What should you do?

You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic.

What should you do?
A . Check the VPC flow logs for the instance.
B . Try connecting to the instance via SSH, and check the logs.
C . Create a new firewall rule to allow traffic from port 22, and enable logs.
D . Create a new firewall rule with priority 65500 to deny all traffic, and enable logs.

Answer: A

Where is the signing certificate?

An administrator configured a Service Provider app to authenticate through SAML to the Service Provider from VMware Identity Manager (vIDM).

Where is the signing certificate?
A . vIDM admin console: Catalog/WebApps/Settings/SaasApps/SAML Metadata
B . vIDM app console: Identity and Access Management/Settings/WebApps//SaasApps/SAML Metadata
C . vIDM app console: Catalog/WebApps/Settings/SaasApps/SAML Metadata
D . vIDM admin console: Identity and Access Management/Settings/WebApps//SaasApps/SAML Metadata

Answer: C

How can the user experience be improved?

Initial Stakeholder Interview Findings

In addition to the goals summarized in the previous section, the following are findings from initial interviews with the key stakeholders and an analysis of their service level agreements.

– The design must use the F5 Loadbalancer and should be as redundant as possible.

– Qualified IT personal is hard to find these days. If possible, reduce operational costs and try to automate or outsource basic IT-tasks.

– ACME is very particular about meeting the go-live date. If there are unforeseen delays, the project may not be delivered for the required go-live date.

ACME requires multi-factor authentication for application access from external networks. This has been established with a default access policy that incorporates multi-factor authentication.

However, some users complain that they do not want to enter the multi-factor authentication when accessing the applications from within the company network.

How can the user experience be improved?
A . Create an access policy that excludes internal users.
B . Create an access policy that does not require multi-factor authentication when accessing from LA
D . Create an access policy with a network range of 80.34.57.20/21 that does not require multi-factor authentication.
E . Create an access policy with a network range of 172.16.0.0/16 that does not require multi-factor authentication.

Answer: A

What needs to be configured?

An administrator wants to entitle users for Okta applications that are integrated into VMware Workspace ONE Identity Manager.

What needs to be configured?
A . Okta as an Built-in Service Provider
B . AD FS in VMware Identity Manager
C . Workspace ONE UEM integration in VMware Identity Manager
D . Okta application source in VMware Identity Manager

Answer: D

Which three steps need to be completed to configure Identity Bridging for an SAML application on the VMWare UAG? (Choose three.)

Which three steps need to be completed to configure Identity Bridging for an SAML application on the VMWare UAG? (Choose three.)
A . An identity provider is configured and the SAML metadata of the identity provider saved.
B . SAML responses from IDP to SP contain SAML assertions which have SAML attribute.
C . Configure a Web Reverse Proxy for Identity Bridging – Certificate to Kerberos.
D . Replace the UAG Certificate with the SAML Certificate.
E . Pin the UAG certificate to the SAML provider.
F . SAML responses are expected from IDP for multiple SAML attributes.

Answer: A,B,C

Which two solution components are necessary to support the design requirement?

An architect is planning a design for a Workspace ONE deployment that will use Kerberos for integrated windows authentication. A requirement of the solution is that all authentication methods must be highly available.

Which two solution components are necessary to support the design requirement? (Choose two).
A . Connectors deployed behind load-balancer
B . Directory type must be set to Active Directory with IWA
C . IdP Hostname set to load-balancer FQDN
D . Redirect Host Name set to load-balancer FQDN
E . Connectors deployed in Outbound Mode

Answer: C,E

Which two solution components are necessary to support the design requirement?

An architect is planning a design for a Workspace ONE deployment that will use Kerberos for integrated windows authentication. A requirement of the solution is that all authentication methods must be highly available.

Which two solution components are necessary to support the design requirement? (Choose two).
A . Connectors deployed behind load-balancer
B . Directory type must be set to Active Directory with IWA
C . IdP Hostname set to load-balancer FQDN
D . Redirect Host Name set to load-balancer FQDN
E . Connectors deployed in Outbound Mode

Answer: C,E

What should you do?

You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic.

What should you do?
A . Check the VPC flow logs for the instance.
B . Try connecting to the instance via SSH, and check the logs.
C . Create a new firewall rule to allow traffic from port 22, and enable logs.
D . Create a new firewall rule with priority 65500 to deny all traffic, and enable logs.

Answer: A