Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Question # 4

You have been asked to explain the built-in security features of ChromeOS. What i3 the benefit of having verified boot enabled on a ChromeOS device?

A.

It ensures that the OS is uncompromised

B.

It allows updates to happen in the background

C.

Running both operating systems on one device at the same time makes It twice as powerful

D.

It installs the known safe backup OS every time the device is slatted up.

Full Access
Question # 5

You want to restrict who can sign in to a managed device during working hours. Which two settings do you need to use?

Choose 2 answers

A.

Single sign-on IdP redirection

B.

Device oft hours

C.

User Data (Ephemera))

D.

Family Link accounts

Full Access
Question # 6

You are tasked with adding a security key to a single user account. Where should you navigate to?

A.

Security > Password Management

B.

Security > 2-step Verification

C.

Users > Select User > Security

D.

Users > Select User > Password

Full Access
Question # 7

Your team has members that work remotely. Your CTO would like to verify that your fleet of ChromeOS devices remains managed by corporate policy even after a device wipe. What would you configure to complete this objective?

A.

Set the setting "Powerwash" to "Do not allow powerwash to be triggered"

B.

Create strict password rules

C.

Edit the setting "Verified Access" to "Require verified mode for boot for verified access"

D.

Set up the Admin console to force the device to automatically re-enroll after wiping

Full Access
Question # 8

Your security department wants to mitigate the risk of data loss in the case of stolen equipment. As a ChromeOS Administrator, you want to ensure that your ChromeOS devices will be able to stay enterprise-managed. What should you do?

A.

Add a disabled device return instruction message.

B.

Enable the Autocomplete domain feature.

C.

Force devices to automatically re-enroll after wiping.

D.

Allow users into your organization to enroll new or re-enroll existing devices.

Full Access
Question # 9

You are enrolling several devices to send to a remote location. How can you ensure that these devices will automatically connect to the wireless network at the remote location when powered on for the first time?

A.

Add the wireless network credentials to the "Networks" section in the Admin console ensuring that they are applied to the ChromeOS devices By Device

B.

Use the Google Zero-Touch Enrollment (ZTE) process and generate the provisioning token by clicking on the 'Enroll device' button in the Admin console ‘’Devices’’ page

C.

During the enrollment process add the wireless credentials manually to each device in the Admin console ensuring that they are applied to ChromeOS devices By User

D.

Add the wireless network credentials to the 'Networks" section in the Admin console ensuring that they are applied to the ChromeOS devices By User

Full Access
Question # 10

What is a best practice for admin accounts on the Google Admin console?

A.

Super Admins should be used for all changes to the domain

B.

Group Admins should have 2FA enabled only if given security policy controls

C.

Super Admins should use a separate user account tor day-to-day activities

D.

Group Admins should have access to multiple groups

Full Access
Question # 11

You have found a possible security issue with an app that your users are using. The severity of this issue requires you to quickly see who is using this app. You have enabled the Chrome Reporting setting. What is the most efficient way to see what users are using the app?

A.

Under "Reports" -> "Token", download the entire results and place those results into a Google Sheet. Search for the app and note who is using it.

B.

Under "Security" -> "Access" and "Data Control" -> "API Controls", select "Manage third-party apps access". After the list of connected apps appears, you can now search for the app in question.

C.

Under "Devices" -> "Chrome" -> "Reports", use the "Apps and Extension" report to show all used apps in your domain. Click the app in question to get the list of devices that are using the app.

D.

Under "Devices" -> "Chrome" -> "Devices" you can manually check each device. Select the device in question, click "Remote Desktop" and audit the device.

Full Access
Question # 12

Help Desk administrators need a limited set of privileges to perform actions in the Google Admin console. How should an administrator grant these permissions while conforming to the practice of least privilege?

A.

Create a Service Desk Group and add Service Desk admins to the group

B.

Create a new custom admin role and assign

C.

Grant service desk administrators the Services Admin Role

D.

Allow Help Desk administrators full access to manage users

Full Access
Question # 13

You are asked why ChromeOS devices do not require additional antivirus software. How should you respond?

A.

Every time ChromeOS updates, it automatically updates the antivirus software on the device

B.

Every ChromeOS device is pre-installed with antivirus software which automatically updates during the life of the device

C.

As part of a multi-layered security approach ChromeOS uses a read-only operating system which cannot be affected by viruses

D.

The Admin console automatically deploys antivirus software to enrolled ChromeOS devices and is included in the Chrome Enterprise/Education Upgrade

Full Access
Question # 14

You have 150 Chrome Enterprise Upgrades (CEU) in your Google Admin console. You decide to purchase 20 Chromebook Enterprise devices (CBE). After enrollment, you would like to identify the type of licenses used by your devices. What should you do?

A.

From the "Device information" page, check the "Device Type" attribute content

B.

Check your "Billing subscription" page to identify devices with CBE and CEU

C.

Check directly from the device through the "About Chrome OS" page

D.

Check from the device through chrome://policy

Full Access
Question # 15

As an administrator, you would like the ability to see and test upcoming changes to the Google Admin console. How would an admin get access to pre-release features and upcoming ChromeOS device management changes to the Admin console?

A.

Enroll in the ChromeOS Factory Software Platform

B.

Join the Chrome Enterprise BETA Testing

C.

Register for the Chrome Enterprise Trusted Tester Program

D.

Create a ChromeQS Developer Account

Full Access
Question # 16

An admin is setting up third-party SSO for their organization as the super admin. When they test with their account, they do not see the SSO screen.

What is causing this behavior?

A.

SSO settings are misconfigured

B.

The account is in the wrong OrgUnit

C.

Third-party SSO is not enabled

D.

Super admin bypassed the thud-patty

Full Access
Question # 17

You are tasked with reducing the risk of a breach of your organization's identities. What should you do to minimize the risk?

A.

Connect your LDAP

B.

Configure individual Google Accounts

C.

Set up Single Sign-On (SSO)

D.

Set up Client-side encryption

Full Access
Question # 18

Within what time frame does the ChromeOS Flex upgrade transfer program support reusing Chrome Education/Enterprise Upgrades?

A.

3 years

B.

6 months

C.

1 year

D.

2 years

Full Access
Question # 19

You have been tasked with organizing separated policies that apply to devices or users. Using Google's best practices, how would you structure your OUs to best achieve this?

A.

Apply all policies to a single OU, then move devices and users to that OU

B.

Create a unique OU to apply devices and user policies

C.

Create a dedicated OU branch for devices, and another one for the users

D.

Manage all policies from the root OU

Full Access
Question # 20

One of the employees of the organization you're managing is leaving, and you want to prepare the device they've been using for adoption by a new user. What is the recommended action you need to take through the Admin console to remove any previous user data from the machine?

A.

Deprovision the device, reset it, and then finally re-enroll it

B.

Enable forced-reenrollment on the device OU and then factory reset the device

C.

Delete the user from the Admin console and powerwash the machine

D.

Select “Reset" on the devices overview page, and then ‘Clear User Profiles."

Full Access
Question # 21

You're the lead for the technology department and you're working with your teammate on a hardware refresh in the upcoming year A major part of the refresh Is to consider ChromeOS devices for the majority of the users in the company. What are some organization level objectives you should consider during this hardware refresh in regard to ChromeOS?

A.

ChromeOS integration with current technological standards and practices can be worked on with trusted Google partners

B.

Verifying If all the terms and conditions in the Chrome Online Agreement are applicable to ChromeOS

C.

ChromeOS allows for advanced security flexible access, and simplified orchestration within the business

D.

ChromeOS will need a rollout and execution plan commensurate with hardware supply availability

Full Access
Question # 22

The Finance Department is concerned about frequent Chromebook updates and asks you to explore a 6-month update cycle. Which update release option should you configure for these devices?

A.

Stable

B.

Beta

C.

LTS

D.

Canary

Full Access
Question # 23

What is needed for an admin to remote desktop to a user or managed guest session devices with the Admin console?

A.

The user must accept the connection request

B.

The user must share the session pin with the admin

C.

Both the admin and the remote device must be on the same network

D.

The admin must be in the same OU as the remote device

Full Access
Question # 24

At a specific location in your organization, users cannot log in to their ChromeOS devices. The ChromeOS Administrator has also noticed that devices have not synced in the past 24 hours. You have updated policies In the Admin console for your fleet of ChromeOS devices, but the devices are not getting the updated policies. What is a probable change in the environment that can cause these issues?

A.

A different location enrolled a large number of new devices

B.

Your network administrator has blocked all network traffic to Google services

C.

Your root Certificate Authority expired

D.

Your organization's licenses have recently expired

Full Access
Question # 25

A ChromeOS Administrator has deployed ChromeOS devices in their organization. How can the company evaluate the compatibility with future updates following Google's best practices while still gaining access to new features when they launch?

A.

Enable "Auto Updates" on all devices on the 'Stable channel*, but let the employees in the IT department run their devices on the "Beta channel* so they have time to evaluate and adapt the environment to each update before it reaches Stable

B.

Disable ‘’Auto Updates’’ on all devices and let the admin test the newest release on the "Stable channel" on their own device before rolling it out organization-wide

C.

Set 5% of the organization across several departments on the 'Beta channel"1, and configure the rest of the fleet to receive auto updates on

the "Stable channel'

D.

Set the entire fleet to update in accordance with the "Long-term Support (LTS) channel"

Full Access
Question # 26

How would you deploy a Progressive Web Application to all managed user accounts?

A.

Force-install the Progressive Web Application URL in the "Chrome Apps & extensions" page

B.

Set up Chrome Imprivata shared apps & extensions to force-install the Progressive Web Application URL

C.

Go to "User & Browser Settings" and add the Progressive Web Application URL in the "Legacy Browser Support" site list

D.

Open "Additional Google services" to force-install the Progressive Web Application URL

Full Access
Question # 27

As a ChromeOS Administrator, you are tasked with blocking incognito mode in the ChromeOS Browser. How would you prevent users from using incognito mode?

A.

Navigate to "Users & Browser Security Settings" and set the "Disallow incognito mode" policy.

B.

Go to "User & Browser Settings" to restrict sign-in to pattern and "Disallow incognito mode."

C.

From "Device Settings", change Kiosk settings to "Disallow incognito mode."

D.

In "Enrollment Settings", disable verified access and incognito mode for content protection.

Full Access
Question # 28

Which management feature makes ChromeOS devices a popular choice for IT administrators in educational organizations and enterprises?

Which management feature makes ChromeOS devices enterprises?

A.

Secure management through on prem infrastructure

B.

Remote BIOS controls and firmware update

C.

Centralized management through Admin console

D.

Inability to remotely control and monitor devices

Full Access
Question # 29

To allow remote users to securely connect to an internal network, the organization you're supporting is using a VPN. The organization would like you to configure the ChromeOS devices so that the Android VPN clients deployed are automatically configured with the correct hostname. How should you configure this in the Admin Console according to Google best practice?

A.

Download the Android app on a ChromeOS device, add the hostname manually then re-upload the app in the organization's private Google Play Store and deploy it lo all ChromeOS devices

B.

Contact the VPN provider and ask them to provide you with a custom installable client with the correct configuration pre-configured Then deploy that installable

C.

Add a managed configuration using JSON to the Android app

D.

Upload a JSON file with the configuration into the Google Play Store

Full Access
Question # 30

As your organization’s administrator, you want to assign a delegated admin custom role in order to perform a limited set of ChromeOS device management tasks only for the Marketing organizational unit. What should you do?

A.

Create and assign a super admin role

B.

Create and assign a custom role with "Chrome Management permissions" for the root OU

C.

Create and assign a custom role with "Chrome Management permissions" for the Marketing devices OU

D.

Create and assign a custom role with "Chrome Management permissions" for the Marketing Users OU

Full Access
Question # 31

An organization has created organization units within the Google Admin console for additional management structure. What is the most effective way to manage each OU while not affecting the top-level OU policy?

A.

Disable auto updates

B.

Override the inheritance for a given policy

C.

Delete sublevel OUs and only work from the top level OU

D.

Force inheritance from top level OU to all OUs

Full Access
Question # 32

Which remote command is required to remove a device from management policy updates?

A.

Deprovision

B.

Reset

C.

Disable

D.

Powerwash

Full Access
Question # 33

Your network administrator wants to block Google services traffic. What is the result?

A.

Google Search will not work

B.

Chrome devices will crash

C.

Chrome devices will not be able to reach Google

D.

Nothing This isn't an issue

Full Access
Question # 34

You want users to sign in to ChromeOS devices via SAML Single Sign-On and be able to access websites and cloud services that rely on the same identity provider without having to re-enter credentials. How should you configure SAML?

A.

Enable SAML identity provider-initialed login for Google authentication

B.

Enable SAML-based Single Sign-On for ChromeOS devices and set the Single Sign-On cookie behavior to enable transfer of SAML SSO cookies into user sessions during login

C.

Enable SAML-based Single Sign-On for each application via Chrome App Management

D.

Use Chrome App Builder to enable SSO for application and force-install the application using ChromeOS user policies

Full Access
Question # 35

What is a feature of Verified Boot?

A.

Eliminates the need for strict policy controls

B.

Protects anonymous guests from using the device

C.

Prevents the user from accessing unauthorized websites

D.

Makes sure that the firmware and OS have not been tampered with

Full Access