Chrome-Enterprise-Administrator Professional Chrome Enterprise Administrator Certification Exam Questions and Answers

When Chrome's Safe Browsing feature identifies a website as potentially risky and displays a warning page that the user might bypass to visit the site, this interaction is typically logged in the Audit and Investigation Report as a "Site Warning Unsafe Site Visit" event. This allows administrators to track instances where users might be exposed to potentially malicious content despite browser warnings. SSL errors relate to certificate issues, untrusted site visit is a more general term, and site isolation violation refers to a different security mechanism.

===========

Given that the MV2 extensions are not critical, and the requirement is to either block or upgrade, the most direct and efficient approach is to configure the "Manifest V2 availability" policy. This policy allows administrators to control the usage of Manifest V2 extensions, including blocking them entirely or allowing them until a specified date. Option A involves manually collecting and blocking each extension, which is less efficient. Option C ("removed") is not a standard installation mode policy. Option D is not a policy that an administrator can directly configure; the upgrade to MV3 is a developer-driven process.

===========

Among the Safe Browsing options, **Enhanced Protection** offers the most robust security. It proactively checks URLs, downloads, and extensions against Google's Safe Browsing database in real time, and it can also share more data with Google to improve detection and provide personalized warnings. This level of protection is best suited for environments with high security requirements. The other options might represent different levels of Safe Browsing with varying degrees of protection.

===========

By default, when a Chrome browser on a Windows device is enrolled in Chrome Enterprise Core, cloud-based machine policies will take precedence over locally configured machine policies (Group Policy). This ensures that the centrally managed cloud policies are enforced.

===========

The most effective way to manage extensions in this scenario is to use a combination of OUs and groups. Create an OU for the shared devices and force-install the shared extensions at this OU level. Then, create separate user groups for FTEs and Contractors in the Google Admin console and force-install their specific extensions to these groups. User group policies have a higher precedence than OU policies, ensuring the correct extensions are available to each user type when they sign in to the shared devices. Option A mentions Group Policy Objects, which are for Windows environments and less relevant in a cloud-managed scenario across potentially different OSes. Option B doesn't address the shared device aspect effectively. Option C is not a managed approach.

===========

The "Managed browsers detail" page in the Google Admin console provides specific information about individual managed Chrome browser instances. This includes details about the profiles associated with that browser, such as the signed-in users and their management status. Chrome log events might contain some profile-related information but are more focused on actions. The"Managed devices" section primarily focuses on ChromeOS devices. The "Chrome Insights report" provides a high-level overview rather than detailed profile information for a specific browser instance.

===========

While the provided study guide doesn't explicitly detail the OS requirements for self-hosting Chrome extensions, general web hosting best practices suggest that Linux is a common and robust platform for serving files and managing web-related services. Its open-source nature, command-line interface, and extensive server software support make it well-suited for self-hosting compared to desktop-centric operating systems like Windows 11 or macOS, and the client-focused ChromeOS. Self-hosting typically involves setting up a web server to distribute the extension files, a task commonly performed on Linux servers.

===========

A significant increase in requested permissions in a new version of a critical extension poses a security risk. The most prudent action is to block the updated extension until the administrator can verify the necessity of the new permissions or until a less permissive version is released. Version pinning (option D) only delays the issue and doesn't address the potential risk in the new version. Blocking specific hosts (option A) doesn't limit the extension's overall capabilities. Customizing permissions (option C) is generally not possible for Chrome extensions managed through the Google Admin console.

===========

To ensure cloud policies override local policies on Windows, the administrator needs to create a specific Registry value. The correct value is `"CloudPolicyOverridesPlatformPolicy"` of type `REG_DWORD` with data `1`. This setting explicitly tells the Chrome browser to prioritize cloud-managed policies over local policies.

===========

Chrome's Safe Browsing feature actively scans web pages, downloads, and extensions for known malware. When malware is detected, it is reported as a security event. While unauthorized file downloads could be a consequence of a security issue, Chrome's direct detection focuses on the malware itself. Password complexity is a setting for password management, and user inactivity is a system or application-level event, not a direct security event captured by Chrome in the same way as malware detection.

===========

The "Chrome Browser -> Reports -> Apps & extensions usage" section in the Google Admin console provides detailed information about installed extensions, including permissions and a risk assessment (if available through integrated security features). This report allows administrators to filter and analyze extensions based on their risk score and the number of permissions they request, enabling them to identify extensions that meet the cyber risk team's criteria.

===========

To allow users to install extensions while blocking those with specific risky permissions, the administrator should "Allow all apps" from the Chrome Web Store and then use the "Block extensions by permission" policy to block extensions that request the "File System" permission. This prevents extensions from accessing local files. Option A is too restrictive by blocking all apps by default. Options B and D use "Runtime Blocked Hosts," which is for controlling access to specific websites, not for blocking extension permissions.

===========