GOOGLE-WORKSPACE-ADMINISTRATOR Online Practice Questions and Answers

You have configured Secure Transport (TLS) Compliance for all messages coming to and from an external domain. altostrat.com. that your end users communicate with via Gmail. What will your end users experience when messages are delivered to them from altostrat.com without TLS enabled?

A. The message will be delivered to their spam folder.

B. The message will not be delivered to the end user in any form.

C. The user will receive a failure message informing them that the message could not be delivered to their inbox and that they will need to work with their Workspace administrator to resolve the issue.

D. A warning banner will appear on the message informing the user that the message was not sent securely.

Your company is using macOS devices for all employees and has built a process to allow a Google account to be used as credentials (or the device Your company wants to manage newly acquired Windows 10 devices with Google Workspace endpoint management and have employees use their Google Workspace account as login credentials for Windows 10 Which steps should you take to enable this?

Choose 2 answers

A. Install and configure Google Credential Provider for Windows (GCPW) on each device

B. Configure Chrome policies on Windows to push advanced device management policies

C. Enable Windows device management in Devices > Mobile and endpoints > Settings > Windows settings

D. Sync the Google Accounts and password to AD via Google Cloud Directory Sync V1 (GCDS)

E. Install and configure Password Sync on each Active Directory (AD) domain controller

Security and Compliance has identified secure third-party applications that should have access to Google Workspace data. You need to restrict third-party access to only approved applications

What two actions should you take? (Choose two.)

A. Whitelist Trusted Apps

B. Disable the Drive SDK

C. Restrict API scopes

D. Disable add-ons for Gmail

E. Whitelist Google Workspace Marketplace apps

Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices?

A. Navigate to "Data Protection" setting in Google Admin Console's Device management section and disable the "Allow users to copy data to personal apps" checkbox.

B. Disable "Open Docs in Unmanaged Apps" setting in Google Admin Console's Device management section.

C. Navigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management.

D. Clear the "Allow items created with managed apps to open in unmanaged apps" checkbox.

After making a recent migration to Google Workspace, you updated your Google Cloud Directory Sync configuration to synchronize the global address list. Users are now seeing duplicate contacts in their global directory in Google Workspace. You need to resolve this issue.

What should you do?

A. Train users to use Google Workspace's merge contacts feature.

B. Enable directory contact deduplication in the Google Workspace Admin panel.

C. Update shared contact search rules to exclude internal users.

D. Create a new global directory, and delete the original.

Your client is a multinational company with a single email domain. The client has compliance requirements and policies that vary by country. You need to configure the environment so that each country has their own administrator and no administrator can manage another country.

What should you do?

A. Establish a new Google Workspace tenant with their own admin for each region.

B. Create an OU for each country. Create an admin role and assign an admin with that role per OU.

C. Create Admin Alerts, and use the Security Center to audit whether admins manage countries other than their own.

D. Create a Team Drive per OU, and allow only country-specific administration of each folder.

The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time. Your COO has found this useful in the past but when they went to find an email from

last year to prove details of a contract in dispute, they were unable to find it. itis no longer in the Trash. They have requested that you recover it.

What should you do?

A. Using Vault, perform a search for the email and export the content to a standard format to provide for investigation.

B. Using the Message ID, contact Google Google Workspace support to recover the email, then import with Google Workspace Migration for Microsoft Outlook.

C. Using the Vault Audit log, perform a search for the email, export the results. then import with Google Workspace Migration for Microsoft Outlook.

Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams, the security team, requires access to the Security Investigation Tool. What should you do?

A. Assign the pre-built security admin role to the security team members.

B. Create a Custom Admin Role with the Security Center privileges, and then assign the role to each of the security team members.

C. Assign the Super Admin Role to the security team members.

D. Create a Custom Admin Role with the security settings privilege, and then assign the role to each of the security team members.

An end user informs you that they are having issues receiving mail from a specific sender that is external to your organization. You believe the issue may be caused by the external entity's SPF record being incorrectly configured. Which troubleshooting step allows you to examine the full message headers for the offending message to determine why the messages are not being delivered?

A. Use the Postmaster Tools API to pull the message headers.

B. Use the Email Log Search to directly review the message headers.

C. Use the Security Investigation Tool to review the message headers.

D. Perform an SPF record check on the domain to determine whether their SPF record is valid.

Several customers have reported receiving fake collection notices from your company. The emails were received from accounts.receivable@yourcompany.com, which is the valid address used by your accounting department for such matters, but the email audit log does not show the emails in question. You need to stop these emails from being sent.

What two actions should you take? (Choose two.)

A. Change the password for suspected compromised account accounts.receivable@yourcompany.com.

B. Configure a Sender Policy Framework (SPF) record for your domain.

C. Configure Domain Keys Identified Mail (DKIM) to authenticate email.

D. Disable mail delegation for the accounts.receivable@yourcompany.com account.

E. Disable "Allow users to automatically forward incoming email to another address."