ChromeOS-Administrator Google Exam Questions and Free Practice Test

Question 25

A user reports that their Chrome device has been stolen. What should the administrator do?

A. Use the Google Admin console to turn on the stolen Chromebook's webcam

B. Use the Google Android Device Manager to locate the Chromebook

C. Set the stolen Chromebook lo disabled mode to prevent user sign-ins

D. Remotely wipe user data from the Chromebook

Correct Answer:C
When a Chrome device is reported stolen, the administrator should immediately take action to protect the data and prevent unauthorized access. The most effective step is to disable the device through the Google Admin console. This will prevent anyone from signing in to the device, rendering it unusable.
Here's how to disable a stolen Chrome device:
✑ Sign in to Google Admin console: Use your administrator credentials.
✑ Navigate to Devices: Go to Devices > Chrome > Devices.
✑ Locate the Device: Find the stolen device using its serial number or other identifying information.
✑ Disable the Device: Click on the device and select "Disable."
This will disable the device and prevent anyone from signing in, even if they try to reset the device.

Question 26

At a specific location in your organization, users cannot log in to their ChromeOS devices. The ChromeOS Administrator has also noticed that devices have not synced in the past 24 hours. You have updated policies In the Admin console for your fleet of ChromeOS devices, but the devices are not getting the updated policies. What is a probable change in the environment that can cause these issues?

A. A different location enrolled a large number of new devices

B. Your network administrator has blocked all network traffic to Google services

C. Your root Certificate Authority expired

D. Your organization's licenses have recently expired

Correct Answer:B
Blocking all network traffic to Google services would prevent ChromeOS devices from communicating with Google servers. This would lead to several issues:
✑ Login failures:ChromeOS devices require access to Google services for user
authentication and login.
✑ Sync failures:ChromeOS relies on Google services to sync user data, settings, and policies.
✑ Policy updates not received:ChromeOS devices fetch policy updates from Google servers, so blocking access would prevent them from getting updates.
Why other options are less likely:
✑ A. New devices enrolled:While enrolling new devices might cause some temporary network congestion, it wouldn't typically block all communication with Google services.
✑ C. Root CA expiration:This would affect secure connections to websites, but not necessarily prevent all communication with Google services.
✑ D. Expired licenses:Expired licenses would restrict access to some features but wouldn't prevent basic login and sync functionality.

Question 27

What are two methods for signing in to a Chrome OS device? Choose 2 answers

A. SMS code sent to mobile phone

B. Single sign-on

C. Google Friend Connect

D. Facebook Connect

Correct Answer:BD
✑ Single sign-on (SSO):This allows users to sign in to their Chrome OS device using their organizational credentials. This is particularly useful in enterprise or educational settings where users already have an existing account.
✑ Facebook Connect:This allows users to sign in to their Chrome OS device using their Facebook credentials. This can be convenient for users who are already logged into Facebook on another device.
Options A and C are incorrect:
✑ SMS code sent to mobile phone:This is not a standard sign-in method for Chrome OS devices.
✑ Google Friend Connect:This was a social networking service that has been discontinued.

Question 28

Which email address should an admin use when setting up an online trial of ChromeOS?

A. Organization email address

B. Google email address

C. Personal email address

D. Temporary email address

Correct Answer:A
When setting up an online trial for ChromeOS or related Google services, it is essential to use anorganization email address. This ensures that the trial is associated with the correct domain and is managed centrally. Using personal or temporary addresses can result in configuration issues or lack of proper administrative control.
Verified Answer from Official Source:
The correct answer is verified from theGoogle Chrome Enterprise Setup Guide, which advises using an official organizational email when registering for trials.
"To begin a ChromeOS trial, sign up using your organization's email address to ensure the trial is associated with your business domain."
Using an organization email address ensures the trial setup aligns with enterprise management and integrates correctly with existing Google Workspace configurations. Objectives:
✑ Properly initiate ChromeOS trials for enterprise use.
✑ Maintain organizational control over trial configurations.
References:
Google Chrome Enterprise Setup Guide

Question 29

You are tasked with converting hundreds of Windows & Mac machines across multiple locations to ChromeOS Flex and enrolling them into the Admin console. The available network bandwidth Is limitedat many of the locations and the devices are not currently managed with any endpoint management system. Which two operations are required to perform the task?
Choose 2 answers

A. Create a dedicated enrollment account tor each location and place them into the OUs you want the devices enrolled into then enable the 'Place ChromeOS device in user organization" policy and enroll the devices using the respective enrollment account for each location

B. Install the Recovery Tool extension on all devices that are to be converted and follow the step-by-step installer to convert each device directly without the need of USB drives

C. Use PXE boot to load the ChromeOS Flex image onto devices and have them automatically convert across all locations after they're restarted

D. Contact an authorized Zero-Touch Enrollment (ZTE) reseller and share the serial numbers of the devices you're converting and the domain you're enrolling them into to have them pre-provisioned into the Admin console

E. Distribute USB flash drives with the ChromeOS Flex image to the different locations and ask local personnel or a services partner to manually convert each device

Correct Answer:AE
✑ Create Dedicated Enrollment Accounts: Create separate enrollment accounts for each location, placing them in the respective OUs where the converted devices should be enrolled.
✑ Enable Policy: Turn on the "Place ChromeOS device in user organization" policy. This ensures devices are automatically enrolled into the correct OU based on the enrollment account used.
✑ Enroll Devices: Use the dedicated enrollment account for each location to enroll the converted devices. This allows for organized management based on location.
Option E:
✑ Distribute USB Drives: Prepare USB flash drives with the ChromeOS Flex image and distribute them to the different locations.
✑ Manual Conversion: Instruct local personnel or a service partner to manually convert each device using the provided USB drives. This method is suitable when network bandwidth is limited and doesn't rely on existing endpoint management infrastructure.
Reasons for not choosing other options:
✑ Option B: The Recovery Tool is primarily used for creating recovery media for ChromeOS devices, not converting other operating systems.
✑ Option C: PXE boot is a network-based installation method, not ideal for locations with limited bandwidth.
✑ Option D: While zero-touch enrollment (ZTE) streamlines enrollment, it requires pre-provisioning devices with the vendor or reseller, which might not be feasible in this scenario.
By combining options A and E, you can efficiently convert and enroll devices in multiple locations with limited network resources and no existing management systems.

Question 30

Help Desk administrators need a limited set of privileges to perform actions in the Google Admin console. How should an administrator grant these permissions while conforming to the practice of least privilege?

A. Create a Service Desk Group and add Service Desk admins to the group

B. Create a new custom admin role and assign

C. Grant service desk administrators the Services Admin Role

D. Allow Help Desk administrators full access to manage users

Correct Answer:B
✑ How to Create a Custom Admin Role:
Why Other Options Are Less Ideal:
✑ A. Service Desk Group: Groups are primarily for organization and don't provide granular permission control.
✑ C. Services Admin Role: This role has broader permissions than what a Help Desk typically needs, violating the PoLP.
✑ D. Full Access: This grants excessive privileges and significantly increases the risk of accidental or intentional misuse.

START ChromeOS-Administrator EXAM