200

Question 1

What is the primary purpose of Smart Computer Groups in Jamf Pro?

Answer 1

Smart Computer Groups automatically populate based on defined criteria (like OS version, installed software, or last check-in time). They update dynamically as devices meet or no longer meet the criteria.

Question 2

What is the difference between a Policy and a Configuration Profile?

Answer 2

Policies execute actions (install apps, run scripts, restart) and can be scoped with triggers. Configuration Profiles apply settings (restrictions, Wi-Fi, certificates) and are continuously enforced.

Question 3

What are the main Policy triggers in Jamf Pro?

Answer 3

Recurring Check-in, Startup, Login, Logout, Enrollment Complete, Network State Change, Custom (used with ‘jamf policy -event’), and Self Service.

Question 4

What is the Jamf Binary and where is it located on macOS?

Answer 4

The Jamf Binary is the management agent installed on enrolled devices. It’s located at /usr/local/jamf/bin/jamf and handles communication with Jamf Pro server.

Question 5

What command would you run to manually trigger a policy with a custom trigger named ‘install-chrome’?

Answer 5

sudo jamf policy -event install-chrome

Question 6

What is the purpose of Prestage Enrollments?

Answer 6

Prestage Enrollments automate the setup process for devices purchased through Apple Business Manager or Apple School Manager, allowing configuration before first boot.

Question 7

What are Extension Attributes?

Answer 7

Extension Attributes are custom inventory fields that collect additional information not gathered by default. They can use scripts, LDAP queries, or static values.

Question 8

What is the recommended frequency for inventory updates?

Answer 8

Daily is typical, but it depends on organizational needs. More frequent updates increase server load but provide more current data for Smart Groups and reporting.

Question 9

What is a Limitation in Jamf Pro scoping?

Answer 9

Limitations are exclusions that prevent a Configuration Profile or Policy from applying to specific targets, even if they’re included in the scope.

Question 10

What is the purpose of the ‘Update Inventory’ payload in a Policy?

Answer 10

It forces an immediate inventory submission to Jamf Pro, ensuring the server has current device information after policy execution.

Question 11

What is a Package in Jamf Pro?

Answer 11

A Package is a .pkg or .dmg file uploaded to Jamf Pro that can be deployed to devices via Policies. Common for software installations.

Question 12

What is the difference between a Static Group and a Smart Group?

Answer 12

Static Groups are manually populated and don’t change unless manually updated. Smart Groups automatically update based on criteria.

Question 13

What is Patch Management in Jamf Pro?

Answer 13

Patch Management tracks software versions on devices and automates updates to keep applications current, using internal or external patch sources.

Question 14

What is the Self Service app?

Answer 14

Self Service is an application that provides users with approved apps, policies, and configuration profiles they can install on-demand without admin privileges.

Question 15

What is a Script in Jamf Pro?

Answer 15

Scripts are shell or Python code stored in Jamf Pro that can be executed on devices via Policies to perform custom tasks and automation.

Question 16

What are Script Parameters (4-11)?

Answer 16

Script Parameters allow admins to pass variable values to scripts when executing via Policies, making scripts reusable with different inputs without editing code.

Question 17

What is the Jamf Pro API?

Answer 17

The API (Classic and Jamf Pro API) allows programmatic access to Jamf Pro for automation, integration with other systems, and custom reporting.

Question 18

What is a MDM Command?

Answer 18

MDM Commands are Apple MDM framework actions sent to devices (lock, wipe, update inventory, install profile). Viewable in device Management History.

Question 19

What is the purpose of the Ongoing frequency for policies?

Answer 19

Ongoing frequency means the policy executes every time the trigger is met. Use for tasks that should run repeatedly (not just once per device).

Question 20

What is the purpose of the Once per computer frequency?

Answer 20

The policy executes only once per device, even if the trigger is met multiple times. Useful for initial setup tasks.

Question 21

What is FileVault in the context of Jamf Pro?

Answer 21

FileVault is macOS disk encryption. Jamf Pro can enable it, escrow recovery keys, and rotate keys for security compliance.

Question 22

What is a Recovery Lock Password?

Answer 22

A firmware-level password on Apple Silicon Macs that prevents unauthorized recovery or reinstallation. Jamf Pro can set and escrow these passwords.

Question 23

What is the difference between Computer Management and Device Management in Jamf Pro?

Answer 23

Computer Management refers to macOS devices. Device Management typically refers to iOS/iPadOS devices. Both use MDM but have different capabilities.

Question 24

What is Automated Device Enrollment (ADE)?

Answer 24

Formerly DEP, ADE is Apple’s program that allows zero-touch enrollment of devices purchased through Apple Business/School Manager directly into MDM.

Question 25

What is the purpose of a Configuration Profile’s scope?

Answer 25

Scope determines which devices receive the profile (by users, computers, groups). Profiles apply automatically when devices match the scope.

Question 26

What happens when a Configuration Profile is removed from scope?

Answer 26

The profile is automatically removed from the device, and the settings it enforced are no longer managed (reverting to user/system defaults).

Question 27

What is a Smart Mobile Device Group criterion you might use?

Answer 27

Examples: iOS version, App installed, Last inventory date, Supervised status, Model, or Custom Extension Attribute values.

Question 28

What is the purpose of the Jamf Connect app?

Answer 28

Jamf Connect provides identity management, syncing local macOS accounts with cloud identity providers like Azure AD or Okta.

Question 29

What is the Recon tool?

Answer 29

Recon is a command-line tool (part of QuickAdd) that manually enrolls computers into Jamf Pro and submits inventory data.

Question 30

What is the difference between User-initiated and Jamf Remote enrollment?

Answer 30

User-initiated enrollment requires user action (QuickAdd or URL). Jamf Remote is deprecated. Modern approach uses Automated Device Enrollment.

Question 31

What is a Local User Account payload in a Configuration Profile?

Answer 31

It creates or modifies local macOS user accounts on devices, including setting passwords, admin rights, and account attributes.

Question 32

What is the purpose of the Maintenance payload in a Policy?

Answer 32

Maintenance performs cleanup tasks: reset policy logs, update inventory, fix permissions, verify startup disk, or run recon.

Question 33

What is the recommended way to deploy a .dmg file?

Answer 33

Convert the .dmg to a .pkg using tools like Composer or create an installation script that mounts and copies the app from the .dmg.

Question 34

What is Jamf Composer?

Answer 34

Composer is a macOS app for creating .pkg installers by monitoring system changes or building packages from source files.

Question 35

What does the ‘Files and Processes’ payload in a Policy do?

Answer 35

It can execute commands, search for and delete files or folders, and perform basic

Question 36

What does the ‘Files and Processes’ payload in a Policy do?

Answer 36

It can execute commands, search for and delete files or folders, and perform basic file system operations during policy execution.

Question 37

What is the purpose of the Login/Logout Hooks payload?

Answer 37

Login/Logout Hooks execute scripts automatically when users log in or out. Note: Apple deprecated these in favor of LaunchAgents.

Question 38

What is a Certificate payload in a Configuration Profile?

Answer 38

It deploys digital certificates to devices for authentication, encryption, or signing purposes (Wi-Fi 802.1X, VPN, email signing).

Question 39

What is LDAP integration in Jamf Pro?

Answer 39

LDAP (Active Directory, Open Directory) integration allows Jamf Pro to authenticate users and import user/group data for scoping and reporting.

Question 40

What is the purpose of Network Segments in Jamf Pro?

Answer 40

Network Segments identify device locations by IP range, allowing location-specific policies, reporting, and distribution point assignment.

Question 41

What is a Distribution Point?

Answer 41

A Distribution Point stores packages, scripts, and other files. Devices download content from DPs. Can be Cloud (Jamf), SMB, or HTTP.

Question 42

What is the Jamf Cloud Distribution Point?

Answer 42

The default cloud-based storage included with Jamf Cloud instances. Provides global content delivery without maintaining on-premises servers.

Question 43

What is an Activation Code in Jamf Pro?

Answer 43

Activation Codes enable features like Protect, Connect, or additional services. They’re entered in Settings > Global > Licenses.

Question 44

What is the purpose of Remote Commands?

Answer 44

Remote Commands execute immediate actions on devices: lock, wipe, restart, update inventory, or send blank push notifications.

Question 45

What is the difference between Device Lock and Wipe commands?

Answer 45

Lock secures a device with a passcode (recoverable). Wipe erases all data (unrecoverable). Wipe removes device from Jamf Pro.

Question 46

What is a VPP (Volume Purchase Program) account in Jamf Pro?

Answer 46

VPP allows purchasing apps in volume and assigning licenses to devices or users. Now called Apple Business Manager Apps and Books.

Question 47

What is the purpose of the Dock payload in a Configuration Profile?

Answer 47

The Dock payload configures the macOS Dock: add/remove items, set size, position, behavior, and enforce these settings.

Question 48

What is the purpose of category in Jamf Pro?

Answer 48

Categories organize content in Self Service and Jamf Pro interface, making it easier for users to find items and admins to manage objects.

Question 49

What is the No Authentication option for a policy?

Answer 49

Allows the policy to run without requiring user authentication. Useful for background tasks but has security implications.

Question 50

What is the recommended way to test a new policy before wide deployment?

Answer 50

Scope to a test Smart Group with pilot devices, verify execution in policy logs, check device status, then expand scope gradually.

Question 51

What should you check in Jamf Pro if a policy isn’t running?

Answer 51

Verify: scope includes target devices, trigger is appropriate, policy is enabled, no conflicting limitations, check policy logs and device Management History.