Which two Workspace ONE UEM services require persistence on the load balancers to support an environment of 25,000 devices? (Choose two.)
- A . Workspace ONE Intelligence
- B . Secure Email Gateway
- C . Device Services
- D . AirWatch Cloud Connector
- E . Dell Factory Provisioning
Which three configurations are managed in the identity provider (IdP) settings in VMware Workspace ONE Access? (Choose three.)
- A . Authentication Methods
- B . Directory
- C . Automation Methods
- D . Group Attributes
- E . Networks
- F . User Attributes
A customer has asked for recommendations around a disaster recovery architecture design for VMware Workspace ONE Access. The customer has an extremely aggressive recovery point objective and recovery time objective.
Which HA/DR design should be recommended, given the supported options?
- A . Multi-datacenter design with two 3-node clusters, One 3-node cluster Datacenter 1 and the other 3-node cluster m Datacenter 2. The two 3-node clusters are setup in an active/passive configuration.
- B . Multi-datacenter design with two 3-node clusters. One 3-node cluster Datacenter 1 and the other 3-node cluster m Datacenter 2. The two 3-node clusters are setup in an active/active configuration.
- C . Multi datacenter design with two 3-node clusters, Both 3-node clusters are spanned
across both datacenters, two nodes in one datacenter and one in the other, respectively.
The two 3-node clusters are setup in an active/active configuration. - D . Multi-datacenter design with two 3-node clusters, Both 3-node clusters are spanned across both datacenters, two nodes in one datacenter and one in the other, respectively. The two 3-node clusters are setup in an active/passive configuration.
A VMware Workspace ONE administrator and the Information Security Officer reported that the Unified Access Gateway (UAG) front-end network is compromised. The compromised device was reconfigured to bypass the UAG.
Why did this action fail in a two-NIC deployment?
- A . The UAG combines layer 5 firewall rules with layer 7 Unified Access Gateway security
- B . The UAG combines layer 4 firewall rules with layer 7 Unified Access Gateway security
- C . The UAG combines layer 3 firewall rules with layer 7 Unified Access Gateway security
- D . The UAG combines layer 2 firewall rules with layer 7 Unified Access Gateway security
An administrator has enabled and configured Kerberos in the VMware Workspace ONE Access console, but the connection test fails.
What is one reason this connection failed to authenticate?
- A . The Linux machine on which the Kerberos Auth service is installed was not joined to the domain
- B . The certificate was not enabled on VMware Workspace ONE UEM console
- C . The Kerberos Auth service are incorrectly configured on the AirWatch Cloud Connector
- D . The certificate is unsigned by a trusted SSL or public or internal certificate authority
A
Explanation:
For Kerberos authentication to work, the Linux machine hosting the Kerberos Auth service must be joined to the domain. Without domain membership, the Kerberos Auth service cannot authenticate users.
An administrator is creating a REST API call to the following Workspace ONE Access URL:
https://access.company.com/api/token/auth/state
The HTTP method of the request is POST, and the body of the request is as follows:
Consider the URL, HTTP method, and request body.
Which goal is the administrator attempting to meet?
- A . Retrieve the application list associated with a user
- B . Create the Magic Link in Workspace ONE Access for Day Zero Onboarding
- C . Add a new application to the Workspace ONE Access portal
- D . Delete a user from Workspace ONE Access
Which type of certificate is uploaded to VMware Workspace ONE Access for Android Single Sign-On setup?
- A . Trusted SSL
- B . Root
- C . Self-signed
- D . Intermediate
Which VMware Workspace ONE Access prerequisites must be completed to successfully deploy a Virtual Apps Collection?
- A . Workspace ONE Access Connector Enrollment Server, App Volumes Manager
- B . SAML Authenticator, Enrollment Server, Horizon Pod
- C . SAML Authenticator, Workspace ONE Access Connector, Horizon Pod
- D . Workspace ONE Access Connector, Horizon Connection Server, App Volumes Manager
C
Explanation:
To deploy a Virtual Apps Collection, you need to configure a SAML Authenticator, install the Workspace ONE Access Connector, and have a Horizon Pod in place. These components are required for the integration and proper functioning of the Virtual Apps Collection.
Which statement accurately describes modem claims-based identity management?
- A . It supports multiple authentication methods except Single Sign-On
- B . It doesn’t support multiple providers
- C . It requires the application to perform the authentication task
- D . It makes account management easier by centralizing authentication
Which types of authentication services does the VMware Workspace ONE Access connector provide, beginning with connector version 21.01?
- A . User Auth service and Kerberos Auth service
- B . Kerberos Auth service and Two-Factor Authentication
- C . Extensible Authentication service and Kerberos Auth service
- D . User Auth service and Multi-Factor Authentication service
A
Explanation:
Starting with the Workspace ONE Access Connector version 21.01, the connector provides User Auth service and Kerberos Auth service. These services handle user authentication and enable Kerberos-based single sign-on.
Which two virtual desktop infrastructures (VDI) are supported as an integration in VMware’s Anywhere Workspace with the VMware Workspace ONE Access Connector v21.08+? (Choose two.)
- A . Citrix
- B . V2 Cloud
- C . Workspot
- D . ThinApp
- E . Horizon
An administrator is configuring authentication n VMware Workspace ONE Access and will be using an authentication method that will not require the use of VMware Workspace ONE Access Connector.
Which authentication method is being used?
- A . RSA SecurID
- B . Kerberos Auth service
- C . User Auth service
- D . VMware Verify
Which step is required to configure the AirWatch Provisioning App?
- A . Configure an identify provider as the SAML Provider
- B . Configure LDAP – Other LDAP at the Container OG level m Workspace ONE UEM
- C . Set up LDAP – Active Directory at the Customer OG level m Workspace ONE UEM
- D . Provision Users at the Container OG level n Workspace ONE UEM
C
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-Access/services/ws1access-awprovisiongapp/GUID-11206561-DA5A-4360-91A7-BA9252C6EC3E.html
Users are able to seamlessly log into VMware Workspace ONE Access with Kerberos and then launch Horizon apps without a prompt for credentials.
What must be enabled to support this feature?
- A . Certificate (Cloud Deployment)
- B . Password Caching
- C . True SSO
- D . Identity Bridging
C
Explanation:
Reference: https://docs.vmware.com/en/VMware-Horizon-7/7.13/horizon-administration/GUID-2590854E-483F-4A26-AE56-D45BB948906C.html
Which two solutions needs to be integrated for an administrator to have conditional access with User Risk Score? (Choose two.)
- A . Workspace ONE Hub Services
- B . Workspace ONE SASE
- C . Workspace ONE Assist
- D . Workspace ONE Access
- E . Workspace ONE Intelligence
Which step is required to set up Hub Digital Badge Service in VMware Workspace ONE Hub Services?
- A . Customize the Digital Badge layout m the Hub services console
- B . Configure Hub Embedded iFrame for Digital Badge in the Hub Services console
- C . Configure HID Global Origo setting and C• CURE setting m the Hub Services console
- D . Customize Hub templates for Digital Badge n the Hub Services console
What is the primary purpose of VMware Workspace ONE Trust Network in VMware Workspace ONE Intelligence?
- A . Delivering VPN profiles to devices
- B . Assisting with integration of the Multi-Domain directory services across a trusted network
- C . Integrating threat data from security solutions, including endpoint detection and response (EDR) solutions
- D . Providing applications to end users
C
Explanation:
Reference: https://www.vmware.com/products/workspace-one/intelligence.html#:~:text=Workspace%20ONE%20Trust%20Network%20is,security%20posture%20in%20the%20organization
Which service on the connector server must be able to access the RADIUS server when configuring RADIUS (cloud deployment) authentication?
- A . Password Auth
- B . Application Auth
- C . User Auth
- D . Cloud Connector
An administrator of iOS supervised devices has noticed that devices are checking in regularly but are failing the Last Compromised Scan compliance policy. The administrator is fine with having slight disruptions to users but does not want any interaction from the user to be required.
The administrator decides to use an action in the Last Compromised Scan compliance policy that would force the device to report back the compromised status without requiring user input.
Which action m the Last Compromised Scan compliance policy should be used?
- A . Assign a sensor to the device to request the compromised status
- B . Assign the command to Request Device Check-In
- C . Assign a push notification to the device to request the compromised status
- D . Assign a compliance profile containing a single app payload for the Hub application
A VMware Workspace ONE environment has been setup with Roles Based Access Control (RBAC), and the directory-based administrators who managed in Workspace ONE UEM have limited permissions to access the console.
The administrator has enabled VMware Workspace ONE Intelligence in the environment and must now enable the correct configuration setting that will allow administrators to access VMware Workspace ONE Intelligence from VMware Workspace ONE UEM.
Which configuration setting must be enabled?
- A . Create a new admin role in the Intelligence Console, and then give the rote Read and Edit permissions to Intelligence
- B . Create a new user role, and then give the role Read and Edit permissions to Intelligence in Categories > Monitor
- C . Create a new admin role, and then give the role Read and Edit permissions to Intelligence in Categories > Monitor
- D . Create a new user role in the Intelligence Console, and then give the role Read and Edit permissions to Intelligence