New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

Google-Workspace-Administrator Questions and Answers

Question # 6

Your company has acquired a new company in Japan and wants to add all employees of the acquisition to your existing Google Workspace domain. The new company will retain its original domain for email addresses and, due to the very sensitive nature of its work, the new employees should not be visible in the global directory. However, they should be visible within each company's separate directory. What should you do to meet these requirements?

A.

Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead.

B.

Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts.

C.

Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU.

D.

Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.

Full Access
Question # 7

NO: 161

Your organization has been using Google Workspace for almost a year, and your annual security and risk assessment initiative is approaching in preparation for the risk assessment you want to quickly review all the security-related settings for Gmail, Drive and Calendar and identify the ones that may be posing risk What should you do?

A.

Review all the alerts in the Alert center

B.

Review the Security health page in the Admin console

C.

Review all settings for each organizational unit (OU) separately because it is the only way to see the security settings tor Workspace apps

D.

Review the Gmail Drive, and Calendar reports in the Reporting section in the Admin console.

Full Access
Question # 8

Your company is using Google Workspace Business Standard. The company has five meeting rooms that are all registered as resources in Google Workspace and used on a daily basis by the employees when organizing meetings. The office layout was changed last weekend, and one of the meeting rooms is now a dedicated room for management. The CEO is complaining that anyone can book the room and requested this room to be used only by the management team and their executive assistants (EAs). No one else must be allowed to book it via Google Calendar. What should you do?

A.

As a super administrator, modify the room calendar sharing settings, and limit it to the management and EAs group.

B.

Delete the room from Google Workspace resources, and suggest using a spreadsheet shared with the management and EAs only for the room schedule.

C.

As a super administrator, create a group calendar named “Management Room,” and share it only with the management and the EAs.

D.

Move the room resource to the management and EAs group so that only they can use it.

Full Access
Question # 9

A large enterprise that had a security breach is working with an external legal team to determine best practices for an investigation. Using Google Vault, the security team is tasked with exporting data for review by the legal team. What steps should you take to securely share the data in question?

A.

Determine the scope of the investigation, create a Matter and Holds in Google Vault, and share with the legal team.

B.

Immediately suspend the user's account, search for all the email messages in question, and forward to the legal team.

C.

Immediately suspend the user's account, assign an archived user license, and export data.

D.

Suspend the user's account, search all associated users data in Google Vault, and export the data.

Full Access
Question # 10

An end user informs you that they are having issues receiving mail from a specific sender that is external to your organization. You believe the issue may be caused by the external entity’s SPF record being incorrectly configured. Which troubleshooting step allows you to examine the full message headers for the offending message to determine why the messages are not being delivered?

A.

Use the Postmaster Tools API to pull the message headers.

B.

Use the Email Log Search to directly review the message headers.

C.

Use the Security Investigation Tool to review the message headers.

D.

Perform an SPF record check on the domain to determine whether their SPF record is valid.

Full Access
Question # 11

Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)

A.

Confirm that the user has a Google Workspace Enterprise Plus license.

B.

Delete and recreate a new Context-Aware Access device policy.

C.

Check whether device policy application is installed on users’ devices.

D.

Confirm that the user has at least a Google Workspace Business license.

E.

Check whether Endpoint Verification is installed on users’ desktops.

Full Access
Question # 12

Your marketing department needs an easy way for users to share items more appropriately. They want to easily link-share Drive files within the marketing department, without sharing them with your entire company. What should you do to fulfil this request? (Choose two.)

A.

Create a shared drive that's shared internally organization-wide.

B.

Update Drive sharing for the marketing department to restrict to internal.

C.

Create a shared drive for internal marketing use.

D.

Update the link sharing default to the marketing team when creating a document.

E.

In the admin panel Drive settings, create a target audience that has all of marketing as members.

Full Access
Question # 13

The CFO just informed you that one of their team members wire-transferred money to the wrong account because they received an email that appeared to be from the CFO. The CFO has provided a list of all users that may be responsible for sending wire transfers. The CFO also provided a list of banks the company sends wire transfers to. There are no external users that should be requesting wire transfers. The CFO is working with the bank to resolve the issue and needs your help to ensure that this does not happen again.

What two actions should you take? (Choose two.)

A.

Configure objectionable content to reject messages with the words “wire transfer.”

B.

Verify that DMARC, DKIM, and SPF records are configured correctly for your domain.

C.

Create a rule requiring secure transport for all messages regarding wire transfers.

D.

Add the sender of the wire transfer email to the blocked senders list.

E.

Enable all admin settings in Gmail's safety > spoofing and authentication.

Full Access
Question # 14

As the newly hired Admin in charge of Google Workspace, you learn that the organization has been using Google Workspace for months and has configured several security rules for accessing Google Drive. A week after you start your role, users start to complain that they cannot access Google Drive anymore from one satellite office and that they receive an error message that “a company policy is blocking access to this app.” The users have no issue with Gmail or Google Calendar. While investigating, you learn that both this office's Internet Service Provider (ISP) and the global IP address when accessing the internet were changed over the weekend. What is the most logical reason for this issue?

A.

An access level was defined based on the IP range and applied to Google Drive via Context-Aware Access.

B.

Under Drive and Docs > Sharing Settings, the “Whitelisted domains” list needs to be updated to add the new ISP domain.

C.

The Network Mask defined in Security > Settings > SSO with 3rd Party IdPs should be updated to reflect the new IP range.

D.

You need to raise a ticket to Google Cloud Support to have your new IP ranges registered for Drive API access.

Full Access
Question # 15

Your organization has hired a recruiting firm that is responsible for reviewing resumes and job descriptions of prospective summer interns. Employees at your organization need to collaborate with the external firm on these documents. You must set permissions and ensure the recruiting firm employees can't remove the files. What should you do?

A.

Create a Google Group, add the HR team, and create a shared folder for content storage and editing

B.

Enable client-side encryption for the organizational unit (OU) for which the HR team are members

C.

Create a Shared Drive and grant Content Manager access to the HR team

D.

Create a Shared Drive and grant Contributor access to the HR team

Full Access
Question # 16

An employee has left your organization and their Drive data must be retained for three years The retention rule has been set for three years You must ensure the employee's data is visible in Vault and accessible to the Vault Administrator in the most cost-effective way What should you do?

A.

Export the users Drive data from Vault, then delete the user.

B.

Assign an Archive User (AU) license to the user

C.

Change ownership of the Drive data to the user's Manager, then delete the user

D.

Suspend the user until the end of the three-year period

Full Access
Question # 17

The CEO of your company has indicated that messages from trusted contacts are being delivered to spam, and it is significantly affecting their work. The messages from these contacts have not always been classified

as spam. Additionally, you recently configured SPF, DKIM, and DMARC for your domain. You have been tasked with troubleshooting the issue.

What two actions should you take? (Choose two.)

A.

Obtain the message header and analyze using Google Workspace Toolbox.

B.

Review the contents of the messages in Google Vault.

C.

Set up a Gmail routing rule to whitelist the sender.

D.

Conduct an Email log search to trace the message route.

E.

Validate that your domain is not on the Spamhaus blacklist.

Full Access
Question # 18

A disgruntled employee has left your company and deleted all their email messages and files in Google Drive. The security team is aware that some intellectual property may have surfaced on a public social media site. What is the first step to start an investigation into this leak?

A.

Delete the user's account in the Admin Console.

B.

Transfer data between end user Workspace accounts.

C.

Instruct a Google Vault admin to create a matter, and place all the user data on ‘hold.’

D.

Use Google Vault to export all the user data and share among the security team.

Full Access
Question # 19

Your organization is about to expand by acquiring two companies, both of which are using Google Workspace. The CISO has mandated that strict ‘No external content sharing’ policies must be in place and followed. How should you securely configure sharing policies to satisfy both the CISO’s mandate while allowing external sharing with the newly acquired companies?

A.

Allow external sharing of Drive content for the IT group only.

B.

Create a Drive DLP policy that will allow sharing to only domains on an allowlist.

C.

Use shared drives to store the content, and share only individual files externally.

D.

Let users share files between the two companies by using the ‘Trusted Domains’ feature. Create an allowlist of the trusted domains, and choose sharing settings for the users.

Full Access
Question # 20

Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams, the security team, requires access to the Security Investigation Tool. What should you do?

A.

Assign the pre-built security admin role to the security team members.

B.

Create a Custom Admin Role with the Security Center privileges, and then assign the role to each of the security team members.

C.

Assign the Super Admin Role to the security team members.

D.

Create a Custom Admin Role with the security settings privilege, and then assign the role to each of the security team members.

Full Access
Question # 21

Your company has an OU that contains your sales team and an OU that contains your market research team. The sales team is often a target of mass email from legitimate senders, which is distracting to their job duties. The market research team also receives that email content, but they want it because it often contains interesting market analysis or competitive intelligence. Constant Contact is often used as the source of these messages. Your company also uses Constant Contact for your own mass email marketing. You need to set email controls at the Sales OU without affecting your own outgoing email or the market research OU.

What should you do?

A.

Create a blocked senders list as the Sales OU that contains the mass email sender addresses, but bypass this setting for Constant Contact emails.

B.

Create a blocked senders list at the root level, and then an approved senders list at the Market Research OU, both containing the mass email sender addresses.

C.

Create a blocked senders list at the Sales OU that contains the mass email sender addresses.

D.

Create an approved senders list at the Market Research OU that contains the mass email sender addresses.

Full Access
Question # 22

Your company’s compliance officer has requested that you apply a content compliance rule that will reject all external outbound email that has any occurrence of credit card numbers and your company’s account number syntax, which is AccNo. You need to configure a content compliance rule to scan email to meet these requirements.

Which combination of attributes will meet this objective?

A.

Name the rule > select Outbound and Internal Sending > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers > choose Reject.

B.

Name the rule > select Outbound > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers

> choose Reject

C.

Name the rule > select Outbound and Internal Sending > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.

D.

Name the rule > select Outbound > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.

Full Access
Question # 23

Your company works regularly with a partner. Your employees regularly send emails to your partner's employees. You want to ensure that the Partner contact information available to your employees will allow them to easily select Partner names and reduce sending errors.

What should you do?

A.

Educate users on creating personal contacts for the Partner Employees.

B.

Add a secondary domain for the Partner Company and create user entries for each Partner user.

C.

Create shared contacts in the Directory using the Directory API.

D.

Create shared contacts in the Directory using the Domain Shared Contacts API.

Full Access
Question # 24

Your organization recently had a sophisticated malware attack that was propagated through embedded macros in email attachments. As a Workspace administrator, you want to provide an additional layer of anti-malware protection over the conventional malware protection that is built into Gmail. What should you do to protect your users from future unknown malware in email attachments?

A.

Run queries in Security Investigation Tool.

B.

Turn on advanced phishing and malware protection.

C.

Enable Security Sandbox.

D.

Enable Gmail confidential mode.

Full Access
Question # 25

An employee at your organization is resigning They are in charge of organizing and maintaining recurring team events You want to preserve the existing meetings and transfer ownership to the resigning employee's manager What should you do?

A.

Assign an Archived User (AU) license for the resigning employee

B.

Delete the existing calendar events and instruct the manager to create new events as the owner

C.

Instruct the resigning employee to share free busy details for their calendar with their manager

D.

Transfer both the events and the resources owned by the resigning employee to their manager by using the Admin console

Full Access
Question # 26

Your organization is moving from a legacy mail system to Google Workspace This move will happen in phases During the first phase, some of the users in the domain are set up to use a different identity provider (IdP) for logging in You need to set up multiple idPs for various users What should you do?

A.

Enable single sign-on (SSO) with third-party identity providers and exclude the users who are using a different provider

B.

Enable single sign-on (SSO) with Cloud Identity and use Cloud Directory Sync to manage multiple identity providers

C.

Create Security Assertion Markup Language (SAML) based single sign-on (SSO) profiles and assign them to specific organizational units or groups of users.

D.

Nothing Google uses cookies to establish a user's relationship to a device This will cover multiple identity providers

Full Access
Question # 27

Your company has sales offices in Madrid, Tokyo, London, and New York. The outbound email for those offices needs to include the sales person's signature and a compliance footer. The compliance footer needs to say “Should you no longer wish to receive emails about this offer, please reply with UNSUBSCRIBE.” You are responsible for making sure that users cannot remove the footer.

What should you do?

A.

Send an email to each sales person with the instructions on how to add the footer to their Signature.

B.

Ensure that each sales team is in their own OU, and configure the Append Footer with the signature and footer content translated for each locale.

C.

Ensure that each sales team is in their own OU, and configure the Append Footer with footer content.

D.

Ensure that each sales team is in their own OU, and configure the Append Footer with the footer content translated for each locale.

Full Access
Question # 28

Your-company.com finance departments want to create an internal application that needs to read data from spreadsheets. As the collaboration engineer, you suggest using App Maker. The Finance team is concerned about data security when creating applications with App Maker.

What security measures should you implement to secure data?

A.

Use Roles, Script, and Owner access permissions for operations on records and data relations.

B.

Enable App Maker access only for the Finance department Organization Unit.

C.

Use a service account with limited permissions to access each data source.

D.

Change owner access permissions to allow internal usage only.

Full Access
Question # 29

You are the Workspace administrator for an international organization with Enterprise Plus Workspace licensing. A third of your employees are located in the United States, another third in Europe, and the other third geographically dispersed around the world. European employees are required to have their data stored in Europe. The current OU structure for your organization is organized by business unit, with no attention to user location. How do you configure Workspace for the fastest end user experience while also ensuring that European user data is contained in Europe?

A.

Configure a data region at the top level OU of your organization, and set the value to “Europe”.

B.

Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each.

C.

Configure a configuration group for European users, and set the data region to “Europe”.

D.

Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe.

Full Access
Question # 30

Users in your organization are routinely complaining that they receive messages containing words of profanity they find inappropriate in a professional setting. As the administrator what steps should you take to prevent the messages from being delivered to users mailboxes?

A.

Configure an objectionable content rule

B.

Configure an attachment compliance rule

C.

Enable optical character recognition (OCR)

D.

Set up a Gmail DLP policy.

Full Access
Question # 31

As a team manager, you need to create a vacation calendar that your team members can use to share their time off. You want to use the calendar to visualize online status for team members, especially if multiple individuals are on vacation What should you do to create this calendar?

A.

Request the creation of a calendar resource, configure the calendar to “Auto-accept invitations that do not conflict,” and give your team “See all event details” access.

B.

Create a secondary calendar under your account, and give your team “Make changes to events” access.

C.

Request the creation of a calendar resource, configure the calendar to “Automatically add all invitations to this calendar,” and give your team “See only free/busy” access.

D.

Create a secondary calendar under your account, and give your team “See only free/busy” access

Full Access
Question # 32

The human resources (HR) team needs a centralized place to share key documents with the entire organization while protecting confidential documents and mitigating the risk of losing documents when someone leaves. These documents must be editable by the HR team members. What is the best way to set this up?

A.

Have the HR lead create a folder in their MyDrive for the non-confidential files, give edit access to the HR team, and give view access to the organization.

B.

Create a shared drive for the non-confidential files, give the HR team manager access, and give contributor access to the entire organization.

C.

Create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization.

D.

Create a shared drive for all files, give the HR team content manager access, and give view access to the organization.

Full Access
Question # 33

Your company recently decided to use a cloud-based ticketing system for your customer care needs. You are tasked with rerouting email coming into your customer care address, customercare@your-company.com to the cloud platform’s email address, your-company@cloudprovider.com. As a security measure, you have mail forwarding disabled at the domain level.

What should you do?

A.

Create a mail contact in the Google Workspace directory that has an email address of your- company@cloudprovider.com

B.

Create a rule to forward mail in the customercare@your-company.com mailbox to your- company@cloudprovider.com

C.

Create a recipient map in the Google Workspace Admin console that maps customercare@your-company.com to your-company@cloudprovider.com

D.

Create a content compliance rule in the Google Workspace Admin console to change route to your- company@cloudprovider.com

Full Access
Question # 34

A user does not follow their sign-in pattern and signs In from an unusual location As an admin, what should you do in response to this alert for this user during this investigation?

A.

Add Two Factor Authentication to the Domain

B.

First suspend the account and then investigate

C.

Enhance your security alerts for tracking sign-in patterns

D.

Investigate the account for unauthorized activity in the Login and Security Audit Log

Full Access
Question # 35

Your company has received help desk calls from users about a new interface in Gmail that they had not seen before. They determined that it was a new feature that Google released recently. In the future, you'll need time to review the new features so you can properly train employees before they see changes.

What action should you take?

A.

Company Profile > Profile > New User Features > Enable “Scheduled Release”

B.

Apps > Google Workspace > Gmail > Uncheck “Enable Gmail Labs for my users”

C.

Company Profile > Profile > New User Features > Enable “Rapid Release”

D.

Device Management > Chrome > Device Settings > Stop auto-updates

Full Access
Question # 36

Your-company.com recently started using Google Workspace. The CIO is happy with the deployment, but received notifications that some employees have issues with consumer Google accounts (conflict accounts). You want to put a plan in place to address this concern.

What should you do?

A.

Use the conflict account remove tool to remove the accounts from Google Workspace.

B.

Rename the accounts to temp@your-company.com, and recreate the accounts.

C.

Ask users to request a new Google Workspace account from your local admin.

D.

Use the Transfer tool for unmanaged users to find the conflict accounts.

Full Access
Question # 37

Your organization has recently gone Google, but you are not syncing Groups yet. You plan to sync all of your Active Directory group objects to Google Groups with a single GCDS configuration.

Which scenario could require an alternative deployment strategy?

A.

Some of your Active Directory groups have sensitive group membership.

B.

Some of the Active Directory groups do not have owners.

C.

Some of the Active Directory groups have members external to organization.

D.

Some of the Active Directory groups do not have email addresses.

Full Access
Question # 38

Your sales team, which is organized as its own organizational unit, is prone to receiving malicious attachments. What action should you take, as an administrator, to apply an additional layer of protection in the admin console for your sales team without disrupting business operation?

A.

Configure an attachment compliance rule to send any emails with attachments received by users within the sales team organizational unit to an administrator quarantine.

B.

Configure an attachment compliance rule to strip any attachments received by users within the sales team organizational unit.

C.

Configure the security sandbox feature on the sales team organizational unit.

D.

Update the Email Allowlist in the admin console to only include IP addresses of known senders.

Full Access
Question # 39

The helpdesk at your organization reports that many users in multiple locations are not able to access Gmail, but can access other Workspace services. You must troubleshoot the issue What should you do first?

A.

Open a ticket with Google Support listing the affected users.

B.

Check the Google Workspace status dashboard to see whether there is a disruption in Gmail service availability

C.

Check the Google Workspace release calendar to ensure there’s not a Gmail upgrade scheduled

D.

Check network connectivity of the affected users

Full Access
Question # 40

By using Account Activity reports, you have flagged several users who are uploading large files. You want to ensure you don't run out of pooled storage and you want to stop the abuse. What should you do first?

A.

Email flagged users with a warning of possible abuse.

B.

Place the flagged users in a configuration group and set storage limits for the group.

C.

Use the Security Investigation Tool to set alerts on the flagged users.

D.

Warn the flagged users, and purchase more pooled storage to avoid hitting storage quotas.

Full Access
Question # 41

Employees at your organization frequently and mistakenly delete important emails that they receive from your payroll department The employees have to file support tickets for the IT team to find and restore these emails You must provide an automated solution that minimizes IT overhead and prevents these emails from being permanently deleted from their inboxes What should you do?

A.

Create a content compliance rule that targets internal messages Use an advanced content match for the sender header to match the

payroll department's email Quarantine the message so that administrators can review the email before they release it to the user

B.

Create an Apps Script project that uses the Gmail API to find any recently deleted emails and automatically restore them to the inboxes Set

the script trigger to be time-driven and run every hour

C.

Create a content compliance rule that targets all internal messages that are sent from the payroll department Modify the message by

prepending a custom subject line to all payroll emails so that employees know not to delete them

D.

Create an activity rule by using Gmail log events with two conditions one for the event of an email deletion and another that matches the header address to the payroll department's email Create an action that restores messages Set the rule to run every hour

Full Access
Question # 42

You work for an international organization and your CEO frequently travels to other countries You need to enable email access and configure the account for multiple administrative assistants What should you do?

A.

Log into the Gmail account of the CEO Set up and share two separate email aliases

B.

Enable users to specify what sender information is included in delegated messages sent from their account.

C.

Create a group of administrative assistants Enable delegated access to the mailbox of the CEO for that group

D.

Provide the executive administrative assistants with the account password of the CEO

Full Access
Question # 43

Your IT team is being asked to fulfill a query by your organization's legal department that requires an MBOX file that will be shared to a third-party partner for eDiscovery. The query must be run on multiple users. Legal has no admin rights to Google Vault. What should you do to fulfil the request?

A.

Create a Google Vault matter for each user account, and share the matters to the legal admin.

B.

Create a Google Vault matter, search for data, and run an export for the legal department.

C.

Use the Investigation Too! to search for the data requested, and export for the legal department.

D.

Search for the data in Gmail, and export for the legal department.

Full Access
Question # 44

With the help of a partner, you deployed Google Workspace last year and have seen the rapid pace of innovation and development within the platform. Your CIO has requested that you develop a method of staying up-to-date on all things Google Workspace so that you can be prepared to take advantage of new features and ensure that your organization gets the most out of the platform.

What should you do?

A.

Develop a cadence of regular roadmap and business reviews with your partner.

B.

Regularly scan the admin console and keep track of any new features you identify.

C.

Create a Feature Release alert in the Alert Center to be alerted to new functionality.

D.

Put half of your organization on the Rapid Release Schedule to highlight differences.

Full Access
Question # 45

You have enabled Automatic Room Replacement for your calendar resources, but it is not working for any instances of a conflict booking. What could be the issue?

A.

Automatic Room Replacement does not work on recurring events.

B.

This feature requires calendar event owners to have the Buildings and resources administrator privilege

C.

The calendar resources do not have the Resource Category configured as CONFERENCE_ROOM

D.

The events have more than 20 attendees.

Full Access
Question # 46

Your Accounts Payable department is auditing software license contracts companywide and has asked you to provide a report that shows the number of active and suspended users by organization unit, which has been set up to match the Regions and Departments within your company. You need to produce a Google Sheet that shows a count of all active user accounts and suspended user accounts by Org unit.

What should you do?

A.

From the Admin Console Billing Menu, turn off auto-assign, and then click into Assigned Users and export the data to Sheets.

B.

From the Admin Console Users Menu, download a list of all Users to Google Sheets, and join that with a list of ORGIDs pulled from the Reports API.

C.

From the Google Workspace Reports Menu, run and download the Accounts Aggregate report, and export the data to Google Sheets.

D.

From the Admin Console Users Menu, download a list of all user info columns and currently selected columns.

Full Access
Question # 47

Your organization has offices in Canada Italy and the United States You want to ensure that employees can access corporate Gmail and Drive from these three geographic locations only What should you do?

A.

Require the use of corporate devices for any access to corporate Gmail and Drive

B.

Use context-aware access to create access levels based on the geographic location and assign them to corporate Gmail and Drive

C.

Create address lists to restrict the delivery of incoming and outgoing messages and to block notifications from Google Doc comments

D.

Create data protection rules in Google Workspace that allow data access from only three geographic locations

Full Access
Question # 48

Your default Vault retention policy for Gmail is set to 365 days Your legal department has just informed you that emails sent and received by the customer support department are sensitive and must be retained for only 30 days You must enforce this new retention policy in the simplest way What should you do?

A.

Change the current default retention policy in Vault for Gmail to 30 days and apply it to the customer support organizational unit (OU) Configure a custom retention policy for Gmail for 365 days for your domain

B.

Create two custom retention policies in Vault one for 30 days that is applied to the customer support organizational unit (OU) and one for 365 days that is applied to all other OUs in your directory

C.

Change the current default retention policy for Gmail to 30 days Configure two custom retention policies in Vault one for 30 days that is applied to the customer support organizational unit (OU) and one for 365 days that is applied to all other OUs in your directory

D.

Create a custom retention policy in Vault for Gmail for 30 days and apply it to the customer support organizational unit (OU)

Full Access
Question # 49

Your company has just acquired a new group of users. They have been provisioned into the Google Workspace environment with your primary domain as their primary email address. These new users still need to receive emails from their previous domain. What is the best way to achieve this for these new users, without updating the information of pre­existing users?

A.

Add the acquired domain as an alias to the primary Google Workspace domain.

B.

Add the acquired domain as a secondary domain to the primary Google Workspace domain, and then update the email information of all new users with alias emails.

C.

Update the Google-provided test domain to be the domain of the acquired company, and then update the email information of all new users with alias emails.

D.

Without adding a domain, update each user's email information with the previous domain.

Full Access
Question # 50

Your organization has a strict requirement that your temporary employees can only send emails to and receive emails from specific external domains You must define a policy in Google Workspace that meets this requirement for users in the temporary employee organizational unit (OU) What should you do?

A.

Create a policy in Gmail settings that rewrites the recipient for outbound messages and quarantines incoming messages to review before delivery

B.

Add the allowed domains when configuring the restrict delivery setting in Gmail settings, and select the box to bypass for internal emails

C.

Restrict sending and receiving to Google Groups, and carefully curate the temporary employees" memberships

D.

Configure the restrict delivery setting to limit domains that the temporary employees can communicate with Allow Google Docs sharing

Full Access
Question # 51

On which two platforms can you push WiFi connection information with Google Workspace? (Choose two.)

A.

Mac OS

B.

Windows

C.

Chrome OS

D.

iOS

E.

Linux

Full Access
Question # 52

Your organization has a group of users who interact with sensitive information and their accounts contain valuable files You need to protect these users from targeted online attacks What should you do?

A.

Enable 2-Step Verification for those users and recommend they use Google Authenticator

B.

Enable 2-Step Verification for those users and recommend they use SMS codes

C.

Disable password recovery for end users

D.

Enroll all accounts for those users in the Advanced Protection Program

Full Access
Question # 53

You are in charge of automating and configuring Google Cloud Directory Sync for your organization. Within the config manager, how can you proactively prevent applying widespread deletions within your Workspace environment if your company’s LDAP undergoes a substantial modification?

A.

Manually run Google Cloud Directory Sync only after performing a simulated sync.

B.

Specify the minimum and maximum number of objects to synchronize in each configuration item.

C.

Configure the tool to delete users only when run from the config manager.

D.

Configure limits for the maximum number of deletions on each synchronization.

Full Access
Question # 54

All Human Resources employees at your company are members of the “HR Department” Team Drive. The HR Director wants to enact a new policy to restrict access to the “Employee Compensation” subfolder stored on that Team Drive to a small subset of the team.

What should you do?

A.

Use the Drive API to modify the permissions of the Employee Compensation subfolder.

B.

Use the Drive API to modify the permissions of the individual files contained within the subfolder.

C.

Move the contents of the subfolder to a new Team Drive with only the relevant team members.

D.

Move the subfolder to the HR Director's MyDrive and share it with the relevant team members.

Full Access
Question # 55

The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time. Your COO has found this useful in the past but when they went to find an email from last year to prove details of a contract in dispute, they were unable to find it. itis no longer in the Trash. They have requested that you recover it.

What should you do?

A.

Using Vault, perform a search for the email and export the content to a standard format to provide for investigation.

B.

Using the Message ID, contact Google Google Workspace support to recover the email, then import with Google Workspace Migration for Microsoft Outlook.

C.

Using the Vault Audit log, perform a search for the email, export the results. then import with Google Workspace Migration for Microsoft Outlook.

Full Access
Question # 56

Your organization is expected to start using Google Workspace Enterprise Standard in several countries. During the planning phase, the change management leadership team mandates that meeting rooms near each participant’s office location should be suggested when someone creates a Google Calendar event, to simplify the user experience and avoid booking rooms when people would not be able to move easily. What should you do?

A.

Organize users for each location in separate organizational units (OUs). Add room resources to the corresponding OUs so that meeting rooms would be suggested accordingly.

B.

Organize users for each location in separate Google Groups. Add room resources to the corresponding groups so that meeting rooms would be suggested accordingly.

C.

Share each room only with the Dynamic Group defined per each user location so that they can only book the rooms nearby.

D.

Define users' work locations by setting building ID. floor name, and floor section if applicable as the-buildings and rooms are defined.

Full Access
Question # 57

Your organization is in the process of deploying Google Drive for desktop so that your users can access Drive files directly from their desktops. For security reasons, you want to restrict Drive for desktop to only company-owned devices. What two steps should you take from the admin panel to restrict Drive for desktop to only company-owned devices?

Choose 2 answers

A.

Create a company-owned device inventory using an asset tag.

B.

Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply

C.

Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices

D.

Install the Google Endpoint Verification extension on machines using Drive for Desktop.

E.

Create a company-owned device inventory using serial numbers of devices.

Full Access
Question # 58

After a recent transition to Google Workspace, helpdesk has received a high volume of password reset requests and cannot respond in a timely manner. Your manager has asked you to determine how to resolve these requests without relying on additional staff.

What should you do?

A.

Create a custom Apps Script to reset passwords.

B.

Use a third-party tool for password recovery.

C.

Enable non-admin password recovery.

D.

Create a Google form to submit reset requests.

Full Access
Question # 59

Your company is using Google Workspace Enterprise Plus, and the Human Resources (HR) department is asking for access to Work Insights to analyze adoption of Google Workspace for all company employees. You assigned a custom role with the work Insights permission set as “view data for all teams” to the HR group, but it is reporting an error when accessing the application. What should you do?

A.

Allocate the “view data for all teams” permission to all employees of the company.

B.

Confirm that the Work Insights app is turned ON for all employees.

C.

Confirm in Security > API controls > App Access Controls that Work Insights API is set to “unrestricted.”

D.

Confirm in Reports > BigQuery Export that the job is enabled.

Full Access