Google ChromeOS Administrator Exam Questions Instant Access

Question 1

A global organization is deploying ChromeOS devices to all of their users. Corporate policy requires all web traffic to be filtered using an existing enterprise solution such that employees cannot access 1 million unauthorized websites. What should you configure to meet this requirement?

AA user policy to blocklist the URLs

BA user policy enforcing the use of a web proxy

CA firewall rule to blocklist the URLs

DA 'Network access control deny' policy to blocklist the URLs

Answer : B

The most effective way to ensure that all web traffic is filtered is to enforce the use of a web proxy via user policy. By configuring the ChromeOS devices to use a proxy server, all internet traffic will be routed through the proxy, where filtering rules are applied.

Verified Answer from Official Source:

The correct answer is verified from the Google ChromeOS Network Management Guide, which recommends using a web proxy to manage and filter web traffic efficiently.

'To enforce web filtering policies, configure a web proxy through user policies. This ensures that all internet traffic passes through the filtering system.'

Web proxies allow IT administrators to manage and restrict access to websites centrally, providing consistent and scalable content filtering across the organization.

Objectives:

Implement web filtering using a proxy.

Enforce secure internet access policies.

Google ChromeOS Network Management Guide

Question 2

How should you use Chrome Remote Desktop from the Google Admin console to connect a user?

AFind the user account and click remote desktop

BOpen Chrome Remote Desktop and type the device serial number

COpen Chrome Remote Desktop and type the user's user name

DFind the device and click remote desktop

Answer : D

To initiate a remote desktop session to a ChromeOS device using the Google Admin console, follow these steps:

Navigate to Devices: Go to Devices > Chrome > Devices.

Locate the Device: Find the device you want to connect to using its serial number or other identifying information.

Start Remote Desktop Session: Click on the device and select 'Remote desktop.' This will send a connection request to the user, who must accept it before the session can start.

Question 3

The security team is requiring Wi-Fi connectivity to be disabled on ChromeOS devices. Using the Google Admin console, how would you configure ChromeOS devices to block all WI-FI connectivity and hide the WI-FI Icon?

AConfigure 'Restricted Wi-Fi Networks '

BPrevent WiMax connectivity

CRemove Wi-Fi from 'Enabled network interfaces '

DRestrict 'Auto Connecting' to Wi-Fi

Answer : C

To completely disable Wi-Fi and hide the Wi-Fi icon on ChromeOS devices, you need to modify the 'Network' settings in the Google Admin console:

Go to 'Device Management' > 'Chrome Management' > 'Device Settings'.

Select the organizational unit (OU) containing the devices you want to manage.

Under 'Network', find 'Enabled network interfaces' and remove 'Wi-Fi' from the list.

Save the changes.

This will disable Wi-Fi adapters on the devices and hide the Wi-Fi icon, preventing users from connecting to Wi-Fi networks.

Why other options are incorrect:

A . Restricted Wi-Fi Networks: This setting only limits which networks users can connect to, not disable Wi-Fi entirely.

B . Prevent WiMax connectivity: WiMax is a different wireless technology and not relevant to Wi-Fi.

D . Restrict 'Auto Connecting' to Wi-Fi: This only prevents automatic connection to networks but doesn't disable Wi-Fi entirely.

Question 4

You are setting up a proof of concept using an email-verified trial environment rather than a domain-verified one. After trying to integrate with their existing third-party Identity Provider (IdP) to provision their user accounts, you encounter an error. What would be the most likely reason for this?

AEmail-verified domain environments only allow for a single managed user per domain

BYou need to verify a domain in order to integrate with third-party IdPs

CYou are only able to manage devices in an email-verified domain, not users

DYou need to purchase Google Workspace licenses to be able to integrate with third-party IdPs

Answer : B

Email-verified environments lack the full capabilities of domain-verified environments, particularly when integrating with third-party Identity Providers (IdPs). To integrate with an external IdP like Okta or Azure AD, you must first verify the domain to ensure secure and authenticated access.

Verified Answer from Official Source:

The correct answer is verified from the Google Workspace SSO Configuration Guide, which specifies that domain verification is a prerequisite for setting up SSO and integrating with third-party IdPs.

'Domain verification is required before you can integrate third-party Identity Providers (IdPs) for SSO within the Admin console.'

Without domain verification, the system does not have the necessary trust and authentication measures in place to delegate login processes to external providers.

Objectives:

Integrate ChromeOS with third-party SSO solutions.

Ensure domain verification before setting up SSO.

Google Workspace SSO Configuration Guide

Question 5

Due to security threats, your security team would like to immediately prevent any apps on a ChromeOS device from being able to use USB devices. How can you as the admin implement this security practice as quickly and efficiently as possible?

ACreate an allowlist and add apps that do not need USB permissions

BCreate a blocklist and add apps that use USB permissions

CCreate a blocklist, add apps that use USB permissions, and allow users to 'request' apps that are not approved

DBlock apps by using the 'Block apps by permissions settings' which will allow you to select 'USB' as permission type to block

Answer : D

To quickly block apps from accessing USB devices on ChromeOS, use the 'Block apps by permissions' settings in the Admin console. Selecting 'USB' as the permission type ensures that no application on the device can interact with USB peripherals, mitigating potential security threats.

Verified Answer from Official Source:

The correct answer is verified from the Google ChromeOS Application and Device Management Guide, which details using permission-based blocking for enhanced security.

'To block applications from using USB devices, configure the 'Block apps by permissions' setting in the Admin console and select 'USB' as the restricted permission.'

This method provides a comprehensive and quick way to mitigate USB-based threats without individually managing each application.

Objectives:

Strengthen ChromeOS device security.

Manage app permissions effectively.

Google ChromeOS Application and Device Management Guide

Question 6

You have 150 Chrome Enterprise Upgrades (CEU) in your Google Admin console. You decide to purchase 20 Chromebook Enterprise devices (CBE). After enrollment, you would like to identify the type of licenses used by your devices. What should you do?

AFrom the 'Device information' page, check the 'Device Type' attribute content

BCheck your 'Billing subscription' page to identify devices with CBE and CEU

CCheck directly from the device through the 'About Chrome OS' page

DCheck from the device through chrome://policy

Answer : A

To distinguish between Chrome Enterprise Upgrades (CEU) and Chromebook Enterprise (CBE) devices, go to the Device information page in the Admin console and check the 'Device Type' attribute. This attribute clearly indicates whether the device has a CBE or CEU license.

Verified Answer from Official Source:

The correct answer is verified from the Google Chrome Enterprise Licensing Guide, which specifies how to identify device types based on licensing information.

'To check the licensing type, go to the Admin console, navigate to Devices > Chrome > Devices, and check the 'Device Type' attribute on the device information page.'

This method provides a clear distinction between devices with built-in licenses (CBE) and those upgraded with a separate license (CEU).

Objectives:

Identify license types for ChromeOS devices.

Efficiently manage device inventory and licensing.

Google Chrome Enterprise Licensing Guide

Question 7

The finance team for an organization buys a new printer to print sensitive documents without using the main office printer. How should you automatically configure the printer for finance team users?

ADeploy correct drivers to the finance devices

BDeploy the printer via Groups

CAdd the printer directly to the user

DPlug the new printer directly into the router

Answer : B

To configure the printer specifically for finance team users, the most efficient approach is to deploy the printer via Groups. By assigning the printer to a Google Group that contains finance team members, the printer will automatically be available to all users in that group without manual configuration for each device.

Verified Answer from Official Source:

The correct answer is verified from the Google Admin Console Printing Configuration Guide, which recommends using Groups to deploy printers for specific user sets.

'Deploy printers to user groups to ensure that only specified users have access. Use the Groups feature to manage printer availability efficiently.'

Using Groups for printer deployment ensures that only authorized users (in this case, finance team members) can print sensitive documents, maintaining security and ease of access.

Objectives:

Secure printer access for specific user groups.

Simplify printer configuration for departments.

Google Admin Console Printing Configuration Guide

Google Professional ChromeOS Administrator Exam Questions