Google ChromeOS Administrator Exam Practice Test Instant Access

Question 1

Where in the security settings should an admin configure login integration with Okta in the Admin console?

ASSO with third-party IdPs

BDomain-wide authentication

CSSO with first-party as SAML IdP

DMulti-Factor Authentication

Answer : A

To integrate ChromeOS login with Okta, a third-party identity provider, you must configure the settings under 'SSO with third-party IdPs' in the Google Admin console. Okta acts as a SAML-based identity provider, and this setting allows ChromeOS devices to authenticate users using Okta credentials.

Verified Answer from Official Source:

The correct answer is verified from the Google Workspace Identity and Access Management Guide, which outlines how to set up SSO with third-party IdPs like Okta.

'To configure Single Sign-On (SSO) for ChromeOS devices using Okta, navigate to the Admin console > Security > Set up single sign-on (SSO) with third-party identity providers.'

This configuration allows seamless authentication using Okta, centralizing user login management. It also ensures that all ChromeOS devices within the organization use the same login credentials provided by Okta.

Objectives:

Implement SSO with third-party IdPs.

Integrate ChromeOS with Okta.

Google Workspace Identity and Access Management Guide

Question 2

The finance team for an organization buys a new printer to print sensitive documents without using the main office printer. How should you automatically configure the printer for finance team users?

ADeploy correct drivers to the finance devices

BDeploy the printer via Groups

CAdd the printer directly to the user

DPlug the new printer directly into the router

Answer : B

To configure the printer specifically for finance team users, the most efficient approach is to deploy the printer via Groups. By assigning the printer to a Google Group that contains finance team members, the printer will automatically be available to all users in that group without manual configuration for each device.

Verified Answer from Official Source:

The correct answer is verified from the Google Admin Console Printing Configuration Guide, which recommends using Groups to deploy printers for specific user sets.

'Deploy printers to user groups to ensure that only specified users have access. Use the Groups feature to manage printer availability efficiently.'

Using Groups for printer deployment ensures that only authorized users (in this case, finance team members) can print sensitive documents, maintaining security and ease of access.

Objectives:

Secure printer access for specific user groups.

Simplify printer configuration for departments.

Google Admin Console Printing Configuration Guide

Question 3

A global organization is deploying a fleet of ChromeOS devices to all their users. Organization policy requires all web traffic to be filtered using an existing proxy service to prevent access to 1 million unauthorized websites. What ChromeOS policy should you configure to meet this requirement?

A'Always use the proxy specified below', and provide the URL to pac file configuration

B'Always use the proxy auto-config specified below', and provide the IP port information

C'Always use the proxy specified below', and provide the IP port to the proxy services

D'Always use a network access control deny' policy to deny the URLs

Answer : A

To ensure that all web traffic is filtered according to organizational policy, configure the ChromeOS devices to 'Always use the proxy specified below' and provide the URL to the PAC (Proxy Auto-Config) file. The PAC file contains logic to determine which proxy server to use for specific URLs, allowing dynamic and flexible proxy configurations.

Verified Answer from Official Source:

The correct answer is verified from the Google ChromeOS Proxy Configuration Guide, which outlines using a PAC file to configure web filtering for large-scale deployments.

'Use the 'Always use the proxy specified below' setting and specify the URL to the PAC file to enforce consistent web filtering across all ChromeOS devices.'

PAC files are commonly used to direct traffic through specific proxies based on URL patterns, which is ideal for managing large lists of restricted websites efficiently.

Objectives:

Configure ChromeOS devices to use web proxies.

Enforce consistent web filtering through proxy settings.

Google ChromeOS Proxy Configuration Guide

Question 4

One of the employees of the organization you're managing is leaving, and you want to prepare the device they've been using for adoption by a new user. What is the recommended action you need to take through the Admin console to remove any previous user data from the machine?

ADeprovision the device, reset it, and then finally re-enroll it

BEnable forced-reenrollment on the device OU and then factory reset the device

CDelete the user from the Admin console and powerwash the machine

DSelect ''Reset' on the devices overview page, and then 'Clear User Profiles.'

Answer : B

The best practice for preparing a ChromeOS device for a new user while keeping it managed is to enable forced-reenrollment and then factory reset (Powerwash) the device. This ensures that any user-specific data is removed while the device remains enrolled and under enterprise control.

Verified Answer from Official Source:

The correct answer is verified from the ChromeOS Device Reassignment Guide, which states that enabling forced-reenrollment ensures the device remains managed even after a factory reset.

'To maintain management after a user leaves, enable forced-reenrollment on the OU and then perform a factory reset (Powerwash) on the device.'

This approach removes all user-specific data, including files and settings, while ensuring that the device automatically re-enrolls upon reboot, maintaining management and security.

Objectives:

Securely reassign ChromeOS devices.

Maintain enterprise management and policies.

ChromeOS Device Reassignment Guide

Question 5

What are two reasons that Chromebooks never experienced a ransomware attack?

(Choose 2 answers)

AAll applications run in a sandbox

BAutomatic virus scanning keeps them safe

CUsers are not able to download software

DAll web traffic is SSL inspected

EDevices go through a Verified Boot process

Answer : A, E

Chromebooks have proven resilient against ransomware attacks for the following reasons:

All applications run in a sandbox: Each app operates in an isolated environment, preventing malicious code from affecting the system or other apps.

Devices go through a Verified Boot process: This feature ensures that the operating system has not been tampered with, reverting to a known safe version if a compromise is detected.

Verified Answer from Official Source:

The correct answers are verified from the Google ChromeOS Security Overview, which outlines sandboxing and Verified Boot as key security measures.

'ChromeOS leverages application sandboxing to isolate processes and uses Verified Boot to ensure system integrity, thereby protecting against malware and ransomware.'

These security mechanisms prevent ransomware from embedding itself into the OS or spreading to other parts of the system, making Chromebooks inherently more secure.

Objectives:

Understand ChromeOS security architecture.

Recognize the role of sandboxing and verified boot in preventing attacks.

Google ChromeOS Security Overview

Question 6

Your team has members that work remotely. Your CTO would like to verify that your fleet of ChromeOS devices remains managed by corporate policy even after a device wipe. What would you configure to complete this objective?

ASet the setting 'Powerwash' to 'Do not allow powerwash to be triggered'

BCreate strict password rules

CEdit the setting 'Verified Access' to 'Require verified mode for boot for verified access'

DSet up the Admin console to force the device to automatically re-enroll after wiping

Answer : D

To ensure that ChromeOS devices remain managed after a wipe, you need to enable forced re-enrollment. This setting automatically re-enrolls the device into the management domain after it has been wiped (Powerwashed). This feature is crucial for organizations that manage devices remotely, as it prevents unauthorized users from removing management settings.

Verified Answer from Official Source:

The correct answer is verified from the Google ChromeOS Device Management Best Practices Guide, which recommends enabling forced re-enrollment to maintain device management continuity.

'To ensure devices remain managed after wiping, enable the 'Forced Re-enrollment' policy in the Admin console. This setting ensures automatic re-enrollment upon startup.'

Forced re-enrollment prevents the loss of device management, which is essential for maintaining security and policy compliance, especially in remote or dispersed environments.

Objectives:

Enforce device management after Powerwash.

Maintain compliance in remote work environments.

Google ChromeOS Device Management Best Practices Guide

Question 7

You need to create a recovery image on a USB stick. Which two steps should you take?

(Choose 2 answers)

AGo to google.com/chromebooks

BInstall Chrome Recovery Utility and download the image for the correct device model to a USB stick.

CGo to Chrome Web Store on a Chrome device

DGo to Google Play store

EGo to Device Settings.

Answer : B, C

Creating a recovery image for ChromeOS involves using the Chrome Recovery Utility, which is available in the Chrome Web Store. This tool allows users to create a recovery USB drive by downloading the necessary OS image and writing it to the USB stick.

Verified Answer from Official Source:

The correct answers are verified from the ChromeOS Recovery Guide, which specifies the use of the Chrome Recovery Utility from the Chrome Web Store.

'To create a ChromeOS recovery image, download the Chrome Recovery Utility from the Chrome Web Store. Follow the on-screen instructions to create a recovery USB stick.'

The Recovery Utility is the recommended method for creating a USB recovery device, ensuring compatibility and correctness of the OS image.

Objectives:

Perform system recovery for ChromeOS devices.

Utilize official recovery tools.

ChromeOS Recovery Guide

Google ChromeOS Administrator Professional ChromeOS Administrator Exam Practice Test