Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

Google-Workspace-Administrator Google Cloud Certified - Professional Google Workspace Administrator Questions and Answers

Questions 4

Your-company.com recently bought 2500 Chrome devices and wants to distribute them to various teams globally. You decided that enterprise enrollment would be the best way to enforce company policies for managed Chrome devices. You discovered that Chrome devices currently end up in the top-level organization unit, and this needs to change to the organizational unit of the device administrator.

What should you do?

Options:

A.

Change Enrollment Permissions to only allow users in this organization to re-enroll existing devices.

B.

Change Enrollment Controls to Place Chrome device in user organization.

C.

Change Enrollment Controls to Keep Chrome device in current location.

D.

Change Enrolment Permissions to not allow users in this organization to enroll new devices.

Buy Now
Questions 5

Your organization is part of a highly regulated industry with a very high turnover. In order to recycle licenses for new employees and comply with data retention regulations, it has been determined that certain Google Workspace data should be stored in a separate backup environment.

How should you store data for this situation?

Options:

A.

Use routing rules to dual-deliver mail to an on-premises SMTP server and Google Workspace.

B.

Write a script and use Google Workspace APIs to access and download user data.

C.

Use a third-party tool to configure secure backup of Google Workspace data.

D.

Train users to use Google Takeout and store their archives locally.

Buy Now
Questions 6

Your organization is migrating to Google Workspace and wants to improve how newly created files are classified You must find a scalable solution to improve security and transparency on how to handle sensitive files What should you do?

Options:

A.

Set data loss prevention (DLP) policies to label data automatically disable label locking, and educate users

B.

Create classification labels enable automatic classification, and educate users

C.

Migrate data to Google Workspace map classifications and migrate with the Drive Labels API

D.

Integrate with the Cloud DLP API map identifiers and classifications install the Google Drive label client and run the application

Buy Now
Questions 7

A disgruntled employee has left your company and deleted all their email messages and files in Google Drive. The security team is aware that some intellectual property may have surfaced on a public social media site. What is the first step to start an investigation into this leak?

Options:

A.

Delete the user's account in the Admin Console.

B.

Transfer data between end user Workspace accounts.

C.

Instruct a Google Vault admin to create a matter, and place all the user data on ‘hold.’

D.

Use Google Vault to export all the user data and share among the security team.

Buy Now
Questions 8

On which two platforms can you push WiFi connection information with Google Workspace? (Choose two.)

Options:

A.

Mac OS

B.

Windows

C.

Chrome OS

D.

iOS

E.

Linux

Buy Now
Questions 9

The helpdesk at your organization reports that many users in multiple locations are not able to access Gmail, but can access other Workspace services. You must troubleshoot the issue What should you do first?

Options:

A.

Open a ticket with Google Support listing the affected users.

B.

Check the Google Workspace status dashboard to see whether there is a disruption in Gmail service availability

C.

Check the Google Workspace release calendar to ensure there’s not a Gmail upgrade scheduled

D.

Check network connectivity of the affected users

Buy Now
Questions 10

Your organization's Sales Department uses a generic user account (sales@company.com) to manage requests. With only one employee responsible for managing the departmental account, you are tasked with providing the department with the most efficient means to allow multiple employees various levels of access and manage requests from a common email address.

What should you do?

Options:

A.

Configure a Google Group as an email list.

B.

Delegate email access to department employees.

C.

Configure a Google Group as a collaborative inbox.

D.

Configure a Google Group, and set the Access Level to Announcement Only.

Buy Now
Questions 11

An employee has been leaking confidential salary information to an external party. You must use Vault to preserve the messages for an investigation. What should you do?

Options:

A.

Create a matter and add a hold on the employee's email

B.

Use the security investigation tool to find the messages Create a hold to preserve the messages

C.

Create a custom retention policy Use the audit feature to view captured email logs

D.

Use the search and export features to find all the messages sent externally

Buy Now
Questions 12

All Human Resources employees at your company are members of the “HR Department” Team Drive. The HR Director wants to enact a new policy to restrict access to the “Employee Compensation” subfolder stored on that Team Drive to a small subset of the team.

What should you do?

Options:

A.

Use the Drive API to modify the permissions of the Employee Compensation subfolder.

B.

Use the Drive API to modify the permissions of the individual files contained within the subfolder.

C.

Move the contents of the subfolder to a new Team Drive with only the relevant team members.

D.

Move the subfolder to the HR Director's MyDrive and share it with the relevant team members.

Buy Now
Questions 13

As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

Options:

A.

In the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.”

B.

Use the Directory API to check and update the group’s membership after the GCDS sync is completed.

C.

Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.

D.

In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”

Buy Now
Questions 14

The nature of your organization's business makes your users susceptible to malicious email attachments. How should you implement a scan of all incoming email attachments?

Options:

A.

Configure a safety rule to protect against encrypted attachments from untrusted senders

B.

Configure a safety rule to protect against attachments with scripts from untrusted senders.

C.

In the security sandbox section, enable virtual execution of attachments for (he targeted OU

D.

In the security sandbox section, enable virtual execution of attachments for the entire organization.

Buy Now
Questions 15

Your admin quarantine is becoming a burden to manage due to a consistently high influx of messages that match the content compliance rule Your security team will not allow you to remove or relax this rule, and as a result, you need assistance processing the messages in the quarantine. What is the first step you should take to enable others to help manage the quarantine, while maintaining security?

Options:

A.

Give the users super admin rights to view the admin quarantine.

B.

Give the users Services > Gmail > Access Admin Quarantine admin privileges.

C.

Configure the admin quarantine to allow end users to release messages.

D.

Give the users Services > Security Center admin privileges.

Buy Now
Questions 16

Your organization has been using Google Workspace for almost a year, and your annual security and risk assessment initiative is approaching in preparation for the risk assessment you want to quickly review all the security-related settings for Gmail, Drive and Calendar and identify the ones that may be posing risk What should you do?

Options:

A.

Review all the alerts in the Alert center

B.

Review the Security health page in the Admin console

C.

Review all settings for each organizational unit (OU) separately because it is the only way to see the security settings tor Workspace apps

D.

Review the Gmail Drive, and Calendar reports in the Reporting section in the Admin console.

Buy Now
Questions 17

Your default Vault retention policy for Gmail is set to 365 days Your legal department has just informed you that emails sent and received by the customer support department are sensitive and must be retained for only 30 days You must enforce this new retention policy in the simplest way What should you do?

Options:

A.

Change the current default retention policy in Vault for Gmail to 30 days and apply it to the customer support organizational unit (OU) Configure a custom retention policy for Gmail for 365 days for your domain

B.

Create two custom retention policies in Vault one for 30 days that is applied to the customer support organizational unit (OU) and one for 365 days that is applied to all other OUs in your directory

C.

Change the current default retention policy for Gmail to 30 days Configure two custom retention policies in Vault one for 30 days that is applied to the customer support organizational unit (OU) and one for 365 days that is applied to all other OUs in your directory

D.

Create a custom retention policy in Vault for Gmail for 30 days and apply it to the customer support organizational unit (OU)

Buy Now
Questions 18

Your company has an OU that contains your sales team and an OU that contains your market research team. The sales team is often a target of mass email from legitimate senders, which is distracting to their job duties. The market research team also receives that email content, but they want it because it often contains interesting market analysis or competitive intelligence. Constant Contact is often used as the source of these messages. Your company also uses Constant Contact for your own mass email marketing. You need to set email controls at the Sales OU without affecting your own outgoing email or the market research OU.

What should you do?

Options:

A.

Create a blocked senders list as the Sales OU that contains the mass email sender addresses, but bypass this setting for Constant Contact emails.

B.

Create a blocked senders list at the root level, and then an approved senders list at the Market Research OU, both containing the mass email sender addresses.

C.

Create a blocked senders list at the Sales OU that contains the mass email sender addresses.

D.

Create an approved senders list at the Market Research OU that contains the mass email sender addresses.

Buy Now
Questions 19

The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time. Your COO has found this useful in the past but when they went to find an email from last year to prove details of a contract in dispute, they were unable to find it. itis no longer in the Trash. They have requested that you recover it.

What should you do?

Options:

A.

Using Vault, perform a search for the email and export the content to a standard format to provide for investigation.

B.

Using the Message ID, contact Google Google Workspace support to recover the email, then import with Google Workspace Migration for Microsoft Outlook.

C.

Using the Vault Audit log, perform a search for the email, export the results. then import with Google Workspace Migration for Microsoft Outlook.

Buy Now
Questions 20

As a Workspace Administrator you want to keep an inventory of the computers and mobile devices your company owns in order to track details such as device type and who the device is assigned to. How should you add the devices to the company-owned inventory?

Options:

A.

Download the company-owned inventory template CSV file from the Admin panel enter the serial number of the devices and upload the

B.

completed file to the company-owned inventory in the admin panel B O Download the company-owned inventory template CSV file from the Admin panel enter the device OSs. and serial numbers and upload the

C.

completed file to the company-owned inventory in the admin panel. C O Download the company-owned inventory template CSV file from the Admin panel enter the asset tags of the devices, and upload the

D.

completed file to the company-owned inventory in the admin panel D O Download the company-owned inventory template CSV file from the Admin panel, enter the device OSs. and asset tags, and upload the

Buy Now
Questions 21

HR informs you that a user has been terminated and their account has been suspended. The user is part of a current legal investigation, and HR requires the user's email data to remain on hold. The terminated user's team is actively working on a critical project with files owned by the user. You need to ensure that the terminated user's content is appropriately kept before provisioning their license to a new user.

What two actions should you take? (Choose two.)

Options:

A.

Extend the legal hold on the user's email data.

B.

Move project files to a Team Drive or transfer ownership.

C.

Rename the account to the new user starting next week.

D.

Delete the account, freeing up a Google Workspace License.

E.

Assign the terminated user account an Archive User license.

Buy Now
Questions 22

In the years prior to your organization moving to Google Workspace, it was relatively common practice for users to create consumer Google accounts with their corporate email address (for example, to monitor Analytics, manage AdSense, and collaborate in Docs with other partners who were on Google Workspace.) You were able to address active employees’ use of consumer accounts during the rollout, and you are now concerned about blocking former employees who could potentially still have access to those services even though they don't have access to their corporate email account.

What should you do?

Options:

A.

Contact Google Enterprise Support to provide a list of all accounts on your domain(s) that access non-Google Workspace Google services and have them blocked.

B.

Use the Transfer Tool for Unmanaged Accounts to send requests to the former users to transfer their account to your domain as a managed account.

C.

Provide a list of all active employees to the managers of your company's Analytics, AdSense, etc. accounts, so they can clean up the respective access control lists.

D.

Provision former user accounts with Cloud Identity licenses, generate a new Google password, and place them in an OU with all Google Workspace and Other Google Services disabled.

Buy Now
Questions 23

The company's ten most senior executives are to have their offices outfitted with dedicated, standardized video conference cameras, microphones, and screens. The goal is to reduce the amount of technical support they require due to frequent, habitual switching between various mobile and PC devices throughout their busy days. You must ensure that it is easier for the executives to join Meet video conferences with the dedicated equipment instead of whatever device they happen to have available.

What should you do?

Options:

A.

Set up unmanaged Chromeboxes and set the executives’ homepage to meet.google.com via Chrome settings.

B.

Set up the executive offices as reservable Calendar Resources, deploy Hangouts Meet Hardware Kits, and associate the Meet hardware with the room calendars.

C.

Deploy Hangouts Meet Hardware Kits to each executive office, and associate the Meet hardware with the executives’ calendars.

D.

Provision managed Chromeboxes and set the executives’ Chrome homepage to meet. google.com via device policy.

Buy Now
Questions 24

Your organization is on Google Workspace Enterprise and allows for external sharing of Google Drive files to facilitate collaboration with other Google Workspace customers. Recently you have had several incidents of files and folders being broadly shared with external users and groups. Your chief security officer needs data on the scope of external sharing and ongoing alerting so that external access does not have to be disabled.

What two actions should you take to support the chief security officer's request? (Choose two.)

Options:

A.

Review who has viewed files using the Google Drive Activity Dashboard.

B.

Create an alert from Drive Audit reports to notify of external file sharing.

C.

Review total external sharing in the Aggregate Reports section.

D.

Create a custom Dashboard for external sharing in the Security Investigation Tool.

E.

Automatically block external sharing using DLP rules.

Buy Now
Questions 25

Your company has acquired a new company in Japan and wants to add all employees of the acquisition to your existing Google Workspace domain. The new company will retain its original domain for email addresses and, due to the very sensitive nature of its work, the new employees should not be visible in the global directory. However, they should be visible within each company's separate directory. What should you do to meet these requirements?

Options:

A.

Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead.

B.

Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts.

C.

Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU.

D.

Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.

Buy Now
Questions 26

Your company is using macOS devices for all employees and has built a process to allow a Google account to be used as credentials (or the device Your company wants to manage newly acquired Windows 10 devices with Google Workspace endpoint management and have employees use their Google Workspace account as login credentials for Windows 10 Which steps should you take to enable this?

Choose 2 answers

Options:

A.

Install and configure Google Credential Provider for Windows (GCPW) on each device

B.

Configure Chrome policies on Windows to push advanced device management policies

C.

Enable Windows device management in Devices > Mobile & endpoints > Settings > Windows settings

D.

Sync the Google Accounts and password to AD via Google Cloud Directory Sync V1 (GCDS)

E.

Install and configure Password Sync on each Active Directory (AD) domain controller

Buy Now
Questions 27

Your company is using Google Workspace Enterprise Plus, and the Human Resources (HR) department is asking for access to Work Insights to analyze adoption of Google Workspace for all company employees. You assigned a custom role with the work Insights permission set as “view data for all teams” to the HR group, but it is reporting an error when accessing the application. What should you do?

Options:

A.

Allocate the “view data for all teams” permission to all employees of the company.

B.

Confirm that the Work Insights app is turned ON for all employees.

C.

Confirm in Security > API controls > App Access Controls that Work Insights API is set to “unrestricted.”

D.

Confirm in Reports > BigQuery Export that the job is enabled.

Buy Now
Questions 28

Your organization is in the process of deploying Google Drive for desktop so that your users can access Drive files directly from their desktops. For security reasons, you want to restrict Drive for desktop to only company-owned devices. What two steps should you take from the admin panel to restrict Drive for desktop to only company-owned devices?

Choose 2 answers

Options:

A.

Create a company-owned device inventory using an asset tag.

B.

Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply

C.

Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices

D.

Install the Google Endpoint Verification extension on machines using Drive for Desktop.

E.

Create a company-owned device inventory using serial numbers of devices.

Buy Now
Questions 29

Your organization has just appointed a new CISO. They have signed up to receive admin alerts and just received an alert for a suspicious login attempt. They are trying to determine how frequently suspicious login attempts occur within the organization. The CISO has asked you to provide details for each user account that has had a suspicious login attempt in the past year and the number of times it occurred for each account.

What action should you take to meet these requirements?

Options:

A.

Use the login audit report to export all suspicious login details for analysis.

B.

Create a custom dashboard with the security investigation tool showing suspicious logins.

C.

Use the account activity report to export all suspicious login details for analysis.

D.

Create a custom query in BigQuery showing all suspicious login details.

Buy Now
Questions 30

Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices?

Options:

A.

Navigate to “Data Protection” setting in Google Admin Console's Device management section and disable the “Allow users to copy data to personal apps” checkbox.

B.

Disable “Open Docs in Unmanaged Apps” setting in Google Admin Console’s Device management section.

C.

Navigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management.

D.

Clear the “Allow items created with managed apps to open in unmanaged apps” checkbox.

Buy Now
Questions 31

The Director of your Finance department has asked to be alerted if two financial auditors share any files outside the domain. You need to set an Admin Alert on Drive Sharing.

What should you do?

Options:

A.

Create a Google Group that has the two auditors as members, and then create a Drive DLP Rule that is assigned to that Group.

B.

Create a Content Compliance rule that looks for outbound share notifications from those two users, and Bcc the Director on those emails.

C.

Create two Drive Audit Alerts, one for each user, where the Visibility is “Shared Externally,” and email them to the Director.

D.

Check the Admin Console Dashboard Insights page periodically for external shares, and notify the Director of any changes.

Buy Now
Questions 32

The compliance team at your organization is conducting a legal investigation into some concerning sales activities of an employee eight months ago The compliance team contacted you for assistance on the situation You set up the default Google Vault retention rules so all data is retained only for one year You must assist the compliance team with the investigation What should you do1?

Options:

A.

Do nothing The retention period has already ended and the evidence has already been purged

B.

Suspend the employee and export all data by using Google Takeout

C.

Assign the compliance team a Google Vault administrator role and create a legal hold for the employee

D.

Assign the compliance team a Google Vault administrator role and change the default retention rules to three years.

Buy Now
Questions 33

Your company is in the process of deploying Google Drive Enterprise for your sales organization. You have discovered that there are many unmanaged accounts across your domain. Your security team wants to manage these accounts moving forward.

What should you do?

Options:

A.

Disable access to all “Other Services” in the Google Workspace Admin Console.

B.

Use the Transfer Tool for unmanaged accounts to invite users into the domain.

C.

Use the Data Migration Service to transfer the data to a managed account.

D.

Open a support ticket to have Google transfer unmanaged accounts into your domain.

Buy Now
Questions 34

Your organization is concerned with the increasing threat of phishing attacks that may impact users.

Leadership has declined to force-enable 2-Step verification. You need to apply a security measure to prevent unauthorized access to user accounts.

What should you do?

Options:

A.

Enable Enforce Strong Password policy.

B.

Enable Employee ID Login Challenge.

C.

Decrease the Maximum User Session Length.

D.

Revoke token authorizations to external applications.

Buy Now
Questions 35

Your client is a 5,000-employee company with a high turn-over rate that requires them to add and suspend user accounts. When new employees are onboarded, a user object is created in Active Directory. They have determined that manually creating the users in Google Workspace Admin Panel is time-consuming and prone to error. You need to work with the client to identify a method of creating new users that will reduce time and error.

What should you do?

Options:

A.

Install Google Cloud Directory Sync on all Domain Controllers.

B.

Install Google Workspace Sync for Microsoft Outlook on all employees’ computers.

C.

Install Google Cloud Directory Sync on a supported server.

D.

Install Google Apps Manager to automate add-user scripts.

Buy Now
Questions 36

Your organization wants more visibility into actions taken by Google staff related to your data for audit and security reasons. They are specifically interested in understanding the actions performed by Google support staff with regard to the support cases you have opened with Google. What should you do to gain more visibility?

Options:

A.

From Google Admin Panel, go to Audit, and select Access Transparency Logs. Most Voted

B.

From Google Admin Panel, go to Audit, and select Login Audit Log.

C.

From Google Admin Panel, go to Audit, and select Rules Audit Log.

D.

From Google Admin Panel, go to Audit, and select Admin Audit Log.

Buy Now
Questions 37

Your organization has decided to enforce 2-Step Verification for a subset of users. Some of these users are now locked out of their accounts because they did not set up 2-Step Verification by the enforcement date. What corrective action should you take to allow the users to sign in again?

Options:

A.

Disable 2-Step Verification per organizational unit so the affected users can sign in.

B.

Move the affected users into the exception group temporarily so they can set up 2-Step Verification, and then remove them from the exception group after successful sign-in is confirmed.

C.

Disable 2-Step Verification organization-wide so all users can successfully sign in.

D.

Move the affected users into the exception group permanently so they do not have to use 2-Step Verification going forward.

Buy Now
Questions 38

Your organization does not allow users to share externally. The security team has recently approved an exemption for specific members of the marketing team and sales to share documents with external customers, prospects, and partners. How best would you achieve this?

Options:

A.

Create a configuration group with the approved users as members, and use it to create a target audience.

B.

Enable external sharing for the marketing and sales organizational units.

C.

Enable external sharing only to allowlisted domains provided by marketing and sales teams.

D.

Create a configuration group with the approved users as members, and enable external sharing for this group.

Buy Now
Questions 39

Your company has decided to change SSO providers. Instead of authenticating into Google Workspace and other cloud services with an external SSO system, you will now be using Google as the Identity Provider (IDP) and SSO provider to your other third-party cloud services.

What two features are essential to reconfigure in Google Workspace? (Choose two.)

Options:

A.

Apps > add SAML apps to your domain.

B.

Reconfigure user provisioning via Google Cloud Directory Sync.

C.

Replace the third-party IDP verification certificate.

D.

Disable SSO with third party IDP.

E.

Enable API Permissions for Google Cloud Platform.

Buy Now
Questions 40

Your company’s Google Workspace primary domain is “mycompany.com,” and it has acquired a startup that is using another cloud provider with a domain named “mystartup.com.” You plan to add all employees from the startup to your Google Workspace domain while preserving their current mail addresses. The startup CEO's email address is andrea@mystartup.com, which also matches your company CEO's email address as andrea@mycompany.com, even though they are different people. Each must keep the usage of their email. In addition, your manager asked to have all existing security policies applied for the new employees without any duplication. What should you do to implement the migration?

Options:

A.

Create a secondary domain, mystartup.com, within your current Google Workspace domain, set up necessary DNS records, and create all startup employees with the secondary domain as their primary email addresses.

B.

Create an alias domain, mystartup.com, in your existing Google Workspace domain, set up necessary DNS records, and create all startup employees with the alias domain as their primary email addresses.

C.

Create a new Google Workspace domain with “mystartup.com,” and create a trust between both domains for reusing the same security policies and sharing employee information within the companies.

D.

Create the startup employees in the “mycompany.com’ domain, and add a number at the end of the user name whenever there is a conflict. In Gmail > Routing, define a specific route for the OU that targets the startup employees, which will modify the email address domain to “mystartup.com,” and remove any numbers previously added. In addition, confirm that the SPF and DKIM records are properly set.

Buy Now
Questions 41

Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)

Options:

A.

Confirm that the user has a Google Workspace Enterprise Plus license.

B.

Delete and recreate a new Context-Aware Access device policy.

C.

Check whether device policy application is installed on users’ devices.

D.

Confirm that the user has at least a Google Workspace Business license.

E.

Check whether Endpoint Verification is installed on users’ desktops.

Buy Now
Questions 42

The application development team has come to you requesting that a new, internal, domain-owned Google Workspace app be allowed to access Google Drive APIs. You are currently restricting access to all APIs using approved whitelists, per security policy. You need to grant access for this app.

What should you do?

Options:

A.

Enable all API access for Google Drive.

B.

Enable “trust domain owned apps” setting.

C.

Add OAuth Client ID to Google Drive Trusted List.

D.

Whitelist the app in the Google Workspace Marketplace.

Buy Now
Questions 43

In your organization, users have been provisioned with either Google Workspace Enterprise, Google Workspace Business, or no license, depending on their job duties, and the cost of user licenses is paid out of each division's budget. In order to effectively manage the license disposition, team leaders require the ability to look up the type of license that is currently assigned, along with the last logon date, for their direct reports.

You have been tasked with recommending a solution to the Director of IT, and have gathered the following requirements:

  • Team leaders must be able to retrieve this data on their own (i.e., self-service).
  • Team leaders are not permitted to have any level of administrative access to the Google Workspace Admin panel.
  • Team leaders must only be able to look up data for their direct reports.
  • The data must always be current to within 1 week.
  • Costs must be mitigated.

What approach should you recommend?

Options:

A.

Export log data to BigQuery with custom scopes.

B.

Use a third-party tool.

C.

Use App Script and filter views within a Google Sheet.

D.

Create an app using AppMaker and App Script.

Buy Now
Questions 44

You received this email from the head of marketing:

Hello Workspace Admin:

Next week, a new consultant will be starting on the "massive marketing mailing" project. We want to ensure that they can view contact details of the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that you can help with?

What are two of the steps you need to perform to fulfill this request?

Choose 2 answers

Options:

A.

Create an isolated OU for the consultants who need the restricted contacts access.

B.

Create a group that includes the contacts that the consultant is allowed to view.

C.

Apply the role of owner to the consultant in the group settings.

D.

Create the consultant inside under the marketing OU.

E.

Ensure that you are assigned the Administrator Privilege of Services > Services settings, and ensure that Services > Contacts > Contacts Settings Message is set.

Buy Now
Questions 45

Your company is using Google Workspace Business Standard. The company has five meeting rooms that are all registered as resources in Google Workspace and used on a daily basis by the employees when organizing meetings. The office layout was changed last weekend, and one of the meeting rooms is now a dedicated room for management. The CEO is complaining that anyone can book the room and requested this room to be used only by the management team and their executive assistants (EAs). No one else must be allowed to book it via Google Calendar. What should you do?

Options:

A.

As a super administrator, modify the room calendar sharing settings, and limit it to the management and EAs group.

B.

Delete the room from Google Workspace resources, and suggest using a spreadsheet shared with the management and EAs only for the room schedule.

C.

As a super administrator, create a group calendar named “Management Room,” and share it only with the management and the EAs.

D.

Move the room resource to the management and EAs group so that only they can use it.

Buy Now
Questions 46

Your company wants to provide secure access for its employees. The Chief Information Security Officer disabled peripheral access to devices, but wants to enable 2-Step verification. You need to provide secure access to the applications using Google Workspace.

What should you do?

Options:

A.

Enable additional security verification via email.

B.

Enable authentication via the Google Authenticator.

C.

Deploy browser or device certificates via Google Workspace.

D.

Configure USB Yubikeys for all users.

Buy Now
Questions 47

Your organization has confidential internal content for which only authorized employees are allowed to access Access to this content is managed by using Google Groups Only administrators can create and manage membership You need to provide only the necessary functionality and follow the principle of least privilege What should you do?

Options:

A.

Make a dynamic group so security team members are automatically added

B.

Make a moderated group so all incoming communications can be monitored

C.

Use a group as a collaborative inbox that allows easier sharing

D.

Make a security group to apply access policies

Buy Now
Questions 48

Your IT team is being asked to fulfill a query by your organization's legal department that requires an MBOX file that will be shared to a third-party partner for eDiscovery. The query must be run on multiple users. Legal has no admin rights to Google Vault. What should you do to fulfil the request?

Options:

A.

Create a Google Vault matter for each user account, and share the matters to the legal admin.

B.

Create a Google Vault matter, search for data, and run an export for the legal department.

C.

Use the Investigation Too! to search for the data requested, and export for the legal department.

D.

Search for the data in Gmail, and export for the legal department.

Buy Now
Questions 49

You want to create a list of IP addresses that are approved to send email to your domain. To accomplish this, what section of the Google Workspace Admin console should you update?

Options:

A.

Bypass spam filter

B.

Content compliance rule

C.

Approved email denylist

D.

Email allowlist

Buy Now
Questions 50

As a Workspace Administrator, you want to keep an inventory of the computers and mobile devices your company owns in order to track details such as device type and who the device is assigned to. How should you add the devices to the company-owned inventory?

Options:

A.

Download the company owned inventory template CSV file from the admin panel, enter the serial number of the devices, and upload it back to the company owned inventory in the admin panel.

B.

Download the company owned inventory template CSV file from the admin panel, enter the Device OS, serial number and upload it back to the company owned inventory in the admin panel.

C.

Download the company owned inventory template CSV file from the admin panel, enter the asset tag of the devices, and upload it back to the company owned inventory in the admin panel.

D.

Download the company owned inventory template CSV file from the admin panel, enter the Device OS, asset tag and upload it back to the company owned inventory in the admin panel.

Buy Now
Questions 51

Your organization has hired a recruiting firm that is responsible for reviewing resumes and job descriptions of prospective summer interns. Employees at your organization need to collaborate with the external firm on these documents. You must set permissions and ensure the recruiting firm employees can't remove the files. What should you do?

Options:

A.

Create a Google Group, add the HR team, and create a shared folder for content storage and editing

B.

Enable client-side encryption for the organizational unit (OU) for which the HR team are members

C.

Create a Shared Drive and grant Content Manager access to the HR team

D.

Create a Shared Drive and grant Contributor access to the HR team

Buy Now
Questions 52

Your company recently acquired an organization that was not leveraging Google Workspace. Your company is currently using Google Cloud Directory Sync (GCDS) to sync from an LDAP directory into Google Workspace. You want to deploy a second instance of GCDS and apply the same strategy with the newly acquired organization, which also has its users in an LDAP directory. How should you change your GCDS instance to ensure that the setup is successful? (Choose two.)

Options:

A.

Provide your current GCDS instance with admin credentials to the recently acquired organization's LDAP directory.

B.

Add an LDAP sync rule to your current GCDS instance in order to synchronize new users.

C.

Set up exclusion rules to ensure that users synced from the acquired organization's LDAP are not, suspended.

D.

Set up an additional instance of GCDS running on another server, and handle the acquired organization's synchronization.

E.

Upgrade to the multiple LDAP version of GCDS.

Buy Now
Questions 53

Your organization uses a third-party product to filter mail before it arrives at your Workspace Domain. How should you configure Gmail to ensure that inbound messages are not seen as a spam attack due to the volume of mail being received from this product?

Options:

A.

Add the product's IP addresses as an approved sender.

B.

Allowlist the IP addresses of the third-party filtering product.

C.

Add the product's IP addresses to your organization's SPF record.

D.

List the IP addresses of the product as an Inbound Gateway.

Buy Now
Questions 54

What steps does an administrator need to take to enforce TLS with a particular domain?

Options:

A.

Enable email safety features with the receiving domain.

B.

Set up secure transport compliance with the receiving domain.

C.

Configure an alternate secure route with the receiving domain.

D.

Set up DKIM authentication with the receiving domain.

Buy Now
Questions 55

You work for a midsize organization Your compliance and audit learn sees that users are frequently resetting their passwords You must provide accurate information and ensure that the compliance team is informed every time a user changes their password What should you do?

Options:

A.

Create a new alert by using user log events and check that event Login type is Google password and include the compliance team in the email notifications

B.

Check the User's password changed alert in the alert center and include the compliance team in the email notifications

C.

Disable user account recovery so users must contact you before a reset

D.

Enable user account recovery and forward any alert to the compliance team through the alert center

Buy Now
Questions 56

Your-company.com recently started using Google Workspace. The CIO is happy with the deployment, but received notifications that some employees have issues with consumer Google accounts (conflict accounts). You want to put a plan in place to address this concern.

What should you do?

Options:

A.

Use the conflict account remove tool to remove the accounts from Google Workspace.

B.

Rename the accounts to temp@your-company.com, and recreate the accounts.

C.

Ask users to request a new Google Workspace account from your local admin.

D.

Use the Transfer tool for unmanaged users to find the conflict accounts.

Buy Now
Questions 57

You have configured Secure Transport (TLS) Compliance for all messages coming to and from an external domain. altostrat.com. that your end users communicate with via Gmail. What will your end users experience when messages are delivered to them from altostrat.com without TLS enabled?

Options:

A.

The message will be delivered to their spam folder.

B.

The message will not be delivered to the end user in any form.

C.

The user will receive a failure message informing them that the message could not be delivered to their inbox and that they will need to work with their Workspace administrator to resolve the issue.

D.

A warning banner will appear on the message informing the user that the message was not sent securely.

Buy Now
Questions 58

Your global marketing team has over 500 employees. They recently started working with Google Analytics and want to move to managed accounts You decide to use Google Cloud Directory Sync (GCDS) to sync users from your current identity provider Your organization currently has no Google Workspace licenses linked to the Admin console You run GCDS for the first lime and receive the following error. "Domain user limit reached " You need to identify and fix the problem What should you do?

Options:

A.

Ensure that there is a subscription available and enough licenses to sync the new users

B.

Check if GCDS has the correct permissions to run a sync on your domain

C.

Wait 48 hours until the domain is fully provisioned

D.

Update the delete limits of GCDS and try again

Buy Now
Questions 59

You have enabled Automatic Room Replacement for your calendar resources, but it is not working for any instances of a conflict booking. What could be the issue?

Options:

A.

Automatic Room Replacement does not work on recurring events.

B.

This feature requires calendar event owners to have the Buildings and resources administrator privilege

C.

The calendar resources do not have the Resource Category configured as CONFERENCE_ROOM

D.

The events have more than 20 attendees.

Buy Now
Exam Name: Google Cloud Certified - Professional Google Workspace Administrator
Last Update: Nov 7, 2024
Questions: 197

PDF + Testing Engine

$130

Testing Engine

$95

PDF (Q&A)

$80