[Dec 27, 2023] Step by Step Guide to Prepare for Google-Workspace-Administrator Exam BrainDumps [Q62-Q86]

Dec 27, 2023 Step by Step Guide to Prepare for Google-Workspace-Administrator Exam BrainDumps

Workspace Administrator Google-Workspace-Administrator Real Exam Questions and Answers FREE Updated on 2023

By earning the Google-Workspace-Administrator certification, professionals can demonstrate their expertise in managing and optimizing Google Workspace environments. It can also help them advance their career and open up new job opportunities. Moreover, it can give organizations the confidence that their Google Workspace environment is being managed by a certified professional with the knowledge and skills to ensure its optimal performance.

Google Cloud Certified - Professional Google Workspace Administrator exam is designed for individuals who want to demonstrate their expertise in managing, configuring, and securing Google Workspace environments. Google-Workspace-Administrator exam tests the candidate's knowledge of various Google Workspace services, including Gmail, Google Drive, Google Meet, and more, as well as their ability to manage user accounts, groups, and domains.

 

NEW QUESTION # 62
Your-company.com recently started using Google Workspace. The CIO is happy with the deployment, but received notifications that some employees have issues with consumer Google accounts (conflict accounts). You want to put a plan in place to address this concern.
What should you do?

• A. Ask users to request a new Google Workspace account from your local admin.
• B. Use the Transfer tool for unmanaged users to find the conflict accounts.
• C. Use the conflict account remove tool to remove the accounts from Google Workspace.
• D. Rename the accounts to [email protected], and recreate the accounts.

Answer: B

Explanation:
https://gsuiteupdates.googleblog.com/2017/02/resolve-conflicting-accounts-with-new.html#:~:text=Using%20the%20new%20Transfer%20tool,accounts%20to%20G%20Suite%20accounts. https://support.google.com/a/answer/6178640?hl=en

NEW QUESTION # 63
Your company recently decided to use a cloud-based ticketing system for your customer care needs. You are tasked with rerouting email coming into your customer care address, [email protected] to the cloud platform's email address, [email protected]. As a security measure, you have mail forwarding disabled at the domain level.
What should you do?

• A. Create a mail contact in the Google Workspace directory that has an email address of your- [email protected]
• B. Create a content compliance rule in the Google Workspace Admin console to change route to your- [email protected]
• C. Create a recipient map in the Google Workspace Admin console that maps [email protected] to [email protected]
• D. Create a rule to forward mail in the [email protected] mailbox to your- [email protected]

Answer: C

Explanation:
Disable automatic forwarding https://support.google.com/a/answer/2491924?hl=en Redirect incoming messages to another email address https://support.google.com/a/answer/4524505?hl=en (Optional) To send the message to the original recipient as well as the new address, under Routing options, check the Also route to original destination box.

NEW QUESTION # 64
Your client is a multinational company with a single email domain. The client has compliance requirements and policies that vary by country. You need to configure the environment so that each country has their own administrator and no administrator can manage another country.
What should you do?

• A. Establish a new Google Workspace tenant with their own admin for each region.
• B. Create Admin Alerts, and use the Security Center to audit whether admins manage countries other than their own.
• C. Create a Team Drive per OU, and allow only country-specific administration of each folder.
• D. Create an OU for each country. Create an admin role and assign an admin with that role per OU.

Answer: D

Explanation:
https://support.google.com/a/answer/6129577?hl=en#:~:text=Create%20and%20assign%20the%20role&text=Click%20Assign%20role.,organizational%20unit%20and%20click%20Done.

NEW QUESTION # 65
Security and Compliance has identified secure third-party applications that should have access to Google Workspace dat a. You need to restrict third-party access to only approved applications What two actions should you take? (Choose two.)

• A. Disable the Drive SDK
• B. Disable add-ons for Gmail
• C. Whitelist Trusted Apps
• D. Whitelist Google Workspace Marketplace apps
• E. Restrict API scopes

Answer: C,E

NEW QUESTION # 66
Your company has been engaged in a lawsuit, and the legal department has been asked to discover and hold all email for two specific users. Additionally, they have been asked to discover and hold any email referencing "Secret Project 123." What steps should you take to satisfy this request?

• A. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and enter: user1@your- company.com AND [email protected]. Set the search terms to: secret AND project AND 123. Save.
• B. Create a Matter and a Hold. Set the Hold to Gmail, set it to the top level Organization, and set the search terms to "secret project 123." Create a second Hold. Set the second Hold to Gmail, set it to Accounts, and enter: user1 @your-company.com, [email protected]. Save.
• C. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and set the usernames to: [email protected], user2@your-company. Set the search terms to: (secret project 123). Save.
• D. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and set the usernames to: [email protected], user2@your-company. Set the search terms to secret OR project OR 123. Save.

Answer: B

Explanation:
The correct way to search for the esact term is in quotes ("project 123" and not (project 123)). Ref: https://support.google.com/vault/answer/2474474?hl=en. Also, afeter doing this ytou must create the retention rule using comas to separate user from user.

NEW QUESTION # 67
Your organization has been on Google Workspace Enterprise for one year. Recently, an admin turned on public link sharing for Drive files without permission from security. Your CTO wants to get better insight into changes that are made to the Google Workspace environment. The chief security officer wants that data brought into your existing SIEM system.
What are two ways you should accomplish this? (Choose two.)

• A. Use the BigQuery export to send admin audit data to the existing SIEM system via custom code
• B. Use Apps Script and the Reports API to export admin audit data to your existing SIEM system.
• C. Use the Data Export Tool to export admin audit data to your existing SIEM system
• D. Use Apps Script and the Reports API to export drive audit data to the existing SIEM system
• E. Use the BigQuery export to send drive audit data to the existing SIEM system via custom code.

Answer: A,B

NEW QUESTION # 68
You are configuring a shared drive for the financial department of your organization. The financial team wants to allow members of the shared drive to add. edit, and move documents into the shared drive. It's important that the same users cannot remove or delete files. How can you configure access for these users to match the team's request?

• A. Set up the shared drive, and add the users as Contributors of the drive.
• B. Set up the shared drive, and add the users as editors of the drive.
• C. Set up the shared drive, and add the users as Managers of the drive.
• D. Set up the shared drive, and add the users as Content Managers of the drive.

Answer: A

NEW QUESTION # 69
Your company's Chief Information Security Officer has made a new policy where third-party apps should not have OAuth permissions to Google Drive. You need to reconfigure current settings to adhere to this policy.
What should you do?

• A. Access the Security Menu> API Reference > disable all API Access.
• B. Access the Security Menu > API Permissions > choose Drive and Disable High Risk Access.
• C. Access the Security Menu > API Permissions > choose Drive and Disable All Access.
• D. Access Apps > Google Workspace > Drive and Docs > Sharing Settings and disable sharing outside of your domain

Answer: B

NEW QUESTION # 70
Your-company.com recently bought 2500 Chrome devices and wants to distribute them to various teams globally. You decided that enterprise enrollment would be the best way to enforce company policies for managed Chrome devices. You discovered that Chrome devices currently end up in the top-level organization unit, and this needs to change to the organizational unit of the device administrator.
What should you do?

• A. Change Enrollment Controls to Place Chrome device in user organization.
• B. Change Enrollment Controls to Keep Chrome device in current location.
• C. Change Enrollment Permissions to only allow users in this organization to re-enroll existing devices.
• D. Change Enrolment Permissions to not allow users in this organization to enroll new devices.

Answer: A

Explanation:
https://support.google.com/chrome/a/answer/2657289#auto_device_placement_enabled

NEW QUESTION # 71
You received this email from the head of marketing:
Hello Workspace Admin:
Next week, a new consultant will be starting on the "massive marketing mailing" project. We want to ensure that they can view contact details of the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that you can help with?
What are two of the steps you need to perform to fulfill this request?
Choose 2 answers

• A. Create an isolated OU for the consultants who need the restricted contacts access.
• B. Create the consultant inside under the marketing OU.
• C. Create a group that includes the contacts that the consultant is allowed to view.
• D. Ensure that you are assigned the Administrator Privilege of Services > Services settings, and ensure that Services > Contacts > Contacts Settings Message is set.
• E. Apply the role of owner to the consultant in the group settings.

Answer: A,C

NEW QUESTION # 72
Your organization is using Password Sync to sync passwords from Active Directory to Google Workspace. A user changed their network password and cannot log in to Google Workspace with the new password. What steps should you take to troubleshoot this issue?

• A. Reauthorize the Password Sync tool in the Google Workspace Admin Console.
• B. Reset the user's password in Active Directory.
• C. Confirm that the Password Sync service is running on all domain controllers.
• D. Reinstall Password Sync on all domain controllers.

Answer: C

Explanation:
https://support.google.com/a/answer/11237847?hl=en&ref_topic=4498019
The network password is determined to be with AD. In this case, you must verify that password sync is installed on all domain controllers. This is the initial troubleshooting. After this troubleshooting, the logs of these connectors are taken
https://www.youtube.com/watch?v=P-r8bvivZuM

NEW QUESTION # 73
The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time. Your COO has found this useful in the past but when they went to find an email from last year to prove details of a contract in dispute, they were unable to find it. itis no longer in the Trash. They have requested that you recover it.
What should you do?

• A. Using the Message ID, contact Google Google Workspace support to recover the email, then import with Google Workspace Migration for Microsoft Outlook.
• B. Using Vault, perform a search for the email and export the content to a standard format to provide for investigation.
• C. Using the Vault Audit log, perform a search for the email, export the results. then import with Google Workspace Migration for Microsoft Outlook.

Answer: B

Explanation:
https://support.google.com/vault/answer/6161352?hl=en

NEW QUESTION # 74
You want to create a list of IP addresses that are approved to send email to your domain. To accomplish this, what section of the Google Workspace Admin console should you update?

• A. Approved email denylist
• B. Email allowlist
• C. Content compliance rule
• D. Bypass spam filter

Answer: B

NEW QUESTION # 75
Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)

• A. Check whether device policy application is installed on users' devices.
• B. Confirm that the user has at least a Google Workspace Business license.
• C. Delete and recreate a new Context-Aware Access device policy.
• D. Check whether Endpoint Verification is installed on users' desktops.
• E. Confirm that the user has a Google Workspace Enterprise Plus license.

Answer: D,E

Explanation:
https://support.google.com/a/answer/9275380#licenses:~:text=Context%2DAware%20Access-,Control%20access%20to%20apps%20based%20on%20user%20%26%20device%20context,context%2C%20such%20as%20whether%20their%20device%20complies%20with%20your%20IT%20policy.,-Context%2DAware%20Access
https://support.google.com/a/answer/9275380?hl=en&fl=1
https://support.google.com/a/answer/9007320?hl=en&fl=1

NEW QUESTION # 76
As a Google Workspace administrator for your organization, you are tasked with controlling which third-party apps can access Google Workspace dat a. Before implementing controls, as a first step in this process, you want to review all the third-party apps that have been authorized to access Workspace data. What should you do?

• A. Open Admin Console > Security > Less Secure Apps.
• B. Open Admin Console > Security > API Controls > App Access Control > Settings.
• C. Open Admin Console > Security > API Controls > App Access Control > Manage Google Services.
• D. Open Admin Console > Security > API Controls > App Access Control > Manage Third Party App Access.

Answer: D

Explanation:
https://support.google.com/a/answer/7281227?hl=en#zippy=%2Cstep-manage-third-party-app-access-to-google-services-add-apps:~:text=In%20the%20Admin,App%20Access.

NEW QUESTION # 77
Your CISO is concerned about third party applications becoming compromised and exposing Google Workspace data you have made available to them. How could you provide granular insight into what data third party applications are accessing?
What should you do?

• A. Create a report using the Drive Audit Activity logs.
• B. Create a reporting using the API Permissions logs for Installed Apps.
• C. Create a report using the Calendar Audit Activity logs.
• D. Create a report using the OAuth Token Audit Activity logs.

Answer: D

Explanation:
https://support.google.com/a/answer/6124308?hl=en

NEW QUESTION # 78
As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

• A. In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to "delete only active Google domain users not found in LDAP."
• B. Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.
• C. In the GCDS configuration manager, update the group deletion policy setting to "don't delete Google groups not found in LDAP."
• D. Use the Directory API to check and update the group's membership after the GCDS sync is completed.

Answer: C

Explanation:
https://support.google.com/a/answer/6258071?hl=en#zippy=%2Cgoogle-group-deletion-policy Don't delete Google Groups not found in LDAP If checked, Google Group deletions in your Google domain are disabled, even when the Groups aren't in your LDAP server.

NEW QUESTION # 79
Your company has acquired a new company in Japan and wants to add all employees of the acquisition to your existing Google Workspace domain. The new company will retain its original domain for email addresses and, due to the very sensitive nature of its work, the new employees should not be visible in the global directory. However, they should be visible within each company's separate directory. What should you do to meet these requirements?

• A. Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.
• B. Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU.
• C. Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts.
• D. Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead.

Answer: B

Explanation:
https://support.google.com/a/answer/7566446?hl=en&ref_topic=9832541

NEW QUESTION # 80
The CEO of your company has indicated that messages from trusted contacts are being delivered to spam, and it is significantly affecting their work. The messages from these contacts have not always been classified as spam. Additionally, you recently configured SPF, DKIM, and DMARC for your domain. You have been tasked with troubleshooting the issue.
What two actions should you take? (Choose two.)

• A. Conduct an Email log search to trace the message route.
• B. Obtain the message header and analyze using Google Workspace Toolbox.
• C. Validate that your domain is not on the Spamhaus blacklist.
• D. Set up a Gmail routing rule to whitelist the sender.
• E. Review the contents of the messages in Google Vault.

Answer: B,D

NEW QUESTION # 81
You are the Workspace administrator for an international organization with Enterprise Plus Workspace licensing. A third of your employees are located in the United States, another third in Europe, and the other third geographically dispersed around the world. European employees are required to have their data stored in Europe. The current OU structure for your organization is organized by business unit, with no attention to user location. How do you configure Workspace for the fastest end user experience while also ensuring that European user data is contained in Europe?

• A. Configure a data region at the top level OU of your organization, and set the value to "Europe".
• B. Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each.
• C. Configure a configuration group for European users, and set the data region to "Europe".
• D. Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe.

Answer: C

Explanation:
https://support.google.com/a/answer/7630496?hl=en#zippy=%2Cstep-set-the-organizational-structure
"put them in a configuration group (to set for users across or within departments)".

NEW QUESTION # 82
A user does not follow their sign-in pattern and signs In from an unusual location As an admin, what should you do in response to this alert for this user during this investigation?

• A. First suspend the account and then investigate
• B. Investigate the account for unauthorized activity in the Login and Security Audit Log
• C. Add Two Factor Authentication to the Domain
• D. Enhance your security alerts for tracking sign-in patterns

Answer: B

Explanation:
As an admin, you should investigate the user account in question thoroughly. Check the Login and Security Audit Log to review all recent sign-in activity, IP addresses, geolocations, and any other relevant information. Look for any signs of unauthorized access or suspicious activities. If you find any suspicious activity, take appropriate actions, such as resetting passwords, revoking access, or communicating with the user to verify their identity.

NEW QUESTION # 83
You have configured Secure Transport (TLS) Compliance for all messages coming to and from an external domain. altostrat.com. that your end users communicate with via Gmail. What will your end users experience when messages are delivered to them from altostrat.com without TLS enabled?

• A. A warning banner will appear on the message informing the user that the message was not sent securely.
• B. The message will be delivered to their spam folder.
• C. The user will receive a failure message informing them that the message could not be delivered to their inbox and that they will need to work with their Workspace administrator to resolve the issue.
• D. The message will not be delivered to the end user in any form.

Answer: A

NEW QUESTION # 84
Your organization is part of a highly regulated industry with a very high turnover. In order to recycle licenses for new employees and comply with data retention regulations, it has been determined that certain Google Workspace data should be stored in a separate backup environment.
How should you store data for this situation?

• A. Write a script and use Google Workspace APIs to access and download user data.
• B. Train users to use Google Takeout and store their archives locally.
• C. Use routing rules to dual-deliver mail to an on-premises SMTP server and Google Workspace.
• D. Use a third-party tool to configure secure backup of Google Workspace data.

Answer: D

Explanation:
https://cloud.google.com/solutions/partners/backing-up-g-suite-data-with-spinbackup

NEW QUESTION # 85
Your company recently acquired an organization that was not leveraging Google Workspace. Your company is currently using Google Cloud Directory Sync (GCDS) to sync from an LDAP directory into Google Workspace. You want to deploy a second instance of GCDS and apply the same strategy with the newly acquired organization, which also has its users in an LDAP directory. How should you change your GCDS instance to ensure that the setup is successful? (Choose two.)

• A. Provide your current GCDS instance with admin credentials to the recently acquired organization's LDAP directory.
• B. Set up exclusion rules to ensure that users synced from the acquired organization's LDAP are not, suspended.
• C. Add an LDAP sync rule to your current GCDS instance in order to synchronize new users.
• D. Upgrade to the multiple LDAP version of GCDS.
• E. Set up an additional instance of GCDS running on another server, and handle the acquired organization's synchronization.

Answer: B,E

Explanation:
https://support.google.com/a/answer/7177266?hl=en#zippy=%2Ccan-i-sync-gcds-from-multiple-ldap-directories GCDS can only sync from a single LDAP directory. If you have multiple LDAP directories, it is recommended that you consolidate your LDAP server data into a single directory. You need to run 2 separate GCDS instances while creating exclusion rules to prevent suspensions/deletions.

NEW QUESTION # 86
......

To become certified, candidates must pass the 2-hour exam, which consists of multiple-choice and scenario-based questions. Google-Workspace-Administrator exam is administered online and can be taken from anywhere in the world. Upon passing, candidates will receive a digital badge and certificate, which they can use to showcase their expertise and credibility as a Google Workspace administrator. Google Cloud Certified - Professional Google Workspace Administrator certification is valuable for IT professionals who work with Google Workspace or who are interested in pursuing roles that require expertise in managing cloud-based productivity tools.

 

Ultimate Guide to Prepare Google-Workspace-Administrator Certification Exam for Workspace Administrator: https://guidetorrent.dumpstorrent.com/Google-Workspace-Administrator-exam-prep.html