Exam4Training

Google ChromeOS Administrator Professional ChromeOS Administrator Online Training

Question #1

An admin wants to use a custom extension to install a client certificate on a ChromeOS device so that

it can connect to the corporate WI-FI.

Which step Is necessary to accomplish this?

  • A . Install on the device via guest mode
  • B . Distribute through the Chrome Web Store
  • C . Force-install to the device
  • D . Encode the certificate in DER-encoded format

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

To install a client certificate on a ChromeOS device for corporate Wi-Fi connectivity, it’s necessary to force-install the custom extension containing the certificate. This ensures the extension is installed and activated on the device, enabling it to use the certificate for authentication. Here’s how it works: Custom Extension: The admin creates or obtains a custom extension that includes the client certificate.

Force-Installation: Using the Google Admin console, the admin configures a policy to force-install the extension on ChromeOS devices within the organization.

Device Activation: Once the device receives the policy, the extension is automatically installed and activated, even if the user doesn’t manually add it.

Wi-Fi Authentication: The installed extension allows the device to use the client certificate for authentication when connecting to the corporate Wi-Fi network.

Option A is incorrect because guest mode installations are not persistent and won’t apply the certificate to the device’s Wi-Fi settings.

Option B is incorrect because distributing through the Chrome Web Store is not necessary for a custom extension intended for internal use.

Option D is incorrect because while the certificate encoding is important, it’s not the primary step for

enabling Wi-Fi authentication.

Reference: About ChromeOS device management: https://support.google.com/chrome/a/answer/1289314?hl=en pen_spark

Question #2

An organization was recently hacked through an admin’s choice of an operating system. Leadership decides to move to Chromebooks for their security.

While the organization waits for Chromebooks to be delivered, what will allow them to continue using their existing devices securely?

  • A . ChromeOS Readiness Guide
  • B . ChromeOS Managed Browser
  • C . ChromeOS Bytes
  • D . ChromeOS Flex

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

ChromeOS Flex allows the organization to repurpose existing devices by installing a lightweight version of ChromeOS on them. This provides a secure and familiar environment while they await the delivery of new Chromebooks.

Here’s why it’s the best choice:

Security: ChromeOS Flex inherits the security features of ChromeOS, such as sandboxing, verified boot, and automatic updates, mitigating the risks associated with the previous operating system. Quick Deployment: ChromeOS Flex can be easily installed on existing hardware using a USB drive, minimizing downtime and allowing employees to continue working.

Familiar Interface: The user interface of ChromeOS Flex is similar to ChromeOS, ensuring a smooth transition for employees.

Option A is incorrect because the ChromeOS Readiness Guide is a resource for planning migration, not an immediate security solution.

Option B is incorrect because while ChromeOS Managed Browser enhances security within a browser, it doesn’t address vulnerabilities in the underlying operating system.

Option C is incorrect because ChromeOS Bytes is a blog, not a software solution.

Reference: ChromeOS Flex: https://chromeenterprise.google/os/chromeosflex/

Question #3

Which site isolation policy will enable site isolation for your entire organization?

  • A . SitePerProcess
  • B . IsolateOfigins
  • C . IsolatePerProcess
  • D . SiteOrigins

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The SitePerProcess policy enables site isolation for the entire organization. This means that each website opened in Chrome will run in its own dedicated process, improving security and stability by isolating potential vulnerabilities and preventing one compromised site from affecting others.

Option B (IsolateOrigins) and Option D (SiteOrigins) are not valid policy names.

Option C (IsolatePerProcess) is close but not the exact name of the policy.

Reference: Site Isolation in Google Chrome: https://www.chromium.org/Home/chromium-security/site-isolation/

Question #4

What is a feature of Verified Boot?

  • A . Makes sure that the firmware and OS have not been tampered with
  • B . Protects anonymous guests from using the device
  • C . Eliminates the need for strict policy controls
  • D . Prevents the user from accessing unauthorized websites

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Verified Boot is a security feature in ChromeOS that checks the integrity of the system during startup. It verifies that the firmware (low-level software) and the operating system haven’t been modified or corrupted by unauthorized sources. If any tampering is detected, Verified Boot can initiate recovery processes to restore the system to a known good state.

Option B is incorrect because Verified Boot doesn’t directly manage guest access.

Option C is incorrect because Verified Boot is a security layer that complements, not replaces, policy controls.

Option D is incorrect because website access control is handled by other mechanisms like web filtering or content restrictions.

Reference: https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot/

Question #5

You are using a third-party service for SSO. Users are confused when signing onto a Chrome device because they are asked for Google account details before being redirected to the sign-In screen for your SSO provider.

Which setting must be changed so managed devices open the SSO provider login page by default?

  • A . SAML single sign-on login frequency
  • B . SAML single sign-on password synchronization flows
  • C . Single sign-on cookie behavior
  • D . Single sign-on IdP redirection

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The Single sign-on IdP redirection setting controls whether managed devices directly open the login page of the third-party SSO provider (Identity Provider) or first prompt for Google account credentials. By enabling this setting, you streamline the login process for users and eliminate the confusion caused by the extra Google account prompt.

Option A is incorrect because it controls the frequency of re-authentication for SAML SSO, not the initial login page.

Option B is incorrect because it relates to password synchronization between Google and the IdP, not the login page redirection.

Option C is incorrect because it deals with how cookies are handled for SSO, not the login page redirection.

Question #6

In regular user mode, how does an admin open the crosh shell on a ChromeOS device to run a ping command?

  • A . Ctrl + Alt + V
  • B . Ctrl + Alt + t
  • C . Ctrl + Alt + Tab +W
  • D . Ctrl + Alt + i

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

In regular user mode on a ChromeOS device, pressing Ctrl + Alt + t opens the crosh shell (Chrome OS developer shell), a command-line interface. From there, you can execute various commands, including ping to test network connectivity.

Other options are incorrect because they either have no assigned function or trigger different actions in ChromeOS.

Question #7

A large marketing company hires interns in the IT department. The interns should see only info from ChromeOS devices but should not be able to manage or update any device.

How should an admin assign this role to Interns?

  • A . Create a custom services admin role and enable 2FA
  • B . Create Custom role under Chrome management and assign Telemetry API role
  • C . Create Custom role under Chrome management and assign Settings rote
  • D . Create Custom role under Chrome management and assign Manage ChromeOS devices role K.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

To grant interns read-only access to ChromeOS device information without management or update capabilities, you should:

Create Custom Role: In the Google Admin console, navigate to "Device management" -> "Chrome management" -> "User settings" -> "Roles."

Assign Telemetry API Role: Within the custom role, assign the "Telemetry API" role. This allows interns to view device information collected through the API but not make changes.

Exclude Other Roles: Ensure no other roles are assigned that grant management or update permissions.

Option A is incorrect because it involves service admin roles, which typically have broader administrative access.

Option C is incorrect because the "Settings" role might grant more permissions than intended.

Option D is incorrect because the "Manage ChromeOS devices" role grants full management

capabilities, which is not suitable for interns.

Reference: Chrome Browser Cloud Management API: https://developers.google.com/chrome/policy

Question #8

To use Verified Access in your organization, you need to have a Chrome extension that calls Verified Access API on the client devices.

Where can you go to get this extension?

  • A . Google Play Store
  • B . Independent software vendor (ISV) or Google Verified Access API
  • C . Independent software vendor (ISV) repository
  • D . Software API Key store

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Verified Access requires a Chrome extension to communicate with the Verified Access API. While Google doesn’t directly provide this extension, it offers detailed documentation and resources through the Verified Access API. Independent software vendors (ISVs) can use these resources to develop and provide compatible extensions.

Option A is incorrect because Google Play Store is for Android apps, not Chrome extensions.

Option C is incorrect because while ISVs might offer extensions, it’s not the sole source. Google’s documentation is essential.

Option D is incorrect because API keys are for authentication, not the extension itself.

Question #9

You’re in charge of deploying video conferencing equipment and it has been decided that you will leverage ChromeOS devices.

What initial considerations should you make when deciding on devices?

  • A . Deploying instructional guides to all users on setup configuration, and use of new equipment
  • B . A form factor compatible for both remote and site workers is required
  • C . A precise time window on how to apply security patches and updates to all devices
  • D . Devices must have 8GB of RAM and obey supported processor models

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

When deploying video conferencing equipment using ChromeOS devices, the primary consideration is choosing a form factor (device type) that caters to both remote and on-site workers. This ensures flexibility and consistent user experience regardless of location.

Option A is incorrect because while instructional guides are helpful, they are a secondary concern to device suitability.

Option C is incorrect because security patch timing is important but not the initial consideration when choosing devices.

Option D is incorrect because while specifications matter, they should align with the chosen form factor and user needs.

Question #10

A ChromeOS Administrator has deployed ChromeOS devices in their organization.

How can the company evaluate the compatibility with future updates following Google’s best practices while still gaining access to new features when they launch?

  • A . Enable "Auto Updates" on all devices on the ‘Stable channel*, but let the employees in the IT department run their devices on the "Beta channel* so they have time to evaluate and adapt the environment to each update before it reaches Stable
  • B . Disable ‘’Auto Updates’’ on all devices and let the admin test the newest release on the "Stable channel" on their own device before rolling it out organization-wide
  • C . Set 5% of the organization across several departments on the ‘Beta channel"1, and configure the
    rest of the fleet to receive auto updates on
    the "Stable channel’
  • D . Set the entire fleet to update in accordance with the "Long-term Support (LTS) channel"

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

This approach balances access to new features with controlled testing. Here’s how it works: Stable Channel: Most devices receive automatic updates on the Stable channel, ensuring security and stability for the majority of users.

Beta Channel: IT staff use the Beta channel to access updates earlier, allowing them to identify and address potential issues before they affect the entire organization.

Evaluation and Adaptation: IT staff can test compatibility, adjust configurations, and prepare for broader deployment based on their experience with the Beta channel.

Option B is incorrect because disabling auto-updates compromises security and delays access to new features.

Option C is incorrect because while a small beta group is useful, it might not be enough to cover all potential issues.

Option D is incorrect because the LTS channel focuses on stability, not early access to new features.

Question #11

Which management feature makes ChromeOS devices a popular choice for IT administrators in educational organizations and enterprises?

Which management feature makes ChromeOS devices enterprises?

  • A . Secure management through on prem infrastructure
  • B . Remote BIOS controls and firmware update
  • C . Centralized management through Admin console
  • D . Inability to remotely control and monitor devices

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The ChromeOS Admin console provides centralized management, making it a popular choice for IT administrators. It allows them to manage policies, apps, extensions, and device settings from a single interface, streamlining administration and ensuring consistency across devices.

Option A is incorrect because ChromeOS management is primarily cloud-based, not on-premises.

Option B is incorrect because while BIOS control might be available, it’s not the primary management feature.

Option D is incorrect because ChromeOS devices can be remotely controlled and monitored through the Admin console.

Reference: About ChromeOS device management:

https://support.google.com/chrome/a/answer/1289314?hl=en

Question #12

What should an administrator do to view the number and type of ChromeOS upgrades purchased and in use by their domain?

  • A . Verify upgrades on devices page
  • B . Check subscriptions in billing
  • C . Contact partner to verify
  • D . Check reports page for upgrades

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

To view the number and type of ChromeOS upgrades purchased and in use, administrators should check the "Subscriptions" section in the billing area of the Google Admin console. This section provides a clear overview of the organization’s ChromeOS upgrade subscriptions and usage. Other options are incorrect because they don’t directly provide information about ChromeOS upgrade subscriptions:

Option A (Verify upgrades on devices page): Shows upgrades on individual devices, not the overall purchase and usage.

Option C (Contact partner to verify): Unnecessary if the information is readily available in the Admin console.

Option D (Check reports page for upgrades): Might provide some usage data, but not the purchase details.

Reference: Sign in to your Admin console: https://support.google.com/chrome/a/answer/182076?hl=en

Question #13

You have been asked to explain the built-in security features of ChromeOS.

What i3 the benefit of having verified boot enabled on a ChromeOS device?

  • A . It ensures that the OS is uncompromised
  • B . It allows updates to happen in the background
  • C . Running both operating systems on one device at the same time makes It twice as powerful
  • D . It installs the known safe backup OS every time the device is slatted up.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Verified Boot in ChromeOS is a security mechanism that checks the integrity of the operating system during startup. If it detects any unauthorized modifications or compromises, it can initiate recovery processes to restore the OS to a known good state, ensuring that the device boots up with a secure and untampered operating system.

Option B is incorrect because background updates are a separate feature.

Option C is incorrect because dual-boot is not related to Verified Boot.

Option D is incorrect because Verified Boot doesn’t install a backup OS but verifies the existing one.

Reference: Verified Boot: https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot/

Question #14

You’re the lead for the technology department and you’re working with your teammate on a hardware refresh in the upcoming year A major part of the refresh Is to consider ChromeOS devices for the majority of the users in the company.

What are some organization level objectives you should consider during this hardware refresh in regard to ChromeOS?

  • A . ChromeOS integration with current technological standards and practices can be worked on with trusted Google partners
  • B . Verifying If all the terms and conditions in the Chrome Online Agreement are applicable to ChromeOS
  • C . ChromeOS allows for advanced security flexible access, and simplified orchestration within the business
  • D . ChromeOS will need a rollout and execution plan commensurate with hardware supply availability

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

When considering a hardware refresh with ChromeOS devices, organizational-level objectives should focus on the strategic advantages that ChromeOS brings to the business:

Advanced Security: ChromeOS is known for its robust security features, including sandboxing, verified boot, automatic updates, and data encryption. These can significantly reduce the risk of malware infections and data breaches.

Flexible Access: ChromeOS devices support cloud-based applications and services, enabling employees to work from anywhere with an internet connection. This flexibility enhances productivity and collaboration.

Simplified Orchestration: ChromeOS devices are centrally managed through the Google Admin console, simplifying device deployment, configuration, and updates. This reduces IT overhead and streamlines device management processes.

Option A is relevant but not a primary organizational objective. While partner collaboration can be beneficial, the focus should be on how ChromeOS directly improves the organization’s operations.

Option B is incorrect because verifying the terms of the Chrome Online Agreement is a legal requirement, not a strategic objective.

Option D is relevant but not as impactful as the other objectives. While a rollout plan is necessary, the focus should be on the long-term benefits of ChromeOS for the organization.

Reference: Chrome Enterprise overview: https://chromeenterprise.google/

Question #15

You need to set a policy that prevents the device from shutting down while idling on the sign-in screen.

Where should you navigate to?

  • A . User Settings > Idle settings
  • B . User Settings > User Experience
  • C . Device Settings > Allow shutdown
  • D . Device Settings > Power management

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

To prevent a ChromeOS device from shutting down while idling on the sign-in screen, you need to adjust the power management settings. This can be done through the following steps: Go to the Google Admin console.

Navigate to Device Management > Chrome Management > Device Settings.

Find the Power management section and locate the setting that controls idle behavior on the sign-in screen.

Adjust the setting to prevent shutdown during idle periods.

Option A is incorrect because idle settings primarily control screen dimming and sleep behavior.

Option B is incorrect because user experience settings generally focus on visual and interaction aspects, not power management.

Option C is incorrect because there isn’t a specific "Allow shutdown" setting in ChromeOS device settings.

Question #16

You want users to sign in to ChromeOS devices via SAML Single Sign-On and be able to access websites and cloud services that rely on the same identity provider without having to re-enter credentials.

How should you configure SAML?

  • A . Enable SAML identity provider-initialed login for Google authentication
  • B . Enable SAML-based Single Sign-On for ChromeOS devices and set the Single Sign-On cookie
    behavior to enable transfer of SAML SSO cookies into user sessions during login
  • C . Enable SAML-based Single Sign-On for each application via Chrome App Management
  • D . Use Chrome App Builder to enable SSO for application and force-install the application using ChromeOS user policies

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

To achieve seamless SSO between ChromeOS devices and other web services using the same identity provider, you need to configure SAML SSO in the Google Admin console: Enable SAML-based SSO for ChromeOS devices.

In the SSO settings, find the Single Sign-On cookie behavior and set it to "Enable transfer of SAML SSO cookies into user sessions during login." This allows the SAML authentication cookie to be passed between the ChromeOS login and other web services, eliminating the need for re-authentication.

Option A is incorrect because it relates to the initial login method, not cookie transfer for subsequent SSO.

Options C and D are incorrect because they involve application-specific SSO configurations, not the general SAML SSO setup for the device.

Question #17

You need to get to the enterprise enrollment screen.

What should you do?

  • A . Press Ctrl-Alt-E during the Chrome bootup sequence (Chrome logo animation)
  • B . Sign in with enterprise enrollment credentials provided by the customer at the user sign-in screen
  • C . Press Ctrl-Alt-F on the initial welcome screen to set initial settings
  • D . Press Ctrl-Alt-E at the user login screen before any user has signed in to the device

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Power on or reboot the Chromebook.

Watch for the Chrome logo animation. This is the key moment to trigger enterprise enrollment. Press Ctrl+Alt+E simultaneously. This keyboard shortcut interrupts the normal boot process and redirects the Chromebook to the enterprise enrollment screen.

Follow the on-screen instructions. You’ll be prompted to enter information such as the domain name

of the organization and enrollment credentials.

Why this is the correct method:

Enterprise Enrollment Timing: The Ctrl+Alt+E shortcut is specifically designed to be used during the bootup sequence, before any user profile is loaded. This ensures the device is enrolled in the organization’s management system from the start.

Alternative Options: The other options mentioned are incorrect:

B (Sign in with credentials): This assumes the device is already enrolled and is used for regular user login.

C (Ctrl+Alt+F): This shortcut is used for accessing the ChromeOS developer shell (Crosh) and is not related to enrollment.

D (Ctrl+Alt+E at login): While technically possible to enroll at the login screen, it’s not the recommended method as it might not apply settings correctly to all user profiles.

Reference: Enroll a Chrome device: https://support.google.com/chrome/a/answer/1360534?hl=en

Question #18

You are enrolling several devices to send to a remote location.

How can you ensure that these devices will automatically connect to the wireless network at the remote location when powered on for the first time?

  • A . Add the wireless network credentials to the "Networks" section in the Admin console ensuring that they are applied to the ChromeOS devices By Device
  • B . Use the Google Zero-Touch Enrollment (ZTE) process and generate the provisioning token by clicking on the ‘Enroll device’ button in the Admin console ‘’Devices’’ page
  • C . During the enrollment process add the wireless credentials manually to each device in the Admin console ensuring that they are applied to ChromeOS devices By User
  • D . Add the wireless network credentials to the ‘Networks" section in the Admin console ensuring that they are applied to the ChromeOS devices By User

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

To ensure ChromeOS devices automatically connect to a specific wireless network upon initial power-on at a remote location, follow these steps in the Google Admin console: Navigate to Device Management > Chrome Management > Networks.

Add the Wi-Fi network credentials (SSID and password) to the list of networks.

Set the network configuration to apply By Device. This ensures that the credentials are pushed to the device itself, not tied to a specific user.

When the devices are powered on at the remote location, they will automatically detect and connect to the configured Wi-Fi network without requiring any manual intervention from the user.

Option B (Zero-Touch Enrollment) simplifies the initial setup process but doesn’t automatically configure Wi-Fi.

Options C and D are incorrect because applying network settings by user won’t ensure automatic connection on first boot before any user logs in.

Question #19

As a ChromeOS Administrator, you are tasked with blocking incognito mode in the ChromeOS Browser.

How would you prevent users from using incognito mode?

  • A . Navigate to "Users & Browser Security Settings’ and set the "Disallow incognito mode" policy
  • B . Go ,0 "User & Browser Settings’ to restrict sign-in to pattern and "Disallow incognito mode "
  • C . From "Device Settings’ change Kiosk settings to "Disallow incognito mode "
  • D . ln "Enrollment Settings" disable vended access and incognito mode (or content protection

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Access the Google Admin Console: Sign in to the Admin console using your ChromeOS administrator credentials.

Locate User Settings: Navigate to "Device Management" > "Chrome Management" > "User & browser settings".

Find Incognito Mode Policy: Within the settings, search for "Incognito mode".

Disable Incognito Mode: Select the option to "Disallow incognito mode".

Save Changes: Click "Save" to apply the policy to the designated users or organizational units.

Reference: Set up Chrome browser on managed devices:

https://support.google.com/chrome/a/answer/3523633?hl=en

Question #20

What format of certificate encoding is incompatible with ChromeOS devices?

  • A . PEM
  • B . CER
  • C . DER
  • D . CRT

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

ChromeOS primarily uses the PEM format for certificate encoding. While it can handle other formats like CER and CRT, it does not support the DER format. DER is a binary format, while ChromeOS requires certificates in a text-based format.

Exit mobile version