User Account Shopping Cart
Practice Exams:
View All

5V0-61.22 VMware Practice Test Questions and Exam Dumps




Question 1

An IT administrator starts infrastructure design for authentication management and would like to enable the single sign-on ability into VMware Workspace ONE UEM Self-Service Portal and VMware Workspace ONE console for administrators.

Which third-party component should the IT administrator use?

A. SAML-based Identity Provider
B. Active Directory
C. LDAP based Directory
D. DHCP

Answer: A

Explanation:

To enable single sign-on (SSO) into both the VMware Workspace ONE UEM Self-Service Portal and the Workspace ONE Admin Console, the correct architectural component that must be implemented is a SAML-based Identity Provider (IdP).

Single sign-on enables users or administrators to log in once using a secure token exchange mechanism and gain access to multiple systems without the need to re-authenticate. In the Workspace ONE ecosystem, this is typically achieved by integrating with a third-party SAML 2.0-compliant Identity Provider, such as Okta, Microsoft Entra ID (formerly Azure AD), ADFS, Ping Identity, or similar.

A SAML (Security Assertion Markup Language)-based Identity Provider facilitates this by securely authenticating users and then passing authentication assertions to Workspace ONE UEM or Workspace ONE Access. These assertions verify that the user has already been authenticated and can access the requested service.

Here’s why the other options are incorrect:

  • B. Active Directory:
     Active Directory is a directory service, not an SSO mechanism by itself. While it stores user credentials and attributes and can be integrated with a SAML IdP, it does not natively provide SAML SSO functionality.

  • C. LDAP based Directory:
     Like Active Directory, LDAP directories are used to store user information but do not directly enable single sign-on or provide SAML assertions. LDAP is a protocol, not an authentication federation technology.

  • D. DHCP:
     DHCP (Dynamic Host Configuration Protocol) is unrelated to authentication or identity. It is used for assigning IP addresses and network configuration settings to devices, not for managing user authentication or SSO.

In a Workspace ONE deployment where single sign-on is required for access to administrative and self-service portals, a SAML-based Identity Provider is essential. This identity provider enables the secure exchange of authentication assertions, allowing users to authenticate once and seamlessly access multiple systems within the Workspace ONE ecosystem.


Question 2

An administrator has been tasked with building and enabling Secure Email Gateway (SEG) V2 on the Unified Access Gateway (UAG).

How should the SSL certificate be added to the UAG?

A. From the UAG console:
 Import-Certificate -FilePath “C:\CA-PublicKey.Cer” -CertStoreLocation Cert:\LocalMachine\Root
B. Upload the SSL certificate to the Workspace ONE UEM console, or upload it locally to the UAG when confirming the SEG Edge service on the UAG.
C. From the UAG console:
 sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
D. Upload the SSL certificate to the Workspace ONE UEM console, or add it when the SSL is configuring the SEG Edge service on the UAG.

Answer: D

Explanation:

When configuring Secure Email Gateway (SEG) V2 on the Unified Access Gateway (UAG), the SSL certificate plays a crucial role in securing communication between client devices, the UAG, and the backend email infrastructure. In the context of VMware Workspace ONE and SEG V2 specifically, administrators must add the SSL certificate during the SEG Edge service configuration process on the UAG.

Here’s a breakdown of why D is the correct answer:

  • Unified Access Gateway (UAG) uses SEG V2 as a microservice that requires its own SSL certificate for secure HTTP(S) communication. This certificate must be trusted by both the UAG and the connecting clients.

  • The SSL certificate can be added directly during SEG Edge service configuration on the UAG, or it may be uploaded through the Workspace ONE UEM console if you're using an integrated deployment process. However, the certificate is not automatically inherited from the UEM console for UAG-based SEG V2—manual configuration is typically required at the UAG level.

  • Therefore, Option D, which provides flexibility by stating the certificate can be added via UEM console or directly during the SEG configuration, most accurately reflects the supported and recommended method.

Now, let’s clarify why the other options are incorrect:

  • A. This is a PowerShell command used for importing a certificate into a Windows certificate store, which is not applicable to UAG, as UAG is a Linux-based appliance, not Windows. So this is technically incorrect.

  • B. This is partially correct but less accurate than D. It correctly mentions the two options—uploading to UEM or locally to UAG—but the wording “when confirming the SEG Edge service” is vague. The term “uploading locally when confirming” isn’t the precise step—rather, it’s during configuration of the SEG Edge service.

  • C. This is a macOS command using the security tool to add a trusted certificate to the macOS keychain, which has no relation to UAG or SEG configuration. So this is entirely unrelated to the UAG appliance or VMware Workspace ONE SEG.

To configure SEG V2 on UAG correctly, administrators must upload and bind the SSL certificate either by importing it directly during the SEG Edge service setup on the Unified Access Gateway or via the Workspace ONE UEM console if it's part of a managed deployment flow. This process ensures the communication between devices and UAG remains encrypted and secure, fulfilling enterprise security requirements. Option D best captures this method.


Question 3

Which two considerations should be noted when designing a Workspace ONE environment? (Choose two.)

A. Installing all product components
B. Testing environment
C. Involving stakeholders
D. Defining business drivers
E. Configuring integrations

Answer: C, D

Explanation:

Designing a successful Workspace ONE environment requires strategic planning and alignment with organizational needs. The two most critical considerations during the design phase are:

C. Involving stakeholders

  • Engaging key stakeholders (e.g., IT, security, compliance, HR, etc.) ensures the solution aligns with business and technical expectations.

  • Stakeholders provide insights into user requirements, security policies, and use cases, which directly affect design decisions.

D. Defining business drivers

  • Identifying business goals (e.g., BYOD adoption, remote workforce enablement, security posture enhancement) ensures that the Workspace ONE deployment delivers measurable value.

  • Clear business drivers help prioritize features and guide scalability and architecture choices.

Why the other options are not primary design considerations:

  • A. Installing all product components
     This is an implementation task—not a design consideration. Not all organizations need every component (e.g., some might not use VMware Tunnel or SEG).

  • B. Testing environment
     While important during validation and rollout, it's not a core part of the initial design phase.

  • E. Configuring integrations
     This is part of the implementation phase after design decisions have been finalized based on business and technical requirements.

Effective design of a Workspace ONE environment is grounded in understanding why the platform is needed (business drivers) and who needs it (stakeholders). These foundational considerations ensure the solution is tailored, scalable, and aligned with the organization’s goals.


Question 4

Users are able to seamlessly log into VMware Workspace ONE Access with Kerberos and then launch Horizon apps without a prompt for credentials. 

What must be enabled to support this feature?

A. Certificate (Cloud Deployment)
B. Password Caching
C. True SSO
D. Identity Bridging

Answer: C

Explanation:

To support seamless single sign-on (SSO) from VMware Workspace ONE Access to Horizon apps, the key enabling technology is True SSO.

What is True SSO?

True SSO is a VMware technology that allows users to log in to Horizon resources (desktops and apps) without entering their credentials again, even if they authenticated through methods that don’t involve passwords (e.g., Kerberos, smart cards, biometrics, or third-party identity providers).

In this scenario, users have already authenticated to Workspace ONE Access using Kerberos (which is a passwordless SSO method). When they launch Horizon resources, True SSO enables them to be automatically signed in without re-prompting for credentials, even though the backend systems (such as Active Directory) require a password.

Why not the other options?

  • A. Certificate (Cloud Deployment)
     This relates to certificate-based authentication for cloud deployments. It does not inherently provide seamless Horizon app logins unless integrated with True SSO.

  • B. Password Caching
     This stores the user’s password temporarily to replay during login. It is less secure and not necessary when True SSO is used.

  • D. Identity Bridging
     This is not a VMware Workspace ONE Access feature. While bridging concepts exist in broader identity and access management, True SSO is the VMware-specific solution for this use case.

Benefits of True SSO:

  • Passwordless authentication to Horizon resources.

  • Supports multiple authentication types (Kerberos, RADIUS, certificate, etc.).

  • Ensures strong security while maintaining a seamless user experience.

  • Eliminates need for storing or transmitting user passwords.

  • Enables full SSO flow from Workspace ONE Access to Horizon without additional prompts.

To ensure seamless access from Workspace ONE Access (via Kerberos login) to Horizon apps without credential prompts, True SSO must be enabled. It allows secure, passwordless logins across the entire VMware stack and is the recommended approach for integrated digital workspace experiences.



Question 5

An administrator needs to configure OpenID Connect in VMware Workspace ONE Access for third-party identity providers so the users may use their credentials for single sign-on. 

Which primary authentication protocol is used?

A. LDAP
B. FTP
C. IMAP
D. OAuth2

Answer: D

Explanation:

OpenID Connect (OIDC) is an authentication layer built on top of the OAuth 2.0 protocol. When configuring OIDC with VMware Workspace ONE Access, it leverages OAuth 2.0 as the underlying protocol for secure, standards-based single sign-on (SSO).

Why the other options are incorrect:

  • A. LDAP:
     Lightweight Directory Access Protocol is used for directory services, not for authentication protocols like OIDC or SSO.

  • B. FTP:
     File Transfer Protocol is used for transferring files and is not related to authentication.

  • C. IMAP:
     Internet Message Access Protocol is used for retrieving email messages—not for identity or authentication.

When using OpenID Connect (OIDC) with Workspace ONE Access, the primary protocol used is OAuth 2.0, making D the correct answer.


Question 6

Which certificate is needed during profile configuration when configuring an iOS Mobile SSO profile within VMware Workspace ONE UEM?

A. Device root
B. Tunnel client
C. APNs
D. KDC

Answer: D

Explanation:

When configuring iOS Mobile SSO in VMware Workspace ONE UEM, the critical certificate involved is the KDC certificate. This stands for Key Distribution Center certificate and is essential for enabling Kerberos-based authentication—the foundation of iOS Mobile SSO.

Why the KDC certificate is required:

  • The KDC certificate is used to authenticate the Kerberos protocol operations between the iOS device and the identity provider (e.g., Workspace ONE Access).

  • It enables ticket-based authentication, allowing users to access enterprise resources and services without entering credentials after the initial authentication.

  • The certificate allows the identity provider to impersonate the Kerberos Key Distribution Center, which is necessary for seamless SSO experiences on iOS devices.

Why the other options are incorrect:

  • A. Device root:
     A root certificate may be used to establish trust in the device or server communication, but it is not the specific certificate required for iOS Mobile SSO setup.

  • B. Tunnel client:
     Tunnel certificates are associated with VPN configurations or per-app tunnel use cases—not with the Mobile SSO profile.

  • C. APNs (Apple Push Notification Service):
     This is used for device management communication between Apple devices and UEM—not related to authentication or SSO.

To successfully implement iOS Mobile SSO in Workspace ONE UEM, the administrator must configure and assign a KDC certificate. This certificate plays a critical role in enabling Kerberos authentication, ensuring users get a seamless and secure sign-on experience on iOS devices. Therefore, the correct answer is D.


Question 7

An administrator is monitoring the Kerberos Auth service on the VMware Workspace ONE Access Connector Server. What is the proper health check URL if port 8443 is used for the Kerberos Auth service against a server with hostname = connector.local?

A. https://connector.local:8443/eks/health
B. http://connector.local/eks/health
C. https://connector.local/eks/health
D. http://connector.local:8443/eks/health

Answer: A

Explanation:

When monitoring the Kerberos Auth service on the Workspace ONE Access Connector, you can use a health check URL that is specific to the EKS (Enterprise Kerberos Service) component. The default and correct health check endpoint format is:

https://<hostname>:<port>/eks/health

In this case:

  • Hostname = connector.local

  • Port = 8443 (used for secure connections)

  • Path = /eks/health

Therefore, the correct health check URL is:

https://connector.local:8443/eks/health


This confirms that the Kerberos Auth service is running and healthy.

Why the other options are incorrect:

  • B. Uses http instead of https and omits the port—invalid for secure Kerberos service health checks.

  • C. Uses https but does not specify port 8443, which is needed since the Kerberos Auth service is running on a non-default port.

  • D. Uses http and port 8443, which is incorrect because port 8443 is typically associated with HTTPS, not HTTP.


Question 8

Which statement accurately describes Just-in-Time Provisioning (JIT)?

A. Workspace ONE Access acts as the service provider
B. Users are pre-synced into Workspace ONE Access from an Active Directory
C. Workspace ONE Access Connector is required for JIT Provisioning to work
D. JIT provisioned users can be individually deleted

Answer: D

Explanation:

Just-in-Time Provisioning (JIT) is a feature in VMware Workspace ONE Access that allows users to be created in Workspace ONE Access at the time of login, rather than being pre-synced from a directory like Active Directory. It’s typically used in conjunction with third-party identity providers using SAML 2.0.

Key Characteristics of JIT:

  • Users are provisioned automatically upon first login.

  • No need for pre-syncing from an identity source.

  • Workspace ONE Access does not require the Connector for JIT, because authentication and user details come directly from the third-party IdP.

  • JIT-provisioned users can be managed and deleted individually within Workspace ONE Access.

Why other options are incorrect:

  • A. Workspace ONE Access acts as the service provider — This is true in general, but it doesn’t describe JIT specifically.

  • B. Users are pre-synced... — This contradicts the concept of Just-in-Time.

  • C. Workspace ONE Access Connector is required... — Not true; JIT can work without the connector when using a third-party IdP.

Summary:

JIT creates users dynamically during login, and those users can be individually deleted later.

Correct answer: D.

Question 9

What is the primary purpose of VMware Workspace ONE Trust Network in VMware Workspace ONE Intelligence?

A. Delivering VPN profiles to devices
B. Assisting with integration of the Multi-Domain directory services across a trusted network
C. Integrating threat data from security solutions, including endpoint detection and response (EDR) solutions
D. Providing applications to end users

Answer: C

Explanation:

The VMware Workspace ONE Trust Network is a security framework within Workspace ONE Intelligence designed to:

  • Ingest and correlate threat intelligence from various third-party security tools (e.g., EDR, mobile threat defense, and network security solutions).

  • Provide real-time threat visibility across endpoints.

  • Allow automated responses based on threat posture using Intelligence Automation rules.

It integrates with tools such as Carbon Black, Lookout, Zimperium, and others to build a more secure digital workspace by sharing threat telemetry.

Why the other options are incorrect:

  • A. Delivering VPN profiles – This is handled by Workspace ONE UEM, not Trust Network.

  • B. Multi-domain directory services integration – Directory services integration is managed through Workspace ONE Access and the connector, not the Trust Network.

  • D. Providing applications – App deployment is handled by Workspace ONE UEM, not Intelligence or the Trust Network.

The primary role of the Workspace ONE Trust Network is to integrate threat intelligence data from multiple sources and enable automated, intelligent threat response.


Question 10

Which step is required to configure Digital Employee Experience Management (DEEM)?

A. Ensure devices ownership type is set to employee-owned
B. Enable DEEM Workspace ONE Access
C. Integrate the productivity app with Workspace ONE SDK
D. Use Windows and/or macOS managed devices in Workspace ONE UEM

Answer: D

Explanation:

To configure Digital Employee Experience Management (DEEM) in VMware Workspace ONE, one must have managed Windows and/or macOS devices enrolled in Workspace ONE UEM. DEEM relies on telemetry collected from these endpoints to measure and improve the digital experience of employees.

Key setup requirements include:

  • Devices must be managed by Workspace ONE UEM

  • Supported platforms: Windows 10/11 and macOS

  • Devices must have Workspace ONE Intelligent Hub installed

  • No SDK integration with productivity apps is required

  • Ownership type (employee vs corporate) is not a requirement for enabling DEEM

Why the other options are incorrect:

  • A. Device ownership type (employee-owned) is not a prerequisite for DEEM.

  • B. Workspace ONE Access is not required to enable DEEM.

  • C. Integrating apps with the Workspace ONE SDK is for app management and security, not DEEM telemetry.


Avanset - #1 VCE Player & Designer
How to Open VCE Files

Use VCE Exam Simulator to open VCE files

VCE Player for MAC
Sign UpSign Up Learn MoreLearn More Full VersionFull Version
UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.