Pass the Google Professional Chrome Enterprise Chrome-Enterprise-Administrator Questions and answers with ExamsMirror

For machines with no internet connectivity, automatic updates will not work. The only way to update Chrome in this scenario is to manually run the Chrome installer with an updated version obtained through an alternative method (e.g., downloaded on a connected machine and transferred). Auto-update requires internet access, setting a target version only dictates the desired version for automatic updates, and force relaunch requires an update to be downloaded first.

===========

A significant increase in requested permissions in a new version of a critical extension poses a security risk. The most prudent action is to block the updated extension until the administrator can verify the necessity of the new permissions or until a less permissive version is released. Version pinning (option D) only delays the issue and doesn't address the potential risk in the new version. Blocking specific hosts (option A) doesn't limit the extension's overall capabilities. Customizing permissions (option C) is generally not possible for Chrome extensions managed through the Google Admin console.

===========

To effectively manage both managed device browsers (which apply policies at the device level) and managed profiles (which apply policies at the user profile level), creating a separate OU at the top level (under "Company") or directly under it, specifically for "Managed Browsers," is the recommended approach. This allows for distinct policies tailored to the browser instance, regardless of the user signed in. Nesting under specific user OUs (Employees, Users, Contractors) would complicate the management of shared devices or scenarios where different user types might use the same managed browser.

===========

To ensure cloud policies override local policies on Windows, the administrator needs to create a specific Registry value. The correct value is `"CloudPolicyOverridesPlatformPolicy"` of type `REG_DWORD` with data `1`. This setting explicitly tells the Chrome browser to prioritize cloud-managed policies over local policies.

===========

While the exact percentage isn't explicitly stated in the provided material, industry best practices for software deployment, including browser updates, recommend testing in a Beta environment with a representative but limited subset of users before a full rollout. A common recommendation for Beta testing is around 5% of the user base. This provides sufficient feedback and issue detection without impacting the majority of users.

===========

To ensure timely patching, the engineering team should adjust the "Auto-update check period" policy. By shortening this period, Chrome browsers will check for updates more frequently, increasing the likelihood of applying security patches sooner and improving compliance with patching SLAs. "Chrome browser updates" is a general category, "Relaunch notification" affects when users are prompted to restart, and "Google updater policy precedence" deals with the order of policy application, not the frequency of checks.

===========

The most likely reason for this discrepancy is that the version reported in the Chrome Enterprise Core compliance report might not be updated in real-time until Chrome is actively running and checks in. When an engineer logs in and launches Chrome, it likely completes the update process and reports the correct version. The auto-update feature generally works in the background, and a completely different unmanaged version (option C) or a persistent network block (option D) would likely prevent updates even when Chrome is launched. A malfunctioning auto-update (option A) is less likely to resolve itself upon manual launch.

===========

To combat cookie theft from infostealer malware, requiring "Enhanced Safe Browsing" provides proactive protection against malicious websites and downloads that might distribute such malware. Enabling "Application Bound Encryption" adds an extra layer of security to cookies and other sensitive data stored by Chrome, making them harder for malware to use even if stolen. Blocking third-party cookies (option A) can improve privacy but doesn't directly prevent malware from stealing first-party session cookies. Invalidating existing cookies (option C) is a reactive measure and doesn't prevent future theft. Disallowing Chrome Sync and requiring Incognito mode (option D) changes user behavior but doesn't inherently protect against malware on the local machine.

===========

The scenario describes vulnerabilities that could allow cross-site data leakage within the browser's memory. "Site isolation for every website" is a security feature in Chrome that isolates the rendering process for each website, preventing one site from accessing the data of another, even if a vulnerability is exploited. This policy directly addresses the risk of cross-site information leakage due to memory vulnerabilities. Option A relates to TLS security, option B is a general security best practice but doesn't directly prevent cross-site memory access, and option C manages extension behavior, not core browser memory isolation.

===========

When Chrome's Safe Browsing feature identifies a website as potentially risky and displays a warning page that the user might bypass to visit the site, this interaction is typically logged in the Audit and Investigation Report as a "Site Warning Unsafe Site Visit" event. This allows administrators to track instances where users might be exposed to potentially malicious content despite browser warnings. SSL errors relate to certificate issues, untrusted site visit is a more general term, and site isolation violation refers to a different security mechanism.

===========