Professional Google Workspace AdministratorFree trialFree trial

By google
Aug, 2025

Verified

25Q per page

Question 1

As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

  • A: In the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.”
  • B: Use the Directory API to check and update the group’s membership after the GCDS sync is completed.
  • C: Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.
  • D: In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”

Question 2

Your organization recently had a sophisticated malware attack that was propagated through embedded macros in email attachments. As a Workspace administrator, you want to provide an additional layer of anti-malware protection over the conventional malware protection that is built into Gmail. What should you do to protect your users from future unknown malware in email attachments?

  • A: Run queries in Security Investigation Tool.
  • B: Turn on advanced phishing and malware protection.
  • C: Enable Security Sandbox.
  • D: Enable Gmail confidential mode.

Question 3

Your organization is engaging with an external marketing vendor on a new promotion. The vendor's employees need access to internal documents. Some employees do not have Google consumer or Workspace accounts. You need to securely enable sharing with these external collaborators. What should you do?

  • A: Enable external sharing for the specific child organizational units or configuration groups.
  • B: Enable visitor sharing for the Google Workspace domain.
  • C: Create a trust rule for a shared drive to allow sharing with the external vendor.
  • D: Add the external domain of the vendor to the allowlist.

Question 4

Samantha, an employee from your engineering department, has submitted a help desk ticket. She is unable to share a Google Doc file with Jason, her coworker in the marketing department. However, Samantha is able to share the same file with her colleagues in the engineering department. You must troubleshoot the issue. What should you do?

  • A: Confirm if a trust rule is preventing sharing with Jason or someone that belongs to the marketing department.
  • B: Verify that Samantha's Drive sharing settings in the Admin console allow sharing content outside her organization.
  • C: Confirm if there is a data protection rule that is preventing the sharing of this particular Google Doc.
  • D: Instruct Samantha to export a PDF copy of the document and email it to Jason.

Question 5

Your organization has been using Google Workspace for almost a year, and your annual security and risk assessment initiative is approaching. In preparation for the risk assessment, you want to quickly review all the security-related settings for Gmail, Drive, and Calendar, and identify the ones that may be posing risk. What should you do?

  • A: Review all the alerts in the Alert center.
  • B: Review the Security health page in the Admin console.
  • C: Review all settings for each organizational unit (OU) separately because it is the only way to see the security settings for Workspace apps.
  • D: Review the Gmail, Drive, and Calendar reports in the Reporting section in the Admin console.

Question 6

Your organization has a data loss prevention (DLP) rule to detect and warn users about external sharing of sensitive files in Google Drive. You also want to prevent external users from downloading files with viewer permissions to their local machines. What should you do?

  • A: Do nothing. View-only Drive files automatically prevent the user from downloading the files.
  • B: Modify the existing DLP rule to Disable download, print, and copy for commenters and viewers.
  • C: Create a new DLP rule by using the existing content detector conditions, but change the action for the new rule to Disable download, print, and copy for commenters and viewers.
  • D: Create a new DLP rule and set the scope to the organizational unit or group that you want to restrict.

Question 7

You work for an organization that is headquartered in Washington DC. You want to reliably send email announcements to all employees in the area and update membership automatically. What should you do?

  • A: Create a Dynamic Group by using the location condition to keep the distribution list automatically updated based on the employees’ work locations.
  • B: Create a Security Group and apply the Location label to allow employees to join based on the specified location.
  • C: Create a Google Group and add all employees in the Washington DC work location.
  • D: Create a Google Group and set permissions to invite employees to join the group.

Question 8

Your organization is working on a confidential project with details that cannot be shared through email with anyone outside your organization. You want to add controls in Gmail that prevent any mention of the project from being sent by employees. Only the CEO and the CFO can send information about the project over email and without a delay. What should you do?

  • A: Configure the Gmail Restrict delivery setting, and add an allowlist with all domains that your employees are allowed to send emails to. Include the CEO and CFO email addresses to the allowlist.
  • B: Configure a Gmail Content compliance rule for outbound email that quarantines all email mentioning the project. Bypass the rule by using the address list with the CEO and CFO email addresses.
  • C: Configure a Gmail Content compliance rule for outbound email that quarantines all email mentioning the project. Manually review all quarantined emails and choose to deliver the ones sent by the CEO and CFO.
  • D: Configure the Gmail Restrict delivery setting for all outgoing messages, except the internal emails. Add the CEO and CFO email addresses to the allowlist.

Question 9

Users at your organization are reporting issues with Google Voice including disconnected calls and overall connection issues. You want to identify whether these issues affect just your organization or whether it's a global Google issue. What should you do?

  • A: Use the Security Investigation Tool with Voice Log Events as the data source field. In the search operator fields, select Event, is, and Network Statistics (client). Analyze the packet loss.
  • B: Verify if there is a service outage for Google Voice reported on the Google Workspace Status Dashboard.
  • C: Use the Security Investigation Tool with User Log Events as the data source field. In the search operator fields, select Event, is, and Call failed. Analyze the packet loss.
  • D: Verify if there is a service interruption for Google Voice reported on the Google Workspace Updates Blog website.

Question 10

You have enrolled a new Google Meet hardware device for an existing conference room in your building. Your users report that the new hardware in the conference does not show the expected calendar events. You need to investigate and fix the problem. What should you do?

  • A: Make sure that the conference room resource calendar has been created and that the Meet Hardware is associated with that resource.
  • B: Create a brand new resource calendar and associate the Meet Hardware with that new resource.
  • C: Use the Meet Quality Tool in the control panel to search for the newly installed Meet Hardware.
  • D: Make sure the Access permissions for the resource calendar is set to “See all event details”.

Question 11

You work at a large global holding firm with multiple companies that are united under one Google Workspace deployment. You must ensure that employees can only access documents at the company in which they are employed. What should you do?

  • A: Create a User group for each company and change Google Drive sharing settings to block external sharing.
  • B: Create an organizational unit (OU) for each company and disable file sharing.
  • C: Set up data loss prevention (DLP) rules to prevent specific documents from being shared.
  • D: Set up Google Drive trust rules to prevent access to documents from individual companies.

Question 12

An employee at your organization is experiencing video call issues in Google Meet, and they were unable to resolve the issues by themselves. You need to troubleshoot the issue. What should you do first?

  • A: View the Meet quality report of the employee.
  • B: Ask your network administrator to add the dedicated Meet IP address range for your users.
  • C: Restart the device of the employee.
  • D: Check the Meet settings of the employee.

Question 13

Your organization's information security team has asked you to determine and remediate if a user (user1@example.com) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately?

  • A: Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is user1@example.com.
  • B: Have the super administrator use the Security API to audit Drive access.
  • C: As a super administrator, change the access on externally shared Drive files manually under user1@example.com.
  • D: Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for user1@example.com.

Question 14

Your organization is migrating to Google Workspace and wants to improve how newly created files are classified. You must find a scalable solution to improve security and transparency on how to handle sensitive files. What should you do?

  • A: Set data loss prevention (DLP) policies to label data automatically, disable label locking, and educate users.
  • B: Create classification labels, enable automatic classification, and educate users.
  • C: Migrate data to Google Workspace, map classifications, and migrate with the Drive Labels API.
  • D: Integrate with the Cloud DLP API, map identifiers and classifications, install the Google Drive label client, and run the application.

Question 15

The Google Analytics service is set to OFF for your entire organization. All users in the marketing team OU and a subset of users in the sales OU need access to Analytics. The rest of the organization should not have access. You must configure access in Additional Google services. What should you do?

  • A: Enable Google Analytics at the top of the OU structure.
  • B: Enable Google Analytics for the marketing and sales OUs. Create a group to deny access to Google Analytics and assign it to the sales users who should not have access.
  • C: Enable Google Analytics for the marketing OU. Create a sub-OU for the sales users under the marketing OU.
  • D: Enable Google Analytics for the marketing OU. Create a group from the Admin console that includes the sales users, and set Google Analytics to On for that group.

Question 16

Your organization has a strict requirement that your temporary employees can only send emails to and receive emails from specific external domains. You must define a policy in Google Workspace that meets this requirement for users in the temporary employee organizational unit (OU). What should you do?

  • A: Create a policy in Gmail settings that rewrites the recipient for outbound messages and quarantines incoming messages to review before delivery.
  • B: Add the allowed domains when configuring the restrict delivery setting in Gmail settings, and select the box to bypass for internal emails.
  • C: Restrict sending and receiving to Google Groups, and carefully curate the temporary employees' memberships.
  • D: Configure the restrict delivery setting to limit domains that the temporary employees can communicate with. Allow Google Docs sharing notifications.

Question 17

Your default Vault retention policy for Gmail is set to 365 days. Your legal department has just informed you that emails sent and received by the customer support department are sensitive, and must be retained for only 30 days. You must enforce this new retention policy in the simplest way. What should you do?

  • A: Change the current default retention policy in Vault for Gmail to 30 days, and apply it to the customer support organizational unit (OU). Configure a custom retention policy for Gmail for 365 days for your domain.
  • B: Create two custom retention policies in Vault: one for 30 days that is applied to the customer support organizational unit (OU), and one for 365 days that is applied to all other OUs in your directory.
  • C: Change the current default retention policy for Gmail to 30 days. Configure two custom retention policies in Vault: one for 30 days that is applied to the customer support organizational unit (OU), and one for 365 days that is applied to all other OUs in your directory.
  • D: Create a custom retention policy in Vault for Gmail for 30 days, and apply it to the customer support organizational unit (OU).

Question 18

Your organization is moving from a legacy mail system to Google Workspace. This move will happen in phases. During the first phase, some of the users in the domain are set up to use a different identity provider (IdP) for logging in. You need to set up multiple IdPs for various users. What should you do?

  • A: Enable single sign-on (SSO) with third-party identity providers and exclude the users who are using a different provider.
  • B: Enable single sign-on (SSO) with Cloud Identity, and use Cloud Directory Sync to manage multiple identity providers.
  • C: Create Security Assertion Markup Language (SAML) based single sign-on (SSO) profiles and assign them to specific organizational units or groups of users.
  • D: Nothing. Google uses cookies to establish a user's relationship to a device. This will cover multiple identity providers.

Question 19

By using Account Activity reports, you have flagged several users who are uploading large files. You want to ensure you don't run out of pooled storage and you want to stop the abuse. What should you do first?

  • A: Email flagged users with a warning of possible abuse.
  • B: Use the Security Investigation Tool to set alerts on the flagged users.
  • C: Warn the flagged users, and purchase more pooled storage to avoid hitting storage quotas.
  • D: Place the flagged users in a configuration group and set storage limits for the group.

Question 20

The helpdesk at your organization reports that many users in multiple locations are not able to access Gmail, but can access other Workspace services. You must troubleshoot the issue. What should you do first?

  • A: Open a ticket with Google Support listing the affected users.
  • B: Check the Google Workspace status dashboard to see whether there is a disruption in Gmail service availability.
  • C: Check the Google Workspace release calendar to ensure there's not a Gmail upgrade scheduled.
  • D: Check network connectivity of the affected users.

Question 21

An employee has been leaking confidential salary information to an external party. You must use Vault to preserve the messages for an investigation. What should you do?

  • A: Create a matter and add a hold on the employee's email.
  • B: Use the security investigation tool to find the messages. Create a hold to preserve the messages.
  • C: Create a custom retention policy. Use the audit feature to view captured email logs.
  • D: Use the search and export features to find all the messages sent externally.

Question 22

The compliance team at your organization is conducting a legal investigation into some concerning sales activities of an employee eight months ago. The compliance team contacted you for assistance on the situation. You set up the default Google Vault retention rules so all data is retained only for one year. You must assist the compliance team with the investigation. What should you do?

  • A: Do nothing. The retention period has already ended and the evidence has already been purged.
  • B: Suspend the employee and export all data by using Google Takeout.
  • C: Assign the compliance team a Google Vault administrator role and create a legal hold for the employee.
  • D: Assign the compliance team a Google Vault administrator role and change the default retention rules to three years.

Question 23

Your team is collaborating on a new project by using a Google Doc. They are using Doc comments to add numerous questions and suggestions. You want to ensure that sensitive data in the Doc comments does not appear in the recipients’ inboxes when a user is notified that a comment has been assigned to them. What should you do?

  • A: Set up an email quarantine to quarantine all incoming emails that contain sensitive data.
  • B: Disable comments in the Google Doc for your users.
  • C: Create a Gmail content compliance rule and turn off dynamic email for your team.
  • D: Create a Gmail content compliance rule to block incoming messages that contain sensitive data.

Question 24

A user is reporting that external, inbound messages from known senders are repeatedly being incorrectly classified as spam. What steps should the admin take to prevent this behavior in the future?

  • A: Modify the SPF record for your internal domain to include the IPs of the external user's mail servers.
  • B: Update the spam settings in the Admin Console to be less aggressive.
  • C: Add the sender's domain to an allowlist via approved senders in the Admin Console.
  • D: Instruct the user to add the senders to their contacts.

Question 25

Your organization was recently targeted by a phishing attempt that affected several users. You must efficiently determine the full extent of the phishing attempt and prevent further issues from occurring. What should you do?

  • A: 1. Search BigQuery logs for all messages marked as phishing. 2. Require Transport Layer Security (TLS) for all email communications. 3. Instruct all users to reset their passwords.
  • B: 1. Use email log search to pull all emails for the past three days. 2. Analyze logs of common emails received and contact users. 3. Instruct users on how to create a Gmail filter to block malicious email addresses.
  • C: 1. Use the security dashboard to view the number of messages showing evidence of potential spoofing, and then use the investigation tool on affected users to remove malicious email. 2. Enable advanced phishing and malware protection. 3. Deploy Google's Password Alert extension for Chrome.
  • D: 1. Collect phishing samples forwarded from users. 2. Add IP addresses and email addresses to your denylist. 3. Enroll only affected users to multi-factor authentication (MFA).
Page 1 of 7 • Questions 1-25 of 151
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!