
[2024年11月23日] ChromeOS-Administrator PDF問題とテストエンジンには62問があります
更新された試験エンジンはChromeOS-Administrator試験無料お試しサンプル365日更新されます
Google ChromeOS-Administrator 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
質問 # 13
Your hardware OEM issues a recall for a safety issue. You need to deprovision devices from management before returning to the OEM. They will replace your existing ChromeOS devices with a different model.
Which option should you choose when deprovisioning to make sure you can reuse your Chrome Education/Enterprise Upgrade and remain compliant?
- A. Same model replacement
- B. Different model replacement
- C. ChromeOS Flex upgrade transfer
- D. Retiring from fleet
正解:B
解説:
When deprovisioning ChromeOS devices for a hardware recall and replacement with different models, choosing the "Different model replacement" option is crucial to retain the Chrome Education/Enterprise Upgrade license compliance. This option ensures that the license is transferred to the new device correctly, avoiding any compliance issues or the need to repurchase licenses.
Here's why this option is important:
* License Transfer: It specifically designates the deprovisioning as being due to a hardware replacement with a different model. This triggers the system to transfer the license to the new device upon enrollment.
* Compliance: It maintains the compliance of your Chrome Education/Enterprise Upgrade licenses, ensuring you don't violate any licensing terms.
* Cost Savings: It avoids the need to purchase new licenses for the replacement devices, saving your organization money.
質問 # 14
What is the recommended way to provision users from an on-prem Active Directory environment into the Google Admin console?
- A. Google Cloud Directory Sync
- B. Admin SDK Directory API
- C. Upload via CSV
- D. Azure AD Google Cloud/G Suite Connector
正解:A
解説:
The "Deprovision" command is specifically designed to remove a ChromeOS device from management policy updates. This means the device will no longer receive updates, configurations, or restrictions pushed from the Google Admin console.
Here's what happens when you deprovision a device:
* Policy Removal: All enterprise policies and configurations are removed from the device.
* Management Removal: The device is disassociated from the Google Admin console and no longer considered managed.
* Data Wipe (Optional): You can choose to wipe the device's data during deprovisioning to ensure no company data remains.
Other options like "Reset," "Disable," or "Powerwash" may have different effects:
* Reset: Resets the device to factory settings but might not remove management if not done through the Admin console.
* Disable: Prevents the user from signing in but doesn't remove policies or management.
* Powerwash: Factory resets the device, removing all user data and configurations, including management.
References:
* Deprovision a device: https://support.google.com/chrome/a/answer/3523633
質問 # 15
A customer has a mission-critical workload running on ChromeOS and needs devices configured to reduce ChromeOS changes. How can an admin reduce the risk of an unexpected change in an OS update affecting the customer's entire ChromeOS device domain while maintaining security and minimizing admin workload?
- A. Force auto reboot after update
- B. Enable variations
- C. Move to a Long-term Support channel
- D. Add an update rollout plan
正解:D
解説:
Update rollout plans in the Google Admin console allow administrators to gradually roll out ChromeOS updates to a subset of devices first. This allows for testing in a controlled environment before deploying to the entire fleet, reducing the risk of unexpected issues impacting all devices.
Steps to add an update rollout plan:
* Access Google Admin Console: Sign in with your administrator credentials.
* Navigate to Device Management: Go to Devices > Chrome > Settings > Updates.
* Create Rollout Plan: Click on "Add an update rollout plan."
* Select Devices: Choose the specific devices or organizational units (OUs) to include in the initial rollout.
* Set Timeline: Define the start and end dates for the rollout.
* Save and Apply: Save the plan and apply it to the selected devices.
質問 # 16
You want to restrict who can sign in to a managed device during working hours. Which two settings do you need to use?
Choose 2 answers
- A. Family Link accounts
- B. Device oft hours
- C. Single sign-on IdP redirection
- D. User Data (Ephemera))
正解:A、B
解説:
* Device off hours: This setting allows you to specify times when the device cannot be used, effectively restricting access to certain hours.
* Family Link accounts: Family Link is a parental control app that allows you to manage a child's account and device usage. By requiring Family Link accounts, you can enforce sign-in restrictions for younger users.
Other options are incorrect because:
* A: Single sign-on (SSO) redirection simplifies sign-in for authorized users, but doesn't inherently restrict access.
* C: User Data (Ephemeral) controls whether user data is saved locally, but doesn't restrict sign-in.
References:
* https://support.google.com/chrome/a/answer/3523633
* https://families.google.com/familylink/
質問 # 17
You are tasked with converting hundreds of Windows & Mac machines across multiple locations to ChromeOS Flex and enrolling them into the Admin console. The available network bandwidth Is limited at many of the locations and the devices are not currently managed with any endpoint management system.
Which two operations are required to perform the task?
Choose 2 answers
- A. Install the Recovery Tool extension on all devices that are to be converted and follow the step-by-step installer to convert each device directly without the need of USB drives
- B. Contact an authorized Zero-Touch Enrollment (ZTE) reseller and share the serial numbers of the devices you're converting and the domain you're enrolling them into to have them pre-provisioned into the Admin console
- C. Create a dedicated enrollment account tor each location and place them into the OUs you want the devices enrolled into then enable the 'Place ChromeOS device in user organization" policy and enroll the devices using the respective enrollment account for each location
- D. Use PXE boot to load the ChromeOS Flex image onto devices and have them automatically convert across all locations after they're restarted
- E. Distribute USB flash drives with the ChromeOS Flex image to the different locations and ask local personnel or a services partner to manually convert each device
正解:C、E
解説:
* Create Dedicated Enrollment Accounts: Create separate enrollment accounts for each location, placing them in the respective OUs where the converted devices should be enrolled.
* Enable Policy: Turn on the "Place ChromeOS device in user organization" policy. This ensures devices are automatically enrolled into the correct OU based on the enrollment account used.
* Enroll Devices: Use the dedicated enrollment account for each location to enroll the converted devices. This allows for organized management based on location.
Option E:
* Distribute USB Drives: Prepare USB flash drives with the ChromeOS Flex image and distribute them to the different locations.
* Manual Conversion: Instruct local personnel or a service partner to manually convert each device
* using the provided USB drives. This method is suitable when network bandwidth is limited and doesn't rely on existing endpoint management infrastructure.
Reasons for not choosing other options:
* Option B: The Recovery Tool is primarily used for creating recovery media for ChromeOS devices, not converting other operating systems.
* Option C: PXE boot is a network-based installation method, not ideal for locations with limited bandwidth.
* Option D: While zero-touch enrollment (ZTE) streamlines enrollment, it requires pre-provisioning devices with the vendor or reseller, which might not be feasible in this scenario.
By combining options A and E, you can efficiently convert and enroll devices in multiple locations with limited network resources and no existing management systems.
質問 # 18
In line with Google's best practice recommendations, you need to configure an OU of devices to run on an early release of ChromeOS so that users can test new features and verify functionality. Which policy option should you choose?
- A. Canary
- B. Stable
- C. Beta
- D. LTS
正解:C
解説:
ChromeOS offers different release channels with varying levels of stability and feature availability:
* Stable: The most stable and widely used channel, suitable for general deployment.
* Beta: Contains newer features and improvements, but with some potential for instability. Ideal for testing in a controlled environment.
* Dev: More frequent updates with experimental features, less stable than Beta.
* Canary: The least stable channel, updated daily with bleeding-edge features.
To test new features while maintaining reasonable stability, the Beta channel is the recommended choice.
質問 # 19
You are using a third-party service for SSO. Users are confused when signing onto a Chrome device because they are asked for Google account details before being redirected to the sign-In screen for your SSO provider Which setting must be changed so managed devices open the SSO provider login page by default?
- A. SAML single sign-on password synchronization flows
- B. Single sign-on cookie behavior
- C. Single sign-on IdP redirection
- D. SAML single sign-on login frequency
正解:C
解説:
The Single sign-on IdP redirection setting controls whether managed devices directly open the login page of the third-party SSO provider (Identity Provider) or first prompt for Google account credentials. By enabling this setting, you streamline the login process for users and eliminate the confusion caused by the extra Google account prompt.
Option A is incorrect because it controls the frequency of re-authentication for SAML SSO, not the initial login page.
Option B is incorrect because it relates to password synchronization between Google and the IdP, not the login page redirection.
Option C is incorrect because it deals with how cookies are handled for SSO, not the login page redirection.
質問 # 20
To use Verified Access in your organization, you need to have a Chrome extension that calls Verified Access API on the client devices. Where can you go to get this extension?
- A. Google Play Store
- B. Independent software vendor (ISV) repository
- C. Independent software vendor (ISV) or Google Verified Access API
- D. Software API Key store
正解:C
解説:
Verified Access requires a Chrome extension to communicate with the Verified Access API. While Google doesn't directly provide this extension, it offers detailed documentation and resources through the Verified Access API. Independent software vendors (ISVs) can use these resources to develop and provide compatible extensions.
Option A is incorrect because Google Play Store is for Android apps, not Chrome extensions.
Option C is incorrect because while ISVs might offer extensions, it's not the sole source. Google's documentation is essential.
Option D is incorrect because API keys are for authentication, not the extension itself.
質問 # 21
You want users to sign in to ChromeOS devices via SAML Single Sign-On and be able to access websites and cloud services that rely on the same identity provider without having to re-enter credentials. How should you configure SAML?
- A. Enable SAML-based Single Sign-On for ChromeOS devices and set the Single Sign-On cookie behavior to enable transfer of SAML SSO cookies into user sessions during login
- B. Enable SAML-based Single Sign-On for each application via Chrome App Management
- C. Enable SAML identity provider-initialed login for Google authentication
- D. Use Chrome App Builder to enable SSO for application and force-install the application using ChromeOS user policies
正解:A
解説:
To achieve seamless SSO between ChromeOS devices and other web services using the same identity provider, you need to configure SAML SSO in the Google Admin console:
* Enable SAML-based SSO for ChromeOS devices.
* In the SSO settings, find the Single Sign-On cookie behavior and set it to "Enable transfer of SAML SSO cookies into user sessions during login." This allows the SAML authentication cookie to be passed between the ChromeOS login and other web services, eliminating the need for re-authentication.
Option A is incorrect because it relates to the initial login method, not cookie transfer for subsequent SSO.
Options C and D are incorrect because they involve application-specific SSO configurations, not the general SAML SSO setup for the device.
質問 # 22
How should you use Chrome Remote Desktop from the Google Admin console to connect a user?
- A. Find the device and click remote desktop
- B. Find the user account and click remote desktop
- C. Open Chrome Remote Desktop and type the user's user name
- D. Open Chrome Remote Desktop and type the device serial number
正解:A
解説:
To initiate a remote desktop session to a ChromeOS device using the Google Admin console, follow these steps:
* Sign in to Google Admin console: Use your administrator credentials.
* Navigate to Devices: Go to Devices > Chrome > Devices.
* Locate the Device: Find the device you want to connect to using its serial number or other identifying information.
* Start Remote Desktop Session: Click on the device and select "Remote desktop." This will send a connection request to the user, who must accept it before the session can start.
質問 # 23
How would you deploy your "Terms of Services" page to all managed ChromeOS devices?
- A. Navigate to "Chrome Verified Access" and enable the policy for content protection
- B. ln "User & Browser Settings" upload the "Terms of Service" as a wallpaper
- C. Navigate to "User & Browser" and "Managed Guest Session" settings to upload your custom avatar
- D. Go to "User & Browser and "Managed Guest Session' settings to upload your terms of service
正解:D
解説:
* Go to the Google Admin console.
* Navigate to "Device Management" > "Chrome Management" > "User & browser settings".
* Find the section for "Managed Guest Session".
* Locate the setting for "Terms of Service".
* Upload your "Terms of Service" document in plain text format.
This will present your Terms of Service to users when they log in as a guest on any managed ChromeOS device.
Why other options are incorrect:
* A. Chrome Verified Access: This is for controlling access to corporate resources, not displaying terms of service.
* C. Wallpaper: Using the wallpaper to display terms of service is not practical or user-friendly.
* D. Custom avatar: The avatar is for user personalization and not related to terms of service.
質問 # 24
Which setting is required to restrict Chrome Remote Desktop use to only accounts on your domain?
- A. Remote access clients
- B. Firewall traversal
- C. Chrome Remote Denton review
- D. URL Blocking
正解:A
解説:
Within the "Chrome Remote Desktop" settings in the Google Admin console, the option "Remote access clients" allows you to restrict access to Chrome Remote Desktop based on the domain of the user accounts. By configuring this setting, you can ensure that only users with accounts on your specific domain can access Chrome Remote Desktop on the managed devices.
Why other options are incorrect:
* A. Firewall traversal: This setting controls whether Chrome Remote Desktop can bypass firewalls to establish connections, but it does not restrict access based on domain.
* B. URL Blocking: This setting controls which websites users can access but does not specifically apply to Chrome Remote Desktop access based on domain.
* D. Chrome Remote Desktop review: This setting allows administrators to review Chrome Remote Desktop sessions but does not restrict access based on domain.
質問 # 25
An admin wants to use a custom extension to install a client certificate on a ChromeOS device so that it can connect to the corporate WI-FI.
Which step Is necessary to accomplish this?
- A. Force-install to the device
- B. Encode the certificate in DER-encoded format
- C. Install on the device via guest mode
- D. Distribute through the Chrome Web Store
正解:A
解説:
To install a client certificate on a ChromeOS device for corporate Wi-Fi connectivity, it's necessary to force-install the custom extension containing the certificate. This ensures the extension is installed and activated on the device, enabling it to use the certificate for authentication. Here's how it works:
* Custom Extension: The admin creates or obtains a custom extension that includes the client certificate.
* Force-Installation: Using the Google Admin console, the admin configures a policy to force-install the extension on ChromeOS devices within the organization.
* Device Activation: Once the device receives the policy, the extension is automatically installed and activated, even if the user doesn't manually add it.
* Wi-Fi Authentication: The installed extension allows the device to use the client certificate for authentication when connecting to the corporate Wi-Fi network.
Option A is incorrect because guest mode installations are not persistent and won't apply the certificate to the device's Wi-Fi settings.
Option B is incorrect because distributing through the Chrome Web Store is not necessary for a custom extension intended for internal use.
Option D is incorrect because while the certificate encoding is important, it's not the primary step for enabling Wi-Fi authentication.
References:
* About ChromeOS device management: https://support.google.com/chrome/a/answer/1289314?hl=en pen_spark
質問 # 26
You are setting up ChromeOS devices in a public library and need to prevent your ChromeOS devices from sleeping when not in use. How would you set up your policy to achieve this?
- A. In "Power management settings" set the policy to "Only allow users to turn off the device using the physical power button "
- B. In "User & Browser Settings" for Power and shutdown set the policy to "Do not allow wake locks "
- C. In "Managed Guest Session settings" set the maximum user session length to "unlimited "
- D. In "Power management settings" apply 'Do not allow device to sleep/shut down when idle on the sign-in screen "
正解:D
解説:
This setting is specifically designed to prevent Chrome OS devices from sleeping or shutting down when they are not actively being used, but are on the sign-in screen. This is ideal for public environments like libraries where the devices are meant to be accessible at all times.
Other options are incorrect because:
* B: This setting controls wake locks, which are used to keep a device awake under certain conditions. It doesn't directly control sleep behavior on the sign-in screen.
* C: This setting controls how users can turn off the device, but doesn't prevent the device from sleeping on its own.
* D: This setting controls the maximum length of a guest session, but doesn't affect the device's sleep behavior on the sign-in screen.
References:
* https://support.google.com/chrome/a/answer/3523633
質問 # 27
To allow remote users to securely connect to an internal network, the organization you're supporting is using a VPN. The organization would like you to configure the ChromeOS devices so that the Android VPN clients deployed are automatically configured with the correct hostname. How should you configure this in the Admin Console according to Google best practice?
- A. Download the Android app on a ChromeOS device, add the hostname manually then re-upload the app in the organization's private Google Play Store and deploy it lo all ChromeOS devices
- B. Upload a JSON file with the configuration into the Google Play Store
- C. Add a managed configuration using JSON to the Android app
- D. Contact the VPN provider and ask them to provide you with a custom installable client with the correct configuration pre-configured Then deploy that installable
正解:C
解説:
This is the most efficient and scalable way to automatically configure Android VPN clients on ChromeOS devices with the correct hostname:
* Obtain Configuration: Get the required VPN configuration details (hostname, authentication methods, etc.) from the VPN provider or your organization's network administrator. This configuration is typically in JSON format.
* Create Managed Configuration: In the Google Admin console, navigate to Devices > Chrome > Settings > Android Apps > Managed Configurations.
* Select the VPN App: Choose the specific Android VPN app you want to configure.
* Add JSON Configuration: Paste the JSON configuration into the provided field. Ensure the configuration is valid and accurate.
* Save and Deploy: Save the managed configuration and apply it to the desired organizational units (OUs) containing the ChromeOS devices.
This method allows you to centrally manage VPN configurations for Android apps on ChromeOS devices, ensuring consistency and reducing the manual effort required from users.
質問 # 28
What should an administrator do to view the number and type of ChromeOS upgrades purchased and in use by their domain?
- A. Contact partner to verify
- B. Check subscriptions in billing
- C. Verify upgrades on devices page
- D. Check reports page for upgrades
正解:B
解説:
To view the number and type of ChromeOS upgrades purchased and in use, administrators should check the
"Subscriptions" section in the billing area of the Google Admin console. This section provides a clear overview of the organization's ChromeOS upgrade subscriptions and usage.
Other options are incorrect because they don't directly provide information about ChromeOS upgrade subscriptions:
* Option A (Verify upgrades on devices page): Shows upgrades on individual devices, not the overall purchase and usage.
* Option C (Contact partner to verify): Unnecessary if the information is readily available in the Admin console.
* Option D (Check reports page for upgrades): Might provide some usage data, but not the purchase details.
References:
* Sign in to your Admin console: https://support.google.com/chrome/a/answer/182076?hl=en
質問 # 29
An admin is setting up third-party SSO for their organization as the super admin. When they test with their account, they do not see the SSO screen.
What is causing this behavior?
- A. The account is in the wrong OrgUnit
- B. Super admin bypassed the thud-patty
- C. Third-party SSO is not enabled
- D. SSO settings are misconfigured
正解:B
解説:
Super administrators in Google Workspace have special privileges that allow them to bypass certain security features, including third-party SSO. This is to ensure that they can always access the Admin console for troubleshooting or critical changes, even if the SSO system is malfunctioning. Therefore, when a super admin tests third-party SSO, they won't be prompted with the SSO login screen, but will directly access the console using their Google credentials.
質問 # 30
An organization has created organization units within the Google Admin console for additional management structure. What is the most effective way to manage each OU while not affecting the top-level OU policy?
- A. Force inheritance from top level OU to all OUs
- B. Delete sublevel OUs and only work from the top level OU
- C. Override the inheritance for a given policy
- D. Disable auto updates
正解:C
解説:
Overriding inheritance allows you to apply specific policies to individual OUs without affecting the policies of the parent OU or other sibling OUs. This gives you granular control over different groups of users or devices.
Other options are incorrect because:
* A: Deleting sub-level OUs would remove the management structure and negate the purpose of having OUs.
* B: Disabling auto-updates would prevent devices from receiving important security and feature updates.
* D: Forcing inheritance would apply the top-level OU policy to all sub-OUs, preventing customization.
References:
* https://support.google.com/chrome/a/answer/187202
質問 # 31
The security department has been informed that a ChromeOS device was stolen out of an employee's car.
What should you do in the Admin console to ensure the device Is rendered Inoperable while still maintaining management of the device?
- A. Tag the ChromeOS device as stolen
- B. Deprovision the ChromeOS device
- C. Powerwash the ChromeOS device
- D. Disable the ChromeOS device
正解:D
解説:
Disabling a ChromeOS device in the Admin console prevents it from booting up or being used, effectively rendering it inoperable. However, it retains the device's association with the organization, allowing administrators to track its location and manage it remotely if recovered.
The other options are not as suitable:
* Tagging as stolen: Doesn't prevent device usage.
* Powerwash: Removes all data and enrollment, making management impossible.
* Deprovision: Removes device association, making management impossible.
質問 # 32
At a specific location in your organization, users cannot log in to their ChromeOS devices. The ChromeOS Administrator has also noticed that devices have not synced in the past 24 hours. You have updated policies In the Admin console for your fleet of ChromeOS devices, but the devices are not getting the updated policies.
What is a probable change in the environment that can cause these issues?
- A. Your organization's licenses have recently expired
- B. Your root Certificate Authority expired
- C. Your network administrator has blocked all network traffic to Google services
- D. A different location enrolled a large number of new devices
正解:C
解説:
Blocking all network traffic to Google services would prevent ChromeOS devices from communicating with Google servers. This would lead to several issues:
* Login failures: ChromeOS devices require access to Google services for user authentication and login.
* Sync failures: ChromeOS relies on Google services to sync user data, settings, and policies.
* Policy updates not received: ChromeOS devices fetch policy updates from Google servers, so blocking access would prevent them from getting updates.
Why other options are less likely:
* A. New devices enrolled: While enrolling new devices might cause some temporary network congestion, it wouldn't typically block all communication with Google services.
* C. Root CA expiration: This would affect secure connections to websites, but not necessarily prevent all communication with Google services.
* D. Expired licenses: Expired licenses would restrict access to some features but wouldn't prevent basic login and sync functionality.
質問 # 33
Your network administrator wants to block Google services traffic. What is the result?
- A. Chrome devices will crash
- B. Google Search will not work
- C. Chrome devices will not be able to reach Google
- D. Nothing This isn't an issue
正解:B
解説:
Blocking Google services traffic will prevent Chrome devices from accessing any Google-owned domains, including google.com. This will directly impact Google Search, as it relies on communication with Google servers to provide results.
Other Google services like Gmail, YouTube, Google Drive, etc., will also be inaccessible. However, the Chrome device itself will not crash, as it can still function with other websites and applications.
質問 # 34
When setting up a Chrome Enterprise trial, what is a benefit of choosing to verify the domain?
- A. Identity management
- B. Application management
- C. Device management
- D. Network management
正解:A
解説:
When you verify your domain during a Chrome Enterprise trial setup, you establish ownership and control over the domain within Google's systems. This is a crucial step in identity management as it allows you to:
* Manage user accounts: Create, edit, and delete user accounts within the domain, ensuring control over who can access company resources.
* Apply security policies: Enforce security policies like password requirements, two-factor authentication, and access controls for users within the domain.
* Single Sign-On (SSO): Enable seamless and secure single sign-on for users across various Google services and other integrated applications.
By verifying the domain, you essentially gain centralized control over user identities and their access to resources, which is a core aspect of identity management.
質問 # 35
As a ChromeOS Administrator, you are tasked with blocking incognito mode in the ChromeOS Browser. How would you prevent users from using incognito mode?
- A. ln "Enrollment Settings" disable vended access and incognito mode (or content protection
- B. Navigate to "Users & Browser Security Settings' and set the "Disallow incognito mode" policy
- C. Go ,0 "User & Browser Settings' to restrict sign-in to pattern and "Disallow incognito mode "
- D. From "Device Settings' change Kiosk settings to "Disallow incognito mode "
正解:B
解説:
* Access the Google Admin Console: Sign in to the Admin console using your ChromeOS administrator credentials.
* Locate User Settings: Navigate to "Device Management" > "Chrome Management" > "User & browser settings".
* Find Incognito Mode Policy: Within the settings, search for "Incognito mode".
* Disable Incognito Mode: Select the option to "Disallow incognito mode".
* Save Changes: Click "Save" to apply the policy to the designated users or organizational units.
References:
* Set up Chrome browser on managed devices:
https://support.google.com/chrome/a/answer/3523633?hl=en
質問 # 36
......
試験合格保証ChromeOS-Administrator試験には正確な問題解答付き:https://jp.fast2test.com/ChromeOS-Administrator-premium-file.html