Google ChromeOS-Administrator Exam Practice Test Instant Access

Question 1

You are tasked with converting hundreds of Windows & Mac machines across multiple locations to ChromeOS Flex and enrolling them into the Admin console. The available network bandwidth Is limited at many of the locations and the devices are not currently managed with any endpoint management system. Which two operations are required to perform the task?

Choose 2 answers

ACreate a dedicated enrollment account tor each location and place them into the OUs you want the devices enrolled into then enable the 'Place ChromeOS device in user organization' policy and enroll the devices using the respective enrollment account for each location

BInstall the Recovery Tool extension on all devices that are to be converted and follow the step-by-step installer to convert each device directly without the need of USB drives

CUse PXE boot to load the ChromeOS Flex image onto devices and have them automatically convert across all locations after they're restarted

DContact an authorized Zero-Touch Enrollment (ZTE) reseller and share the serial numbers of the devices you're converting and the
domain you're enrolling them into to have them pre-provisioned into the Admin console

EDistribute USB flash drives with the ChromeOS Flex image to the different locations and ask local personnel or a services partner to manually convert each device

Answer : A, E

Create Dedicated Enrollment Accounts:Create separate enrollment accounts for each location,placing them in the respective OUs where the converted devices should be enrolled.

Enable Policy:Turn on the 'Place ChromeOS device in user organization' policy.This ensures devices are automatically enrolled into the correct OU based on the enrollment account used.

Enroll Devices:Use the dedicated enrollment account for each location to enroll the converted devices.This allows for organized management based on location.

Option E:

Distribute USB Drives:Prepare USB flash drives with the ChromeOS Flex image and distribute them to the different locations.

Manual Conversion:Instruct local personnel or a service partner to manually convert each device using the provided USB drives.This method is suitable when network bandwidth is limited and doesn't rely on existing endpoint management infrastructure.

Reasons for not choosing other options:

Option B:The Recovery Tool is primarily used for creating recovery media for ChromeOS devices,not converting other operating systems.

Option C:PXE boot is a network-based installation method,not ideal for locations with limited bandwidth.

Option D:While zero-touch enrollment (ZTE) streamlines enrollment,it requires pre-provisioning devices with the vendor or reseller,which might not be feasible in this scenario.

By combining options A and E, you can efficiently convert and enroll devices in multiple locations with limited network resources and no existing management systems.

Question 2

How would you deploy a Progressive Web Application to all managed user accounts?

AForce-install the Progressive Web Application URL in the 'Chrome Apps & extensions' page

BSet up Chrome Imprivata shared apps & extensions to force-install the Progressive Web Application URL

CGo to 'User & Browser Settings' and add the Progressive Web Application URL in the 'Legacy Browser Support' site list

DOpen 'Additional Google services' to force-install the Progressive Web Application URL

Answer : A

To deploy a Progressive Web Application (PWA) to all managed user accounts, follow these steps in the Google Admin console:

Navigate to Device Management:Go to Devices > Chrome > Settings > Apps & extensions.

Select User or Group:Choose the top-level organizational unit or a specific group to apply the PWA deployment.

Add by URL:Click on the yellow '+' icon and select 'Add by URL.'

Enter PWA URL:Paste the URL of the PWA you want to deploy.

Configure Installation Policy:Select 'Force install' to ensure the PWA is automatically installed for all users within the selected scope.

This method allows you to centrally manage and deploy PWAs across your organization, making them easily accessible to users on their ChromeOS devices.

Question 3

You are tasked with adding a security key to a single user account Where should you navigate to?

AUsers > Select User > Password

BUsers > Select User > Security

CSecurity > 2-step Verification

DSecurity > Password Management

Answer : B

To add a security key to a specific user account in the Google Admin console, follow these steps:

Navigate to Users:Click on 'Users' in the left sidebar to view the list of users in your domain.

Select User:Choose the specific user account to which you want to add the security key.

Go to Security Tab:In the user's profile,click on the 'Security' tab.

Add Security Key:Under the '2-Step Verification' section,you'll find the option to add a security key.Follow the on-screen instructions to register the security key with the user's account.

This method allows you to manage the security settings of individual users, including the addition of security keys for enhanced login protection.

Question 4

A customer deploys a large number of ChromeOS devices and would like to start the process of turning on Zero-Touch Enrollment (ZTE) to streamline their deployment process. As an administrator, what would be required to enable ZTE?

AGrant partner admin access

Bidentify OU to place devices during enrollment

CCreate a zero-touch token

DCreate a pre-provisioning token

Answer : B

Zero-touch enrollment (ZTE) automates the device enrollment process when users first power on their ChromeOS devices. Before you can enable ZTE, you need to determine the organizational unit (OU) where the devices should be placed during enrollment. This is crucial because different OUs can have different policies and configurations applied to them.

Plan Your OU Structure:If you haven't already,create a well-organized OU structure in your Google Admin console that reflects your organization's hierarchy and device management needs.

Select the Target OU:Choose the specific OU where you want the ZTE-enrolled devices to reside.Consider factors like department,location,or device type when making your decision.

Once you've identified the appropriate OU, you can proceed with creating a zero-touch enrollment token and associating it with that OU. This will ensure that newly enrolled devices are automatically placed in the correct OU and inherit the desired policies.

Question 5

What is a best practice for admin accounts on the Google Admin console?

ASuper Admins should be used for all changes to the domain

BGroup Admins should have 2FA enabled only if given security policy controls

CSuper Admins should use a separate user account tor day-to-day activities

DGroup Admins should have access to multiple groups

Answer : C

The principle of least privilege dictates that users should only have the minimum access necessary to perform their job functions. This applies to super admins as well. Using a separate user account for daily activities reduces the risk of accidental misconfiguration or unauthorized changes due to the elevated privileges associated with the super admin role.

Security:By using a separate account,super admins limit the potential attack surface in case their regular account is compromised.

Accountability:It's easier to track actions and changes when different accounts are used for different purposes.

Recovery:If the super admin account is locked or disabled,having a separate account allows for easier recovery.

Question 6

You have been asked to explain the built-in security features of ChromeOS. What i3 the benefit of having verified boot enabled on a ChromeOS device?

AIt ensures that the OS is uncompromised

BIt allows updates to happen in the background

CRunning both operating systems on one device at the same time makes It twice as powerful

DIt installs the known safe backup OS every time the device is slatted up.

Answer : A

Verified Boot in ChromeOS is a security mechanism that checks the integrity of the operating system during startup. If it detects any unauthorized modifications or compromises, it can initiate recovery processes to restore the OS to a known good state, ensuring that the device boots up with a secure and untampered operating system.

Option B is incorrect because background updates are a separate feature.

Option C is incorrect because dual-boot is not related to Verified Boot.

Option D is incorrect because Verified Boot doesn't install a backup OS but verifies the existing one.

Verified Boot: https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot/

Question 7

What should an administrator do to view the number and type of ChromeOS upgrades purchased and in use by their domain?

AVerify upgrades on devices page

BCheck subscriptions in billing

CContact partner to verify

DCheck reports page for upgrades

Answer : B

To view the number and type of ChromeOS upgrades purchased and in use, administrators should check the 'Subscriptions' section in the billing area of the Google Admin console. This section provides a clear overview of the organization's ChromeOS upgrade subscriptions and usage.

Other options are incorrect because they don't directly provide information about ChromeOS upgrade subscriptions:

Option A (Verify upgrades on devices page): Shows upgrades on individual devices, not the overall purchase and usage.

Option C (Contact partner to verify): Unnecessary if the information is readily available in the Admin console.

Option D (Check reports page for upgrades): Might provide some usage data, but not the purchase details.

Google Professional ChromeOS Administrator Exam Practice Test