Google Workspace Associate Administrator — Question 26

Your organization’s security team has published a list of vetted third-party apps and extensions that can be used by employees. All other apps are prohibited unless a business case is presented and approved. The Chrome Web Store policy applied at the top-level organization allows all apps and extensions with an admin blocklist. You need to disable any unapproved apps that have already been installed and prevent employees from installing unapproved apps. What should you do?

Answer options

• A. Change the Chrome Web Store allow/block mode setting to allow all apps, admin manages blocklist, In the App access control card, block any existing web app that is not on the security team’s vetted list.
• B. Change the Chrome Web Store allow/block mode setting to block all apps, admin manages allowlist. Add the apps on the security team’s vetted list to the allowlist.
• C. Disable Extensions and Chrome packaged apps as Allowed types of apps and extensions for the top-level organizational unit. Selectively enable the appropriate extension types for each suborganization
• D. Disable the Chrome Web Store service for the top-level organizational unit. Enable the Chrome Web Store service for organizations that require Chrome apps and extensions.

Correct answer: B

Explanation

The correct answer is B because it correctly sets the Chrome Web Store to block all apps while allowing only those that are on the vetted list, ensuring compliance with the security team's policies. Option A allows all apps but relies on a blocklist, which does not prevent the installation of unapproved apps. Option C disables all extensions completely, which may not align with the need for approved apps. Option D removes access to the Chrome Web Store entirely, which is not the desired outcome.