A ChromeOS Administrator has deployed ChromeOS devices in their organization. How can the company evaluate the compatibility with future updates following Google’s best practices while still gaining access to new features when they launch?
AEnable "Auto Updates" on all devices on the "Stable", but let the employees in the IT department run their devices on the "Beta channel" so they have time to evaluate and adapt the environment to each update before it reaches Stable.
BDisable "Auto Updates" on all devices and let the admin test the newest release on the "Stable channel" on their own device before rolling it out organization-wide.
CSet 5% of the organization across several departments on the "Beta channel", and configure the rest of the fleet to receive auto updates on the "Stable channel".
DSet the entire fleet to update in accordance with the "Long-term Support (LTS) channel".
A customer has a mission-critical workload running on ChromeOS and needs devices configured to reduce ChromeOS changes. How can an admin reduce the risk of an unexpected change in an OS update affecting the customer’s entire ChromeOS device domain while maintaining security and minimizing admin workload?
AForce auto reboot after update
BEnable variations
CMove to a Long-term Support channel
DAdd an update rollout plan
As a ChromeOS Administrator, you are tasked with blocking incognito mode in the ChromeOS Browser. How would you prevent users from using incognito mode?
ANavigate to "Users & Browser Security Settings" and set the "Disallow incognito mode" policy
BGo to "User & Browser Settings" to restrict sign-in to pattern and "Disallow incognito mode"
CFrom "Device Settings", change Kiosk settings to "Disallow incognito mode"
DIn "Enrollment Settings", disable verified access and incognito mode for content protection
As an administrator, you would like the ability to see and test upcoming changes to the Google Admin console. How would an admin get access to pre-release features and upcoming ChromeOS device management changes to the Admin console?
AEnroll in the ChromeOS Factory Software Platform
BJoin the Chrome Enterprise BETA Testing
CRegister for the Chrome Enterprise Trusted Tester Program
DCreate a ChromeOS Developer Account
What are two ways customers can open a support case for ChromeOS? (Choose two.)
AChat support via the Admin console
BContact the device manufacturer
CFile feedback on the device with Alt + Shift + i
DFile case through Customer Care Portal
ESend an email to ChromeOS support
An admin wants to use a custom extension to install a client certificate on a ChromeOS device so that it can connect to the corporate Wi-Fi.
Which step is necessary to accomplish this?
AInstall on the device via guest mode
BDistribute through the Chrome Web Store
CForce-install to the device
DEncode the certificate in DER-encoded format
Which management feature makes ChromeOS devices a popular choice for IT administrators in educational organizations and enterprises?
ASecure management through on prem infrastructure
BRemote BIOS controls and firmware update
CCentralized management through Admin console
DInability to remotely control and monitor devices
As a ChromeOS Administrator, you have been asked to enroll all of your devices into a specific device OU using Zero-Touch Enrollment (ZTE). What are the next steps? (Choose two.)
AGenerate a ZTE pre-provision enrollment token for your specified device OU
BGive the company domain name to your Chrome Partner to enable ZTE
CGenerate a ZTE pre-provision enrollment token directly for your domain root OU
DGenerate a ZTE pre-provision enrollment token for your specified user OU
EUse a dedicated ZTE Admin account for device enrollment
What is a feature of Verified Boot?
AMakes sure that the firmware and OS have not been tampered with
BProtects anonymous guests from using the device
CEliminates the need for strict policy controls
DPrevents the user from accessing unauthorized websites
The security department has been informed that a ChromeOS device was stolen out of an employee’s car. What should you do in the Admin console to ensure the device is rendered inoperable while still maintaining management of the device?
ATag the ChromeOS device as stolen
BDisable the ChromeOS device
CPowerwash the ChromeOS device
DDeprovision the ChromeOS device
How would you deploy your "Terms of Services" page to all managed ChromeOS devices?
ANavigate to "Chrome Verified Access" and enable the policy for content protection
BGo to "User & Browser" and "Managed Guest Session" settings to upload your terms of service
CIn "User & Browser Settings" upload the "Terms of Service" as a wallpaper
DNavigate to "User & Browser" and "Managed Guest Session" settings to upload your custom avatar
You have a number of applications that you rely upon. You want to ensure that your applications continue to run smoothly with each new version of Chrome. What should you do?
AAsk users to provide feedback on the applications within a week of a new Chrome release.
BAdvise them to take no action. All applications are automatically supported on the latest version of Chrome.
CAlways install the latest version of those applications when they become available so they are always compatible with the latest version of Chrome.
DImplement a QA strategy and put their IT group and 5% of users on the beta channel of ChromeOS so they can find and report bugs early for upcoming Chrome releases.
A customer deploys a large number of ChromeOS devices and would like to start the process of turning on Zero-Touch Enrollment (ZTE) to streamline their deployment process. As an administrator, what would be required to enable ZTE?
AGrant partner admin access
BIdentify OU to place devices during enrollment
CCreate a zero-touch token
DCreate a pre-provisioning token
What should an administrator do to view the number and type of ChromeOS upgrades purchased and in use by their domain?
AVerify upgrades on devices page
BCheck subscriptions in billing
CContact partner to verify
DCheck reports page for upgrades
Which setting is required to restrict Chrome Remote Desktop use to only accounts on your domain?
AFirewall traversal
BURL Blocking
CRemote access clients
DChrome Remote Desktop service
You want users to sign in to ChromeOS devices via SAML Single Sign-On and be able to access websites and cloud services that rely on the same identity provider without having to re-enter credentials. How should you configure SAML?
AEnable SAML identity provider-initiated login for Google authentication
BEnable SAML-based Single Sign-On for ChromeOS devices and set the Single Sign-On cookie behavior to enable transfer of SAML SSO cookies into user sessions during login
CEnable SAML-based Single Sign-On for each application via Chrome App Management
DUse Chrome App Builder to enable SSO for application and force-install the application using ChromeOS user policies
An organization was recently hacked through an admin's choice of an operating system. Leadership decides to move to Chromebooks for their security.
While the organization waits for Chromebooks to be delivered, what will allow them to continue using their existing devices securely?
AChromeOS Readiness Guide
BChromeOS Managed Browser
CChromeOS Bytes
DChromeOS Flex
You want to enterprise enroll a device that has existing consumer accounts. What should you do first?
AContact Google support to convert the device into an enterprise device
BDelete all consumer accounts, and then follow the same steps for enrolling a brand new device
CFollow the same steps for enrolling a brand new device
DWipe the device
Your network administrator wants to block Google services traffic. What is the result?
AGoogle Search will not work.
BChrome devices will crash.
CChrome devices will not be able to reach Google.
DNothing. This isn’t an issue.
Your customer is deploying ChromeOS devices in their environment and requires those ChromeOS devices to adhere to web filtering via TLS (or SSL) inspection. What recommendations should you make to your customer in setting up the requirements for ChromeOS devices?
AConfigure a hostname allowlist, set up a TLS (or SSL) certificate, then verify TLS (or SSL) inspection is working.
BReach out to Google Workspace Security and Compliance for tailored configurations for your customer.
CConfigure a transparent proxy set up your allowlist to use *.google.com, then verify TLS (or SSL) inspection is working.
DChromeOS devices are preconfigured to adhere to company TLS (or SSL) inspection by default and can therefore be deployed with no additional configuration.
Your security team asks you to deploy on ChromeOS only a specific Android app for your security department. As a ChromeOS Administrator, you need to find a way to block all other Android apps except the one that you need. How are you going to proceed?
AFrom the "Apps & extensions" page, add the Android app on the security team user OU
BOn the "Users & Browser Settings" tab, for the Play Store, use the "Block all apps admin manages allowlist" policy and allow only the Android app that you want from "Apps & extensions"
COn the "Users & Browser Settings" tab, for the Chrome Web Store, use the "Block all apps, admin manages allowlist" policy and allow only the Android app that you want on "Apps & extensions"
DFrom the "Apps & extensions" page, add the Android app on the security team user OU and select "Force Install + pin to ChromeOS taskbar"
Which remote command is required to remove a device from management policy updates?
ADeprovision
BReset
CDisable
DPowerwash
To allow remote users to securely connect to an internal network, the organization you’re supporting is using a VPN. The organization would like you to configure the ChromeOS devices so that the Android VPN clients deployed are automatically configured with the correct hostname. How should you configure this in the Admin Console according to Google best practice?
ADownload the Android app on a ChromeOS device, add the hostname manually, then re-upload the app in the organization’s private Google Play Store and deploy it to all ChromeOS devices.
BContact the VPN provider and ask them to provide you with a custom installable client with the correct configuration pre-configured. Then deploy that installable.
CAdd a managed configuration using JSON to the Android app.
DUpload a JSON file with the configuration into the Google Play Store.
You need to get to the enterprise enrollment screen. What should you do?
APress Ctrl-Alt-E during the Chrome bootup sequence (Chrome logo animation)
BSign in with enterprise enrollment credentials provided by the customer at the user sign-in screen
CPress Ctrl-Alt-E on the initial welcome screen to set initial settings
DPress Ctrl-Alt-E at the user login screen before any user has signed in to the device
You are using a third-party service for SSO. Users are confused when signing onto a Chrome device because they are asked for Google account details before being redirected to the sign-in screen for your SSO provider. Which setting must be changed so managed devices open the SSO provider login page by default?
ASAML single sign-on login frequency
BSAML single sign-on password synchronization flows
Preview
