ExamGecko
Search Search Login
Home Home / Google / Professional Google Workspace Administrator

Google Professional Google Workspace Administrator Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The compliance team at your organization is conducting a legal investigation into some concerning sales activities of an employee eight months ago The compliance team contacted you for assistance on the situation You set up the default Google Vault retention rules so all data is retained only for one year You must assist the compliance team with the investigation What should you do1?
You are configuring a customer relationship management (CRM) solution to integrate with Google Workspace services for the sales department at your organization The CRM solution is in the Google Workspace Marketplace and you deploy the specific CRM solution Employees report that there are no contacts and documents visible in the CRM solution You must identify and fix the problem What should you do?
Your business partner requests that a new custom cloud application be set up to log in without having separate credentials. What is your business partner required to provide in order to proceed?
Your team is collaborating on a new project by using a Google Doc They are using Doc comments to add numerous questions and suggestions You want to ensure that sensitive data in the Doc comments does not appear in the recipients' inboxes when a user is notified that a comment has been assigned to them What should you do?
You want to create a list of IP addresses that are approved to send email to your domain. To accomplish this, what section of the Google Workspace Admin console should you update?
An employee at your company does not need access to their Workspace account while they are on leave for a year When they return you need to ensure they have access to their account and that all their data and current emails remain intact Also their shared documents must be available to other users You must accomplish this goal in the most cost-effective way What should you do?
Your IT team is being asked to fulfill a query by your organization's legal department that requires an MBOX file that will be shared to a third-party partner for eDiscovery. The query must be run on multiple users. Legal has no admin rights to Google Vault. What should you do to fulfil the request?
Your organization was recently targeted by a phishing attempt that affected several users You must efficiently determine the full extent of the phishing attempt and prevent further issues from occurring What should you do?
Your organization wants to grant Google Vault access to an external regulatory authority. In an effort to comply with an investigation, the external group needs the ability to view reports in Google Vault. What should you do?
You have configured your Google Workspace account on the scheduled release track to provide additional time to prepare for new product releases and determine how they will impact your users. There are some new features on the latest roadmap that your director needs you to test as soon as they become generally available without changing the release track for the entire organization. What should you do?

Question 141

Report
Export
Collapse

Your organization uses a third-party product to filter mail before it arrives at your Workspace Domain. How should you configure Gmail to ensure that inbound messages are not seen as a spam attack due to the volume of mail being received from this product?

A.
Add the product's IP addresses as an approved sender.
A.
Add the product's IP addresses as an approved sender.
Answers
B.
Allowlist the IP addresses of the third-party filtering product.
B.
Allowlist the IP addresses of the third-party filtering product.
Answers
C.
Add the product's IP addresses to your organization's SPF record.
C.
Add the product's IP addresses to your organization's SPF record.
Answers
D.
List the IP addresses of the product as an Inbound Gateway.
D.
List the IP addresses of the product as an Inbound Gateway.
Answers
Suggested answer: D

Explanation:

To ensure that inbound messages from the third-party filtering product are not seen as a spam attack, you should list the IP addresses of the product as an Inbound Gateway. This configuration tells Gmail that the emails coming from these IP addresses are trusted and should not be flagged as spam due to the volume of mail being received.

Google Workspace Admin Help - Configure an inbound mail gateway

Google Workspace Admin Help - Prevent email spoofing and spam using the Inbound Gateway setting

Question 142

Report
Export
Collapse

Your organization is in the process of deploying Google Drive for desktop so that your users can access Drive files directly from their desktops. For security reasons, you want to restrict Drive for desktop to only company-owned devices. What two steps should you take from the admin panel to restrict Drive for desktop to only company-owned devices?

Choose 2 answers

A.
Create a company-owned device inventory using an asset tag.
A.
Create a company-owned device inventory using an asset tag.
Answers
B.
Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply
B.
Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply
Answers
C.
Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices
C.
Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices
Answers
D.
Install the Google Endpoint Verification extension on machines using Drive for Desktop.
D.
Install the Google Endpoint Verification extension on machines using Drive for Desktop.
Answers
E.
Create a company-owned device inventory using serial numbers of devices.
E.
Create a company-owned device inventory using serial numbers of devices.
Answers
Suggested answer: C, D

Explanation:

To restrict Drive for desktop to only company-owned devices, you should:

Go to Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop and select Only Allow Google Drive for desktop on authorized devices. This setting ensures that only authorized devices can use Drive for desktop.

Install the Google Endpoint Verification extension on machines using Drive for Desktop. This extension helps manage and verify devices, ensuring that only company-owned devices are allowed access.

Google Workspace Admin Help - Set up Drive for desktop

Google Workspace Admin Help - Google Endpoint Verification

Question 143

Report
Export
Collapse

You received this email from the head of marketing:

Hello Workspace Admin:

Next week, a new consultant will be starting on the 'massive marketing mailing' project. We want to ensure that they can view contact details of the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that you can help with?

What are two of the steps you need to perform to fulfill this request?

Choose 2 answers

A.
Create an isolated OU for the consultants who need the restricted contacts access.
A.
Create an isolated OU for the consultants who need the restricted contacts access.
Answers
B.
Create a group that includes the contacts that the consultant is allowed to view.
B.
Create a group that includes the contacts that the consultant is allowed to view.
Answers
C.
Apply the role of owner to the consultant in the group settings.
C.
Apply the role of owner to the consultant in the group settings.
Answers
D.
Create the consultant inside under the marketing OU.
D.
Create the consultant inside under the marketing OU.
Answers
E.
Ensure that you are assigned the Administrator Privilege of Services > Services settings, and ensure that Services > Contacts > Contacts Settings Message is set.
E.
Ensure that you are assigned the Administrator Privilege of Services > Services settings, and ensure that Services > Contacts > Contacts Settings Message is set.
Answers
Suggested answer: A, B

Explanation:

To fulfill the request from the head of marketing, you need to:

Create an isolated Organizational Unit (OU) for the consultants who need restricted contact access. This helps in managing and applying specific policies to the consultants without affecting other users.

Create a group that includes the contacts the consultant is allowed to view. This group will contain the marketing team members' contact details, ensuring that the consultant has access only to these specific contacts.

Google Workspace Admin Help - Manage user access to contacts

Google Workspace Admin Help - Create and manage groups

Question 144

Report
Export
Collapse

The human resources (HR) team needs a centralized place to share key documents with the entire organization while protecting confidential documents and mitigating the risk of losing documents when someone leaves. These documents must be editable by the HR team members. What is the best way to set this up?

A.
Have the HR lead create a folder in their MyDrive for the non-confidential files, give edit access to the HR team, and give view access to the organization.
A.
Have the HR lead create a folder in their MyDrive for the non-confidential files, give edit access to the HR team, and give view access to the organization.
Answers
B.
Create a shared drive for the non-confidential files, give the HR team manager access, and give contributor access to the entire organization.
B.
Create a shared drive for the non-confidential files, give the HR team manager access, and give contributor access to the entire organization.
Answers
C.
Create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization.
C.
Create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization.
Answers
D.
Create a shared drive for all files, give the HR team content manager access, and give view access to the organization.
D.
Create a shared drive for all files, give the HR team content manager access, and give view access to the organization.
Answers
Suggested answer: C

Explanation:

To meet the HR team's requirements, the best approach is to create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization. This setup ensures that the HR team can edit documents while the entire organization can view them. Confidential documents can be stored in a separate location with restricted access to mitigate risks.

Google Workspace Admin Help - Create shared drives

Google Workspace Admin Help - Shared drives access levels

Question 145

Report
Export
Collapse

Your organization implemented Single Sign-On (SSO) for the multiple cloud-based services it uses. During authentication, one service indicates that access to the SSO provider is not possible due to invalid information. What should you do?

A.
Update the validation certificate.
A.
Update the validation certificate.
Answers
B.
Verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL
B.
Verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL
Answers
C.
Run nslookup to confirm that the service exists.
C.
Run nslookup to confirm that the service exists.
Answers
D.
Ensure that Microsoft's Active Directory Federation Services 2.0 sends encrypted SAML Responses in default configurations.
D.
Ensure that Microsoft's Active Directory Federation Services 2.0 sends encrypted SAML Responses in default configurations.
Answers
Suggested answer: B

Explanation:

If a service indicates that access to the SSO provider is not possible due to invalid information, you should verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL. This check ensures that the SAML Response is directed to the correct service, resolving the issue with authentication.

Google Workspace Admin Help - Troubleshoot SSO issues

Google Workspace Admin Help - SAML SSO setup

Question 146

Report
Export
Collapse

You have configured SSO using a third-party IDP with your Google Workspace domain. An end user has reported that they cannot sign in to Google Workspace after their username was changed in the third-party SSO product. They can sign in to their other internal applications that use SSO. and no other users are experiencing issues signing in. What could be causing the sign-in issue?

A.
The SAML assertion provided by the third-party IDP is presenting a username that conflicts with the current username configured in Google Workspace.
A.
The SAML assertion provided by the third-party IDP is presenting a username that conflicts with the current username configured in Google Workspace.
Answers
B.
The user's Google password was changed administratively, which is causing a sign-in failure.
B.
The user's Google password was changed administratively, which is causing a sign-in failure.
Answers
C.
The issued certificate for that user has been revoked and must be updated before the user can have another successful sign in.
C.
The issued certificate for that user has been revoked and must be updated before the user can have another successful sign in.
Answers
D.
The SAML assertion is providing the user's previous password attached to their old username.
D.
The SAML assertion is providing the user's previous password attached to their old username.
Answers
Suggested answer: A

Explanation:

The sign-in issue arises because the SAML assertion provided by the third-party IDP is presenting a username that conflicts with the current username configured in Google Workspace. When a username is changed in the third-party IDP, it must be synchronized with Google Workspace. If this synchronization does not happen, Google Workspace will not recognize the updated username and will prevent the user from signing in.

Verify that the username in the SAML assertion matches the username in Google Workspace.

If there is a mismatch, update the username in Google Workspace to match the SAML assertion.

Ensure that future changes in the third-party IDP are reflected in Google Workspace.

Google Workspace Admin Help: Troubleshoot single sign-on

Question 147

Report
Export
Collapse

You have configured Secure Transport (TLS) Compliance for all messages coming to and from an external domain. altostrat.com. that your end users communicate with via Gmail. What will your end users experience when messages are delivered to them from altostrat.com without TLS enabled?

A.
The message will be delivered to their spam folder.
A.
The message will be delivered to their spam folder.
Answers
B.
The message will not be delivered to the end user in any form.
B.
The message will not be delivered to the end user in any form.
Answers
C.
The user will receive a failure message informing them that the message could not be delivered to their inbox and that they will need to work with their Workspace administrator to resolve the issue.
C.
The user will receive a failure message informing them that the message could not be delivered to their inbox and that they will need to work with their Workspace administrator to resolve the issue.
Answers
D.
A warning banner will appear on the message informing the user that the message was not sent securely.
D.
A warning banner will appear on the message informing the user that the message was not sent securely.
Answers
Suggested answer: B

Explanation:

When Secure Transport (TLS) Compliance is configured and a message is sent from altostrat.com without TLS, the message will not be delivered to the end user in any form. Google Workspace enforces TLS to ensure the security of email communications, and if the required security is not met, the message is blocked.

Confirm that TLS is correctly configured for the domain altostrat.com.

Inform users and administrators of the importance of TLS compliance.

Check the email logs to verify if messages from altostrat.com are being rejected due to the lack of TLS.

Google Workspace Admin Help: Set up TLS for your domain or organization

Question 148

Report
Export
Collapse

A user joined your organization and is reporting that every time they start their computer they are asked to sign in. This behavior differs from what other users within the organization experience. Others are prompted to sign in biweekly. What is the first step you should take to troubleshoot this issue for the individual user?

A.
Reset the user's sign-in cookies
A.
Reset the user's sign-in cookies
Answers
B.
Confirm that this user has their employee ID populated as a sign-in challenge.
B.
Confirm that this user has their employee ID populated as a sign-in challenge.
Answers
C.
Check the session length duration for the organizational unit the user is provisioned in.
C.
Check the session length duration for the organizational unit the user is provisioned in.
Answers
D.
Verify that 2-Step Verification is enforced for this user.
D.
Verify that 2-Step Verification is enforced for this user.
Answers
Suggested answer: C

Explanation:

The first step to troubleshoot this issue is to check the session length duration for the organizational unit the user is provisioned in. Differences in session length settings can cause variations in how often users are prompted to sign in.

Go to the Admin console.

Navigate to Security > Settings.

Under Session control, check the session length settings for the organizational unit.

Adjust the session length duration if necessary to match the organization's standard setting.

Google Workspace Admin Help: Control session length

Question 149

Report
Export
Collapse

Four weeks ago. you exported data from Google Vault and emailed the PST export file to your legal admin. They accidentally deleted the PST file and need it sent again. What steps should you take to re-send the PST file to the legal admin?

A.
Return to the Google Vault export page, and download the ZIP file again.
A.
Return to the Google Vault export page, and download the ZIP file again.
Answers
B.
Return to the Email Log Search page, and download the PST file again.
B.
Return to the Email Log Search page, and download the PST file again.
Answers
C.
Ask the legal admin to return to Google Vault to download the PST file again.
C.
Ask the legal admin to return to Google Vault to download the PST file again.
Answers
D.
Repeat the original search for the original timeframe, and export the data again.
D.
Repeat the original search for the original timeframe, and export the data again.
Answers
Suggested answer: D

Explanation:

To resend the PST file to the legal admin after it has been accidentally deleted:

Return to Google Vault.

Repeat the original search using the same criteria and timeframe as before.

Export the data again to create a new PST file.

Send the new PST file to the legal admin.

This is necessary because Vault exports are not stored permanently and need to be re-created if the original export file is lost.

Google Vault Help: Export data

Question 150

Report
Export
Collapse

Your admin quarantine is becoming a burden to manage due to a consistently high influx of messages that match the content compliance rule Your security team will not allow you to remove or relax this rule, and as a result, you need assistance processing the messages in the quarantine. What is the first step you should take to enable others to help manage the quarantine, while maintaining security?

A.
Give the users super admin rights to view the admin quarantine.
A.
Give the users super admin rights to view the admin quarantine.
Answers
B.
Give the users Services > Gmail > Access Admin Quarantine admin privileges.
B.
Give the users Services > Gmail > Access Admin Quarantine admin privileges.
Answers
C.
Configure the admin quarantine to allow end users to release messages.
C.
Configure the admin quarantine to allow end users to release messages.
Answers
D.
Give the users Services > Security Center admin privileges.
D.
Give the users Services > Security Center admin privileges.
Answers
Suggested answer: B

Explanation:

To enable others to help manage the admin quarantine while maintaining security, give the users Services > Gmail > Access Admin Quarantine admin privileges. This specific privilege allows designated users to view and manage the admin quarantine without granting excessive administrative rights.

Go to the Admin console.

Navigate to Account > Admin roles.

Select the role that you want to assign to users or create a new role.

Assign the 'Services > Gmail > Access Admin Quarantine' privilege to the role.

Add the users to this role.

Google Workspace Admin Help: Admin quarantine

Total 197 questions
Go to page: of 20
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms