that has integrated the iFrame. This will enable version control within the EMM console allowing you to target the device(s) you wish the latest version to be installed to
  • Create an internal or closed test track in the developer Play Console and invite a subset of users to test this version

Your customer is planning their migration from Device Admin to Android Enterprise, and they have some questions around VPN configuration. Which of the following is one advantage that Android Enterprise has over Device Admin when configuring a VPN?

  • In using Device Admin you can leverage app wrapping to push any VPN configuration to your app
  • There is no fundamental difference in the way that VPN are configured
  • In Android Enterprise, you can leverage Managed Configurations to push VPN configurations
  • Device Administrator offers an easier path to integration for EMMs

You’re an IT admin, and you want to initiate the trial of an app developed by an Independent Software Vendor (ISV). What identifier must be provided to the ISV for them to grant access to the application within your company’s managed Google Play?

  • User ID
  • Android device ID
  • Organization ID
  • IMEI

A VPN provider is looking to offer better support for their Android customers who are migrating from Device Administrator to Android Enterprise. Their customers have previously been complaining that their application has not been receiving the configurations to resolve the VPN host. What is Google’s suggested best practice to support this functionality?

  • Externally readable ini file
  • Managed configurations via managed Google Play
  • Insert the VPN configuration as part of DPC extras
  • Configure it within the WiFi details for NFC bump

Your customer would like to enroll several hundred Nexus 6P devices as fully managed as quickly as possible. These devices run Android 6.0 out of the box. Which of the following enrollment methods would you recommend the customer use to complete provisioning as quickly as possible?

  • Zero-touch enrollment
  • EMM Identifier
  • NFC provisioning
  • QR code provisioning

An IT Admin notices that enrollment consistently fails when updating Google Play services over Wi-Fi. This issue occurs during deployment, on a variety of different devices. The Admin notes that when the devices are on cellular data, enrollment is successful. What next step would you take to try to resolve this issue?

  • Disable all SSL inspection on the network
  • Check that all required ports are open in the firewall
  • Check the ADB logs on one of the affected devices
  • Check that managed configurations on Google Play services are set up correctly
  • Add the applications that should go through the VPN to the allowlist
  • Assign managed application configurations to the applications on the denylist with policies to prevent use of the VPN
  • Block traffic to and from the app on the local network
  • Create a work profile on the fully managed device and route all traffic through the whole work profile

Users are reporting an issue on their devices. You ask your customer to pull some logs from an affected device, but their device policy is preventing them from capturing the requested logging. Which of the following policies enables/disables a user’s ability to generate Android bug reports?

  • DISALLOW_TROUBLESHOOTING_TOOLS
  • DISALLOW_DEBUGGING_FEATURES
  • ENABLE_ADB_DEBUG
  • FREE_THE_LOGS

Users are reporting that they are seeing the consumer Play Store on their fully managed work devices. Which of the following would be valid troubleshooting steps for this issue? Select the two answers that apply.

  • Verify that the EMM is still bound to the user’s company
  • Verify that the IT admin has uploaded the company’s apps to the Google Play Developer Console
  • Ensure that the IT admin has set an application allowlist instead of allowing an open Play Store
  • Ensure that the IT admin has set the correct managed configuration for the Google Play Store

Some users are complaining that they cannot add their personal Gmail account to their fully managed devices. Why might this be the case?

  • Android Enterprise only supports company Gmail accounts
  • Gmail app is not updated to the latest version
  • Adding personal accounts is disabled as per company policy
  • Android Enterprise only supports one account per Google application

Your EMM, who uses a Custom DPC, doesn’t have a settings toggle that you notice has been available since 7.0 as per the developer documentation. What is the best next step to get access to that feature?

  • Raise a feature request with the EMM to support the toggle
  • Speak to your OEM to bring support for the toggle within their OEM Config application
  • Raise the request with Google
  • Create a small app yourself using the developer documentation and toggle it via app config

Your customer has previously been using a containerized solution on Device Administrator, and they are planning their migration to Android Enterprise. One of the customer requirements, coming from their IT team, is to set and enforce a security challenge for their BYOD users within the work profile that is separate and has different requirements from the device security challenges. Taking into account this requirement, what would you recommend?

  • Recommend the IT Team that they only support BYOD on devices running Android 6.0+
  • Recommend the organisation instead deploy fully managed devices with work profile, as this Android Enterprise feature is only supported in this management mode
  • Recommend the IT Team that they only support BYOD on devices running Android 5.1+
  • Recommend the IT Team that they only support BYOD on devices running Android 7.0+
  • YouTube, Docs, Chrome
  • Sheets, Gmail, Files by Google
  • Dropbox, Translate, Skype
  • Keep, Slides, Earth

One of your customers is concerned about security on their Android devices, specifically in regards to key generation, key import, signing & verification services. Which of the following security features of Android can you leverage as a good starting point for your conversation?

  • Verified Boot
  • Rollback Prevention
  • Application Sandboxing
  • Trusted Execution Environment

Some users are reporting that they cannot connect to the corporate WiFi. You notice in your EMM console that your WiFi certificate has failed to install on the affected devices. What might be the cause of this?

  • The EMM DPC has a pending update
  • Device passcode has not been set
  • The device has a pending update
  • Device is unable to see the SSID the certificate is trying to validate against

One of your customers is reporting that a subset of their devices is not getting provisioned correctly through QR code. You need to help them troubleshoot this issue. Which of the following areas should you look into when troubleshooting a provisioning issue? Select the two correct answers.

  • Set device policies
  • Provision device
  • Select OS version/device
  • Set managed config
  • no_add_user, no_autofill, no_config_credentials
  • ensure_verify_apps, no_bluetooth_sharing, no_install_unknown_sources
  • no_config_location, no_config_vpn, no_content_suggestions
  • no_cross_profile_copy_paste, no_debugging_features, no_unified_password

What are the benefits of using Android Enterprise over Device Admin? Select the two correct answers.

  • If you choose Android Enterprise, you get free Google Cloud storage
  • Android Enterprise offers more flexible provisioning methods over Device Admin
  • Android Enterprise supports application configuration
  • Android Enterprise offers customers free technical support direct from Google

What is one of the advantages of an OEM leveraging ‘OEMConfig’ for application development? Select the correct answer.

  • OEMConfig allows all OEMs access to vendor APIs
  • OEMConfig is supported by all EMMs
  • OEMConfig allows OEMs to address customer needs without requiring 3rd party developer support
  • OEMConfig can be distributed to devices without having to go through managed Google Play

Your customer is reporting that users can enable Bluetooth, despite having set a company-wide policy that should disable Bluetooth. Which of the following would you choose to troubleshoot this policy issue? Select the two correct answers.

  • Select OS version/device
  • Set managed config
  • Provision device
  • Set device policies

You’re provisioning dedicated devices, and notice that lock task mode policy is failing to apply on a subset of them. Which of the following tools would it be appropriate to use to troubleshoot the problematic devices?

  • Android Management API Colab
  • Test DPC
  • Android Management Experience
  • EMM console

A customer has developed a private application that is targeting API level 23 (Android 6.0). What will be the expected behaviour when they attempt to upload their app to Google Play?

  • Assuming there are no security issues with the app, it will be allowed on Play and can subsequently be whitelisted for the enterprise
  • The application will be allowed on Play but will only be displayed for Android 6.0 devices and lower in the Play Store
  • The application will be rejected because apps uploaded to Google Play need to target a minimum API level 29 from August 2020
  • The application will be allowed on Google Play but will show a warning about using deprecated APIs on Android 8.0 devices and higher

A customer is uploading a new application to Google Play and wants to reuse the Application ID of another unlisted app. What is the expected behavior?

  • Google Play will silently replace the old application with the new application
  • As long as the old app is unlisted, Google Play will allow upload of the new app, which reuses the same Application ID
  • Google Play will automatically generate a new Application ID and allow the app to be uploaded
  • The application will be rejected because Google Play only allows a single instance of an Application ID

Your customer is reporting that some users can enable Bluetooth, despite having set a company-wide policy that should disable Bluetooth. Referring to the UserManager developers’ documentation, in which version of Android was support for disabling Bluetooth introduced?

  • 9.0
  • 8.0
  • 7.0
  • 6.0

Users reported that an app is crashing when launched from the work profile. What two pieces of information are critical to collect when escalating to the app developer?

  • Application ID and bug report
  • Enterprise ID and User ID
  • Identity model (Google Account vs Managed Google Play Account) and bug report
  • Enterprise ID and Application name

Your customer is reporting that applications on a group of their devices are not updating consistently. You want to advise them on Android best practices around managing app updates from the Play Store. Which of the following are two of the default guidelines for updates to happen promptly? Select the two correct answers.

  • Devices are charging
  • Devices on a secure WiFi (WPA2 and above)
  • Devices are connected to a Wi-Fi network
  • Location services must be turned on

Your customer wants to ensure that their corporate browser always goes through VPN, but at the same time, they want to implement the best configuration to reduce unnecessary traffic over the corporate VPN. What VPN configuration would best fit the customer’s specific requirements?

  • Always-On VPN
  • Per-Profile VPN
  • User-Initiated VPN
  • Per-App VPN

Your customer is provisioning devices via zero-touch enrollment deploying multiple configurations. They report that a group of devices is not enrolling automatically into their EMM, while other devices have enrolled successfully. You have already confirmed that the devices are listed in the zero-touch console. The end-user reports seeing an EMM-branded screen on the device, but is unable to login. What would be the next troubleshooting step you would advise?

  • Check that the DPC extras are correct according to the EMM
  • Re-upload the devices in the zero-touch console
  • Go to admin.google.com and remove the domain binding to their EMM
  • Go to their EMM console, remove and add the binding to the Managed Google Play account

An OEM is looking to build new devices that will support a large enterprise customer, who wants to be able to leverage Android Enterprise functionality to manage their devices. What is the minimum requirement they need to comply with to support Android Enterprise?

  • Google Mobile Services (GMS) Certification
  • Android Enterprise Recommended
  • Frequent Security Patches
  • Android Open Source Project (AOSP)

You are uploading an APK via the managed iFrame, the APK uploads successfully. You go to the managed Play Store, the next day, to begin the app distribution process only to find the app removed from the store. What would be the reason for this?

  • The APK is unsigned
  • The application ID is incorrect
  • The APK exceeds the maximum file size limit allowed
  • Google Play Protect detected this as a potentially harmful app

Which API can EMMs use to deploy apps via Managed Google Play? Select the two answers that apply.

  • Firebase Management API
  • App Engine Admin API
  • Android Management API
  • Google Play EMM API

A customer reported that their applications are not being installed silently on their users’ devices. Which of the following troubleshooting areas should you consider when working on an “application install” issue? Select the two correct answers.

  • Configure provisioning
  • Approve/assign apps
  • Provision device
  • Create/sync users or groups
  • Docs, Translate, Keep
  • Chrome, Gmail, YouTube
  • Calendar, Quicksearchbox, Camera
  • Documents UI, Messaging, HTML Viewer

You are planning the staging of a large quantity of devices prior to distributing them to their final destination. Which of the following items should you be wary of when staging a large number of devices in one space?

  • Network bandwidth
  • Charging points for all of your devices
  • Devices on the latest version of Android
  • Location services will be enforced

Your customer is deploying devices that will be used at a university. One of the requirements is to monitor traffic for unauthorized content. They wish to implement SSL inspection to fulfill this requirement. What would be your recommendation based on Google’s best practices?

  • The customer can use any SSL proxy solution out of the box, as none of them will interfere with their Android deployment
  • The customer can configure SSL inspection, as long as traffic to Google services bypasses the proxy
  • The customer should configure traffic on ports other than 443 to bypass the proxy
  • The customer should configure all traffic to hosts connecting on port 443 to bypass the proxy

An Independent Software Vendor (ISV) has developed a private app for your customer. They uploaded it through the Google Play developer console, but your customer does not see it in their managed Google Play store. After doing some troubleshooting, you realize that the ISV has not correctly assigned the app in the Google Play console. Which of the following identifiers should you provide to the ISV so that they can assign the app correctly?

  • Organization ID
  • Device ID
  • Company ID
  • User ID

Your customer is deploying Android Enterprise on their Android 11.0 devices. They are in the process of testing their private apps on the new devices, and one of their applications is throwing exceptions. The same application appears to work correctly on Android 8.0 devices. How would you explain this behavior?

  • The application has not been coded towards the correct API level
  • The application package name is not compatible with Android 11.0
  • The application has not passed the security checks for Android 11.0
  • They need to install an older version of the application then upgrade it

Your customer is trying to enroll Pixel 3 phones using zero-touch enrollment. Despite the device having an active connection to WiFi or data, the DPC isn’t downloading. Which is the appropriate troubleshooting step to take next?

  • Verify that the IMEIs in the zero-touch portal match the phones they are using
  • Verify that the users have been correctly configured on the EMM console
  • Verify the DPC Extras are complete and correct
  • Verify that the device is running Android 7 or above

One of your users is experiencing issues with their device. As their IT Admin, you need to retrieve the logs from the affected devices to troubleshoot this issue. Which one of the following approaches should you take, according to Google’s best practices?

  • Download a “log retriever” application, then email the logs to yourself
  • Plug the device into a computer and retrieve the logs by running adb bugreport in a terminal
  • Go into developer mode on the device, and download the logs to the device internal storage
  • Factory reset the device and restore the user configuration to verify if the issue persist

What section of a bug report tells you if there is a work profile on the device?

  • Combined logs
  • Raw Bug report
  • DUMP OF SERVICE (account or device_policy)
  • Packages:

Which of the following is a reason to choose Android Enterprise over Device Admin?

  • Device Admin is deprecated, and the associated APIs are being progressively removed
  • Android Enterprise has the ability to push apps to enduser devices, while this cannot be achieved when using Device Admin
  • Android Enterprise is comparable to Device Admin and there is no reason to choose one over the other
  • Devices can migrate over to Device Administrator from Android Enterprise in the future should IT Admins change their mind on the management type

What API level corresponds with Andorid 11.0?

  • API level 30
  • API level 20
  • API level 27
  • API level 34

What is Fully Managed Device management mode?

  • It is a management mode for Company Owned Device use-case, and the deployment can be done only from Zero-touch enrollment.
  • It is a management mode for BYOD use-case, and the deployment can be done from one of these methods: QR Code, Zero Touch, DPC Token and NFC
  • It is a management mode for Company Owned Device use-case, and the deployment can be done from one of these methods: QR Code, Zero Touch, DPC Token and EMM client enrollment from Google Play Store
  • It is a management mode for Company Owned Device use-case, and the deployment can be done from one of these methods: QR Code, Zero Touch, DPC Token and NFC

“An in-house software developer of a company created two separate applications for two different purposes: User Acceptance Test (UAT) and a Production version. They need to publish the UAT version to a separate group of people within the organization, and there is no requirement for them to test the UAT and production version at the same time/side-by-side in the same device. They uploaded both applications in managed Google Play so their users can choose/install the version that they want. Do you think this is the best approach to test and publish applications in Managed Google Play?”

  • No, the Developer should use the closed testing track feature to test their application before promoting it to production.
  • Yes, there will be two different versions of the application with the same package name, the IT Admin can assign each of the versions to different users accordingly.
  • No, the Developer should sideload the UAT version of the application into particular devices for UAT testing.
  • Yes, there will be two different applications with two different package names, the IT Admin can assign each of the applications to different users accordingly.

“A company policy requires no camera usage within the R&D center area. One day an IT admin finds that a BYOD device didn’t get its camera disabled in the main profile (personal space). The device in question is a personal device, owned by the employee, running Android 7 and enrolled with EMM with a work profile installed. What is the most likely cause of this?”

  • Disabling camera in the personal profile is only available on Fully Managed device or Dedicated device
  • User lost connection to the network to receive EMM policy for disabling camera.
  • User has modified the Android OS so it can bypass EMM policy.
  • Disabling camera in main profile (personal space) is only works on Android OS 8 and above

“An IT Admin asked to test a private application that was developed by a 3rd party ISV vendor to a certain group of testers within the organization. With Android Enterprise, what are the right steps/plan to execute this activity?”

  • Share the organization ID to the ISV and ask the ISV to publish the app to the organization ID in a closed testing track. Later, the IT admin can assign the version of the app uploaded to the testing track to the group of people that need to test from their EMM console
  • Ask the ISV to develop a separate beta version of the app with a different package name, then publish it through managed Google Play to a certain group of people.
  • Ask the ISV to share the apk file and sideload it to another device to test
  • Ask the ISV to develop a separate beta version of the app with a different package name, send the apk file to the tester, and ask them to sideload the app for testing.

“What are two key benefits or features from the list below that you would highlight to customers that are looking to deploy public or private applications via managed Google Play? " Select All Correct Responses

  • Removes the need for app wrapping.
  • Prevents IT admins from setting applications‘ permissions.
  • Allows IT admins to approve and publish public applications in Google Play Store.
  • Safeguards devices by preventing private app deployment.

“Hector from Horybell Inc. states that “Using managed Google Play is not enough to protect my device from PHAs.”. He does not appear to fully understand how managed Google Play protects devices from PHAs. As a solutions consultant, which of the following statements might you use to respond to Hector’s objection above?”

  • All of these.
  • Devices that install apps exclusively from Google Play, rather than sideload apps, are at much lower risk of installing PHAs.
  • Google Play ensures that app updates are always signed by the original developer, avoiding app hijacking.
  • Google Play has a proven track record of minimizing the risk of PHAs being installed on Android devices.

An ISV (Independent Software Vendor) wants to build a data loss prevention solution in their existing EMM, one of the features is to control clipboard data transfer between the personal side and the work profile. Which policy can they use to implement this feature?

  • DISALLOW_CROSS_PROFILE_COPY_PASTE
  • DISALLOW_CLIPBOARD_COPY_PASTE
  • DISALLOW_CROSS_PROFILE_DATA_TRANSFER
  • DISALLOW_CROSS_PROFILE_CLIPBOARD

Which section of a bug report tells you about application information/policies?

  • Raw Bug report
  • DUMP OF SERVICE package
  • Combined logs
  • Packages

“Please take a look at below Log snippet:

Owner Services:
User: 0
com.google.android.apps.work.clouddpc/.vanilla.services.admin.CloudDeviceAdminService [bound] [connected]
Next backoff(sec): 3600
Enabled Device Admins (User 0, provisioningState: 3):
com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver:
userRestrictions:
ensure_verify_apps
no_add_managed_profile
no_install_apps

What information can you find from the above log snippet?”

  • Device is installed with Work Profile
  • App installation is not allowed
  • All of the system apps are disabled in the device
  • User: 0 means there is no Google account provisioned in the device

“Kernel address space layout randomization (KASLR) is one of the security features introduced in Android.

How does KASLR work?”

  • It separates the HAL from the process to sit in between the process and the drivers and it only communicates with 1 driver in isolation
  • It works by randomizing the location where the application is loaded, making code reuse attacks more difficult to carry out, especially remotely.
  • It works by randomizing the location where kernel code is loaded on each boot, making code reuse attacks more difficult to carry out, especially remotely.
  • It works by randomizing the passcode hash on each boot, making code reuse attacks more difficult to guess the user passcode.

Based on this app package name: com.google.android.apps.chromecast.app what is the corresponding Application?

  • Google ChromeCast
  • Google Home
  • Google Chrome
  • Google Chromebook
  • Dropbox, Translate, Skype
  • YouTube, Docs, Chrome
  • Keep, Slides, Earth
  • Sheets, Gmail, Files by Google

What two methods can you use to generate bug reports from devices? Select All Correct Responses

  • From Android Debug Bridge (ADB).
  • Go to Bootloader and turn on safe mode in the device then connect to your laptop.
  • From Android System file explorer, you need to root the device to access this file.
  • From Developer Options in the device settings.