PPro ACSP
Sign inStart free
Home / ACSP · Apple Device Support (ACSP)
Up to date with macOS Sequoia and iOS 18

ACSP·ModuleACSP

Apple Device Support (ACSP)

Prepare for Apple Device Support (ACSP) with ACSP practice questions covering 14 topics. Build your knowledge, track your progress, and study effectively with Pro ACSP.

Questions
516
Units
1
Topics
14
Access
Free tier available

What’s in it.

1 unit

Sample questions

3 of many

A few questions from this module, with the answer and a full explanation. The complete bank is available when you start practising.

  1. What is a Secure Token on macOS?

    • A temporary authentication token used only during macOS installation that expires after 24 hours
    • A cryptographic credential automatically granted to the first user created during Setup Assistant that is required for FileVault operations and changing startup security policies
      Correct answer
    • A one-time passcode sent to the user's Apple Account email when they first log in to a new Mac
    • A physical hardware key stored in the Mac's T2 or Apple Silicon chip that encrypts the user's home folder
    Explanation

    A Secure Token is a wrapped version of a Key Encryption Key (KEK) that is automatically granted to the first user created during macOS Setup Assistant. It is required for FileVault operations (enabling FileVault, adding FileVault-enabled users, unlocking the volume at startup) and for changing startup security policies. Additional users can be granted a Secure Token by an existing Secure Token holder. In enterprise environments, the Bootstrap Token mechanism allows MDM to grant Secure Tokens automatically to managed accounts.

  2. A company uses EAP-TLS for Wi-Fi authentication. Users report that a newly enrolled iPhone cannot connect to the enterprise Wi-Fi, but other enrolled devices work fine. The MDM shows the device is enrolled and a Wi-Fi profile is installed. What is the most likely cause?

    • The Wi-Fi profile needs to be reinstalled because EAP-TLS profiles expire after 24 hours
    • The client certificate for the device has not been provisioned or the certificate authority is not trusted
      Correct answer
    • The device's Private Wi-Fi Address is blocking the RADIUS server connection
    • EAP-TLS is not supported on iPhones and requires EAP-TTLS instead
    Explanation

    EAP-TLS requires both a client certificate and trust for the certificate authority. If the client certificate has not been provisioned via SCEP or MDM, or if the CA certificate is not trusted on the device, authentication will fail. EAP-TLS is fully supported on iPhones.

  3. A company wellness programme wants to provide Apple Music to all employees on their managed iPhones. The devices use Managed Apple Accounts. What limitation should the IT team communicate to the programme coordinator?

    • Apple Music will work automatically once the wellness programme purchases a corporate subscription through Apple Business Manager
    • Managed Apple Accounts cannot subscribe to Apple Music; employees would need to use personal Apple Accounts for this service
      Correct answer
    • Apple Music can be enabled for Managed Apple Accounts by purchasing an enterprise music license from Apple
    • Apple Music is available on Managed Apple Accounts but requires a configuration profile to activate
    Explanation

    Apple Music subscriptions are not available with Managed Apple Accounts — this is an inherent limitation that cannot be overridden by any configuration or licensing arrangement. If employees want Apple Music, they need to sign in with a personal Apple Account. On BYOD devices using User Enrollment, personal and Managed Apple Accounts coexist naturally. On organisation-owned devices, the MDM policy would need to permit personal Apple Account sign-in.