ExamGecko
Login
Ask Question

Google Professional Google Workspace Administrator Practice Test - Questions Answers, Page 10

List of questions

Question 91

Report
Export
Collapse

Your organization has recently gone Google, but you are not syncing Groups yet. You plan to sync all of your Active Directory group objects to Google Groups with a single GCDS configuration.

Which scenario could require an alternative deployment strategy?

Some of your Active Directory groups have sensitive group membership.
Some of your Active Directory groups have sensitive group membership.
Some of the Active Directory groups do not have owners.
Some of the Active Directory groups do not have owners.
Some of the Active Directory groups have members external to organization.
Some of the Active Directory groups have members external to organization.
Some of the Active Directory groups do not have email addresses.
Some of the Active Directory groups do not have email addresses.
Suggested answer: A

Explanation:

When planning to sync all Active Directory group objects to Google Groups using Google Cloud Directory Sync (GCDS), you must consider the sensitivity of the group memberships. If some of the groups contain sensitive information or membership, an alternative deployment strategy might be necessary.

Sensitive Group Membership: If certain groups contain members or data that are sensitive, synchronizing these groups directly might expose this sensitive information to unauthorized users.

Alternative Strategies:

Implement separate synchronization settings for sensitive groups.

Use security groups to control access to sensitive information.

Manually manage sensitive groups to ensure tight control over membership and data access.

Steps to Consider:

Evaluate which groups contain sensitive information.

Configure GCDS to exclude these sensitive groups from the general synchronization process.

Synchronize sensitive groups separately or manage them manually to ensure data security and compliance with privacy policies.

Google Cloud Directory Sync Admin Help

Best practices for using Google Cloud Directory Sync (GCDS)

asked 18/09/2024
Ada Galilea
47 questions

Question 92

Report
Export
Collapse

Your company has just received a shipment of ten Chromebooks to be deployed across the company, four of which will be used by remote employees. In order to prepare them for use, you need to register them in Google Workspace.

What should you do?

Turn on the Chromebook and press Ctrl+Alt+E at the login screen to begin enterprise enrollment.
Turn on the Chromebook and press Ctrl+Alt+E at the login screen to begin enterprise enrollment.
In Chrome Management | Device Settings, enable Forced Re-enrollment for all devices.
In Chrome Management | Device Settings, enable Forced Re-enrollment for all devices.
Turn on the chromebook and log in as a Chrome Device admin. Press Ctrl+Alt+E to begin enterprise enrollment.
Turn on the chromebook and log in as a Chrome Device admin. Press Ctrl+Alt+E to begin enterprise enrollment.
Instruct the employees to log in to the Chromebook. Upon login, the auto enrollment process will begin.
Instruct the employees to log in to the Chromebook. Upon login, the auto enrollment process will begin.
Suggested answer: A

Explanation:

To prepare the Chromebooks for use and register them in Google Workspace, enterprise enrollment is required. This process ensures that the devices are managed under your organization's policies.

Enterprise Enrollment: This is a process that ties a Chromebook to your organization's Google Workspace account, applying policies and settings you've configured in the Google Admin console.

Steps for Enrollment:

Turn on the Chromebook: Start the device and wait for the login screen to appear.

Initiate Enrollment: Press Ctrl + Alt + E at the login screen. This key combination is specifically designed to start the enterprise enrollment process.

Sign In: Use the credentials of an account that has the necessary permissions to enroll devices (typically a Google Workspace admin account).

Complete Enrollment: Follow the prompts to complete the process. The device will now be managed under your organization's policies.

Re-enrollment Settings: It's recommended to enable forced re-enrollment in the Google Admin console to ensure that devices cannot be used without being enrolled again if they are wiped.

Enroll ChromeOS devices before deployment

asked 18/09/2024
Max Lenin Dos Santos Torres
50 questions

Question 93

Report
Export
Collapse

All Human Resources employees at your company are members of the ''HR Department'' Team Drive. The HR Director wants to enact a new policy to restrict access to the ''Employee Compensation'' subfolder stored on that Team Drive to a small subset of the team.

What should you do?

Use the Drive API to modify the permissions of the Employee Compensation subfolder.
Use the Drive API to modify the permissions of the Employee Compensation subfolder.
Use the Drive API to modify the permissions of the individual files contained within the subfolder.
Use the Drive API to modify the permissions of the individual files contained within the subfolder.
Move the contents of the subfolder to a new Team Drive with only the relevant team members.
Move the contents of the subfolder to a new Team Drive with only the relevant team members.
Move the subfolder to the HR Director's MyDrive and share it with the relevant team members.
Move the subfolder to the HR Director's MyDrive and share it with the relevant team members.
Suggested answer: C

Explanation:

To restrict access to the 'Employee Compensation' subfolder within a Team Drive (now known as a shared drive), you should move the contents to a new shared drive with restricted membership.

Current Setup: All HR employees have access to the 'HR Department' Team Drive, but only a subset should access the 'Employee Compensation' subfolder.

New Shared Drive:

Create a New Shared Drive: This shared drive will be specifically for sensitive documents like employee compensation.

Move Contents: Transfer the files and folders from the 'Employee Compensation' subfolder to this new shared drive.

Manage Membership: Add only the relevant team members to this new shared drive, ensuring that only authorized personnel can access the sensitive information.

Steps:

In the Google Admin console, navigate to Drive and Docs > Manage shared drives.

Create a new shared drive and name it appropriately.

Move the necessary files and folders into this new shared drive.

Set the membership and permissions to include only the relevant users.

Manage shared drives

Control access to files and folders in shared drives

asked 18/09/2024
Frank van Hout
37 questions

Question 94

Report
Export
Collapse

Your company uses a whitelisting approach to manage third-party apps and add-ons. The Senior VP of Sales & Marketing has urgently requested access to a new Marketplace app that has not previously been vetted. The company's Information Security policy empowers you, as a Google Workspace admin, to grant provisional access immediately if all of the following conditions are met:

Access to the app is restricted to specific individuals by request only.

The app does not have the ability to read or manage emails.

Immediate notice is given to the Infosec team, followed by the submission of a security risk analysis report within 14 days.

Which actions should you take first to ensure that you are compliant with Infosec policy?

Move the Senior VP to a sub-OU before enabling Marketplace Settings > ''Allow Users to Install Any App from Google Workspace Marketplace.''
Move the Senior VP to a sub-OU before enabling Marketplace Settings > ''Allow Users to Install Any App from Google Workspace Marketplace.''
Confirm that the Senior VP's OU has the following Gmail setting disabled before whitelisting the app: ''Let users delegate access to their mailbox.''
Confirm that the Senior VP's OU has the following Gmail setting disabled before whitelisting the app: ''Let users delegate access to their mailbox.''
Add the Marketplace app, then review the authorized scopes in Security > Manage API client access.
Add the Marketplace app, then review the authorized scopes in Security > Manage API client access.
Search the Google Workspace support forum for feedback about the app to include in the risk analysis report.
Search the Google Workspace support forum for feedback about the app to include in the risk analysis report.
Suggested answer: C

Explanation:

Step by Step Comprehensive Detailed Explanation: To comply with the company's Information Security policy while granting provisional access to a new Marketplace app, follow these steps:

Add the Marketplace App: Start by adding the requested app to your Google Workspace Marketplace.

Review Authorized Scopes:

Go to the Admin console.

Navigate to Security > API controls > Manage third-party app access.

Add the app and review the scopes it requests. Ensure it doesn't request permission to read or manage emails.

Compliance Steps:

Restrict Access: Configure the app to be accessible only to the specific individuals as per the request.

Immediate Notification: Inform the Infosec team immediately about the provisional access granted.

Security Risk Analysis Report: Prepare and submit a security risk analysis report within 14 days, detailing the app's functionality and security implications.

Verification: Ensure that the Gmail setting 'Let users delegate access to their mailbox' is disabled if the app's authorized scopes are compliant with the policy.

Manage third-party app access to Google Workspace data

Google Workspace Security: API Controls

asked 18/09/2024
Moraes, Jefferson
45 questions

Question 95

Report
Export
Collapse

User A is a Basic License holder. User B is a Business License holder. These two users, along with many additional users, are in the same organizational unit at the same company. When User A attempts to access Drive, they receive the following error: ''We are sorry, but you do not have access to Google Docs Editors. Please contact your Organization Administrator for access.'' User B is not presented with the same error and accesses the service without issues.

How do you provide access to Drive for User A?

Select User A in the Directory, and under the Apps section, check whether Drive and Docs is disabled. If so, enable it in the User record.
Select User A in the Directory, and under the Apps section, check whether Drive and Docs is disabled. If so, enable it in the User record.
In Apps > Google Workspace > Drive and Docs, select the organizational unit the users are in and enable Drive for the organizational unit.
In Apps > Google Workspace > Drive and Docs, select the organizational unit the users are in and enable Drive for the organizational unit.
In Apps > Google Workspace, determine the Group that has Drive and Docs enabled as a service. Add User A to this group.
In Apps > Google Workspace, determine the Group that has Drive and Docs enabled as a service. Add User A to this group.
Select User A in the Directory, and under the Licenses section, change their license from Basic to Business to add the Drive and Docs service.
Select User A in the Directory, and under the Licenses section, change their license from Basic to Business to add the Drive and Docs service.
Suggested answer: D

Explanation:

Access the Admin Console: Log into your Google Workspace Admin Console.

Select User A: Navigate to the Directory and select User A's account.

Check Licenses: Under the Licenses section, check the current license type of User A. As User A holds a Basic License, they lack access to certain services available to Business License holders.

Change License: Change User A's license from Basic to Business. This can be done by assigning the Business License to User A within the Licenses section.

Verify Access: After changing the license, verify that User A can now access Google Drive and Docs without any errors.

Google Support: Assign or remove a user license

asked 18/09/2024
Corentin ADJOVI
36 questions

Question 96

Report
Export
Collapse

Your company is deploying Chrome devices. You want to make sure the machine assigned to the employee can only be signed in to by that employee and no one else.

What two things should you do? (Choose two.)

Disable Guest Mode and Public Sessions.
Disable Guest Mode and Public Sessions.
Enable a Device Policy of Sign In Screen and add the employee email address.
Enable a Device Policy of Sign In Screen and add the employee email address.
Enroll a 2-Factor hardware key on the device using the employee email address.
Enroll a 2-Factor hardware key on the device using the employee email address.
Enable a User Policy of Multiple Sign In Access and add just the employee email address.
Enable a User Policy of Multiple Sign In Access and add just the employee email address.
Enable a Device Policy of Restrict Sign In to List of Users, and add the employee email address.
Enable a Device Policy of Restrict Sign In to List of Users, and add the employee email address.
Suggested answer: A, E

Explanation:

Access Admin Console: Log into your Google Workspace Admin Console.

Disable Guest Mode and Public Sessions: Navigate to Devices > Chrome > Settings. Disable Guest Mode and Public Sessions to prevent unauthorized users from accessing the device.

Restrict Sign-In: Go to Device Settings > User & Browser Settings.

Configure Device Policy: Enable the policy 'Restrict Sign-In to List of Users.'

Add Employee Email: Add the specific employee's email address to the list of allowed users. This ensures only the specified employee can sign in to the device.

Google Support: Configure Chrome devices

asked 18/09/2024
Christie Clark
40 questions

Question 97

Report
Export
Collapse

Your company policy requires that managers be provided access to Drive data once an employee leaves the company.

How should you grant this access?

Make the manager a delegate to the former employee's account.
Make the manager a delegate to the former employee's account.
Copy the data from the former employee's My Drive to the manager's My Drive.
Copy the data from the former employee's My Drive to the manager's My Drive.
Transfer ownership of all Drive data using the file transfer ownership tool in the Google Workspace Admin console.
Transfer ownership of all Drive data using the file transfer ownership tool in the Google Workspace Admin console.
Login as the user and add the manager to the file permissions using the ''Is owner' privilege for all Drive files.
Login as the user and add the manager to the file permissions using the ''Is owner' privilege for all Drive files.
Suggested answer: C

Explanation:

Access Admin Console: Log into your Google Workspace Admin Console.

Navigate to Transfer Tool: Go to Apps > Google Workspace > Drive and Docs > Transfer ownership.

Initiate Transfer: Enter the email address of the former employee and the manager who will receive the data.

Select Data: Choose to transfer all Drive data to the manager's account.

Complete Transfer: Confirm the transfer. This will transfer ownership of all Drive data from the former employee to the manager, ensuring they have access to the required information.

Google Support: Transfer Drive files to a new owner

asked 18/09/2024
Thomas Drilling
43 questions

Question 98

Report
Export
Collapse

Your organization has noticed several incidents of accidental oversharing inside the organization. Specifically, several users have shared sensitive Google Drive items with the entire organization by clicking 'anyone in this group with this link can view'. You have been asked by senior management to help users share more appropriately and also to prevent accidental oversharing to the entire organization. How would you best accomplish this?

Create groups, add users accordingly, and educate users on how to share to specific groups of people.
Create groups, add users accordingly, and educate users on how to share to specific groups of people.
Disable sharing to the entire organization so that users must consciously add every person who needs access.
Disable sharing to the entire organization so that users must consciously add every person who needs access.
Determine sharing boundaries for users that work with sensitive information, and then implement target audiences.
Determine sharing boundaries for users that work with sensitive information, and then implement target audiences.
Temporarily disable the Google Drive service for individuals who continually overshare.
Temporarily disable the Google Drive service for individuals who continually overshare.
Suggested answer: C

Explanation:

Identify Sensitive Information: Determine which users handle sensitive information and assess the current sharing practices.

Define Sharing Boundaries: Establish clear boundaries and guidelines for sharing sensitive information within the organization.

Implement Target Audiences: In the Google Admin console, go to Apps > Google Workspace > Drive and Docs > Sharing settings. Set up target audiences for different groups of users based on their roles and the sensitivity of the information they handle.

Educate Users: Conduct training sessions to educate users on how to share information securely and the importance of adhering to the defined sharing boundaries.

Monitor Sharing Activity: Regularly monitor sharing activity to ensure compliance with the new policies and to identify any instances of oversharing.

Adjust Policies as Needed: Based on the monitoring results, make any necessary adjustments to the sharing policies and target audiences to enhance security and prevent accidental oversharing.

Google Workspace Admin Help - Target Audiences

Google Workspace Admin Help - Sharing Settings

asked 18/09/2024
Crystal Eagle
31 questions

Question 99

Report
Export
Collapse

You are a Workspace Administrator with a mix of Business Starter and Standard Licenses for your users. A Business Starter User in your domain mentions that they are running out of Drive Storage Quota. Without deleting data from Drive, what two actions can you take to alleviate the quota concerns for this user? (Choose two.)

Add other users as ''Editors'' on the Drive object, thus spreading the storage quota debt between all of them.
Add other users as ''Editors'' on the Drive object, thus spreading the storage quota debt between all of them.
Manually export and back up the data locally, and delete the affected files from Drive to alleviate the debt.
Manually export and back up the data locally, and delete the affected files from Drive to alleviate the debt.
Make another user the ''Owner'' of the Drive objects, thus transferring the storage quota debt to them.
Make another user the ''Owner'' of the Drive objects, thus transferring the storage quota debt to them.
Perform an API query for large storage drive objects, and delete them, thus alleviating the quota debt.
Perform an API query for large storage drive objects, and delete them, thus alleviating the quota debt.
Move the affected items to a Shared Drive. Shared Drives transfer ownership of the drive item to the domain itself, which alleviates the quota debt from that user.
Move the affected items to a Shared Drive. Shared Drives transfer ownership of the drive item to the domain itself, which alleviates the quota debt from that user.
Suggested answer: C, E

Explanation:

Move to Shared Drive:

Shared Drives in Google Workspace are designed to store files owned by the team or the organization rather than an individual user.

When files are moved to a Shared Drive, the ownership of those files is transferred to the domain, which means the storage quota for individual users is not affected.

To move files to a Shared Drive:

Navigate to Google Drive.

Select the files or folders to move.

Right-click and choose 'Move to' and select the appropriate Shared Drive.

Transfer Ownership:

You can transfer ownership of files from one user to another within the same domain.

This is helpful if a user is running out of storage quota, as the storage used by the file will count against the new owner's quota.

To transfer ownership:

Open the file in Google Drive.

Click on the Share button.

Add the new owner and change their role to 'Owner'.

The new owner must accept the ownership transfer.

Google Workspace Admin Help: Shared Drives

Google Drive Help: Transfer File Ownership

asked 18/09/2024
mostafa badawi
43 questions

Question 100

Report
Export
Collapse

Your organization is preparing to deploy Workspace and will continue using your company's existing identity provider for authentication and single sign-on (SSO). In order to migrate data from an external system, you were required to provision each user's account in advance. Your IT team and select users (~5% of the organization) have been using Workspace for configuration and testing purposes. The remainder of the organization can technically access their accounts now, but the IT team wants to block their access until the migrations are complete. What should your organization do?

Remove Google Workspace license to prevent users from accessing their accounts now.
Remove Google Workspace license to prevent users from accessing their accounts now.
Suspend users that the organization does not wish to have access.
Suspend users that the organization does not wish to have access.
Add the users to the OU with all services disabled.
Add the users to the OU with all services disabled.
Use Context-Aware Access to simultaneously block access to all services for all users and allow access to all services for the allowed users.
Use Context-Aware Access to simultaneously block access to all services for all users and allow access to all services for the allowed users.
Suggested answer: C

Explanation:

Organizational Units (OUs):

Google Workspace allows the creation of Organizational Units (OUs) to manage and apply settings to specific groups of users.

By placing users in an OU where services are disabled, you can prevent access to Google Workspace services until you are ready to enable them.

Setting Up OUs:

Navigate to the Google Admin console.

Create a new OU for the users whose access needs to be restricted.

Move the users into this OU.

Disable services for this OU:

Go to Apps in the Admin console.

Click on Google Workspace core services.

Select the OU and turn off the services you wish to disable.

Google Workspace Admin Help: Set Up an Organizational Unit

Google Workspace Admin Help: Control Who Uses Google Workspace Services

asked 18/09/2024
leconte maxime
36 questions
Total 199 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your team is collaborating on a new project by using a Google Doc They are using Doc comments to add numerous questions and suggestions You want to ensure that sensitive data in the Doc comments does not appear in the recipients' inboxes when a user is notified that a comment has been assigned to them What should you do?
Your organization was recently targeted by a phishing attempt that affected several users You must efficiently determine the full extent of the phishing attempt and prevent further issues from occurring What should you do?
Your organization is part of a highly regulated industry with a very high turnover. In order to recycle licenses for new employees and comply with data retention regulations, it has been determined that certain Google Workspace data should be stored in a separate backup environment. How should you store data for this situation?
A user is reporting that external, inbound messages from known senders are repeatedly being incorrectly classified as spam. What steps should the admin take to prevent this behavior in the future?
Your business partner requests that a new custom cloud application be set up to log in without having separate credentials. What is your business partner required to provide in order to proceed?
Your organization recently bought 1.000 licenses for Cloud Identity Premium. The company's development team created an application in the enterprise service bus (ESB) that will read user data in the human resources information system (HRIS) and create accounts via the Google Directory REST API. While doing the original test before production use, the team observes a 503 error coming from Google API response after a few users are created The team believes the ESB is not the cause, because it can perform 100 requests per second without any problems. What advice would you give the development team in order to avoid the issue?
The compliance team at your organization is conducting a legal investigation into some concerning sales activities of an employee eight months ago The compliance team contacted you for assistance on the situation You set up the default Google Vault retention rules so all data is retained only for one year You must assist the compliance team with the investigation What should you do1?
You have configured your Google Workspace account on the scheduled release track to provide additional time to prepare for new product releases and determine how they will impact your users. There are some new features on the latest roadmap that your director needs you to test as soon as they become generally available without changing the release track for the entire organization. What should you do?
Your organization has offices in Canada Italy and the United States You want to ensure that employees can access corporate Gmail and Drive from these three geographic locations only What should you do?
You want to create a list of IP addresses that are approved to send email to your domain. To accomplish this, what section of the Google Workspace Admin console should you update?