Google Chrome-Enterprise-Administrator Professional Chrome Enterprise Administrator Certification Exam Exam Practice Test

When both Group Policy (local machine policy) and Chrome Enterprise Core (cloud policy) are configured on a Windows device, the effective policy is determined by a defined order of precedence. Generally, cloud policies for managed browsers will override conflicting local policies. The specific precedence order is configurable, but it follows a hierarchical structure where certain policy sources take priority over others. Options C and D present a simplified view that might not always be the case depending on the configuration. Option B is a general principle of conflict resolution but doesn't describe the specific order in Chrome policy application.

===========

When a managed browser is deleted from the Google Admin console, it needs to be re-enrolled to receive policies again. The process for re-enrollment typically involves deleting the **device management token** from the local machine. Upon relaunching Chrome, the browser will detect the absence of the token and attempt to re-enroll with the cloud management service, at which point it will receive a new token and the latest policies. Deleting the enrollment token (option B) might disrupt the initial enrollment if it still existed. Deleting Chrome policies (option C) might not trigger re-enrollment. Clearing the cache and signing back in (option D) addresses user profile data, not device enrollment.

===========

To prevent extensions from modifying the internal homepage, the administrator should add `*.acme.com` to the "Runtime blocked hosts" list. The wildcard `*` ensures that any attempt to access or modify this domain by an extension will be blocked at runtime. Additionally, to disable access to storage and history, the administrator needs to explicitly disable the "Storage" and "History" permissions within the extension management settings. Therefore, the correct combination is to block the host and disable the permissions.

===========

A significant increase in requested permissions in a new version of a critical extension poses a security risk. The most prudent action is to block the updated extension until the administrator can verify the necessity of the new permissions or until a less permissive version is released. Version pinning (option D) only delays the issue and doesn't address the potential risk in the new version. Blocking specific hosts (option A) doesn't limit the extension's overall capabilities. Customizing permissions (option C) is generally not possible for Chrome extensions managed through the Google Admin console.

===========

The key advantage of using the Google Admin console for managing Chrome updates in a multi-platform environment is its ability to apply policies consistently across Windows, macOS, and Linux devices. Group Policy (GPMC) is a Windows-specific tool and cannot natively manage Chrome updates on other operating systems. The Google Admin console provides a centralized and platform-agnostic approach to Chrome management.

===========

The Chrome Insights Report in the Google Admin console provides visibility into the managed Chrome browser environment. Key report types available here include "Browsers pending updates" to identify devices needing patching, "Browsers without activity in the past 28 days" to understand browser usage, and "Browsers that have been recently enrolled" for monitoring onboarding. The other options list reports that are either not specific to Chrome Insights or related to device hardware rather than browser status.

===========

When Chrome's Safe Browsing feature identifies a website as potentially risky and displays a warning page that the user might bypass to visit the site, this interaction is typically logged in the Audit and Investigation Report as a "Site Warning Unsafe Site Visit" event. This allows administrators to track instances where users might be exposed to potentially malicious content despite browser warnings. SSL errors relate to certificate issues, untrusted site visit is a more general term, and site isolation violation refers to a different security mechanism.

===========

If an extension that is force-installed via policy is unpublished from the Chrome Web Store, the Chrome browser will detect this status and automatically disable the extension on managed devices. This is a security mechanism to prevent the continued use of potentially compromised or no longer maintained extensions.

===========

When managing inactive device tokens, the "Renew Token" option is crucial for allowing devices to re-enroll after a period of inactivity. If the token is revoked, invalidated, or deleted, the device will likely require a manual re-enrollment process. Renewing the token provides a mechanism for the device to check back in and remain managed.

===========

To minimize disruption while ensuring updates are applied, an engineer can configure a "Relaunch window" in the Relaunch notification settings. This allows users to be prompted to restart within a specific timeframe that is less likely to interrupt their critical work hours, giving them more control over when the restart occurs after an update. Disabling automatic updates (option A) would compromise security. Adding a quiet period (option B) only suppresses notifications, not the forced restart. Setting the auto-update check policy to occur during core work hours (option C) affects when updates are downloaded, not when the restart occurs.

===========

For macOS devices without MDM, the enrollment token can be embedded in the base image. The correct path for placing the cloud management enrollment token on macOS is `/Library/Google/Chrome/CloudManagementEnrollmentToken`. The other paths listed are for Windows Registry (A), a non-standard Linux path (C), and a potentially incorrect macOS path (D).

===========

A "3rd Party Risk Score" provides an objective assessment of the extension's security and privacy risks, often based on automated analysis of its code, requested permissions, developer reputation, and other factors. This is a more data-driven approach to evaluating safety compared to simply counting permissions (which doesn't account for the sensitivity of each permission), the Manifest version (which indicates features but not necessarily safety), or Chrome Web Store ratings (whichare subjective and can be manipulated).

===========

The extension ID `ufninibicajhgibfhjcgnimlmdhccodfl` is present in the `ExtensionInstallForceList`. Extensions in this list are automatically installed and cannot be removed by the user. Therefore, when the user visits the Chrome Web Store page for "Grammar Friend," they will see a blue banner indicating that the extension is required by their organization, and the "Remove from Chrome" button will be disabled. The "Add to Chrome" button will not be clickable in the standard way because it's already being force-installed.

===========

The most effective way to manage extensions in this scenario is to use a combination of OUs and groups. Create an OU for the shared devices and force-install the shared extensions at this OU level. Then, create separate user groups for FTEs and Contractors in the Google Admin console and force-install their specific extensions to these groups. User group policies have a higher precedence than OU policies, ensuring the correct extensions are available to each user type when they sign in to the shared devices. Option A mentions Group Policy Objects, which are for Windows environments and less relevant in a cloud-managed scenario across potentially different OSes. Option B doesn't address the shared device aspect effectively. Option C is not a managed approach.

===========

The **Enrollment Token** is the key to associating a Chrome browser instance with a specific organizational unit (OU) in the Google Admin console during the enrollment process. By applying the correct enrollment token during setup, the browser will be placed in the designated OU and inherit the policies configured for that OU. Device Management Tokens are more relevant for ChromeOS devices. Browser Policy Tokens are not a standard term for OU assignment during enrollment. Cloud Management Token is a general term encompassing the enrollment process.

===========