Chrome-Enterprise-Administrator Google Professional Chrome Enterprise Administrator Certification Exam Free Practice Exam Questions (2025 Updated)

The Chrome Insights Report in the Google Admin console provides visibility into the managed Chrome browser environment. Key report types available here include "Browsers pending updates" to identify devices needing patching, "Browsers without activity in the past 28 days" to understand browser usage, and "Browsers that have been recently enrolled" for monitoring onboarding. The other options list reports that are either not specific to Chrome Insights or related to device hardware rather than browser status.

===========

To prevent a child OU from inheriting a policy set at a parent OU, the administrator needs to configure the policy within the child OU itself and set its inheritance status to "Locally applied." This explicitly overrides the inherited policy from the parent with a specific setting for the child OU. Setting it to locally applied at the parent would not prevent inheritance. Turning off inheritance entirely might not be desired for other policies, and "Child > Parent" is the default precedence when inheritance is enabled.

===========

To prevent extensions from modifying the internal homepage, the administrator should add `*.acme.com` to the "Runtime blocked hosts" list. The wildcard `*` ensures that any attempt to access or modify this domain by an extension will be blocked at runtime. Additionally, to disable access to storage and history, the administrator needs to explicitly disable the "Storage" and "History" permissions within the extension management settings. Therefore, the correct combination is to block the host and disable the permissions.

===========

For macOS devices without MDM, the enrollment token can be embedded in the base image. The correct path for placing the cloud management enrollment token on macOS is `/Library/Google/Chrome/CloudManagementEnrollmentToken`. The other paths listed are for Windows Registry (A), a non-standard Linux path (C), and a potentially incorrect macOS path (D).

===========

The Chrome Versions report specifically focuses on the distribution of different Chrome browser versions across the managed fleet. A key data point in this report is the number of "Active Browsers" on each version, allowing administrators to understand their update status and identify any significant fragmentation. While "Total Browsers" might be a related metric, the core focus of the "Versions" report is on the active instances and their respective versions. Information on "Inactive Browsers" or the "Last update" time for individual browsers might be found in other reports.

===========

To allow users to install extensions while blocking those with specific risky permissions, the administrator should "Allow all apps" from the Chrome Web Store and then use the "Block extensions by permission" policy to block extensions that request the "File System" permission. This prevents extensions from accessing local files. Option A is too restrictive by blocking all apps by default. Options B and D use "Runtime Blocked Hosts," which is for controlling access to specific websites, not for blocking extension permissions.

===========

To combat cookie theft from infostealer malware, requiring "Enhanced Safe Browsing" provides proactive protection against malicious websites and downloads that might distribute such malware. Enabling "Application Bound Encryption" adds an extra layer of security to cookies and other sensitive data stored by Chrome, making them harder for malware to use even if stolen. Blocking third-party cookies (option A) can improve privacy but doesn't directly prevent malware from stealing first-party session cookies. Invalidating existing cookies (option C) is a reactive measure and doesn't prevent future theft. Disallowing Chrome Sync and requiring Incognito mode (option D) changes user behavior but doesn't inherently protect against malware on the local machine.

===========

The most likely reason for this discrepancy is that the version reported in the Chrome Enterprise Core compliance report might not be updated in real-time until Chrome is actively running and checks in. When an engineer logs in and launches Chrome, it likely completes the update process and reports the correct version. The auto-update feature generally works in the background, and a completely different unmanaged version (option C) or a persistent network block (option D) would likely prevent updates even when Chrome is launched. A malfunctioning auto-update (option A) is less likely to resolve itself upon manual launch.

===========

To ensure timely patching, the engineering team should adjust the "Auto-update check period" policy. By shortening this period, Chrome browsers will check for updates more frequently, increasing the likelihood of applying security patches sooner and improving compliance with patching SLAs. "Chrome browser updates" is a general category, "Relaunch notification" affects when users are prompted to restart, and "Google updater policy precedence" deals with the order of policy application, not the frequency of checks.

===========

The scenario describes vulnerabilities that could allow cross-site data leakage within the browser's memory. "Site isolation for every website" is a security feature in Chrome that isolates the rendering process for each website, preventing one site from accessing the data of another, even if a vulnerability is exploited. This policy directly addresses the risk of cross-site information leakage due to memory vulnerabilities. Option A relates to TLS security, option B is a general security best practice but doesn't directly prevent cross-site memory access, and option C manages extension behavior, not core browser memory isolation.

===========

To meet a strict 48-hour update requirement for security patches, the administrator must enforce automatic updates through the Google Admin console. Additionally, ensuring Chrome relaunches after updates are downloaded is crucial for applying the patches promptly. Recommending relaunches (option A) might not guarantee timely application. Relying on manual updates (option B) is unreliable and doesn't ensure compliance. Manually checking all browsers (option C) is not scalable or efficient for a company-wide deployment.

===========

To override a ChromeOS user policy, the administrator should deploy a policy at the **Machine Cloud level**. Machine-level policies have a higher precedence than user-level policies on ChromeOS devices. "Enterprise Default" is a general policy level and might not override user settings. Chrome Flags are experimental features and not intended for policy management. Chrome component updates manage specific browser components, not policy settings.

===========

A "3rd Party Risk Score" provides an objective assessment of the extension's security and privacy risks, often based on automated analysis of its code, requested permissions, developer reputation, and other factors. This is a more data-driven approach to evaluating safety compared to simply counting permissions (which doesn't account for the sensitivity of each permission), the Manifest version (which indicates features but not necessarily safety), or Chrome Web Store ratings (whichare subjective and can be manipulated).

===========

Given that the MV2 extensions are not critical, and the requirement is to either block or upgrade, the most direct and efficient approach is to configure the "Manifest V2 availability" policy. This policy allows administrators to control the usage of Manifest V2 extensions, including blocking them entirely or allowing them until a specified date. Option A involves manually collecting and blocking each extension, which is less efficient. Option C ("removed") is not a standard installation mode policy. Option D is not a policy that an administrator can directly configure; the upgrade to MV3 is a developer-driven process.

===========