Exam ChromeOS-Administrator Topic 5 Question 59 Discussion
Actual exam question for Google's ChromeOS-Administrator exam
Question #: 59
Topic #: 5
Question #: 59
Topic #: 5
Your customer is deploying ChromeOS devices in their environment and requires those ChromeOS devices to adhere to web filtering via TLS (or SSL) Inspection. What recommendations should you make to your customer in setting up the requirements for ChromeOS devices?
Suggested Answer: A Vote an answer
To set up TLS (or SSL) inspection for web filtering on ChromeOS devices, you need to follow these steps:
* Configure Hostname Allowlist: Create an allowlist of hostnames (e.g., *.google.com, *[invalid URL removed]) that should bypass TLS inspection. This ensures that essential services like Google services and your own domain can function properly.
* Set up TLS Certificate: Obtain the required TLS/SSL certificate from your web filter provider and install it on your web filter. ChromeOS devices need this certificate to establish a secure connection with the web filter for TLS inspection.
* Verify TLS Inspection: Once the configuration is in place, test and verify that TLS inspection is working as expected. This involves checking if the web filter can correctly intercept and decrypt HTTPS traffic for websites not on the allowlist.
Why other options are not correct:
* Option B: While reaching out to Google Workspace Security and Compliance can be helpful, it's not the primary step in setting up TLS inspection. The configuration needs to be done on the web filter and
* ChromeOS devices.
* Option C: Transparent proxies are generally not recommended for ChromeOS devices as they can interfere with certain functionalities. While it might work with an allowlist for Google domains, it's not the best practice.
* Option D: ChromeOS devices do not come preconfigured to adhere to company TLS inspection. This configuration needs to be set up explicitly by the administrator.
References:
* About TLS (or SSL) inspection on ChromeOS devices:
https://support.google.com/chrome/a/answer/3504942
* Verify TLS (or SSL) inspection works: https://support.google.com/chrome/a/answer/3504943
* Configure Hostname Allowlist: Create an allowlist of hostnames (e.g., *.google.com, *[invalid URL removed]) that should bypass TLS inspection. This ensures that essential services like Google services and your own domain can function properly.
* Set up TLS Certificate: Obtain the required TLS/SSL certificate from your web filter provider and install it on your web filter. ChromeOS devices need this certificate to establish a secure connection with the web filter for TLS inspection.
* Verify TLS Inspection: Once the configuration is in place, test and verify that TLS inspection is working as expected. This involves checking if the web filter can correctly intercept and decrypt HTTPS traffic for websites not on the allowlist.
Why other options are not correct:
* Option B: While reaching out to Google Workspace Security and Compliance can be helpful, it's not the primary step in setting up TLS inspection. The configuration needs to be done on the web filter and
* ChromeOS devices.
* Option C: Transparent proxies are generally not recommended for ChromeOS devices as they can interfere with certain functionalities. While it might work with an allowlist for Google domains, it's not the best practice.
* Option D: ChromeOS devices do not come preconfigured to adhere to company TLS inspection. This configuration needs to be set up explicitly by the administrator.
References:
* About TLS (or SSL) inspection on ChromeOS devices:
https://support.google.com/chrome/a/answer/3504942
* Verify TLS (or SSL) inspection works: https://support.google.com/chrome/a/answer/3504943
by Bill at Jul 12, 2024, 10:31 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).