GOOGLE-WORKSPACE-ADMINISTRATOR Online Practice Questions and Answers

Your company is using Google Workspace Business Plus edition, and the security team has reported several unsuccessful attempts to sign in to your Google Workspace domain from countries where you have no local employees. The affected accounts are from several executives in the main office.

You are asked to take measures to mitigate this security risk. Although budget is not a concern, your company prefers a minimal financial outlay to fix the issue, which you are tasked with managing. Which two solutions would help you mitigate the risk at minimal cost?

Choose 2 answers

A. Deploy 2-Step Verification for all users who have security keys.

B. Deploy Google Cloud Armor on a dedicated project, and create a rule to allow access to Google Workspace only from specific locations.

C. Upgrade to Google Workspace Enterprise Plus for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.

D. Subscribe to Cloud Identity Premium for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.

E. For all executives, create new accounts with random characters to match Google best practices, migrate data from the former accounts, and then delete them.

You are supporting an investigation that is being conducted by your litigation team. The current default retention policy for mail is 180 days, and there are no custom mail retention policies in place. The litigation team has identified a user who is central to the investigation, and they want to investigate the mail data related to this user without the user's awareness.

What two actions should you take? (Choose two.)

A. Move the user to their own Organization Unit, and set a custom retention policy

B. Create a matter using Google Vault, and share the matter with the litigation team members.

C. Create a hold on the user's mailbox in Google Vault

D. Reset the user's password, and share the new password with the litigation team.

E. Copy the user's data to a secondary account.

Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices?

A. Navigate to "Data Protection" setting in Google Admin Console's Device management section and disable the "Allow users to copy data to personal apps" checkbox.

B. Disable "Open Docs in Unmanaged Apps" setting in Google Admin Console's Device management section.

C. Navigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management.

D. Clear the "Allow items created with managed apps to open in unmanaged apps" checkbox.

Madeupcorp.com is in the process of migrating from a third-party email system to Google Workspace. The VP of Marketing is concerned that her team already administers the corporate AdSense, AdWords, and YouTube channels using their @madeupcorp.com email addresses, but has not tracked which users have access to which service. You need to ensure that there is no disruption.

What should you do?

A. Run the Transfer Tool for Unmanaged users.

B. Use a Google Form to survey the Marketing department users.

C. Assure the VP that there is no action required to configure Google Workspace.

D. Contact Google Enterprise Support to identify affected users.

Your marketing department needs an easy way for users to share items more appropriately. They want to easily link-share Drive files within the marketing department, without sharing them with your entire company. What should you do to fulfil this request? (Choose two.)

A. Create a shared drive that's shared internally organization-wide.

B. Update Drive sharing for the marketing department to restrict to internal.

C. Create a shared drive for internal marketing use.

D. Update the link sharing default to the marketing team when creating a document.

E. In the admin panel Drive settings, create a target audience that has all of marketing as members.

Your client is a multinational company with a single email domain. The client has compliance requirements and policies that vary by country. You need to configure the environment so that each country has their own administrator and no administrator can manage another country.

What should you do?

A. Establish a new Google Workspace tenant with their own admin for each region.

B. Create an OU for each country. Create an admin role and assign an admin with that role per OU.

C. Create Admin Alerts, and use the Security Center to audit whether admins manage countries other than their own.

D. Create a Team Drive per OU, and allow only country-specific administration of each folder.

Your organization wants to grant Google Vault access to an external regulatory authority. In an effort to comply with an investigation, the external group needs the ability to view reports in Google Vault. What should you do?

A. Create accounts for external users and assign Vault privileges.

B. Share Vault access with external users.

C. Assign an Archived User license to the external users.

D. Temporarily assign the super admin role to the users

Your company is deploying Chrome devices. You want to make sure the machine assigned to the employee can only be signed in to by that employee and no one else. What two things should you do? (Choose two.)

A. Disable Guest Mode and Public Sessions.

B. Enable a Device Policy of Sign In Screen and add the employee email address.

C. Enroll a 2-Factor hardware key on the device using the employee email address.

D. Enable a User Policy of Multiple Sign In Access and add just the employee email address.

E. Enable a Device Policy of Restrict Sign In to List of Users, and add the employee email address.

As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

A. In the GCDS configuration manager, update the group deletion policy setting to "don't delete Google groups not found in LDAP."

B. Use the Directory API to check and update the group's membership after the GCDS sync is completed.

C. Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.

D. In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to "delete only active Google domain users not found in LDAP."

Your organization recently deployed Google Workspace. Your admin team has been very focused on configuring the core services for your environment, which has left you little time to pay attention to other areas. Your security team has just informed you that many users are leveraging unauthorized add-ons, and they are concerned about data exfiltration. The admin team wants you to cut off all add-ons access to Workspace data immediately and block all future add-ons until further notice. However, they approve of users leveraging their Workspace accounts to sign into third-party sites. What should you do?

A. Modify your Marketplace Settings to block users from installing any app from the Marketplace.

B. Set all API services to "restricted access" and ensure that all connected apps have limited access.

C. Remove all client IDs and scopes from the list of domain-wide delegation API clients.

D. Block each connected app's access.

A user has traveled overseas for an extended trip to meet with several vendors. The user has reported that important draft emails have not been saved in Gmail, which is affecting their productivity. They have been constantly moving between hotels, vendor offices, and airport lounges.

You have been tasked with troubleshooting the issue remotely. Your first priority is diagnosing and preventing this from happening again, and your second priority is recovering the drafts if possible. Due to time zone differences, and the user's busy meeting schedule, you have only been able to arrange a brief Hangouts Meet with the user to gather any required troubleshooting inputs.

What two actions should be taken on this call with the user? (Choose two.)

A. Ask the user to send an email to you so you can check the headers.

B. Record a HAR file of the user composing a new email.

C. Take screenshots of the user's screen when composing an email.

D. Use the Email log search in the Admin panel.

E. Check the Users > App Users Activity report.

A large enterprise that had a security breach is working with an external legal team to determine best practices for an investigation. Using Google Vault, the security team is tasked with exporting data for review by the legal team. What steps should you take to securely share the data in question?

A. Determine the scope of the investigation, create a Matter and Holds in Google Vault, and share with the legal team.

B. Immediately suspend the user's account, search for all the email messages in question, and forward to the legal team.

C. Immediately suspend the user's account, assign an archived user license, and export data.

D. Suspend the user's account, search all associated users data in Google Vault, and export the data.

Your company frequently hires from five to ten interns for short contract engagements and makes use of the

same generically named Google Workspace accounts (e.g., [email protected], [email protected], [email protected]). The manager of this program wants all email to these accounts routed to the manager's

mailbox account also.

What should you do?

A. Setup address forwarding in each account's GMail setting menu.

B. Set up recipient address mapping in GMail Advanced Settings.

C. Configure an Inbound Gateway route.

D. Give the manager delegated access to the mailboxes.

An end user informs you that they are having issues receiving mail from a specific sender that is external to your organization. You believe the issue may be caused by the external entity's SPF record being incorrectly configured. Which troubleshooting step allows you to examine the full message headers for the offending message to determine why the messages are not being delivered?

A. Use the Postmaster Tools API to pull the message headers.

B. Use the Email Log Search to directly review the message headers.

C. Use the Security Investigation Tool to review the message headers.

D. Perform an SPF record check on the domain to determine whether their SPF record is valid.

Your organization is planning to remove any dependencies on Active Directory (AD) from all Cloud applications they are using You are currently using Google Cloud Directory Sync (GCDS) with on-premises AD as a source to provision user

accounts in Google Workspace. Your organization is also using a software-as-a-service (SaaS) human resources information system (HRIS) that offers integration via CSV export and Open API standard.

Additional requirements for the solution include:

?It should not require a subscription to any additional third-party service.

?The process must be automated from beginning to end.

You are tasked with the design and implementation of a solution to address user provisioning with these requirements.

What solution should you implement?

A. Set up Azure AD and federate on-premises AD with it. Provision user accounts from Azure AD with the Google-recommended process.

B. Modify the GCDS configuration to use the HRIS application as the data source and complete any necessary adjustments

C. Export HRIS data to a CSV file every day. and build a solution to define the delta with the previous day; import the result as a CSV file via the Admin console.

D. Build an application that will fetch updated data from the HRIS system via Open API. and then update Google Workspace with the Directory API accordingly.