ChromeOS-Administrator Google Exam Questions and Free Practice Test

Question 19

Your security team asks you to deploy on ChromeOS only a specific Android app for your security department. As a ChromeOS Administrator, you need to find a way to block all other Android apps except the one that you need. How are you going to proceed?

A. From the "Apps & extensions" page add the Android app on the security team user OU

B. On the "Users & Browser Settings'' ta

C. for the Play Store, use the "Block all apps, admin manages allowlist" policy and allow only the

D. Android app that you want from "Apps & extensions " On the "Users & Browser Settings'' ta

E. for the Chrome Web Store use the "Block all apps, admin manages allowlist" policy and allow only the Android app that you want on "Apps & extensions "

F. From trio "Apps & extensions" page add the Android app on the security team user OU and select "Force Install * pin to ChromeOS taskbar"

Correct Answer:B
✑ Access Google Admin Console: Sign in to your Google Admin console.
✑ Navigate to Device Management: Go to Devices > Chrome > Settings > Users & browsers.
✑ Locate Play Store Settings: Find the section related to the Play Store.
✑ Enable Allowlist Policy: Activate the policy "Block all apps, admin manages allowlist."
✑ Add the Security App: Go to the "Apps & extensions" section and add the specific Android app that you want to allow for the security team's organizational unit (OU).
This configuration ensures that all other Android apps are blocked from installation on ChromeOS devices, except the specified security app. This provides granular control over app deployment and enhances security by preventing unauthorized app usage.

Question 20

What format of certificate encoding is incompatible with ChromeOS devices?

A. PEM

B. CER

C. DER

D. CRT

Correct Answer:C
ChromeOS primarily uses the PEM format for certificate encoding. While it can handle other formats like CER and CRT, it does not support the DER format. DER is a binary format, while ChromeOS requires certificates in a text-based format.

Question 21

You have Long-term Support enabled for all devices within a particular OU. How often will these devices receive a feature update?

A. 4 months

B. 6 months

C. 2 months

D. 8 months

Correct Answer:B
ChromeOS devices configured forLong-term Support (LTS)receive feature updates every 6 months. LTS is designed for organizations that require stability and predictability in their device environment, minimizing disruptions caused by frequent updates.
Verified Answer from Official Source:
The correct answer is verified from theChromeOS Long-Term Support (LTS) Policy Documentation, which clearly states that updates under LTS are delivered every 6 months.
"LTS updates are released approximately every 6 months, providing stability and minimizing changes while maintaining security updates."
LTS is ideal for educational institutions and enterprises that prioritize stability over cutting- edge features, as it reduces the frequency of significant changes.
Objectives:
✑ Manage ChromeOS updates efficiently.
✑ Implement Long-term Support policies.
References:
ChromeOS Long-Term Support (LTS) Policy Documentation

Question 22

How should you generate a custom admin role?

A. Add user to security admin group

B. Add user to admin role OU

C. Create admin role and assign privileges

D. Set privileges on the user directly

Correct Answer:C
To create a custom admin role in the Google Admin console, you need tocreate the role and thenassign the required privileges. This method allows for precise control over what the delegated admin can manage, adhering to the principle of least privilege.
Verified Answer from Official Source:
The correct answer is verified from theGoogle Admin Console Roles and Permissions Guide, which explains the process of creating and assigning custom roles.
"To create a custom admin role, go to Admin Console > Admin roles, create a new role, and assign the necessary privileges."
Creating a custom role is essential when you need specific permissions to be delegated without granting full admin access, ensuring both security and operational efficiency. Objectives:
✑ Implement role-based access control (RBAC).
✑ Delegate admin tasks securely.
References:
Google Admin Console Roles and Permissions Guide

Question 23

What is the recommended way to provision users from an on-prem Active Directory environment into the Google Admin console?

A. Upload via CSV

B. Admin SDK Directory API

C. Azure AD Google Cloud/G Suite Connector

D. Google Cloud Directory Sync

Correct Answer:D
The "Deprovision" command is specifically designed to remove a ChromeOS device from management policy updates. This means the device will no longer receive updates, configurations, or restrictions pushed from the Google Admin console.
Here's what happens when you deprovision a device:
✑ Policy Removal: All enterprise policies and configurations are removed from the device.
✑ Management Removal: The device is disassociated from the Google Admin console and no longer considered managed.
✑ Data Wipe (Optional): You can choose to wipe the device's data during deprovisioning to ensure no company data remains.
Other options like "Reset," "Disable," or "Powerwash" may have different effects:
✑ Reset: Resets the device to factory settings but might not remove management if not done through the Admin console.
✑ Disable: Prevents the user from signing in but doesn't remove policies or management.
✑ Powerwash: Factory resets the device, removing all user data and configurations, including management.
References:
Deprovision a device: https://support.google.com/chrome/a/answer/3523633

Question 24

You want users to sign in to Chrome devices via SAML and be able to access SAML- enabled web applications without having to re-enter their credentials. How should you configure SAML?

A. Use Chrome App Builder to enable SSO for each application and force-install the applications using Chrome user policies

B. Enable SAML-based Single Sign-On for Chrome devices and Single Sign-On Cookie Behavior

C. Enable SAML-based Single Sign-On for each application via Chrome App Management

D. Enable SAML identity provider-initiated login for Google Authentication

Correct Answer:B
To allow seamless SSO across Chrome devices and SAML-enabled web applications, you shouldenable SAML-based Single Sign-On (SSO) for Chrome devicesand configure Single Sign-On Cookie Behavior. This ensures that once users log in via SAML, they will not be prompted to re-authenticate when accessing SAML-integrated applications. Verified Answer from Official Source:
The correct answer is verified from theGoogle Workspace SSO Configuration Guide, which explains how enabling SSO cookie behavior maintains authenticated sessions across multiple applications.
"Configure SAML-based SSO for Chrome devices and enable Single Sign-On Cookie Behavior to maintain authenticated sessions when accessing SAML-based applications."
This setup reduces the need for multiple logins, providing a seamless user experience while maintaining secure authentication.
Objectives:
✑ Enable seamless SAML-based SSO on ChromeOS.
✑ Reduce multiple login prompts for users.
References:
Google Workspace SSO Configuration Guide

START ChromeOS-Administrator EXAM