March Sale Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

Google-Workspace-Administrator PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

Google-Workspace-Administrator PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: Google Cloud Certified - Professional Google Workspace Administrator
  • Last Update: Mar 27, 2024
  • Questions and Answers: 160
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

Google-Workspace-Administrator Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

Google-Workspace-Administrator Google Cloud Certified - Professional Google Workspace Administrator Questions and Answers

Question # 6

Your company recently acquired an organization that was not leveraging Google Workspace. Your company is currently using Google Cloud Directory Sync (GCDS) to sync from an LDAP directory into Google Workspace. You want to deploy a second instance of GCDS and apply the same strategy with the newly acquired organization, which also has its users in an LDAP directory. How should you change your GCDS instance to ensure that the setup is successful? (Choose two.)

A.

Provide your current GCDS instance with admin credentials to the recently acquired organization's LDAP directory.

B.

Add an LDAP sync rule to your current GCDS instance in order to synchronize new users.

C.

Set up exclusion rules to ensure that users synced from the acquired organization's LDAP are not, suspended.

D.

Set up an additional instance of GCDS running on another server, and handle the acquired organization's synchronization.

E.

Upgrade to the multiple LDAP version of GCDS.

Full Access
Question # 7

Your organization recently deployed Google Workspace. Your admin team has been very focused on configuring the core services for your environment, which has left you little time to pay attention to other areas. Your security team has just informed you that many users are leveraging unauthorized add-ons, and they are concerned about data exfiltration. The admin team wants you to cut off all add-ons access to Workspace data immediately and block all future add-ons until further notice. However, they approve of users leveraging their Workspace accounts to sign into third-party sites. What should you do?

A.

Modify your Marketplace Settings to block users from installing any app from the Marketplace.

B.

Set all API services to “restricted access” and ensure that all connected apps have limited access.

C.

Remove all client IDs and scopes from the list of domain-wide delegation API clients.

D.

Block each connected app's access.

Full Access
Question # 8

Your organization implemented Single Sign-On (SSO) for the multiple cloud-based services it uses. During authentication, one service indicates that access to the SSO provider is not possible due to invalid information. What should you do?

A.

Update the validation certificate.

B.

Verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL

C.

Run nslookup to confirm that the service exists.

D.

Ensure that Microsoft's Active Directory Federation Services 2.0 sends encrypted SAML Responses in default configurations.

Full Access
Question # 9

Your company has decided to change SSO providers. Instead of authenticating into Google Workspace and other cloud services with an external SSO system, you will now be using Google as the Identity Provider (IDP) and SSO provider to your other third-party cloud services.

What two features are essential to reconfigure in Google Workspace? (Choose two.)

A.

Apps > add SAML apps to your domain.

B.

Reconfigure user provisioning via Google Cloud Directory Sync.

C.

Replace the third-party IDP verification certificate.

D.

Disable SSO with third party IDP.

E.

Enable API Permissions for Google Cloud Platform.

Full Access
Question # 10

Your Security Officer ran the Security Health Check and found the alert that “Installation of mobile applications from unknown sources” was occurring. They have asked you to find a way to prevent that from happening.

Using Mobile Device Management (MDM), you need to configure a policy that will not allow mobile applications to be installed from unknown sources.

What MDM configuration is needed to meet this requirement?

A.

In the Application Management menu, configure the whitelist of apps that Android and iOS devices are allowed to install.

B.

In the Application Management menu, configure the whitelist of apps that Android, iOS devices, and Active Sync devices are allowed to install.

C.

In Android Settings, ensure that “Allow non-Play Store apps from unknown sources installation” is unchecked.

D.

In Device Management > Setup > Device Approvals menu, configure the “Requires Admin approval” option.

Full Access
Question # 11

Your organization has noticed several incidents of accidental oversharing inside the organization. Specifically, several users have shared sensitive Google Drive items with the entire organization by clicking ‘anyone in this group with this link can view’. You have been asked by senior management to help users share more appropriately and also to prevent accidental oversharing to the entire organization. How would you best accomplish this?

A.

Create groups, add users accordingly, and educate users on how to share to specific groups of people.

B.

Disable sharing to the entire organization so that users must consciously add every person who needs access.

C.

Determine sharing boundaries for users that work with sensitive information, and then implement target audiences.

D.

Temporarily disable the Google Drive service for individuals who continually overshare.

Full Access
Question # 12

The CEO of your company has indicated that messages from trusted contacts are being delivered to spam, and it is significantly affecting their work. The messages from these contacts have not always been classified

as spam. Additionally, you recently configured SPF, DKIM, and DMARC for your domain. You have been tasked with troubleshooting the issue.

What two actions should you take? (Choose two.)

A.

Obtain the message header and analyze using Google Workspace Toolbox.

B.

Review the contents of the messages in Google Vault.

C.

Set up a Gmail routing rule to whitelist the sender.

D.

Conduct an Email log search to trace the message route.

E.

Validate that your domain is not on the Spamhaus blacklist.

Full Access
Question # 13

Your chief compliance officer is concerned about API access to organization data across different cloud vendors. He has tasked you with compiling a list of applications that have API access to Google Workspace data, the data they have access to, and the number of users who are using the applications.

How should you compile the data being requested?

A.

Review the authorized applications for each user via the Google Workspace Admin panel.

B.

Create a survey via Google forms, and collect the application data from users.

C.

Review the token audit log, and compile a list of all the applications and their scopes.

D.

Review the API permissions installed apps list, and export the list.

Full Access
Question # 14

A large enterprise that had a security breach is working with an external legal team to determine best practices for an investigation. Using Google Vault, the security team is tasked with exporting data for review by the legal team. What steps should you take to securely share the data in question?

A.

Determine the scope of the investigation, create a Matter and Holds in Google Vault, and share with the legal team.

B.

Immediately suspend the user's account, search for all the email messages in question, and forward to the legal team.

C.

Immediately suspend the user's account, assign an archived user license, and export data.

D.

Suspend the user's account, search all associated users data in Google Vault, and export the data.

Full Access
Question # 15

You are using Google Cloud Directory Sync to manage users. You performed an initial sync of nearly 1,000 mailing lists to Google Groups with Google Cloud Directory Sync and now are planning to manage groups directly from Google. Over half the groups have been configured with incorrect settings, including who can post, who can join, and which groups can have external members. You need to update groups to be configured correctly.

What should you do?

A.

Use the bulk upload with CSV feature in the Google Workspace Admin panel to update all Groups.

B.

Update your configuration file and resync mailing lists with Google Cloud Directory Sync.

C.

Create and assign a custom admin role for all group owners so they can update settings.

D.

Use the Groups Settings API to update Google Groups with desired settings.

Full Access
Question # 16

Your company is using Google Workspace Enterprise Plus, and the Human Resources (HR) department is asking for access to Work Insights to analyze adoption of Google Workspace for all company employees. You assigned a custom role with the work Insights permission set as “view data for all teams” to the HR group, but it is reporting an error when accessing the application. What should you do?

A.

Allocate the “view data for all teams” permission to all employees of the company.

B.

Confirm that the Work Insights app is turned ON for all employees.

C.

Confirm in Security > API controls > App Access Controls that Work Insights API is set to “unrestricted.”

D.

Confirm in Reports > BigQuery Export that the job is enabled.

Full Access
Question # 17

A user does not follow their usual sign-in pattern and signs in from an unusual location.

What type of alert is triggered by this event?

A.

Suspicious mobile activity alert.

B.

Suspicious login activity alert.

C.

Leaked password alert.

D.

User sign-in alert.

Full Access
Question # 18

Your organization syncs directory data from Active Directory to Google Workspace via Google Cloud Directory Sync. Users and Groups are updated from Active Directory on an hourly basis. A user's last name and primary email address have to be changed. You need to update the user’s data.

What two actions should you take? (Choose two.)

A.

Add the user's old email address to their account in the Google Workspace Admin panel.

B.

Change the user's primary email address in the Google Workspace Admin panel.

C.

Change the user's last name in the Google Workspace Admin panel.

D.

Change the user's primary email in Active Directory.

E.

Change the user's last name in Active Directory.

Full Access
Question # 19

The company's ten most senior executives are to have their offices outfitted with dedicated, standardized video conference cameras, microphones, and screens. The goal is to reduce the amount of technical support they require due to frequent, habitual switching between various mobile and PC devices throughout their busy days. You must ensure that it is easier for the executives to join Meet video conferences with the dedicated equipment instead of whatever device they happen to have available.

What should you do?

A.

Set up unmanaged Chromeboxes and set the executives’ homepage to meet.google.com via Chrome settings.

B.

Set up the executive offices as reservable Calendar Resources, deploy Hangouts Meet Hardware Kits, and associate the Meet hardware with the room calendars.

C.

Deploy Hangouts Meet Hardware Kits to each executive office, and associate the Meet hardware with the executives’ calendars.

D.

Provision managed Chromeboxes and set the executives’ Chrome homepage to meet. google.com via device policy.

Full Access
Question # 20

Your CISO is concerned about third party applications becoming compromised and exposing Google Workspace data you have made available to them. How could you provide granular insight into what data third party applications are accessing?

What should you do?

A.

Create a report using the OAuth Token Audit Activity logs.

B.

Create a report using the Calendar Audit Activity logs.

C.

Create a report using the Drive Audit Activity logs.

D.

Create a reporting using the API Permissions logs for Installed Apps.

Full Access
Question # 21

Your company has just received a shipment of ten Chromebooks to be deployed across the company, four of which will be used by remote employees. In order to prepare them for use, you need to register them in Google Workspace.

What should you do?

A.

Turn on the Chromebook and press Ctrl+Alt+E at the login screen to begin enterprise enrollment.

B.

In Chrome Management | Device Settings, enable Forced Re-enrollment for all devices.

C.

Turn on the chromebook and log in as a Chrome Device admin. Press Ctrl+Alt+E to begin enterprise enrollment.

D.

Instruct the employees to log in to the Chromebook. Upon login, the auto enrollment process will begin.

Full Access
Question # 22

As a team manager, you need to create a vacation calendar that your team members can use to share their time off. You want to use the calendar to visualize online status for team members, especially if multiple individuals are on vacation What should you do to create this calendar?

A.

Request the creation of a calendar resource, configure the calendar to “Auto-accept invitations that do not conflict,” and give your team “See all event details” access.

B.

Create a secondary calendar under your account, and give your team “Make changes to events” access.

C.

Request the creation of a calendar resource, configure the calendar to “Automatically add all invitations to this calendar,” and give your team “See only free/busy” access.

D.

Create a secondary calendar under your account, and give your team “See only free/busy” access

Full Access
Question # 23

Security and Compliance has identified that data is being leaked through a third-party application connected to Google Workspace. You want to investigate using an audit log.

What log should you use?

A.

Admin audit log

B.

SAML audit log

C.

Drive usage audit log

D.

OAuth Token audit log

Full Access
Question # 24

Your Accounts Payable department is auditing software license contracts companywide and has asked you to provide a report that shows the number of active and suspended users by organization unit, which has been set up to match the Regions and Departments within your company. You need to produce a Google Sheet that shows a count of all active user accounts and suspended user accounts by Org unit.

What should you do?

A.

From the Admin Console Billing Menu, turn off auto-assign, and then click into Assigned Users and export the data to Sheets.

B.

From the Admin Console Users Menu, download a list of all Users to Google Sheets, and join that with a list of ORGIDs pulled from the Reports API.

C.

From the Google Workspace Reports Menu, run and download the Accounts Aggregate report, and export the data to Google Sheets.

D.

From the Admin Console Users Menu, download a list of all user info columns and currently selected columns.

Full Access
Question # 25

Your organization deployed Google Workspace Enterprise within the last year, with the support of a partner. The deployment was conducted in three stages: Core IT, Google Guides, and full organization. You have been tasked with developing a targeted ongoing adoption plan for your Google Workspace organization.

What should you do?

A.

Use Google Guides to deliver ad-hoc training to all of their co-workers and reports.

B.

Use Work Insights to gather adoption metrics and target your training exercises.

C.

Use Reports APIs to gather adoption metrics and Gmail APIs to deliver training content directly.

D.

Use a script to monitor Email attachment types and target users that aren't using Drive sharing.

Full Access
Question # 26

As the Workspace Administrator, you have been asked to enable the help desk team to share incoming support requests from end users The help desk team has ten users who need to respond to support requests that are sent to a help desk email address. The users must be able to respond by email and assign ownership of tickets. Finally, the help desk team is highly mobile and will need to manage help desk tickets from their mobile devices. How would you provide this functionality for the help desk team?

A.

Configure a Google Group as a collaborative inbox, and assign the required Groups permissions to the help desk team members.

B.

Create a help desk Workspace mail account, and set the help desk team as mail delegates to the help desk account.

C.

Create the help desk group as a Q&A Group, and add the "Manager role to the help desk team users.

D.

In Google Drive, create a help desk request form, and give the help desk team the ability to view the inbound requests.

Full Access
Question # 27

The CEO of your company heard about new security and collaboration features and wants to know how to stay up to date. You are responsible for testing and staying up to date with new features, and have been asked to prepare a presentation for management.

What should you do?

A.

Download the Google Workspace roadmap, and work together with a deployment specialist for new features.

B.

Create a support ticket for the Google Workspace roadmap, and ask to enable the latest release of Google Workspace.

C.

Subscribe to the Google Workspace release calendar, and Join the Google Cloud Connect Community.

D.

Change Google Workspace release track to: Rapid Release for faster access to new features.

Full Access
Question # 28

As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

A.

In the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.”

B.

Use the Directory API to check and update the group’s membership after the GCDS sync is completed.

C.

Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.

D.

In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”

Full Access
Question # 29

What action should be taken to configure alerting related to phishing attacks?

A.

Set up a Token audit log event alert.

B.

Set up an Admin audit log event alert.

C.

Set up an email settings changed alert.

D.

Set up a suspicious login event alert.

Full Access
Question # 30

After migrating to Google Workspace, your legal team requests access to search all email and create litigation holds for employees who are involved with active litigation. You need to help the legal team meet this request.

What should you do?

A.

Add the legal team to the User Management Admin system role.

B.

Add the legal team to the Google Vault Google Group.

C.

Create a custom role with Google Vault access, and add the legal team.

D.

Create a matter in Google Vault, and share with the legal team.

Full Access
Question # 31

When reloading Gmail in Chrome, the web browser returns a 500 Error. As part of the troubleshooting process, Google support asks you to gather logs. How can this be accomplished?

A.

Chrome > Window Context Menu > More Tools > Developer Tools > Network Tab > Reload the page to replicate the error > “Export HAR”

B.

Admin.google.com > Reporting > Reports > Apps Reports > Gmail

C.

chrome://net-export > Start Logging to Disk > Confirm validity with https://netlog-viewer.appspot.com

D.

Chrome > Window Context Menu > More Tools > Task Manager > Screen Capture List of Running Processes

Full Access
Question # 32

A disgruntled employee has left your company and deleted all their email messages and files in Google Drive. The security team is aware that some intellectual property may have surfaced on a public social media site. What is the first step to start an investigation into this leak?

A.

Delete the user's account in the Admin Console.

B.

Transfer data between end user Workspace accounts.

C.

Instruct a Google Vault admin to create a matter, and place all the user data on ‘hold.’

D.

Use Google Vault to export all the user data and share among the security team.

Full Access
Question # 33

Your organization has recently gone Google, but you are not syncing Groups yet. You plan to sync all of your Active Directory group objects to Google Groups with a single GCDS configuration.

Which scenario could require an alternative deployment strategy?

A.

Some of your Active Directory groups have sensitive group membership.

B.

Some of the Active Directory groups do not have owners.

C.

Some of the Active Directory groups have members external to organization.

D.

Some of the Active Directory groups do not have email addresses.

Full Access
Question # 34

A user reached out to the IT department about a Google Group that they own: info@company.com. The group is receiving mail, and each message is also delivered directly to the user's Gmail inbox. The user wants to be able to reply to messages directly from Gmail and have them sent on behalf of the group, not their individual account. Currently, their replies come from their individual account. What would you instruct the user to do?

A.

Create a new content compliance rule that matches the user's outgoing messages with the group copied, and have it modify the sender to be the group address.

B.

Add the group as an email address that can be sent from within Gmail, and verify that the user has access. They can then choose to reply from the group.

C.

Add the user's individual account as a delegate to the group's inbox. They can then toggle between the accounts and use the Gmail interface on behalf of the group.

D.

Set the group address to be the default sender within the group's posting policies.

Full Access
Question # 35

The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time. Your COO has found this useful in the past but when they went to find an email from last year to prove details of a contract in dispute, they were unable to find it. itis no longer in the Trash. They have requested that you recover it.

What should you do?

A.

Using Vault, perform a search for the email and export the content to a standard format to provide for investigation.

B.

Using the Message ID, contact Google Google Workspace support to recover the email, then import with Google Workspace Migration for Microsoft Outlook.

C.

Using the Vault Audit log, perform a search for the email, export the results. then import with Google Workspace Migration for Microsoft Outlook.

Full Access
Question # 36

In the years prior to your organization moving to Google Workspace, it was relatively common practice for users to create consumer Google accounts with their corporate email address (for example, to monitor Analytics, manage AdSense, and collaborate in Docs with other partners who were on Google Workspace.) You were able to address active employees’ use of consumer accounts during the rollout, and you are now concerned about blocking former employees who could potentially still have access to those services even though they don't have access to their corporate email account.

What should you do?

A.

Contact Google Enterprise Support to provide a list of all accounts on your domain(s) that access non-Google Workspace Google services and have them blocked.

B.

Use the Transfer Tool for Unmanaged Accounts to send requests to the former users to transfer their account to your domain as a managed account.

C.

Provide a list of all active employees to the managers of your company's Analytics, AdSense, etc. accounts, so they can clean up the respective access control lists.

D.

Provision former user accounts with Cloud Identity licenses, generate a new Google password, and place them in an OU with all Google Workspace and Other Google Services disabled.

Full Access
Question # 37

A user has reported that they did not receive an email from one of their normal correspondents. What information do you need to collect from the user to investigate the cause of the issue?

A.

The email address of the sender and the subject and date/time of the missing message.

B.

The type of device the individual is using, including the OS version, browser, and browser version.

C.

The sender's domain so you can review their SPF and DKIM configuration.

D.

The sender's IP address, mail client, and mail platform.

Full Access
Question # 38

Your company has just acquired a new group of users. They have been provisioned into the Google Workspace environment with your primary domain as their primary email address. These new users still need to receive emails from their previous domain. What is the best way to achieve this for these new users, without updating the information of pre­existing users?

A.

Add the acquired domain as an alias to the primary Google Workspace domain.

B.

Add the acquired domain as a secondary domain to the primary Google Workspace domain, and then update the email information of all new users with alias emails.

C.

Update the Google-provided test domain to be the domain of the acquired company, and then update the email information of all new users with alias emails.

D.

Without adding a domain, update each user's email information with the previous domain.

Full Access
Question # 39

Your company has been engaged in a lawsuit, and the legal department has been asked to discover and hold all email for two specific users. Additionally, they have been asked to discover and hold any email referencing “Secret Project 123.”

What steps should you take to satisfy this request?

A.

Create a Matter and a Hold. Set the Hold to Gmail, set it to the top level Organization, and set the search terms to “secret project 123.” Create a second Hold. Set the second Hold to Gmail, set it to Accounts, and enter: user1 @your-company.com, user2@your-company.com. Save.

B.

Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and set the usernames to: user1@your-company.com, user2@your-company. Set the search terms to: (secret project 123). Save.

C.

Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and enter: user1@your- company.com AND user2@your-company.com. Set the search terms to: secret AND project AND 123. Save.

D.

Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and set the usernames to: user1@your-company.com, user2@your-company. Set the search terms to secret OR project OR 123. Save.

Full Access
Question # 40

Your company moved to Google Workspace last month and wants to install Hangouts Meet Hardware in all of their conference rooms. This will allow employees to walk into a room and use the in-room hardware to easily join their scheduled meeting. A distributed training session is coming up, and the facilitator wants to make remote room joining even easier. Participants in remote rooms should walk into their room and begin receiving the training without having to take any actions to join the session.

How should you accomplish this?

A.

In the Admin Console, select the devices in Meeting Room Hardware, select Call, and Enter the meeting code.

B.

Room participants will need to start the meeting from the remote in the room.

C.

By adding the rooms to the Calendar invite, they will all auto-join at the scheduled time.

D.

Select Add Live Stream to the Calendar invite; all rooms added to the event will auto-join at the scheduled time.

Full Access
Question # 41

Your organization is in the process of deploying Google Drive for desktop so that your users can access Drive files directly from their desktops. For security reasons, you want to restrict Drive for desktop to only company-owned devices. What two steps should you take from the admin panel to restrict Drive for desktop to only company-owned devices?

Choose 2 answers

A.

Create a company-owned device inventory using an asset tag.

B.

Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply

C.

Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices

D.

Install the Google Endpoint Verification extension on machines using Drive for Desktop.

E.

Create a company-owned device inventory using serial numbers of devices.

Full Access
Question # 42

A recent legal investigation requires all emails and Google Drive documents from a specific user to be retrieved. As the administrator, how can you fulfill the legal team's request?

A.

Use Security Investigation Tool to Search Google Drive events for all of the user's documents, and use Google Admin > Reports > Email Log Search to find their emails.

B.

Search Google Drive for all of the user’s documents, and ask them to forward all of their emails.

C.

Use the Gmail API and Google Drive API to automatically collect and export data.

D.

Utilize Google Vault to hold, search, and export data of interest.

Full Access
Question # 43

The credentials of several individuals within your organization have recently been stolen. Using the Google Workspace login logs, you have determined that in several cases, the stolen credentials have been used in countries other than the ones your organization works in. What else can you do to increase your organization's defense-in-depth strategy?

A.

Implement an IP block on the malicious user's IPs under Security Settings in the Admin Console.

B.

Use Context-Aware Access to deny access to Google services from geo locations other than the ones your organization operates in.

C.

Enforce higher complexity passwords by rolling it out to the affected users.

D.

Use Mobile device management geo-fencing to prevent malicious actors from using these stolen credentials.

Full Access
Question # 44

As a Google Workspace administrator for your organization, you are tasked with identifying how users are reporting their messages—whether spam, not spam, or phishing—for a specific time period. How do you find this information?

A.

Open Admin Console > Security > Dashboard > User Reports.

B.

Open Admin Console > Security > Dashboard > Spam Filter- Phishing.

C.

Use Reports API to query user Gmail activity.

D.

Open Admin Console > Reporting > Email Log Search.

Full Access
Question # 45

Your company policy requires that managers be provided access to Drive data once an employee leaves the company.

How should you grant this access?

A.

Make the manager a delegate to the former employee's account.

B.

Copy the data from the former employee’s My Drive to the manager's My Drive.

C.

Transfer ownership of all Drive data using the file transfer ownership tool in the Google Workspace Admin console.

D.

Login as the user and add the manager to the file permissions using the “Is owner’ privilege for all Drive files.

Full Access