Android Enterprise program does offer various solutions and services tailored for businesses and organizations to manage Android devices securely and efficiently in the workplace. Here are some key components and offerings within the Android Enterprise program:
- Android Enterprise Recommended: Google designates certain devices as “Android Enterprise Recommended,” indicating that they meet specific requirements for enterprise use, including regular security updates, consistency, and reliability. These devices are recommended for businesses looking to deploy Android devices to their workforce.
- Enterprise Mobility Management (EMM) Solutions: Google works with various EMM providers to offer solutions for managing Android devices in enterprise environments. These solutions typically include features for device provisioning, application management, security enforcement, and compliance monitoring.
- Android Enterprise Management: Android provides a set of management APIs and tools that allow IT administrators to manage and configure Android devices remotely. This includes features for managing device policies, configuring settings, and deploying applications.
- Security Enhancements: Android Enterprise includes various security enhancements and features to protect corporate data and devices. This includes hardware-backed security, encryption, remote wipe, and secure boot.
- Work Profile: Android offers a “Work Profile” feature that allows users to keep their personal and work data separate on a single device. This enables employees to use their personal devices for work without compromising security or privacy.
- Zero-touch Enrollment: Android offers zero-touch enrollment for IT administrators to deploy corporate-owned devices at scale with minimal manual intervention. This streamlines the device provisioning process and ensures devices are configured according to company policies from the moment they are powered on.
Android Enterprise Professional Exam Answers
I. Section.Android Enterprise Academy Professional
Step 2: Android Enterprise Professional Pre-Assessment
Question 1: Google recommends which of the following methods to securely manage, deploy or host in-house company applications?
- Sideloading
- Android admin console
- Zero Touch Portal
- Managed Google Play Store
Question 2: Restricting applications from communicating directly to each other is an example of what Android security principle:
- Verified Boot
- Safety Net
- Application Sandboxing
- Address Space Layout Randomization (ASLR)
Question 3: The identity method that is preferred for G-Suite customers:
- Managed Google Play Account
- Managed Google Account
- EMM Enhanced Account
- Gmail Account
Question 4: The following enrollment methods are supported with Android Enterprise:
- NFC
- QR Code
- Zero-Touch
- All of the above
Question 5: Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:
- Device Admin API’s have been marked deprecated and will eventually not be supported
- Device Admin APIs provided an outdated security model and management approach
- Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.
- All of the above
II. Section.Android Enterprise Academy Professional Courses
Step 4: Security
Lesson 6 Quiz:
Question 1: Google Play Protect includes: (select all that apply)
- Real-time malware detection
- Daily scan of apps on devices
- Blocking of harmful apps
Question 2: __________________ ensures key generation, key import, signing and verification services are kept separate from the OS. (fill in the blank)
Trusted Execution Environment (TEE)
Question 3: Hardware-backed security does which of the following? (select all that apply)
- Mitigates exploitation
- Prevents brute force attacks
- Protects the boot process
- Keeps data safe from physical attacks
Step 5: Managed Google Play
Lesson 8 Quiz:
Question 1: With Managed Google Play, you can: (select all that apply)
- Manage and configure apps
- Host and publish internal apps
- Distribute and purchase apps
Question 2: ‘Sideloading’ is the #1 risk for introducing malware and PHAs onto your device.
- True
- False
Question 3: The advantages of hosting private apps on Google Play include: (select all that apply)
- Easy administration
- Security
- Reliability
Step 6: Deployment
Lesson 7 Quiz:
Question 1: Question 1: COPE devices provide: (select all that apply)
- Flexibility of using full device management with a work profile
Question 2: __________________ enables large-scale Android deployments across multiple device makers with no manual set up. (fill in the blank)
- EMM token
- Zero-touch
- QR code
Question 3: The feature that gives IT control over company data while allowing workers to keep their pictures and apps private is called:
- Android profiles
- Zero-touch
- Work profile
- Managed Google Play
Step 7: Deployment Best Practices
Question 1: In order to gain user buy in for work profiles, explain to users that IT cannot monitor ____________ . (select all that apply)
- Call logs
- Personal photos
- Personal app installs
- SMS
Question 2: True or false: During deployment planning, determine scope of testing and timelines for different stages of the deployment.
- True
- False
Question 3: _____________ establishes best practices and common requirements for devices and services, backed by a thorough testing process conducted by Google.
- Android Enterprise Recommended
Android Enterprise Professional Final Exam Answers
Question 1: The newest enrollment method with the launch of __________ is ___________:
- Android P, Fast Touch
- Android O, Zero Touch
- Android N, Easy Scale
- Android M, Managed Deployment
Question 2: As users are the first line of defense against any mobile threat, EMM’s can employ policies that can force:
- Verified Boot
- Strong PIN, pattern or password lock
- Continuous SMS and call monitoring
- Passphrase to recover lost email accounts
Question 3: ________________ can add IMEI or serial numbers to the Zero Touch portal?
- End-Users
- Resellers
- Resellers and carrier partners
- Customers
Question 4: Using Android Enterprise versus Device Admin (DA) is recommended for all deployments going forward because:
- Device Admin API’s have been marked deprecated and will eventually not be supported
- Device Admin APIs provided an outdated security model and management approach
- Android Enterprise offers a modern management framework with enterprise APIs and secure app deployment via managed Google Play.
- All of the above
Question 5: ___________ is a collection of Google applications and APIs that help support functionality across devices and a requirement for Android Enterprise.
- Android Managed Services (AMS)
- Google Mobile Services (GMS)
- Android Compatibility Services (ACS)
- Compatibility Test Suite (CTS)
Question 6: The identity method that is preferred for G-Suite customers is referred to as:
- Managed Google Play Account & Gmail
- Managed Google Account
- EMM Enhanced Account
- Gmail
Question 7: To make Android even safer, Google shares source code for security fixes every ______ days with partners and publish updates for Nexus and Pixel devices.
- 30
- 90
- 180
- Dessert release
Question 8: As it pertains to shared device use cases, support for _____________ was added in Android Pie (9.0) kiosk mode.
- Work profile
- Multiple containers
- Multiple Apps
- Multiple DPC’s
Question 9: Google Play Protect scans ___________ apps that are installed onto a device:
- Only Google Play store
- All
- Only sideloaded
- Third party
Question 10: All Android OEM’s that opt to use Google Mobile Services (GMS) must adhere to a _________ and successfully pass ____________.
- Compatibility Definition Document (CDD), Compatibility Test Suite (CTS)
- Compatibility Definition Document (CDD), Android Test Suite (ATS)
- Enterprise Recommended Document (ERD) and Compatibility Test Suite (CTS) Compatibility Definition Document (CDD), Android Device Test (ADT) Compatibility Definition Document (CDD), Android Device Test (ADT)
Question 11: Android Enterprise Recommended ensures devices are up to date with regular security patches delivered within _________. Android Enterprise Recommended devices are also guaranteed to get at least ______________.
- 45 days, 2 additional major OS updates
- 90 days, 1 additional major OS update
- 60 days, 1 additional major OS update
- 90 days, 2 additional major OS updates
Question 12: How many Managed Google Play accounts can a customer get for free from Google for use with their EMM?
- As many as needed
- 5
- 20
- 35
Question 13: Please select the most accurate statement as it pertains to Managed Google Play accounts:
- Managed Google Play accounts are quick and easy to claim and require organizations to register their actual name with Google
- Managed Google Play accounts are easy to claim but require a 1-week approval period from Google
- Managed Google Play accounts are quick and easy to attain obfuscated identities that can be claimed for as many users as needed
- Manage Google Play accounts provide end users with identities that allows them to sign in to Google services such as G-Suite
Question 14: Some of the advantages of hosting private apps on Managed Google Play are:
- Application scanning, delta upgrades, free app hosting
- Security, cross platform application support and competitive pricing
- Security, easy administration and being able to host apps from any platform
- Hosting private apps on Google Play is not recommended
Question 15: The following enrollment methods are supported with Android Enterprise:
- NFC
- QR Code
- Zero-Touch
- All of the above
Question 16: Google recommends which of the following methods to securely manage, deploy or host in-house company applications?
- Sideloading
- Android admin console
- Zero Touch Portal
- Managed Google Play Store
Question 17: Devices with a work profile differentiate work apps from personal apps by a:
- Badged hashtag
- Badged dot
- Badged star
- Badged briefcase
Question 18: Restricting applications from communicating directly to each other is an example of what Android security principle:
- Verified Boot
- Safety Net
- Application Sandboxing
- Address Space Layout Randomization (ASLR)
Question 19: What are the are two identities that can be used with Android Enterprise?
- Managed Google Play Account & Gmail
- Gmail & Managed Google Account
- Managed Google Account & Managed Google Play Account
- Managed EMM Account
Question 20: What is the proper method a user should follow in order to add a work profile to their personal device?
- Clear all personal data from device, download EMM app from Play Store, follow the setup wizard to complete.
- Download EMM app from Google Play, enter corporate credentials, follow the setup wizard to complete.
- Hard reset the device, send it into IT department for set up, retrieve device when ready.
- Enroll device in Zero Touch portal, inform IT so they can configure, follow the setup wizard.
Question 21: Before deploying Android in a no connectivity environment, you should strongly consider:
- Android Enterprise devices must be able to access the Managed Google Play store to get apps and updates, and Google Play Protect security services.
- Android Enterprise devices require special permissions and policies to run in such environments
- The devices running in these environments must be running Android Oreo (8.0) or higher
- None of the above
Question 22: Android devices utilize a __________, to run privileged or security-sensitive operations such as PIN verification, secure storage of encryption keys and Verified Boot.
- Tamper Resistant Zone
- Trusted Execution Environment
- Trusted Encryption Zone
- Secure Execution Environment
Question 23: During the ____________ process, each bootstage cryptographically verifies the integrity and authenticity of the next stage before executing it.
- Verified Boot
- Kernel checking
- Hash tagging
- System check
Question 24: When enrolling devices using the NFC method, organizations can use __________ to transfer configurations to a new device:
- Either a pre-programmed master device or NFC tag
- A pre-programmed master device
- Only a pre-programmed NFC tag
- Android Enterprise does not support NFC enrollment
Question 25: Managed Google Play provides organizations complete control over app visibility and distribution by:
- Allowing whitelisting and silent app push
- Providing application user data to admins
- Easy sideloading of select apps
- Making full Google Play store available to all user