A financial services company is using Chrome Browser Cloud Management to enforce policies. A security audit requires that any attempt to upload files containing credit card numbers from a managed Chrome browser to a non-approved web service be blocked and logged. The company already uses Google Workspace and has its DLP rules configured there. What is the most direct way to meet this requirement?
A university is deploying Linux apps via Crostini on managed ChromeOS devices for its computer science department. The administrator needs to prevent students from using the `sudo` command to gain root access within the Linux container, but still allow them to install a predefined list of packages. Which policy should the administrator configure in the Google Admin console?
An organization uses a third-party Identity Provider (IdP) that supports SAML 2.0 for single sign-on (SSO). An administrator needs to configure managed Chrome browsers to use this IdP for all Google services. They have already configured SSO in the Google Admin console. What additional Chrome policy must be configured to ensure that users are always redirected to the third-party IdP login page and cannot use a standard Google account login?
A company is transitioning to ChromeOS Flex for a large number of older desktops. The network team requires that these devices use a specific PAC (Proxy Auto-Config) file hosted at `http://proxy.internal/config.pac` for internet access. The administrator needs to apply this setting to all ChromeOS Flex devices in a specific Organizational Unit. Which policy setting should be used?
An administrator manages a fleet of corporate-owned Windows laptops with managed Chrome browsers. A custom-built, in-house extension is required for all users. The extension files (`.crx` and manifest) are hosted on an internal web server. Which TWO policies must be configured to force-install this extension and ensure it updates correctly from the internal server? (Select TWO)
True or False: The 'Extended Stable' release channel for Chrome receives feature updates at a slower pace than the 'Stable' channel, but receives security updates at the same rapid pace.
**Case Study:** A global retail company, `ShopFast`, is deploying 5,000 ChromeOS devices to its stores to be used as point-of-sale (POS) terminals. These devices must be heavily restricted for security and operational consistency. **Current Situation:** The IT team has successfully enrolled all devices into the Google Admin console and placed them in a dedicated 'POS Terminals' Organizational Unit (OU). The devices connect to a dedicated, secured Wi-Fi network in each store. The primary application is a Progressive Web App (PWA) that handles all sales transactions. **Requirements:** 1. The devices must boot directly into the PWA and run it in fullscreen mode. 2. Users must not be able to exit the PWA or access any other part of ChromeOS. 3. The devices must automatically log in to a predefined guest session; no employee should need to enter credentials on the device itself. 4. After 15 minutes of inactivity, the session must be terminated and a new session started to ensure data privacy between transactions. Which configuration in the Google Admin console will meet all these requirements for the 'POS Terminals' OU?
An administrator is troubleshooting an issue where a specific policy, `URLBlocklist`, is not applying to a user's managed Chrome browser on their Windows machine. The administrator has verified the user and the browser are in the correct OU where the policy is set. Using `chrome://policy`, the administrator sees the policy listed, but its source is 'Platform' and not 'Cloud'. What is the most likely cause of this issue?
A new Chrome Enterprise Administrator is setting up Chrome Browser Cloud Management for the first time. To enroll browsers, they must generate a token. What is the validity period of a newly generated enrollment token?