Google ChromeOS Administrator Practice Test - Questions Answers, Page 3
List of questions
Related questions
Question 21
What is the recommended way to provision users from an on-prem Active Directory environment into the Google Admin console?
Explanation:
The 'Deprovision' command is specifically designed to remove a ChromeOS device from management policy updates. This means the device will no longer receive updates, configurations, or restrictions pushed from the Google Admin console.
Here's what happens when you deprovision a device:
Policy Removal:All enterprise policies and configurations are removed from the device.
Management Removal:The device is disassociated from the Google Admin console and no longer considered managed.
Data Wipe (Optional):You can choose to wipe the device's data during deprovisioning to ensure no company data remains.
Other options like 'Reset,' 'Disable,' or 'Powerwash' may have different effects:
Reset:Resets the device to factory settings but might not remove management if not done through the Admin console.
Disable:Prevents the user from signing in but doesn't remove policies or management.
Powerwash:Factory resets the device,removing all user data and configurations,including management.
Deprovision a device:https://support.google.com/chrome/a/answer/3523633
Question 22
To allow remote users to securely connect to an internal network, the organization you're supporting is using a VPN. The organization would like you to configure the ChromeOS devices so that the Android VPN clients deployed are automatically configured with the correct hostname. How should you configure this in the Admin Console according to Google best practice?
Explanation:
This is the most efficient and scalable way to automatically configure Android VPN clients on ChromeOS devices with the correct hostname:
Obtain Configuration:Get the required VPN configuration details (hostname,authentication methods,etc.) from the VPN provider or your organization's network administrator.This configuration is typically in JSON format.
Create Managed Configuration:In the Google Admin console,navigate to Devices > Chrome > Settings > Android Apps > Managed Configurations.
Select the VPN App:Choose the specific Android VPN app you want to configure.
Add JSON Configuration:Paste the JSON configuration into the provided field.Ensure the configuration is valid and accurate.
Save and Deploy:Save the managed configuration and apply it to the desired organizational units (OUs) containing the ChromeOS devices.
This method allows you to centrally manage VPN configurations for Android apps on ChromeOS devices, ensuring consistency and reducing the manual effort required from users.
Question 23
Your customer is deploying ChromeOS devices in their environment and requires those ChromeOS devices to adhere to web filtering via TLS (or SSL) Inspection. What recommendations should you make to your customer in setting up the requirements for ChromeOS devices?
Explanation:
To set up TLS (or SSL) inspection for web filtering on ChromeOS devices, you need to follow these steps:
Configure Hostname Allowlist:Create an allowlist of hostnames (e.g.,*.google.com,*[invalid URL removed]) that should bypass TLS inspection.This ensures that essential services like Google services and your own domain can function properly.
Set up TLS Certificate:Obtain the required TLS/SSL certificate from your web filter provider and install it on your web filter.ChromeOS devices need this certificate to establish a secure connection with the web filter for TLS inspection.
Verify TLS Inspection:Once the configuration is in place,test and verify that TLS inspection is working as expected.This involves checking if the web filter can correctly intercept and decrypt HTTPS traffic for websites not on the allowlist.
Why other options are not correct:
Option B:While reaching out to Google Workspace Security and Compliance can be helpful,it's not the primary step in setting up TLS inspection.The configuration needs to be done on the web filter and ChromeOS devices.
Option C:Transparent proxies are generally not recommended for ChromeOS devices as they can interfere with certain functionalities.While it might work with an allowlist for Google domains,it's not the best practice.
Option D:ChromeOS devices do not come preconfigured to adhere to company TLS inspection.This configuration needs to be set up explicitly by the administrator.
About TLS (or SSL) inspection on ChromeOS devices:https://support.google.com/chrome/a/answer/3504942
Verify TLS (or SSL) inspection works:https://support.google.com/chrome/a/answer/3504943
Question 24
As a ChromeOS Administrator, you are tasked with blocking incognito mode in the ChromeOS Browser. How would you prevent users from using incognito mode?
Explanation:
Access the Google Admin Console: Sign in to the Admin console using your ChromeOS administrator credentials.
Locate User Settings: Navigate to 'Device Management' > 'Chrome Management' > 'User & browser settings'.
Find Incognito Mode Policy: Within the settings, search for 'Incognito mode'.
Disable Incognito Mode: Select the option to 'Disallow incognito mode'.
Save Changes: Click 'Save' to apply the policy to the designated users or organizational units.
Set up Chrome browser on managed devices: https://support.google.com/chrome/a/answer/3523633?hl=en
Question 25
What format of certificate encoding is incompatible with ChromeOS devices?
Explanation:
ChromeOS primarily uses the PEM format for certificate encoding. While it can handle other formats like CER and CRT, it does not support the DER format. DER is a binary format, while ChromeOS requires certificates in a text-based format.
Question 26
A customer deploys a large number of ChromeOS devices and would like to start the process of turning on Zero-Touch Enrollment (ZTE) to streamline their deployment process. As an administrator, what would be required to enable ZTE?
Explanation:
Zero-touch enrollment (ZTE) automates the device enrollment process when users first power on their ChromeOS devices. Before you can enable ZTE, you need to determine the organizational unit (OU) where the devices should be placed during enrollment. This is crucial because different OUs can have different policies and configurations applied to them.
Plan Your OU Structure:If you haven't already,create a well-organized OU structure in your Google Admin console that reflects your organization's hierarchy and device management needs.
Select the Target OU:Choose the specific OU where you want the ZTE-enrolled devices to reside.Consider factors like department,location,or device type when making your decision.
Once you've identified the appropriate OU, you can proceed with creating a zero-touch enrollment token and associating it with that OU. This will ensure that newly enrolled devices are automatically placed in the correct OU and inherit the desired policies.
Question 27
You are tasked with adding a security key to a single user account Where should you navigate to?
Explanation:
To add a security key to a specific user account in the Google Admin console, follow these steps:
Sign in to Google Admin console:Use your administrator credentials to access the console.
Navigate to Users:Click on 'Users' in the left sidebar to view the list of users in your domain.
Select User:Choose the specific user account to which you want to add the security key.
Go to Security Tab:In the user's profile,click on the 'Security' tab.
Add Security Key:Under the '2-Step Verification' section,you'll find the option to add a security key.Follow the on-screen instructions to register the security key with the user's account.
This method allows you to manage the security settings of individual users, including the addition of security keys for enhanced login protection.
Question 28
How would you deploy a Progressive Web Application to all managed user accounts?
Explanation:
To deploy a Progressive Web Application (PWA) to all managed user accounts, follow these steps in the Google Admin console:
Sign in to Google Admin console:Use your administrator credentials to access the console.
Navigate to Device Management:Go to Devices > Chrome > Settings > Apps & extensions.
Select User or Group:Choose the top-level organizational unit or a specific group to apply the PWA deployment.
Add by URL:Click on the yellow '+' icon and select 'Add by URL.'
Enter PWA URL:Paste the URL of the PWA you want to deploy.
Configure Installation Policy:Select 'Force install' to ensure the PWA is automatically installed for all users within the selected scope.
This method allows you to centrally manage and deploy PWAs across your organization, making them easily accessible to users on their ChromeOS devices.
Question 29
How would you deploy your 'Terms of Services' page to all managed ChromeOS devices?
Explanation:
Go to the Google Admin console.
Navigate to 'Device Management' > 'Chrome Management' > 'User & browser settings'.
Find the section for 'Managed Guest Session'.
Locate the setting for 'Terms of Service'.
Upload your 'Terms of Service' document in plain text format.
This will present your Terms of Service to users when they log in as a guest on any managed ChromeOS device.
Why other options are incorrect:
A . Chrome Verified Access: This is for controlling access to corporate resources, not displaying terms of service.
C . Wallpaper: Using the wallpaper to display terms of service is not practical or user-friendly.
D . Custom avatar: The avatar is for user personalization and not related to terms of service.
Question 30
What are two methods for signing in to a Chrome OS device? Choose 2 answers
Explanation:
Single sign-on (SSO): This allows users to sign in to their Chrome OS device using their organizational credentials. This is particularly useful in enterprise or educational settings where users already have an existing account.
Facebook Connect: This allows users to sign in to their Chrome OS device using their Facebook credentials. This can be convenient for users who are already logged into Facebook on another device.
Options A and C are incorrect:
SMS code sent to mobile phone: This is not a standard sign-in method for Chrome OS devices.
Google Friend Connect: This was a social networking service that has been discontinued.
Question