Which protocol does Workspace ONE use to communicate with third party Identity Providers?
- A . SAML
- B . Kerberos
- C . RADIUS
- D . OAuth
A customer intends to implement Android device management in their environment.
Which three enrollment options would result in an end-user experience in which a dedicated container is created on the device for only business applications and contents? (Choose three.)
- A . Knox Container
- B . Device Enrollment Program (DEP)
- C . Work Managed Device
- D . Legacy enrolled
- E . Corporate Owned Personally Enabled (COPE)
- F . Work Profile
C,E,F
Explanation:
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/Android_Platform/GUID-AndroidEnrollmentEnrollmentConcept.html
Administrators have noticed that all iOS devices are not checking into Workspace ONE in their SaaS environment. They are also unable to send any push notifications to the iOS devices. However, Android and Windows devices are working fine.
What can the administrator do to resolve the issue?
- A . Make sure that the Rest API and SOAP API certificate are valid.
- B . Make sure that all SSL certificates used for the Workspace ONE environment are valid.
- C . Make sure that the APNs certificate is valid and not expired.
- D . Make sure that the Email Notification Service v2 is configured.
B
Explanation:
Reference: https://kb.vmware.com/s/article/2960930
You are an administrator configuring custom reports in Workspace ONE Intelligence.
What is the maximum number of custom reports you can create per Organization Group (OG)?
- A . 10
- B . 50
- C . 99
- D . 500
B
Explanation:
https://docs.vmware.com/en/VMware-Workspace-ONE/services/intelligence-documentation/GUID-28_intel_reporting.html#limits-to-the-number-of-reports
Limits to the Number of Reports You can create and run up to 50 reports for each organization group (OG). If you have 50 reports in an OG but you need another unique report, you must delete a report to make space.
An administrator would like to track these details for all Windows desktops managed by Workspace ONE UEM:
✑ driver details for a mouse driver ✑ warranty information for OS
✑ registry value of internal apps
Which Workspace ONE UEM utility can the administrator use?
- A . Create LGPO and assign to Windows devices.
- B . Create sensors and assign to Windows devices.
- C . Create an OEM update profile and assign to Windows devices.
- D . Create Application Control profile and assign to Windows devices.
B
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/Windows_Desktop_Device_Management/GUID-uemWindeskSensors.html
An administrator would like to import Public Applications acquired from the Microsoft Store for Business.
Which configuration is required?
- A . LDAP Active Directory Integration
- B . SAML Authentication
- C . Two Factor Authentication
- D . Azure Active Directory Integration
D
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2008/Application_Management_Windows/GUID-AWT-WIN-BSP-IMPORT.html
When creating third party identity providers in Workspace ONE Access, which two SAML assertion components can be used to identify the user? (Choose two.)
- A . NamelD Element
- B . SAML Attribute
- C . SAMLEntitylD
- D . NamelD Signature
- E . SAML Issuer
A,B
Explanation:
https://docs.vmware.com/en/VMware-Workspace-ONE-Access/20.01/ws1_access_authentication/GUID-0C459D5A-A0FF-4893-87A0-10ADDC4E1B8D.html
SAML Metadata
Select how the user is identified. The identifier sent in an inbound SAML Assertion can be either sent in the Subject or in the Attribute element.
– "NameID Element". User identifier is retrieved from the NameID element of the Subject element.
– "SAML Attribute". User identifier is retrieved from a specific Attribute or AttributeStatement element.
Which three options are supported by Workspace ONE Access? (Choose three.)
- A . Configuring Per-App VPN.
- B . Configuring conditional access.
- C . Configuring network segmentation.
- D . Configuring Mobile SSO.
- E . Configuring unified application catalog.
- F . Configuring encryption.
Which two statements are true about Content Gateway and Tunnel on Unified Access Gateway? (Choose two.)
- A . Both can be configured with the same hostname on port 8443.
- B . Both can be configured with the same hostname on different ports.
- C . Both can be configured on port 8443 with different hostnames.
- D . Both can be configured with the same hostname on port 443.
- E . Both can be configured on port 443 with different hostnames.
An administrator is having difficulties with an AirWatch Cloud Connector (ACC) server connecting to an AirWatch Cloud Messaging (AWCM) server for authentication.
The administrator has confirmed:
DNS records are correct and resolvable from a different machine
ACC can connect to the internet
What should the administrator check on the local ACC?
- A . Windows Registry
- B . VAMI configuration
- C . Windows Version
- D . Host File
D
Explanation:
Reference: https://kb.vmware.com/s/article/50114910
When installing Workspace ONE UEM on-premises, which of the following core components is the first that should be installed?
- A . Database
- B . AirWatch Cloud Connector
- C . Reports
- D . Application Server
A
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/UEM_Installation/GUID-AWT-INSTALL-INTRO.html
A company has purchased a Workspace ONE UEM SaaS environment and are planning the on-premises servers and services that will be required. A primary use case is allowing AD authenticated end users to access enterprise SharePoint documents through the Workspace ONE Content application.
Which two on-premises servers/services should the company plan for? (Choose two.)
- A . Unified Access Gateway
- B . Workspace ONE UEM API
- C . Secure Email Gateway
- D . AirWatch Cloud Connector
- E . AirWatch Cloud Messaging
A,D
Explanation:
Reference: https://techzone.vmware.com/resource/workspace-one-uem-architecture#introduction
An organization has purchased a SaaS Workspace ONE solution and wants to implement these:
✑ integration with back-end resources like Active Directory from Microsoft to sync users and groups
✑ Kerberos authentication
✑ integration with Virtual Desktops and Applications from services (Horizon 7, Horizon Cloud, or Citrix)
✑ third party integration with RSA SecureID, RADIUS for authentication
Which Workspace ONE component is required?
- A . VMware AirWatch Cloud Connector
- B . VMware Workspace ONE Access Connector
- C . VMware Workspace ONE Assist
- D . VMware Workspace Unified Access Gateway
B
Explanation:
https://docs.vmware.com/en/VMware-Workspace-ONE-Access/21.08/ws1_access_connector_install/GUID-271C47F6-856C-40F0-97AB-A8AD95025F9C.html
IT management has announced all traffic from the DMZ will be blocked unless it passes through a newly configured proxy, effective immediately. Administrators notice that SEGv2 is unable to contact the Workspace ONE API Service in their SaaS environment.
Which configuration will the administrators need to amend and apply to the SEGv2 servers?
- A . SSL offloading
- B . outbound proxy
- C . inbound proxy
- D . KCD integration
Which three are features of the ENS v2? (Choose three.)
- A . Supports most existing corporate file servers.
- B . Provides email notification for Exchange Active Sync.
- C . Secures access to internal content repositories.
- D . Updates the badge count for an unread email.
- E . Triggers a background sync on Workspace ONE Boxer.
B,D,E
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/WS1_ENS2_Doc.pdf
Which is the only method to deploy Content Gateway when using Workspace ONE 20.01 and higher versions?
- A . Legacy Windows
- B . Unified Access Gateway (UAG)
- C . Legacy Linux
- D . Standalone
B
Explanation:
Reference: https://docs.vmware.com/en/Unified-Access-Gateway/2012/uag-deploy-config/GUID-F64DF3CA-AB68-4F14-9FE0-E8D9C6DA2377.html
Refer to the Exhibit.
An administrator has set up an iOS compliance policy for unwanted apps.
Which of the following is the expected behavior when Workspace ONE UEM receives the app sample indicating the presence of the unwanted app?
- A . After 1 day, end user will receive the push notification.
- B . The concerned device will be marked as Non-compliant immediately.
- C . The concerned device will be unenrolled.
- D . After 2 days, all managed apps will be blocked/removed from the concerned device.
Every time Workspace ONE Intelligent Hub is opened, a passcode is requested for end-users to authenticate. Mobile SSO is configured correctly and the configuration and logs are not showing any errors.
Which should be configured for Single Sign-On to be seamless for end-users without requiring a passcode to access Workspace ONE Intelligent Hub?
- A . Device Touch ID
- B . Device Security Settings
- C . Default AirWatch SDK
- D . Device Profile Passcode
C
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/Android(Legacy)_Platform/GUID-AWT-APPLEVELSINGLESIGNON.html
An administrator would like to configure SSO for Workspace ONE UEM console login.
Which catalog setting from Workspace ONE Access need to be configured?
- A . WebApps
- B . Virtual Apps
- C . Hub Configuration
- D . Hub Catalog
A
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2008/Application_Management/GUID-AWT-WEBAPP-ADD.html
Which domain attribute must be included to meet the SAML assertion requirement for Just-in-Time (JIT) provisioning of users in the Workspace ONE Access service?
- A . distinguishedName
- B . userName
- C . firstName
- D . lastName
B
Explanation:
https://docs.vmware.com/en/VMware-Workspace-ONE-Access/services/ws1_access_service_administration_cloud/GUID-06A8E165-8A04-411B-8C96-9BEC0E283D18.html
– The SAML assertion must include the userName attribute.
When Just-in-Time user provisioning is enabled for a third-party identity provider, users are
created or updated in the Workspace ONE Access service during login based on SAML
assertions. SAML assertions sent by the identity provider must contain certain attributes.
The SAML assertion must include the userName attribute.
An administrator wants to leverage the Workspace ONE Web application to allow end-user credentials to be passed to specific internal sites.
Which security policy in Workspace ONE UEM must be configured?
- A . Offline Access
- B . Single Sign-On
- C . Network Access Control
- D . Integrated Authentication
B
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/WS1_Web_Guide.pdf
Which Workspace ONE UEM feature helps device users perform automated tasks across multiple business backend systems within VMware applications?
- A . Device Profiles
- B . User Profiles
- C . Mobile Flows
- D . Automated Flows
C
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/WS1_mobile_flows/GUID-38B61E28-CC9B-416E-ACEC-8B58CDE799BA.html
An administrator has received complaints from end-users not receiving consistent email notifications on their iOS devices. Email is configured on the end-users devices using only the VMware Boxer email client. Boxer is only configured from Workspace ONE to use Office 365.
What can the administrator do to resolve the inconsistent email notifications?
- A . Configure VMware ENS v2 to provide consistent notification experience.
- B . Configure SEG v2 to provide a better notification experience.
- C . Configure Mobile SSO for VMware Boxer to prevent users from entering credentials.
- D . Configure VPN tunnel with a Boxer configuration, so that it is able to connect to the internal network.
A
Explanation:
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/WS1_ENS2_Doc/GUID-AWT-INTRODUCTION-ENSV2.html
" The Workspace ONE Boxer provides notifications about your emails by running in the background. Due to platform limitations, Boxer can only run in the background for a limited time. Email Notification Service (ENS2) provides a solution to deliver notifications to the user’s device when Boxer is not running."
A customer is managing only iOS devices using Workspace ONE. They would like to begin managing Android devices.
What would be the first step an administrator needs to complete to begin managing Android Devices?
- A . Download and deploy Workspace ONE Unified Access Gateway.
- B . Complete Android EMM registration from Workspace One Console.
- C . Download and deploy Workspace ONE Access Connectors for Android devices.
- D . Configure a Workspace ONE AirLift Server-side Connector.
An administrator is concerned with data loss on Workspace ONE managed endpoints.
Which three configurations should be enabled to further improve the device security posture? (Choose three.)
- A . Configure compliance policies to monitor rooted and jailbroken devices.
- B . Configure compliance policies to monitor Roaming Cell Data Usage.
- C . Enable device-level data encryption.
- D . Enable SMTP integration.
- E . Enable verbose logging.
- F . Enable Data Loss Prevention policies.
Which three are features of the Workspace ONE Content Gateway service? (Choose three.)
- A . Encrypted communications using SSUTLS.
- B . Secure access to internal repositories.
- C . Provides health status on external repositories
- D . Support for most corporate file servers.
- E . Provides email notification for Exchange mail.
A,B,D
Explanation:
Reference: https://techzone.vmware.com/configuring-edge-services-vmware-unified-access-gateway-vmware-workspace-one-operational-tutorial#_984128
A Workspace ONE UEM administrator is migrating collections, applications, and policies from SCCM to Workspace ONE.
When using AirLift, which three of the following must the administrator allow AirLift to access on the ConfigMgr server? (Choose three.)
- A . Port 443 or specified TLS port if Secure Connection is configured
- B . WinRM port (typically 5985)
- C . Port 3268 or the specified Global Catalog port
- D . Port 389 for Active Directory
- E . Interactive Login Permissions
A,B,E
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/WS1_AirLift_Configuration.pdf (7)
Which three Workspace ONE Edge Services are included in Unified Access Gateway? (Choose three.)
- A . AirWatch Cloud Connector
- B . Content Gateway
- C . Secure Email Gateway
- D . Workspace ONE Intelligence Connector
- E . VMware Tunnel
Which Workspace ONE UEM feature can assist in sending event log information to a Security Information and Event Management (SIEM) tool?
- A . Syslog Integration
- B . Relay Server Integration
- C . Certificate Authority Integration
- D . File Storage Integration
A
Explanation:
During syslog configuration, you can opt to send Console events, Device events, or both. Any events generated by the AirWatch Console are sent to your SIEM tool according to the scheduler settings. Syslog can be configured for both on-premises and SaaS deployments.
Which two are needed from the directory when configuring user and group settings for Directory Service integration? (Choose two.)
- A . Base DN
- B . Group & Function Class
- C . Functional Level
- D . User & Group Object Class
- E . AD Server IP
A,D
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1903/UEM_Managing_Devices/GUID-AWT-ADDUSERGROUPSWITHAD.html