Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.
Free Download
  • Home
  • Articles
  • [Dec 02, 2024] Download Free Google Google-Workspace-Administrator Real Exam Questions [Q91-Q113]

[Dec 02, 2024] Download Free Google Google-Workspace-Administrator Real Exam Questions [Q91-Q113]

Share

[Dec 02, 2024] Download Free Google Google-Workspace-Administrator Real Exam Questions

Pass Your Exam With 100% Verified Google-Workspace-Administrator Exam Questions

NEW QUESTION # 91
You are supporting an investigation that is being conducted by your litigation team. The current default retention policy for mail is 180 days, and there are no custom mail retention policies in place. The litigation team has identified a user who is central to the investigation, and they want to investigate the mail data related to this user without the user's awareness.
What two actions should you take? (Choose two.)

  • A. Create a matter using Google Vault, and share the matter with the litigation team members.
  • B. Reset the user's password, and share the new password with the litigation team.
  • C. Create a hold on the user's mailbox in Google Vault
  • D. Move the user to their own Organization Unit, and set a custom retention policy
  • E. Copy the user's data to a secondary account.

Answer: A,C

Explanation:
https://support.google.com/vault/answer/2473591


NEW QUESTION # 92
How can you monitor increases in user reported Spam as identified by Google?

  • A. Review post-delivery activity in the Email logs.
  • B. Rev]Biw post-delivery activity in the BigQuery Export.
  • C. Review spike in user-reported spam in the Alert center.
  • D. Review user-reported spam in the Investigation Tool.

Answer: C

Explanation:
* Sign in to the Google Admin console.
* From the Admin console Home page, go to "Security" and then to "Alert center."
* In the Alert center, look for alerts related to user-reported spam.
* You can review details of these alerts to monitor any spikes in user-reported spam activity.
The Alert center provides a centralized location to review and manage alerts, making it easier to identify trends and spikes in spam reports.
References:
* Google Workspace Admin Help - Alert Center Overview BFbC


NEW QUESTION # 93
Your organization has noticed several incidents of accidental oversharing inside the organization. Specifically, several users have shared sensitive Google Drive items with the entire organization by clicking 'anyone in this group with this link can view'. You have been asked by senior management to help users share more appropriately and also to prevent accidental oversharing to the entire organization. How would you best accomplish this?

  • A. Create groups, add users accordingly, and educate users on how to share to specific groups of people.
  • B. Temporarily disable the Google Drive service for individuals who continually overshare.
  • C. Disable sharing to the entire organization so that users must consciously add every person who needs access.
  • D. Determine sharing boundaries for users that work with sensitive information, and then implement target audiences.

Answer: D

Explanation:
* Identify Sensitive Information: Determine which users handle sensitive information and assess the current sharing practices.
* Define Sharing Boundaries: Establish clear boundaries and guidelines for sharing sensitive information within the organization.
* Implement Target Audiences: In the Google Admin console, go to Apps > Google Workspace > Drive and Docs > Sharing settings. Set up target audiences for different groups of users based on their roles and the sensitivity of the information they handle.
* Educate Users: Conduct training sessions to educate users on how to share information securely and the importance of adhering to the defined sharing boundaries.
* Monitor Sharing Activity: Regularly monitor sharing activity to ensure compliance with the new policies and to identify any instances of oversharing.
* Adjust Policies as Needed: Based on the monitoring results, make any necessary adjustments to the sharing policies and target audiences to enhance security and prevent accidental oversharing.
References:
* Google Workspace Admin Help - Target Audiences
* Google Workspace Admin Help - Sharing Settings


NEW QUESTION # 94
Your client is a multinational company with a single email domain. The client has compliance requirements and policies that vary by country. You need to configure the environment so that each country has their own administrator and no administrator can manage another country.
What should you do?

  • A. Create a Team Drive per OU, and allow only country-specific administration of each folder.
  • B. Create Admin Alerts, and use the Security Center to audit whether admins manage countries other than their own.
  • C. Create an OU for each country. Create an admin role and assign an admin with that role per OU.
  • D. Establish a new Google Workspace tenant with their own admin for each region.

Answer: C

Explanation:
* Create Organizational Units (OUs):
* In the Google Workspace Admin console, go to "Directory" > "Organizational units".
* Create separate OUs for each country.
* Assign Admin Roles:
* Go to "Admin roles" in the Admin console.
* Create custom admin roles with permissions restricted to managing users, groups, and settings within their specific OU.
* Ensure that the role does not grant permissions to manage other OUs.
* Assign Country-Specific Admins:
* Assign the newly created admin roles to the appropriate administrators, ensuring they have control only over their respective country's OU.
References
* Google Workspace Admin Help: Create and manage organizational units
* Google Workspace Admin Help: Admin roles


NEW QUESTION # 95
Your company is using Google Workspace Business Plus edition, and the security team has reported several unsuccessful attempts to sign in to your Google Workspace domain from countries where you have no local employees. The affected accounts are from several executives in the main office.
You are asked to take measures to mitigate this security risk. Although budget is not a concern, your company prefers a minimal financial outlay to fix the issue, which you are tasked with managing. Which two solutions would help you mitigate the risk at minimal cost?
Choose 2 answers

  • A. For all executives, create new accounts with random characters to match Google best practices, migrate
  • B. Subscribe to Cloud Identity Premium for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.
  • C. Deploy Google Cloud Armor on a dedicated project, and create a rule to allow access to Google Workspace only from specific locations.
  • D. Upgrade to Google Workspace Enterprise Plus for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.
  • E. Deploy 2-Step Verification for all users who have security keys.

Answer: D,E

Explanation:
data from the former accounts, and then delete them.


NEW QUESTION # 96
Your company's Chief Information Security Officer has made a new policy where third-party apps should not have OAuth permissions to Google Drive. You need to reconfigure current settings to adhere to this policy.
What should you do?

  • A. Access the Security Menu > API Permissions > choose Drive and Disable All Access.
  • B. Access Apps > Google Workspace > Drive and Docs > Sharing Settings and disable sharing outside of your domain
  • C. Access the Security Menu> API Reference > disable all API Access.
  • D. Access the Security Menu > API Permissions > choose Drive and Disable High Risk Access.

Answer: D


NEW QUESTION # 97
A company using Google Workspace has reports of cyber criminals trying to steal usernames and passwords to access critical business dat a. You need to protect the highly sensitive user accounts from unauthorized access.
What should you do?

  • A. Use a third-party identity provider.
  • B. Turn on password expiration.
  • C. Enforce 2FA with a physical security key.
  • D. Enforce 2FA with Google Authenticator app.

Answer: C

Explanation:
https://support.google.com/a/answer/175197?hl=en#keys&prompt&authentic&codes&phone&2sv&security


NEW QUESTION # 98
Your organization has decided to enforce 2-Step Verification for a subset of users. Some of these users are now locked out of their accounts because they did not set up 2-Step Verification by the enforcement date. What corrective action should you take to allow the users to sign in again?

  • A. Move the affected users into the exception group permanently so they do not have to use 2-Step Verification going forward.
  • B. Move the affected users into the exception group temporarily so they can set up 2-Step Verification, and then remove them from the exception group after successful sign-in is confirmed.
  • C. Disable 2-Step Verification per organizational unit so the affected users can sign in.
  • D. Disable 2-Step Verification organization-wide so all users can successfully sign in.

Answer: B


NEW QUESTION # 99
As the newly hired Admin in charge of Google Workspace, you learn that the organization has been using Google Workspace for months and has configured several security rules for accessing Google Drive. A week after you start your role, users start to complain that they cannot access Google Drive anymore from one satellite office and that they receive an error message that "a company policy is blocking access to this app." The users have no issue with Gmail or Google Calendar. While investigating, you learn that both this office's Internet Service Provider (ISP) and the global IP address when accessing the internet were changed over the weekend. What is the most logical reason for this issue?

  • A. An access level was defined based on the IP range and applied to Google Drive via Context-Aware Access.
  • B. Under Drive and Docs > Sharing Settings, the "Whitelisted domains" list needs to be updated to add the new ISP domain.
  • C. You need to raise a ticket to Google Cloud Support to have your new IP ranges registered for Drive API access.
  • D. The Network Mask defined in Security > Settings > SSO with 3rd Party IdPs should be updated to reflect the new IP range.

Answer: A


NEW QUESTION # 100
The security team for your organization is concerned about phishlng attacks against your end user base. What two actions should you take to configure the strongest possible preventative measure against phishing attacks?
Choose 2 answers

  • A. Configure spoofing and authentication controls to quarantine messages that are perceived as threats
  • B. Train end users to mark messages as spam when they see something suspicious.
  • C. Configure spoofing and authentication controls to warn end users about messages that are perceived as threats.
  • D. Force encryption on all inbound and outbound emails from your Workspace domain.
  • E. Enforce confidents mode for all messages sent and received from your Workspace domain

Answer: B,E


NEW QUESTION # 101
Your organization has a data loss prevention (DLP) rule to detect and warn users about external sharing of sensitive files in Google Drive You also want to prevent external users from downloading files with viewer permissions to their local machines What should you do?

  • A. Modify the existing DLP rule to Disable download, print, and copy for commenters and viewers
  • B. Do nothing. View-only Drive files automatically prevent the user from downloading the files
  • C. Create a new DLP rule by using the existing content detector conditions but change the action for the new rule to Disable download. print, and copy for commenters and viewers
  • D. Create a new DLP rule and set the scope to the organizational unit or group that you want to restrict

Answer: C

Explanation:
* Access Admin Console: Log in to the Google Admin console using your administrator account.
* Navigate to DLP Rules: Go to Apps > Google Workspace > Drive and Docs > Data loss prevention.
* Create a New Rule: Click on Create a rule and choose to start with a template or create a custom rule.
* Set Content Detector Conditions: Use the existing content detector conditions that identify sensitive files.
* Configure Actions: Set the action to Disable download, print, and copy for commenters and viewers.
This ensures that external users with viewer permissions cannot download the files.
* Apply Rule to Relevant OUs/Groups: Set the scope of the rule to the specific organizational units or groups where you want this restriction to apply.
* Save and Implement: Save the rule and ensure it is activated. This will enforce the new restrictions for sensitive files shared externally.
References:
* Google Workspace Admin Help: Data loss prevention for Drive
* Google Workspace DLP Best Practices


NEW QUESTION # 102
As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

  • A. In the GCDS configuration manager, update the group deletion policy setting to "don't delete Google groups not found in LDAP."
  • B. Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.
  • C. Use the Directory API to check and update the group's membership after the GCDS sync is completed.
  • D. In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to "delete only active Google domain users not found in LDAP."

Answer: A

Explanation:
When configuring Google Cloud Directory Sync (GCDS) to manage Google Group memberships from an internal LDAP server, it's crucial to ensure that manually managed groups are not inadvertently deleted during the sync process. The correct setting to prevent this is found within the GCDS configuration manager.
* Access GCDS Configuration Manager:
* Open the GCDS configuration manager on your server.
* Navigate to Group Settings:
* Go to the section where group settings are configured.
* Update Group Deletion Policy:
* Find the group deletion policy setting.
* Change the policy to "don't delete Google groups not found in LDAP."
* Save Configuration:
* Save the updated configuration to ensure that the settings are applied during the next synchronization.
By updating this setting, GCDS will no longer delete Google Groups that are not found in LDAP, thereby preserving manually managed groups.
References:
* Google Cloud Directory Sync Admin Help
* GCDS Configuration Guide


NEW QUESTION # 103
A user has traveled overseas for an extended trip to meet with several vendors. The user has reported that important draft emails have not been saved in Gmail, which is affecting their productivity. They have been constantly moving between hotels, vendor offices, and airport lounges.
You have been tasked with troubleshooting the issue remotely. Your first priority is diagnosing and preventing this from happening again, and your second priority is recovering the drafts if possible. Due to time zone differences, and the user's busy meeting schedule, you have only been able to arrange a brief Hangouts Meet with the user to gather any required troubleshooting inputs.
What two actions should be taken on this call with the user? (Choose two.)

  • A. Check the Users > App Users Activity report.
  • B. Use the Email log search in the Admin panel.
  • C. Take screenshots of the user's screen when composing an email.
  • D. Ask the user to send an email to you so you can check the headers.
  • E. Record a HAR file of the user composing a new email.

Answer: C,E


NEW QUESTION # 104
A user does not follow their usual sign-in pattern and signs in from an unusual location.
What type of alert is triggered by this event?

  • A. Suspicious mobile activity alert.
  • B. User sign-in alert.
  • C. Suspicious login activity alert.
  • D. Leaked password alert.

Answer: C


NEW QUESTION # 105
Your-company.com finance departments want to create an internal application that needs to read data from spreadsheets. As the collaboration engineer, you suggest using App Maker. The Finance team is concerned about data security when creating applications with App Maker.
What security measures should you implement to secure data?

  • A. Change owner access permissions to allow internal usage only.
  • B. Enable App Maker access only for the Finance department Organization Unit.
  • C. Use a service account with limited permissions to access each data source.
  • D. Use Roles, Script, and Owner access permissions for operations on records and data relations.

Answer: D

Explanation:
* When developing the application in App Maker, define roles that correspond to the different levels of access needed by users.
* Use scripts to control access to data based on user roles. This ensures that only authorized users can perform certain operations.
* Set the owner access permissions appropriately to ensure that data can only be accessed or modified by those with the necessary permissions.
* Regularly review and update roles and permissions to adapt to any changes in the organization or the application's usage.
Implementing these security measures ensures that data in your internal application is accessed and managed securely, mitigating risks associated with unauthorized access.
References:
* Google Workspace Admin Help - App Maker Security


NEW QUESTION # 106
The nature of your organization's business makes your users susceptible to malicious email attachments. How should you implement a scan of all incoming email attachments?

  • A. In the security sandbox section, enable virtual execution of attachments for the entire organization.
  • B. In the security sandbox section, enable virtual execution of attachments for (he targeted OU
  • C. Configure a safety rule to protect against encrypted attachments from untrusted senders
  • D. Configure a safety rule to protect against attachments with scripts from untrusted senders.

Answer: A

Explanation:
To implement a scan of all incoming email attachments effectively, you should enable virtual execution of attachments in the security sandbox for the entire organization. This feature allows Google Workspace to execute attachments in a sandbox environment to detect malicious behavior before the email reaches the user's inbox. By applying this to the entire organization, you ensure that all users are protected regardless of their organizational unit.
References:
* Google Workspace Admin Help - Security Sandbox
* Google Workspace Admin Help - Protect your organization from attachments with scripts


NEW QUESTION # 107
The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time. Your COO has found this useful in the past but when they went to find an email from last year to prove details of a contract in dispute, they were unable to find it. itis no longer in the Trash. They have requested that you recover it.
What should you do?

  • A. Using Vault, perform a search for the email and export the content to a standard format to provide for investigation.
  • B. Using the Vault Audit log, perform a search for the email, export the results. then import with Google Workspace Migration for Microsoft Outlook.
  • C. Using the Message ID, contact Google Google Workspace support to recover the email, then import with Google Workspace Migration for Microsoft Outlook.

Answer: A

Explanation:
https://support.google.com/vault/answer/6161352?hl=en


NEW QUESTION # 108
As the Workspace Administrator, you have been asked to delete a temporary Google Workspace user account in the marketing department. This user has created Drive documents in My Documents that the marketing manager wants to keep after the user is gone and removed from Workspace. The data should be visible only to the marketing manager. As the Workspace Administrator, what should you do to preserve this user's Drive data?

  • A. Ask the user to create a folder under MyDrive, move the documents to be shared, and then share that folder with the marketing team manager.
  • B. In the user deletion process, select "Transfer" in the data in other apps section and add the manager's email address.
  • C. Before deleting the user, add the user to the marketing shared drive as a contributor and move the documents into the new location.
  • D. Use Google Vault to set a retention period on the OU where the users reside.

Answer: B

Explanation:
https://support.google.com/a/answer/6223444?hl=en#zippy=%2Ctransfer-user-drive-or-google-data:~:text=You%20can%20transfer,Tap%20Transfer.


NEW QUESTION # 109
The application development team has come to you requesting that a new, internal, domain-owned Google Workspace app be allowed to access Google Drive APIs. You are currently restricting access to all APIs using approved whitelists, per security policy. You need to grant access for this app.
What should you do?

  • A. Whitelist the app in the Google Workspace Marketplace.
  • B. Add OAuth Client ID to Google Drive Trusted List.
  • C. Enable all API access for Google Drive.
  • D. Enable "trust domain owned apps" setting.

Answer: B

Explanation:
* Navigate to the Google Admin console at admin.google.com.
* From the Admin console Home page, go to "Security" and then to "API controls."
* In the "API controls" section, click on "Manage Third-Party App Access."
* Here, you can add the OAuth Client ID of your internal app to the trusted list. This ensures that only apps you have vetted and approved can access Google Drive APIs, complying with your security policy.
* Enter the OAuth Client ID of the new app and save the changes.
This process ensures that the new, internal, domain-owned app can access Google Drive APIs without compromising the security policies in place.
References:
* Google Workspace Admin Help - Manage API client access


NEW QUESTION # 110
Your organization deployed Google Workspace Enterprise within the last year, with the support of a partner. The deployment was conducted in three stages: Core IT, Google Guides, and full organization. You have been tasked with developing a targeted ongoing adoption plan for your Google Workspace organization.
What should you do?

  • A. Use a script to monitor Email attachment types and target users that aren't using Drive sharing.
  • B. Use Google Guides to deliver ad-hoc training to all of their co-workers and reports.
  • C. Use Reports APIs to gather adoption metrics and Gmail APIs to deliver training content directly.
  • D. Use Work Insights to gather adoption metrics and target your training exercises.

Answer: B

Explanation:
[https://static.googleusercontent.com/media/www.google.com/en//support/enterprise/static/gapps/docs/admin/en/gapps_transition/gapps_transition_guide.pdf] identifies Google Guides as early adopters and champions that can help co-workers get up to speed quickly


NEW QUESTION # 111
Your organization's information security team has asked you to determine and remediate if a user ([email protected]) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately?

  • A. Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is [email protected].
  • B. As a super administrator, change the access on externally shared Drive files manually under [email protected].
  • C. Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for [email protected].
  • D. Have the super administrator use the Security API to audit Drive access.

Answer: A

Explanation:
https://support.google.com/a/answer/11480192?hl=en&ref_topic=11479095#:~:text=View%20files%20shared,Click%20Search.


NEW QUESTION # 112
Your company has decided to change SSO providers. Instead of authenticating into Google Workspace and other cloud services with an external SSO system, you will now be using Google as the Identity Provider (IDP) and SSO provider to your other third-party cloud services.
What two features are essential to reconfigure in Google Workspace? (Choose two.)

  • A. Replace the third-party IDP verification certificate.
  • B. Disable SSO with third party IDP.
  • C. Enable API Permissions for Google Cloud Platform.
  • D. Reconfigure user provisioning via Google Cloud Directory Sync.
  • E. Apps > add SAML apps to your domain.

Answer: B,E


NEW QUESTION # 113
......


The Professional Google Workspace Administrator certification is a highly sought-after credential for those who work with Google Workspace. It is designed for IT professionals, system administrators, and other technical personnel who are responsible for managing and administering Google Workspace in their organization. Google Cloud Certified - Professional Google Workspace Administrator certification demonstrates that the certified professional has the necessary skills and knowledge to manage a Google Workspace environment effectively.

 

Google-Workspace-Administrator Dumps 100 Pass Guarantee With Latest Demo: https://www.validexam.com/Google-Workspace-Administrator-latest-dumps.html

Google-Workspace-Administrator Dumps PDF - Google-Workspace-Administrator Real Exam Questions Answers: https://drive.google.com/open?id=1Lmqp3xEs0GQH9EgBtgeGjKEgQUJxfhpk

Related Articles

more
Google Google-Workspace-Administrator Certification Practice Exam

Our website will provide you with latest exam dumps based on the real exams to make sure you pass valid test in a short time.

Latest Pass Braindumps Exam

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ValidExam NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy