Summer Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Google Google-Workspace-Administrator Google Cloud Certified - Professional Google Workspace Administrator Exam Practice Test

Page: 1 / 20
Total 197 questions

Google Cloud Certified - Professional Google Workspace Administrator Questions and Answers

Question 1

Your organization has a group of users who interact with sensitive information and their accounts contain valuable files You need to protect these users from targeted online attacks What should you do?

Options:

A.

Enable 2-Step Verification for those users and recommend they use Google Authenticator

B.

Enable 2-Step Verification for those users and recommend they use SMS codes

C.

Disable password recovery for end users

D.

Enroll all accounts for those users in the Advanced Protection Program

Question 2

Your company works regularly with a partner. Your employees regularly send emails to your partner's employees. You want to ensure that the Partner contact information available to your employees will allow them to easily select Partner names and reduce sending errors.

What should you do?

Options:

A.

Educate users on creating personal contacts for the Partner Employees.

B.

Add a secondary domain for the Partner Company and create user entries for each Partner user.

C.

Create shared contacts in the Directory using the Directory API.

D.

Create shared contacts in the Directory using the Domain Shared Contacts API.

Question 3

As the Workspace Administrator, you have been asked to delete a temporary Google Workspace user account in the marketing department. This user has created Drive documents in My Documents that the marketing manager wants to keep after the user is gone and removed from Workspace. The data should be visible only to the marketing manager. As the Workspace Administrator, what should you do to preserve this user's Drive data?

Options:

A.

In the user deletion process, select “Transfer” in the data in other apps section and add the manager's email address.

B.

Use Google Vault to set a retention period on the OU where the users reside.

C.

Before deleting the user, add the user to the marketing shared drive as a contributor and move the documents into the new location.

D.

Ask the user to create a folder under MyDrive, move the documents to be shared, and then share that folder with the marketing team manager.

Question 4

Your organization has users in the United States and Europe For compliance reasons you want to ensure that user data is always stored in the region where the user is located What should you do?

Options:

A.

Create two Google Groups titled "United States' and "Europe " Assign users to either group based on location

B.

Specify a data region policy for each Organizational Unit (OU) where users are grouped by location

C.

Populate the Address field on each user record ensuring the country information is accurate

D.

Do nothing No extra configuration is needed because user data is always stored in the region the user is located

Question 5

A user named Alice is leaving your organization You need to transfer all of Alice's data from her Drive to Bob's Drive in the most simple and efficient manner possible What should you do?

Options:

A.

Use the Google Admin console to move the files from Alice's Drive to Bob's Drive

B.

Use the Google Takeout service to export Alice's data to a zip file and instruct Bob to import the zip file into his Drive

C.

Use the Google Drive API to programmatically transfer the files from Alice's Drive to Bob's Drive

D.

Instruct Alice to download all of her files from her Drive and upload them to Bob's Drive

Question 6

You are supporting an investigation that is being conducted by your litigation team. The current default retention policy for mail is 180 days, and there are no custom mail retention policies in place. The litigation team has identified a user who is central to the investigation, and they want to investigate the mail data related to this user without the user’s awareness.

What two actions should you take? (Choose two.)

Options:

A.

Move the user to their own Organization Unit, and set a custom retention policy

B.

Create a matter using Google Vault, and share the matter with the litigation team members.

C.

Create a hold on the user’s mailbox in Google Vault

D.

Reset the user's password, and share the new password with the litigation team.

E.

Copy the user's data to a secondary account.

Question 7

A user does not follow their usual sign-in pattern and signs in from an unusual location.

What type of alert is triggered by this event?

Options:

A.

Suspicious mobile activity alert.

B.

Suspicious login activity alert.

C.

Leaked password alert.

D.

User sign-in alert.

Question 8

You recently started an engagement with an organization that is also using Google Workspace. The engagement will involve highly sensitive data, and the data needs to be protected from being shared with unauthorized parties both internally and externally. You need to ensure that this data is properly secured.

Which configuration should you implement?

Options:

A.

Turn on external sharing with whitelisted domains, and add the external organization to the whitelist.

B.

Provision accounts within your domain for the external users, and turn off external sharing for that Org.

C.

Configure the Drive DLP rules to prevent the sharing of PII and PHI outside of your domain.

D.

Create a Team Drive for this engagement, and limit the memberships and sharing settings.

Question 9

Your global marketing team has over 500 employees. They recently started working with Google Analytics and want to move to managed accounts You decide to use Google Cloud Directory Sync (GCDS) to sync users from your current identity provider Your organization currently has no Google Workspace licenses linked to the Admin console You run GCDS for the first lime and receive the following error. "Domain user limit reached " You need to identify and fix the problem What should you do?

Options:

A.

Ensure that there is a subscription available and enough licenses to sync the new users

B.

Check if GCDS has the correct permissions to run a sync on your domain

C.

Wait 48 hours until the domain is fully provisioned

D.

Update the delete limits of GCDS and try again

Question 10

Your organization is planning to remove any dependencies on Active Directory (AD) from all Cloud applications they are using You are currently using Google Cloud Directory Sync (GCDS) with on-premises AD as a source to provision user accounts in Google Workspace. Your organization is also using a software-as-a-service (SaaS) human resources information system (HRIS) that offers integration via CSV export and Open API standard.

Additional requirements for the solution include:

• It should not require a subscription to any additional third-party service.

• The process must be automated from beginning to end.

You are tasked with the design and implementation of a solution to address user provisioning with these requirements.

What solution should you implement?

Options:

A.

Set up Azure AD and federate on-premises AD with it. Provision user accounts from Azure AD with the Google-recommended process.

B.

Modify the GCDS configuration to use the HRIS application as the data source and complete any necessary adjustments

C.

Export HRIS data to a CSV file every day. and build a solution to define the delta with the previous day;

import the result as a CSV file via the Admin console.

D.

Build an application that will fetch updated data from the HRIS system via Open API. and then update

Google Workspace with the Directory API accordingly.

Question 11

You act as the Google Workspace Administrator for a company that has just acquired another organization. The acquired company will be migrated into your Workspace environment in 6 months. Management has asked you to ensure that the Google Workspace users you currently manage can efficiently access rich contact information in Workspace for all users. This needs to occur before the migration, and optimally without additional expenditure. What step do you take to populate contact information for all users?

Options:

A.

Bulk-upload the contact information for these users via CSV into the Google Directory.

B.

Use the Domain Shared Contacts API to upload contact information for the acquired company's users.

C.

Provision and license Google Workspace accounts for the acquired company's users because they will need accounts in the future.

D.

Prepare an uploadable file to be distributed to your end users that allows them to add the acquired company’s user contact information to their personal contacts.

Question 12

In the years prior to your organization moving to Google Workspace, it was relatively common practice for users to create consumer Google accounts with their corporate email address (for example, to monitor Analytics, manage AdSense, and collaborate in Docs with other partners who were on Google Workspace.) You were able to address active employees’ use of consumer accounts during the rollout, and you are now concerned about blocking former employees who could potentially still have access to those services even though they don't have access to their corporate email account.

What should you do?

Options:

A.

Contact Google Enterprise Support to provide a list of all accounts on your domain(s) that access non-Google Workspace Google services and have them blocked.

B.

Use the Transfer Tool for Unmanaged Accounts to send requests to the former users to transfer their account to your domain as a managed account.

C.

Provide a list of all active employees to the managers of your company's Analytics, AdSense, etc. accounts, so they can clean up the respective access control lists.

D.

Provision former user accounts with Cloud Identity licenses, generate a new Google password, and place them in an OU with all Google Workspace and Other Google Services disabled.

Question 13

Employees at your organization frequently and mistakenly delete important emails that they receive from your payroll department The employees have to file support tickets for the IT team to find and restore these emails You must provide an automated solution that minimizes IT overhead and prevents these emails from being permanently deleted from their inboxes What should you do?

Options:

A.

Create a content compliance rule that targets internal messages Use an advanced content match for the sender header to match the

payroll department's email Quarantine the message so that administrators can review the email before they release it to the user

B.

Create an Apps Script project that uses the Gmail API to find any recently deleted emails and automatically restore them to the inboxes Set

the script trigger to be time-driven and run every hour

C.

Create a content compliance rule that targets all internal messages that are sent from the payroll department Modify the message by

prepending a custom subject line to all payroll emails so that employees know not to delete them

D.

Create an activity rule by using Gmail log events with two conditions one for the event of an email deletion and another that matches the header address to the payroll department's email Create an action that restores messages Set the rule to run every hour

Question 14

Your company policy requires that managers be provided access to Drive data once an employee leaves the company.

How should you grant this access?

Options:

A.

Make the manager a delegate to the former employee's account.

B.

Copy the data from the former employee’s My Drive to the manager's My Drive.

C.

Transfer ownership of all Drive data using the file transfer ownership tool in the Google Workspace Admin console.

D.

Login as the user and add the manager to the file permissions using the “Is owner’ privilege for all Drive files.

Question 15

Your company has sales offices in Madrid, Tokyo, London, and New York. The outbound email for those offices needs to include the sales person's signature and a compliance footer. The compliance footer needs to say “Should you no longer wish to receive emails about this offer, please reply with UNSUBSCRIBE.” You are responsible for making sure that users cannot remove the footer.

What should you do?

Options:

A.

Send an email to each sales person with the instructions on how to add the footer to their Signature.

B.

Ensure that each sales team is in their own OU, and configure the Append Footer with the signature and footer content translated for each locale.

C.

Ensure that each sales team is in their own OU, and configure the Append Footer with footer content.

D.

Ensure that each sales team is in their own OU, and configure the Append Footer with the footer content translated for each locale.

Question 16

An employee has been leaking confidential salary information to an external party. You must use Vault to preserve the messages for an investigation. What should you do?

Options:

A.

Create a matter and add a hold on the employee's email

B.

Use the security investigation tool to find the messages Create a hold to preserve the messages

C.

Create a custom retention policy Use the audit feature to view captured email logs

D.

Use the search and export features to find all the messages sent externally

Question 17

As a team manager, you need to create a vacation calendar that your team members can use to share their time off. You want to use the calendar to visualize online status for team members, especially if multiple individuals are on vacation What should you do to create this calendar?

Options:

A.

Request the creation of a calendar resource, configure the calendar to “Auto-accept invitations that do not conflict,” and give your team “See all event details” access.

B.

Create a secondary calendar under your account, and give your team “Make changes to events” access.

C.

Request the creation of a calendar resource, configure the calendar to “Automatically add all invitations to this calendar,” and give your team “See only free/busy” access.

D.

Create a secondary calendar under your account, and give your team “See only free/busy” access

Question 18

Your company recently decided to use a cloud-based ticketing system for your customer care needs. You are tasked with rerouting email coming into your customer care address, customercare@your-company.com to the cloud platform’s email address, your-company@cloudprovider.com. As a security measure, you have mail forwarding disabled at the domain level.

What should you do?

Options:

A.

Create a mail contact in the Google Workspace directory that has an email address of your- company@cloudprovider.com

B.

Create a rule to forward mail in the customercare@your-company.com mailbox to your- company@cloudprovider.com

C.

Create a recipient map in the Google Workspace Admin console that maps customercare@your-company.com to your-company@cloudprovider.com

D.

Create a content compliance rule in the Google Workspace Admin console to change route to your- company@cloudprovider.com

Question 19

Your business partner requests that a new custom cloud application be set up to log in without having separate credentials.

What is your business partner required to provide in order to proceed?

Options:

A.

Service provider logout URL

B.

Service provider ACS URL

C.

Identity Provider URL

D.

Service provider certificate

Question 20

You are the administrator for a 30.000-user organization. You have multiple Workspace licensing options available to end users in your domain, according to their work responsibilities. A user may be transitioned to a different license type multiple times in a given year. Your organization has a high turnover rate for employees. What is the most efficient way to manage your organization's licensing?

Options:

A.

Use the Directory API to create a custom batch script that modifies the users license on a daily basis

B.

Create a license assignment rule in the Google Admin console to set user licensing based on directory attributes.

C.

Use Google Cloud Directory Sync to modify user licensing with each sync, according to information available in the organization's LDAP

D.

Update user licensing in the user portion of the Admin console on an as-needed basis.

Question 21

What steps does an administrator need to take to enforce TLS with a particular domain?

Options:

A.

Enable email safety features with the receiving domain.

B.

Set up secure transport compliance with the receiving domain.

C.

Configure an alternate secure route with the receiving domain.

D.

Set up DKIM authentication with the receiving domain.

Question 22

Your team is collaborating on a new project by using a Google Doc They are using Doc comments to add numerous questions and suggestions You want to ensure that sensitive data in the Doc comments does not appear in the recipients' inboxes when a user is notified that a comment has been assigned to them What should you do?

Options:

A.

Set up an email quarantine to quarantine all incoming emails that contain sensitive data

B.

Disable comments in the Google Doc for your users

C.

Create a Gmail content compliance rule and turn oft dynamic email for your team

D.

Create a Gmail content compliance rule to block incoming messages that contain sensitive data

Question 23

As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

Options:

A.

In the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.”

B.

Use the Directory API to check and update the group’s membership after the GCDS sync is completed.

C.

Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.

D.

In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”

Question 24

Your corporate LDAP contains the email addresses of several hundred non-employee business partners. You want to sync these contacts to Google Workspace so they appear in Gmail’s address autocomplete for all users in the domain.

What are two options to meet this requirement? (Choose two.)

Options:

A.

Use the Directory API to upload a .csv file containing the contacts.

B.

Configure GCDS to populate a Group with external members.

C.

Use the People API to upload a .csv file containing the contacts.

D.

Develop a custom application to call the Domain Shared Contacts API.

E.

Configure GCDS to synchronize shared contacts.

Question 25

You have configured your Google Workspace account on the scheduled release track to provide additional time to prepare for new product releases and determine how they will impact your users. There are some new

features on the latest roadmap that your director needs you to test as soon as they become generally available without changing the release track for the entire organization.

What should you do?

Options:

A.

Create a new OU and tum on the rapid release track just for this OU.

B.

Create a new Google Group with test users and enable the rapid release track.

C.

Establish a separate Dev environment, and set it to rapid release.

D.

Ask Google for a demo account with beta access to the new features.

Question 26

Your admin quarantine is becoming a burden to manage due to a consistently high influx of messages that match the content compliance rule Your security team will not allow you to remove or relax this rule, and as a result, you need assistance processing the messages in the quarantine. What is the first step you should take to enable others to help manage the quarantine, while maintaining security?

Options:

A.

Give the users super admin rights to view the admin quarantine.

B.

Give the users Services > Gmail > Access Admin Quarantine admin privileges.

C.

Configure the admin quarantine to allow end users to release messages.

D.

Give the users Services > Security Center admin privileges.

Question 27

Your organization syncs directory data from Active Directory to Google Workspace via Google Cloud Directory Sync. Users and Groups are updated from Active Directory on an hourly basis. A user's last name and primary email address have to be changed. You need to update the user’s data.

What two actions should you take? (Choose two.)

Options:

A.

Add the user's old email address to their account in the Google Workspace Admin panel.

B.

Change the user's primary email address in the Google Workspace Admin panel.

C.

Change the user's last name in the Google Workspace Admin panel.

D.

Change the user's primary email in Active Directory.

E.

Change the user's last name in Active Directory.

Question 28

Your organization has implemented Single Sign-On (SSO) for the multiple cloud-based services it utilizes. During authentication, one service indicates that access to the SSO provider cannot be accessed due to invalid information.

What should you do?

Options:

A.

Verify the NameID Element in the SAML Response matches the Assertion Consumer Service (ACS) URL.

B.

Verify the Audience Element in the SAML Response matches the Assertion Consumer Service (ACS) URL.

C.

Verify the Subject attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL.

D.

Verify the Recipient attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL.

Question 29

On which two platforms can you push WiFi connection information with Google Workspace? (Choose two.)

Options:

A.

Mac OS

B.

Windows

C.

Chrome OS

D.

iOS

E.

Linux

Question 30

You are a Workspace Administrator with a mix of Business Starter and Standard Licenses for your users. A Business Starter User in your domain mentions that they are running out of Drive Storage Quota. Without deleting data from Drive, what two actions can you take to alleviate the quota concerns for this user? (Choose two.)

Options:

A.

Add other users as “Editors” on the Drive object, thus spreading the storage quota debt between all of them.

B.

Manually export and back up the data locally, and delete the affected files from Drive to alleviate the debt.

C.

Make another user the “Owner” of the Drive objects, thus transferring the storage quota debt to them.

D.

Perform an API query for large storage drive objects, and delete them, thus alleviating the quota debt.

E.

Move the affected items to a Shared Drive. Shared Drives transfer ownership of the drive item to the domain itself, which alleviates the quota debt from that user.

Question 31

With the help of a partner, you deployed Google Workspace last year and have seen the rapid pace of innovation and development within the platform. Your CIO has requested that you develop a method of staying up-to-date on all things Google Workspace so that you can be prepared to take advantage of new features and ensure that your organization gets the most out of the platform.

What should you do?

Options:

A.

Develop a cadence of regular roadmap and business reviews with your partner.

B.

Regularly scan the admin console and keep track of any new features you identify.

C.

Create a Feature Release alert in the Alert Center to be alerted to new functionality.

D.

Put half of your organization on the Rapid Release Schedule to highlight differences.

Question 32

After a recent transition to Google Workspace, helpdesk has received a high volume of password reset requests and cannot respond in a timely manner. Your manager has asked you to determine how to resolve these requests without relying on additional staff.

What should you do?

Options:

A.

Create a custom Apps Script to reset passwords.

B.

Use a third-party tool for password recovery.

C.

Enable non-admin password recovery.

D.

Create a Google form to submit reset requests.

Question 33

Your organization has noticed several incidents of accidental oversharing inside the organization. Specifically, several users have shared sensitive Google Drive items with the entire organization by clicking ‘anyone in this group with this link can view’. You have been asked by senior management to help users share more appropriately and also to prevent accidental oversharing to the entire organization. How would you best accomplish this?

Options:

A.

Create groups, add users accordingly, and educate users on how to share to specific groups of people.

B.

Disable sharing to the entire organization so that users must consciously add every person who needs access.

C.

Determine sharing boundaries for users that work with sensitive information, and then implement target audiences.

D.

Temporarily disable the Google Drive service for individuals who continually overshare.

Question 34

You work for an organization that is headquartered in Washington DC You want to reliably send email announcements to all employees in the area and update membership automatically What should you do?

Options:

A.

Create a Dynamic Group by using the location condition to keep the distribution list automatically updated based on the employees work locations

B.

Create a Security Group and apply the Location label to allow employees to join based on the specified location

C.

Create a Google Group and add all employees in the Washington DC work location

D.

Create a Google Group and set permissions to invite employees to join the group

Question 35

Your organization has offices in Canada Italy and the United States You want to ensure that employees can access corporate Gmail and Drive from these three geographic locations only What should you do?

Options:

A.

Require the use of corporate devices for any access to corporate Gmail and Drive

B.

Use context-aware access to create access levels based on the geographic location and assign them to corporate Gmail and Drive

C.

Create address lists to restrict the delivery of incoming and outgoing messages and to block notifications from Google Doc comments

D.

Create data protection rules in Google Workspace that allow data access from only three geographic locations

Question 36

The CFO just informed you that one of their team members wire-transferred money to the wrong account because they received an email that appeared to be from the CFO. The CFO has provided a list of all users that may be responsible for sending wire transfers. The CFO also provided a list of banks the company sends wire transfers to. There are no external users that should be requesting wire transfers. The CFO is working with the bank to resolve the issue and needs your help to ensure that this does not happen again.

What two actions should you take? (Choose two.)

Options:

A.

Configure objectionable content to reject messages with the words “wire transfer.”

B.

Verify that DMARC, DKIM, and SPF records are configured correctly for your domain.

C.

Create a rule requiring secure transport for all messages regarding wire transfers.

D.

Add the sender of the wire transfer email to the blocked senders list.

E.

Enable all admin settings in Gmail's safety > spoofing and authentication.

Question 37

Your organization has a data loss prevention (DLP) rule to detect and warn users about external sharing of sensitive files in Google Drive You also want to prevent external users from downloading files with viewer permissions to their local machines What should you do?

Options:

A.

Do nothing. View-only Drive files automatically prevent the user from downloading the files

B.

Modify the existing DLP rule to Disable download, print, and copy for commenters and viewers

C.

Create a new DLP rule by using the existing content detector conditions but change the action for the new rule to Disable download. print, and copy for commenters and viewers

D.

Create a new DLP rule and set the scope to the organizational unit or group that you want to restrict

Question 38

You are the Workspace administrator for an international organization with Enterprise Plus Workspace licensing. A third of your employees are located in the United States, another third in Europe, and the other third geographically dispersed around the world. European employees are required to have their data stored in Europe. The current OU structure for your organization is organized by business unit, with no attention to user location. How do you configure Workspace for the fastest end user experience while also ensuring that European user data is contained in Europe?

Options:

A.

Configure a data region at the top level OU of your organization, and set the value to “Europe”.

B.

Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each.

C.

Configure a configuration group for European users, and set the data region to “Europe”.

D.

Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe.

Question 39

You have implemented a data loss prevention (DLP) policy for a specific finance organizational unit. You want to apply the same security policy to a shared drive owned by the finance department in the most efficient manner. What should you do?

Options:

A.

In the Admin console sharing settings, select the finance organizational unit and deselect Allow users outside the domain to access files in shared drives

B.

Assign the Shared Drive to the finance organizational unit

C.

Create a new DLP policy for shared drive users

D.

Change the scope of the policy to apply to all in the domain

Question 40

Your company frequently hires from five to ten interns for short contract engagements and makes use of the

same generically named Google Workspace accounts (e.g., user1@your-company.com, user2@your-company.com, user3@your-company.com). The manager of this program wants all email to these accounts routed to the manager's mailbox account also.

What should you do?

Options:

A.

Setup address forwarding in each account's GMail setting menu.

B.

Set up recipient address mapping in GMail Advanced Settings.

C.

Configure an Inbound Gateway route.

D.

Give the manager delegated access to the mailboxes.

Question 41

Your organization is in the process of deploying Google Drive for desktop so that your users can access Drive files directly from their desktops. For security reasons, you want to restrict Drive for desktop to only company-owned devices. What two steps should you take from the admin panel to restrict Drive for desktop to only company-owned devices?

Choose 2 answers

Options:

A.

Create a company-owned device inventory using an asset tag.

B.

Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply

C.

Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices

D.

Install the Google Endpoint Verification extension on machines using Drive for Desktop.

E.

Create a company-owned device inventory using serial numbers of devices.

Question 42

An employee has left your organization and their Drive data must be retained for three years The retention rule has been set for three years You must ensure the employee's data is visible in Vault and accessible to the Vault Administrator in the most cost-effective way What should you do?

Options:

A.

Export the users Drive data from Vault, then delete the user.

B.

Assign an Archive User (AU) license to the user

C.

Change ownership of the Drive data to the user's Manager, then delete the user

D.

Suspend the user until the end of the three-year period

Question 43

A user has traveled overseas for an extended trip to meet with several vendors. The user has reported that important draft emails have not been saved in Gmail, which is affecting their productivity. They have been constantly moving between hotels, vendor offices, and airport lounges.

You have been tasked with troubleshooting the issue remotely. Your first priority is diagnosing and preventing this from happening again, and your second priority is recovering the drafts if possible. Due to time zone differences, and the user's busy meeting schedule, you have only been able to arrange a brief Hangouts Meet with the user to gather any required troubleshooting inputs.

What two actions should be taken on this call with the user? (Choose two.)

Options:

A.

Ask the user to send an email to you so you can check the headers.

B.

Record a HAR file of the user composing a new email.

C.

Take screenshots of the user’s screen when composing an email.

D.

Use the Email log search in the Admin panel.

E.

Check the Users > App Users Activity report.

Question 44

Your organization is part of a highly regulated industry with a very high turnover. In order to recycle licenses for new employees and comply with data retention regulations, it has been determined that certain Google Workspace data should be stored in a separate backup environment.

How should you store data for this situation?

Options:

A.

Use routing rules to dual-deliver mail to an on-premises SMTP server and Google Workspace.

B.

Write a script and use Google Workspace APIs to access and download user data.

C.

Use a third-party tool to configure secure backup of Google Workspace data.

D.

Train users to use Google Takeout and store their archives locally.

Question 45

The credentials of several individuals within your organization have recently been stolen. Using the Google Workspace login logs, you have determined that in several cases, the stolen credentials have been used in countries other than the ones your organization works in. What else can you do to increase your organization's defense-in-depth strategy?

Options:

A.

Implement an IP block on the malicious user's IPs under Security Settings in the Admin Console.

B.

Use Context-Aware Access to deny access to Google services from geo locations other than the ones your organization operates in.

C.

Enforce higher complexity passwords by rolling it out to the affected users.

D.

Use Mobile device management geo-fencing to prevent malicious actors from using these stolen credentials.

Question 46

Your organization is on Google Workspace Enterprise and allows for external sharing of Google Drive files to facilitate collaboration with other Google Workspace customers. Recently you have had several incidents of files and folders being broadly shared with external users and groups. Your chief security officer needs data on the scope of external sharing and ongoing alerting so that external access does not have to be disabled.

What two actions should you take to support the chief security officer's request? (Choose two.)

Options:

A.

Review who has viewed files using the Google Drive Activity Dashboard.

B.

Create an alert from Drive Audit reports to notify of external file sharing.

C.

Review total external sharing in the Aggregate Reports section.

D.

Create a custom Dashboard for external sharing in the Security Investigation Tool.

E.

Automatically block external sharing using DLP rules.

Question 47

Recently your organization has had an increase in messages marked as spam You need to quickly and efficiently obtain detailed information regarding each message What should you do?

Options:

A.

Create an investigation by using a SQL query to search for all spam audit logs exported to BigQuery

B.

Send an alert to all users to mark all suspicious Gmail messages as spam and review the Alert center messages

C.

Use Google Vault to put all messages marked as spam in a legal hold and review the messages

D.

Use the spam filter report in the security dashboard to see messages Google's spam filter marked as spam during a specific time period

Question 48

As the newly hired Admin in charge of Google Workspace, you learn that the organization has been using Google Workspace for months and has configured several security rules for accessing Google Drive. A week after you start your role, users start to complain that they cannot access Google Drive anymore from one satellite office and that they receive an error message that “a company policy is blocking access to this app.” The users have no issue with Gmail or Google Calendar. While investigating, you learn that both this office's Internet Service Provider (ISP) and the global IP address when accessing the internet were changed over the weekend. What is the most logical reason for this issue?

Options:

A.

An access level was defined based on the IP range and applied to Google Drive via Context-Aware Access.

B.

Under Drive and Docs > Sharing Settings, the “Whitelisted domains” list needs to be updated to add the new ISP domain.

C.

The Network Mask defined in Security > Settings > SSO with 3rd Party IdPs should be updated to reflect the new IP range.

D.

You need to raise a ticket to Google Cloud Support to have your new IP ranges registered for Drive API access.

Question 49

In your organization, users have been provisioned with either Google Workspace Enterprise, Google Workspace Business, or no license, depending on their job duties, and the cost of user licenses is paid out of each division's budget. In order to effectively manage the license disposition, team leaders require the ability to look up the type of license that is currently assigned, along with the last logon date, for their direct reports.

You have been tasked with recommending a solution to the Director of IT, and have gathered the following requirements:

  • Team leaders must be able to retrieve this data on their own (i.e., self-service).
  • Team leaders are not permitted to have any level of administrative access to the Google Workspace Admin panel.
  • Team leaders must only be able to look up data for their direct reports.
  • The data must always be current to within 1 week.
  • Costs must be mitigated.

What approach should you recommend?

Options:

A.

Export log data to BigQuery with custom scopes.

B.

Use a third-party tool.

C.

Use App Script and filter views within a Google Sheet.

D.

Create an app using AppMaker and App Script.

Question 50

When reloading Gmail in Chrome, the web browser returns a 500 Error. As part of the troubleshooting process, Google support asks you to gather logs. How can this be accomplished?

Options:

A.

Chrome > Window Context Menu > More Tools > Developer Tools > Network Tab > Reload the page to replicate the error > “Export HAR”

B.

Admin.google.com > Reporting > Reports > Apps Reports > Gmail

C.

chrome://net-export > Start Logging to Disk > Confirm validity with https://netlog-viewer.appspot.com

D.

Chrome > Window Context Menu > More Tools > Task Manager > Screen Capture List of Running Processes

Question 51

Your-company.com finance departments want to create an internal application that needs to read data from spreadsheets. As the collaboration engineer, you suggest using App Maker. The Finance team is concerned about data security when creating applications with App Maker.

What security measures should you implement to secure data?

Options:

A.

Use Roles, Script, and Owner access permissions for operations on records and data relations.

B.

Enable App Maker access only for the Finance department Organization Unit.

C.

Use a service account with limited permissions to access each data source.

D.

Change owner access permissions to allow internal usage only.

Question 52

Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)

Options:

A.

Confirm that the user has a Google Workspace Enterprise Plus license.

B.

Delete and recreate a new Context-Aware Access device policy.

C.

Check whether device policy application is installed on users’ devices.

D.

Confirm that the user has at least a Google Workspace Business license.

E.

Check whether Endpoint Verification is installed on users’ desktops.

Question 53

You have enabled Automatic Room Replacement for your calendar resources, but it is not working for any instances of a conflict booking. What could be the issue?

Options:

A.

Automatic Room Replacement does not work on recurring events.

B.

This feature requires calendar event owners to have the Buildings and resources administrator privilege

C.

The calendar resources do not have the Resource Category configured as CONFERENCE_ROOM

D.

The events have more than 20 attendees.

Question 54

Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams, the security team, requires access to the Security Investigation Tool. What should you do?

Options:

A.

Assign the pre-built security admin role to the security team members.

B.

Create a Custom Admin Role with the Security Center privileges, and then assign the role to each of the security team members.

C.

Assign the Super Admin Role to the security team members.

D.

Create a Custom Admin Role with the security settings privilege, and then assign the role to each of the security team members.

Question 55

Your organization recently had a sophisticated malware attack that was propagated through embedded macros in email attachments. As a Workspace administrator, you want to provide an additional layer of anti-malware protection over the conventional malware protection that is built into Gmail. What should you do to protect your users from future unknown malware in email attachments?

Options:

A.

Run queries in Security Investigation Tool.

B.

Turn on advanced phishing and malware protection.

C.

Enable Security Sandbox.

D.

Enable Gmail confidential mode.

Question 56

Your company is using Google Workspace Business Plus edition, and the security team has reported several unsuccessful attempts to sign in to your Google Workspace domain from countries where you have no local employees. The affected accounts are from several executives in the main office.

You are asked to take measures to mitigate this security risk. Although budget is not a concern, your company prefers a minimal financial outlay to fix the issue, which you are tasked with managing. Which two solutions would help you mitigate the risk at minimal cost?

Choose 2 answers

Options:

A.

Deploy 2-Step Verification for all users who have security keys.

B.

Deploy Google Cloud Armor on a dedicated project, and create a rule to allow access to Google Workspace only from specific locations.

C.

Upgrade to Google Workspace Enterprise Plus for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.

D.

Subscribe to Cloud Identity Premium for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.

E.

For all executives, create new accounts with random characters to match Google best practices, migrate

data from the former accounts, and then delete them.

Question 57

Your organization has hired a recruiting firm that is responsible for reviewing resumes and job descriptions of prospective summer interns. Employees at your organization need to collaborate with the external firm on these documents. You must set permissions and ensure the recruiting firm employees can't remove the files. What should you do?

Options:

A.

Create a Google Group, add the HR team, and create a shared folder for content storage and editing

B.

Enable client-side encryption for the organizational unit (OU) for which the HR team are members

C.

Create a Shared Drive and grant Content Manager access to the HR team

D.

Create a Shared Drive and grant Contributor access to the HR team

Question 58

Your organization's information security team has asked you to determine and remediate if a user (user1@example.com) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately?

Options:

A.

Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is user1@example.com.

B.

Have the super administrator use the Security API to audit Drive access.

C.

As a super administrator, change the access on externally shared Drive files manually under user1@example.com.

D.

Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for user1@example.com.

Question 59

The Google Analytics service is set to OFF for your entire organization All users in the marketing team OU and a subset of users in the sales OU need access to Analytics The rest of the organization should not have access You must configure access in Additional Google services What should you do?

Options:

A.

Enable Google Analytics at the top of the OU structure

B.

Enable Google Analytics for the marketing and sales OUs Create a group to deny access to Google Analytics and assign it to the sales users who should not have access

C.

Enable Google Analytics for the marketing OU. Create a sub-OU for the sales users under the marketing OU

D.

Enable Google Analytics for the marketing OU Create a group from the Admin console that includes the sales users, and set GoogleAnalytics to On for that group The Google Analytics service is set to OFF for your entire organization All users in the marketing team OU and a subset of users in the sales OU need access to Analytics The rest of the organization should not have access You must configure access in Additional Google services What sh

E.

Enable Google Analytics at the top of the OU structure

F.

Enable Google Analytics for the marketing and sales OUs Create a group to deny access to Google Analytics and assign it to the sales users who should not have access

G.

Enable Google Analytics for the marketing OU. Create a sub-OU for the sales users under the marketing OU

Page: 1 / 20
Total 197 questions