ExamGecko
Login
Ask Question

Google Professional Google Workspace Administrator Practice Test - Questions Answers, Page 15

List of questions

Question 141

Report
Export
Collapse

Your organization uses a third-party product to filter mail before it arrives at your Workspace Domain. How should you configure Gmail to ensure that inbound messages are not seen as a spam attack due to the volume of mail being received from this product?

Add the product's IP addresses as an approved sender.
Add the product's IP addresses as an approved sender.
Allowlist the IP addresses of the third-party filtering product.
Allowlist the IP addresses of the third-party filtering product.
Add the product's IP addresses to your organization's SPF record.
Add the product's IP addresses to your organization's SPF record.
List the IP addresses of the product as an Inbound Gateway.
List the IP addresses of the product as an Inbound Gateway.
Suggested answer: D

Explanation:

To ensure that inbound messages from the third-party filtering product are not seen as a spam attack, you should list the IP addresses of the product as an Inbound Gateway. This configuration tells Gmail that the emails coming from these IP addresses are trusted and should not be flagged as spam due to the volume of mail being received.

Google Workspace Admin Help - Configure an inbound mail gateway

Google Workspace Admin Help - Prevent email spoofing and spam using the Inbound Gateway setting

asked 18/09/2024
Samuel Ernesto
32 questions

Question 142

Report
Export
Collapse

Your organization is in the process of deploying Google Drive for desktop so that your users can access Drive files directly from their desktops. For security reasons, you want to restrict Drive for desktop to only company-owned devices. What two steps should you take from the admin panel to restrict Drive for desktop to only company-owned devices?

Choose 2 answers

Create a company-owned device inventory using an asset tag.
Create a company-owned device inventory using an asset tag.
Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply
Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply
Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices
Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices
Install the Google Endpoint Verification extension on machines using Drive for Desktop.
Install the Google Endpoint Verification extension on machines using Drive for Desktop.
Create a company-owned device inventory using serial numbers of devices.
Create a company-owned device inventory using serial numbers of devices.
Suggested answer: C, D

Explanation:

To restrict Drive for desktop to only company-owned devices, you should:

Go to Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop and select Only Allow Google Drive for desktop on authorized devices. This setting ensures that only authorized devices can use Drive for desktop.

Install the Google Endpoint Verification extension on machines using Drive for Desktop. This extension helps manage and verify devices, ensuring that only company-owned devices are allowed access.

Google Workspace Admin Help - Set up Drive for desktop

Google Workspace Admin Help - Google Endpoint Verification

asked 18/09/2024
Jean Ducasse
40 questions

Question 143

Report
Export
Collapse

You received this email from the head of marketing:

Hello Workspace Admin:

Next week, a new consultant will be starting on the 'massive marketing mailing' project. We want to ensure that they can view contact details of the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that you can help with?

What are two of the steps you need to perform to fulfill this request?

Choose 2 answers

Create an isolated OU for the consultants who need the restricted contacts access.
Create an isolated OU for the consultants who need the restricted contacts access.
Create a group that includes the contacts that the consultant is allowed to view.
Create a group that includes the contacts that the consultant is allowed to view.
Apply the role of owner to the consultant in the group settings.
Apply the role of owner to the consultant in the group settings.
Create the consultant inside under the marketing OU.
Create the consultant inside under the marketing OU.
Ensure that you are assigned the Administrator Privilege of Services > Services settings, and ensure that Services > Contacts > Contacts Settings Message is set.
Ensure that you are assigned the Administrator Privilege of Services > Services settings, and ensure that Services > Contacts > Contacts Settings Message is set.
Suggested answer: A, B

Explanation:

To fulfill the request from the head of marketing, you need to:

Create an isolated Organizational Unit (OU) for the consultants who need restricted contact access. This helps in managing and applying specific policies to the consultants without affecting other users.

Create a group that includes the contacts the consultant is allowed to view. This group will contain the marketing team members' contact details, ensuring that the consultant has access only to these specific contacts.

Google Workspace Admin Help - Manage user access to contacts

Google Workspace Admin Help - Create and manage groups

asked 18/09/2024
Seth Frizzell
37 questions

Question 144

Report
Export
Collapse

The human resources (HR) team needs a centralized place to share key documents with the entire organization while protecting confidential documents and mitigating the risk of losing documents when someone leaves. These documents must be editable by the HR team members. What is the best way to set this up?

Have the HR lead create a folder in their MyDrive for the non-confidential files, give edit access to the HR team, and give view access to the organization.
Have the HR lead create a folder in their MyDrive for the non-confidential files, give edit access to the HR team, and give view access to the organization.
Create a shared drive for the non-confidential files, give the HR team manager access, and give contributor access to the entire organization.
Create a shared drive for the non-confidential files, give the HR team manager access, and give contributor access to the entire organization.
Create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization.
Create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization.
Create a shared drive for all files, give the HR team content manager access, and give view access to the organization.
Create a shared drive for all files, give the HR team content manager access, and give view access to the organization.
Suggested answer: C

Explanation:

To meet the HR team's requirements, the best approach is to create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization. This setup ensures that the HR team can edit documents while the entire organization can view them. Confidential documents can be stored in a separate location with restricted access to mitigate risks.

Google Workspace Admin Help - Create shared drives

Google Workspace Admin Help - Shared drives access levels

asked 18/09/2024
MOHAMED RIAZ MOHAMED IBRAHIM
40 questions

Question 145

Report
Export
Collapse

Your organization implemented Single Sign-On (SSO) for the multiple cloud-based services it uses. During authentication, one service indicates that access to the SSO provider is not possible due to invalid information. What should you do?

Update the validation certificate.
Update the validation certificate.
Verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL
Verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL
Run nslookup to confirm that the service exists.
Run nslookup to confirm that the service exists.
Ensure that Microsoft's Active Directory Federation Services 2.0 sends encrypted SAML Responses in default configurations.
Ensure that Microsoft's Active Directory Federation Services 2.0 sends encrypted SAML Responses in default configurations.
Suggested answer: B

Explanation:

If a service indicates that access to the SSO provider is not possible due to invalid information, you should verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL. This check ensures that the SAML Response is directed to the correct service, resolving the issue with authentication.

Google Workspace Admin Help - Troubleshoot SSO issues

Google Workspace Admin Help - SAML SSO setup

asked 18/09/2024
Kimon Pope
32 questions

Question 146

Report
Export
Collapse

You have configured SSO using a third-party IDP with your Google Workspace domain. An end user has reported that they cannot sign in to Google Workspace after their username was changed in the third-party SSO product. They can sign in to their other internal applications that use SSO. and no other users are experiencing issues signing in. What could be causing the sign-in issue?

The SAML assertion provided by the third-party IDP is presenting a username that conflicts with the current username configured in Google Workspace.
The SAML assertion provided by the third-party IDP is presenting a username that conflicts with the current username configured in Google Workspace.
The user's Google password was changed administratively, which is causing a sign-in failure.
The user's Google password was changed administratively, which is causing a sign-in failure.
The issued certificate for that user has been revoked and must be updated before the user can have another successful sign in.
The issued certificate for that user has been revoked and must be updated before the user can have another successful sign in.
The SAML assertion is providing the user's previous password attached to their old username.
The SAML assertion is providing the user's previous password attached to their old username.
Suggested answer: A

Explanation:

The sign-in issue arises because the SAML assertion provided by the third-party IDP is presenting a username that conflicts with the current username configured in Google Workspace. When a username is changed in the third-party IDP, it must be synchronized with Google Workspace. If this synchronization does not happen, Google Workspace will not recognize the updated username and will prevent the user from signing in.

Verify that the username in the SAML assertion matches the username in Google Workspace.

If there is a mismatch, update the username in Google Workspace to match the SAML assertion.

Ensure that future changes in the third-party IDP are reflected in Google Workspace.

Google Workspace Admin Help: Troubleshoot single sign-on

asked 18/09/2024
Wilker Aguiar
46 questions

Question 147

Report
Export
Collapse

You have configured Secure Transport (TLS) Compliance for all messages coming to and from an external domain. altostrat.com. that your end users communicate with via Gmail. What will your end users experience when messages are delivered to them from altostrat.com without TLS enabled?

The message will be delivered to their spam folder.
The message will be delivered to their spam folder.
The message will not be delivered to the end user in any form.
The message will not be delivered to the end user in any form.
The user will receive a failure message informing them that the message could not be delivered to their inbox and that they will need to work with their Workspace administrator to resolve the issue.
The user will receive a failure message informing them that the message could not be delivered to their inbox and that they will need to work with their Workspace administrator to resolve the issue.
A warning banner will appear on the message informing the user that the message was not sent securely.
A warning banner will appear on the message informing the user that the message was not sent securely.
Suggested answer: B

Explanation:

When Secure Transport (TLS) Compliance is configured and a message is sent from altostrat.com without TLS, the message will not be delivered to the end user in any form. Google Workspace enforces TLS to ensure the security of email communications, and if the required security is not met, the message is blocked.

Confirm that TLS is correctly configured for the domain altostrat.com.

Inform users and administrators of the importance of TLS compliance.

Check the email logs to verify if messages from altostrat.com are being rejected due to the lack of TLS.

Google Workspace Admin Help: Set up TLS for your domain or organization

asked 18/09/2024
Jeremy Cheeseborough
41 questions

Question 148

Report
Export
Collapse

A user joined your organization and is reporting that every time they start their computer they are asked to sign in. This behavior differs from what other users within the organization experience. Others are prompted to sign in biweekly. What is the first step you should take to troubleshoot this issue for the individual user?

Reset the user's sign-in cookies
Reset the user's sign-in cookies
Confirm that this user has their employee ID populated as a sign-in challenge.
Confirm that this user has their employee ID populated as a sign-in challenge.
Check the session length duration for the organizational unit the user is provisioned in.
Check the session length duration for the organizational unit the user is provisioned in.
Verify that 2-Step Verification is enforced for this user.
Verify that 2-Step Verification is enforced for this user.
Suggested answer: C

Explanation:

The first step to troubleshoot this issue is to check the session length duration for the organizational unit the user is provisioned in. Differences in session length settings can cause variations in how often users are prompted to sign in.

Go to the Admin console.

Navigate to Security > Settings.

Under Session control, check the session length settings for the organizational unit.

Adjust the session length duration if necessary to match the organization's standard setting.

Google Workspace Admin Help: Control session length

asked 18/09/2024
Simone Somacal
31 questions

Question 149

Report
Export
Collapse

Four weeks ago. you exported data from Google Vault and emailed the PST export file to your legal admin. They accidentally deleted the PST file and need it sent again. What steps should you take to re-send the PST file to the legal admin?

Become a Premium Member for full access
  Unlock Premium Member

Question 150

Report
Export
Collapse

Your admin quarantine is becoming a burden to manage due to a consistently high influx of messages that match the content compliance rule Your security team will not allow you to remove or relax this rule, and as a result, you need assistance processing the messages in the quarantine. What is the first step you should take to enable others to help manage the quarantine, while maintaining security?

Become a Premium Member for full access
  Unlock Premium Member
Total 199 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your team is collaborating on a new project by using a Google Doc They are using Doc comments to add numerous questions and suggestions You want to ensure that sensitive data in the Doc comments does not appear in the recipients' inboxes when a user is notified that a comment has been assigned to them What should you do?
Your organization was recently targeted by a phishing attempt that affected several users You must efficiently determine the full extent of the phishing attempt and prevent further issues from occurring What should you do?
Your organization is part of a highly regulated industry with a very high turnover. In order to recycle licenses for new employees and comply with data retention regulations, it has been determined that certain Google Workspace data should be stored in a separate backup environment. How should you store data for this situation?
A user is reporting that external, inbound messages from known senders are repeatedly being incorrectly classified as spam. What steps should the admin take to prevent this behavior in the future?
Your business partner requests that a new custom cloud application be set up to log in without having separate credentials. What is your business partner required to provide in order to proceed?
Your organization recently bought 1.000 licenses for Cloud Identity Premium. The company's development team created an application in the enterprise service bus (ESB) that will read user data in the human resources information system (HRIS) and create accounts via the Google Directory REST API. While doing the original test before production use, the team observes a 503 error coming from Google API response after a few users are created The team believes the ESB is not the cause, because it can perform 100 requests per second without any problems. What advice would you give the development team in order to avoid the issue?
The compliance team at your organization is conducting a legal investigation into some concerning sales activities of an employee eight months ago The compliance team contacted you for assistance on the situation You set up the default Google Vault retention rules so all data is retained only for one year You must assist the compliance team with the investigation What should you do1?
You have configured your Google Workspace account on the scheduled release track to provide additional time to prepare for new product releases and determine how they will impact your users. There are some new features on the latest roadmap that your director needs you to test as soon as they become generally available without changing the release track for the entire organization. What should you do?
Your organization has offices in Canada Italy and the United States You want to ensure that employees can access corporate Gmail and Drive from these three geographic locations only What should you do?
You want to create a list of IP addresses that are approved to send email to your domain. To accomplish this, what section of the Google Workspace Admin console should you update?