How to pass Google Google-Workspace-Administrator exam with the help of dumps?

Question # 1

Your organization has implemented Single Sign-On (SSO) for the multiple cloud-based services it utilizes. During authentication, one service indicates that access to the SSO provider cannot be accessed due to invalid information. What should you do? 

A. Verify the NameID Element in the SAML Response matches the Assertion Consumer Service (ACS) URL. 
B. Verify the Audience Element in the SAML Response matches the Assertion Consumer Service (ACS) URL. 
C. Verify the Subject attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL. 
D. Verify the Recipient attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL. 

Show Answer

Question # 2

Your company moved to Google Workspace last month and wants to install Hangouts Meet Hardware in all of their conference rooms. This will allow employees to walk into a room and use the in-room hardware to easily join their scheduled meeting. A distributed training session is coming up, and the facilitator wants to make remote room joining even easier. Participants in remote rooms should walk into their room and begin receiving the training without having to take any actions to join the session. How should you accomplish this?

A. In the Admin Console, select the devices in Meeting Room Hardware, select Call, and Enter the meeting code. 
B. Room participants will need to start the meeting from the remote in the room.
 C. By adding the rooms to the Calendar invite, they will all auto-join at the scheduled time. 
D. Select Add Live Stream to the Calendar invite; all rooms added to the event will auto-join at the scheduled time. 

Show Answer

Question # 3

The application development team has come to you requesting that a new, internal, domain-owned Google Workspace app be allowed to access Google Drive APIs. You are currently restricting access to all APIs using approved whitelists, per security policy. You need to grant access for this app. What should you do? 

A. Enable all API access for Google Drive. 
B. Enable “trust domain owned apps” setting. 
C. Add OAuth Client ID to Google Drive Trusted List. 
D. Whitelist the app in the Google Workspace Marketplace.

Show Answer

Question # 4

The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time. Your COO has found this useful in the past but when they went to find an email from last year to prove details of a contract in dispute, they were unable to find it. itis no longer in the Trash. They have requested that you recover it. What should you do? 

A. Using Vault, perform a search for the email and export the content to a standard format to provide for investigation. 
B. Using the Message ID, contact Google Google Workspace support to recover the email, then import with Google Workspace Migration for Microsoft Outlook. 
C. Using the Vault Audit log, perform a search for the email, export the results. then import with Google Workspace Migration for Microsoft Outlook. 

Show Answer

Question # 5

Your CISO is concerned about third party applications becoming compromised and exposing Google Workspace data you have made available to them. How could you provide granular insight into what data third party applications are accessing? What should you do?

 A. Create a report using the OAuth Token Audit Activity logs. 
B. Create a report using the Calendar Audit Activity logs. 
C. Create a report using the Drive Audit Activity logs. 
D. Create a reporting using the API Permissions logs for Installed Apps. 

Show Answer

Question # 6

Your company is in the process of deploying Google Drive Enterprise for your sales organization. You have discovered that there are many unmanaged accounts across your domain. Your security team wants to manage these accounts moving forward. What should you do? 

A. Disable access to all “Other Services” in the Google Workspace Admin Console.
 B. Use the Transfer Tool for unmanaged accounts to invite users into the domain. 
C. Use the Data Migration Service to transfer the data to a managed account. 
D. Open a support ticket to have Google transfer unmanaged accounts into your domain. 

Show Answer

Question # 7

Your organization has recently gone Google, but you are not syncing Groups yet. You plan to sync all of your Active Directory group objects to Google Groups with a single GCDS configuration. Which scenario could require an alternative deployment strategy? 

A. Some of your Active Directory groups have sensitive group membership. 
B. Some of the Active Directory groups do not have owners. 
C. Some of the Active Directory groups have members external to organization. 
D. Some of the Active Directory groups do not have email addresses. 

Show Answer

Question # 8

A user does not follow their usual sign-in pattern and signs in from an unusual location. What type of alert is triggered by this event? 

A. Suspicious mobile activity alert. 
B. Suspicious login activity alert. 
C. Leaked password alert. 
D. User sign-in alert. 

Show Answer

Question # 9

Your organization is on Google Workspace Enterprise and allows for external sharing of Google Drive files to facilitate collaboration with other Google Workspace customers. Recently you have had several incidents of files and folders being broadly shared with external users and groups. Your chief security officer needs data on the scope of external sharing and ongoing alerting so that external access does not have to be disabled. What two actions should you take to support the chief security officer's request? (Choose two.) 

A. Review who has viewed files using the Google Drive Activity Dashboard. 
B. Create an alert from Drive Audit reports to notify of external file sharing. 
C. Review total external sharing in the Aggregate Reports section. 
D. Create a custom Dashboard for external sharing in the Security Investigation Tool.
 E. Automatically block external sharing using DLP rules. 

Show Answer

Question # 10

In the years prior to your organization moving to Google Workspace, it was relatively common practice for users to create consumer Google accounts with their corporate email address (for example, to monitor Analytics, manage AdSense, and collaborate in Docs with other partners who were on Google Workspace.) You were able to address active employees’ use of consumer accounts during the rollout, and you are now concerned about blocking former employees who could potentially still have access to those services even though they don't have access to their corporate email account. What should you do? 

A. Contact Google Enterprise Support to provide a list of all accounts on your domain(s) that access non-Google Workspace Google services and have them blocked. 
B. Use the Transfer Tool for Unmanaged Accounts to send requests to the former users to transfer their account to your domain as a managed account. 
C. Provide a list of all active employees to the managers of your company's Analytics, AdSense, etc. accounts, so they can clean up the respective access control lists.
D. Provision former user accounts with Cloud Identity licenses, generate a new Google password, and place them in an OU with all Google Workspace and Other Google Services disabled. 

Show Answer

Question # 11

Your company has decided to change SSO providers. Instead of authenticating into Google Workspace and other cloud services with an external SSO system, you will now be using Google as the Identity Provider (IDP) and SSO provider to your other third-party cloud services. What two features are essential to reconfigure in Google Workspace? (Choose two.) 

A. Apps > add SAML apps to your domain. 
B. Reconfigure user provisioning via Google Cloud Directory Sync. 
C. Replace the third-party IDP verification certificate. 
D. Disable SSO with third party IDP. 
E. Enable API Permissions for Google Cloud Platform. 

Show Answer

Question # 12

Your business partner requests that a new custom cloud application be set up to log in without having separate credentials. What is your business partner required to provide in order to proceed? 

A. Service provider logout URL 
B. Service provider ACS URL 
C. Identity Provider URL 
D. Service provider certificate 

Show Answer

Question # 13

The Director of your Finance department has asked to be alerted if two financial auditors share any files outside the domain. You need to set an Admin Alert on Drive Sharing. What should you do? 

A. Create a Google Group that has the two auditors as members, and then create a Drive DLP Rule that is assigned to that Group. 
B. Create a Content Compliance rule that looks for outbound share notifications from those two users, and Bcc the Director on those emails. 
C. Create two Drive Audit Alerts, one for each user, where the Visibility is “Shared Externally,” and email them to the Director. 
D. Check the Admin Console Dashboard Insights page periodically for external shares, and notify the Director of any changes.

Show Answer

Question # 14

Your client is a 5,000-employee company with a high turn-over rate that requires them to add and suspend user accounts. When new employees are onboarded, a user object is created in Active Directory. They have determined that manually creating the users in Google Workspace Admin Panel is time-consuming and prone to error. You need to work with the client to identify a method of creating new users that will reduce time and error. What should you do? 

A. Install Google Cloud Directory Sync on all Domain Controllers. 
B. Install Google Workspace Sync for Microsoft Outlook on all employees’ computers. 
C. Install Google Cloud Directory Sync on a supported server. 
D. Install Google Apps Manager to automate add-user scripts. 

Show Answer

Question # 15

The organization has conducted and completed Security Awareness Training (SAT) for all employees. As part of a new security policy, employees who did not complete the SAT have had their accounts suspended. The CTO has requested to be informed of any accounts that have been re-enabled to ensure no one is in violation of the new security policy. What should you do?

A. Enable “Suspicious login” rule - Other Recipients: CTO 
B. Enable “Suspended user made active” rule - Other Recipients: CTO
 C. Enable “Email settings changed” rule - -Other Recipients: CTO 
D. Enable “Suspended user made active” rule and select “Deliver to” Super Administrator(s) 

Show Answer

Question # 16

Your large organization, 80,000 users, has been on Google for two years. Your CTO wants to create an integrated team experience with Google Groups, Teams Drives, and Calendar. Users will use a Google Form and Apps Script to request a new “G-Team.” A “G-Team’ is composed of a Google Group and a Team Drive/ Secondary Calendar that is shared using that Google Group. What two design decisions are required to implement this workflow securely? (Choose two.) 

A. The Apps Script will need to run as a Google Workspace admin. 
B. You will need a Cloud SQL instance to store “G-Team’ data. 
C. The Google Form will need to be limited to internal users only. 
D. The Apps Script will need to run on a timed interval to process new entries. 
E. The Google Form will need to enforce Group naming conventions.

Show Answer

Question # 17

Your company (your-company.com) just acquired a new business (new-company.com) that is running their email on-premises. It is close to their peak season, so any major changes need to be postponed. However, you need to ensure that the users at the new business can receive email addressed to them using your- company.com into their on-premises email server. You need to set up an email routing policy to accomplish this. What steps should you take? 

A. Set up an Outbound Mail Gateway to route all outbound email to the on-premises server. 
B. Set up accounts for the new employees, and use mail forwarding rules to send to the on-premises server. 
C. Set up an Inbound Mail Gateway to reroute all inbound email to the on-premises server. 
D. Set up a Default route with split delivery to route email to the on-premises server. 

Show Answer

Question # 18

Your company has sales offices in Madrid, Tokyo, London, and New York. The outbound email for those offices needs to include the sales person's signature and a compliance footer. The compliance footer needs to say “Should you no longer wish to receive emails about this offer, please reply with UNSUBSCRIBE.” You are responsible for making sure that users cannot remove the footer. What should you do? 

A. Send an email to each sales person with the instructions on how to add the footer to their Signature. 
B. Ensure that each sales team is in their own OU, and configure the Append Footer with the signature and footer content translated for each locale. 
C. Ensure that each sales team is in their own OU, and configure the Append Footer with footer content. 
D. Ensure that each sales team is in their own OU, and configure the Append Footer with the footer content translated for each locale. 

Show Answer

Question # 19

Your company wants to provide secure access for its employees. The Chief Information Security Officer disabled peripheral access to devices, but wants to enable 2-Step verification. You need to provide secure access to the applications using Google Workspace. What should you do? 

A. Enable additional security verification via email. 
B. Enable authentication via the Google Authenticator. 
C. Deploy browser or device certificates via Google Workspace. 
D. Configure USB Yubikeys for all users. 

Show Answer

Question # 20

The CEO of your company has indicated that messages from trusted contacts are being delivered to spam, and it is significantly affecting their work. The messages from these contacts have not always been classified as spam. Additionally, you recently configured SPF, DKIM, and DMARC for your domain. You have been tasked with troubleshooting the issue. What two actions should you take? (Choose two.) 

A. Obtain the message header and analyze using Google Workspace Toolbox. 
B. Review the contents of the messages in Google Vault. 
C. Set up a Gmail routing rule to whitelist the sender. 
D. Conduct an Email log search to trace the message route. 
E. Validate that your domain is not on the Spamhaus blacklist. 

Show Answer

Question # 21

You are supporting an investigation that is being conducted by your litigation team. The current default retention policy for mail is 180 days, and there are no custom mail retention policies in place. The litigation team has identified a user who is central to the investigation, and they want to investigate the mail data related to this user without the user’s awareness. What two actions should you take? (Choose two.) 

A. Move the user to their own Organization Unit, and set a custom retention policy 
B. Create a matter using Google Vault, and share the matter with the litigation team members. 
C. Create a hold on the user’s mailbox in Google Vault 
D. Reset the user's password, and share the new password with the litigation team. 
E. Copy the user's data to a secondary account. 

Show Answer

Question # 22

Your company has received help desk calls from users about a new interface in Gmail that they had not seen before. They determined that it was a new feature that Google released recently. In the future, you'll need time to review the new features so you can properly train employees before they see changes. What action should you take?

 A. Company Profile > Profile > New User Features > Enable “Scheduled Release” 
B. Apps > Google Workspace > Gmail > Uncheck “Enable Gmail Labs for my users” 
C. Company Profile > Profile > New User Features > Enable “Rapid Release” 
D. Device Management > Chrome > Device Settings > Stop auto-updates 

Show Answer

Question # 23

Your Security Officer ran the Security Health Check and found the alert that “Installation of mobile applications from unknown sources” was occurring. They have asked you to find a way to prevent that from happening. Using Mobile Device Management (MDM), you need to configure a policy that will not allow mobile applications to be installed from unknown sources. What MDM configuration is needed to meet this requirement? 

A. In the Application Management menu, configure the whitelist of apps that Android and iOS devices are allowed to install. 
B. In the Application Management menu, configure the whitelist of apps that Android, iOS devices, and Active Sync devices are allowed to install. 
C. In Android Settings, ensure that “Allow non-Play Store apps from unknown sources installation” is unchecked. 
D. In Device Management > Setup > Device Approvals menu, configure the “Requires Admin approval” option. 

Show Answer

Question # 24

Your-company.com finance departments want to create an internal application that needs to read data from spreadsheets. As the collaboration engineer, you suggest using App Maker. The Finance team is concerned about data security when creating applications with App Maker. What security measures should you implement to secure data? 

A. Use Roles, Script, and Owner access permissions for operations on records and data relations.
 B. Enable App Maker access only for the Finance department Organization Unit. 
C. Use a service account with limited permissions to access each data source. 
D. Change owner access permissions to allow internal usage only. 

Show Answer

Question # 25

HR informs you that a user has been terminated and their account has been suspended. The user is part of a current legal investigation, and HR requires the user's email data to remain on hold. The terminated user's team is actively working on a critical project with files owned by the user. You need to ensure that the terminated user's content is appropriately kept before provisioning their license to a new user. What two actions should you take? (Choose two.) 

A. Extend the legal hold on the user's email data. 
B. Move project files to a Team Drive or transfer ownership. 
C. Rename the account to the new user starting next week.
 D. Delete the account, freeing up a Google Workspace License. 
E. Assign the terminated user account an Archive User license. 

Show Answer

Question # 26

A company has thousands of Chrome devices and bandwidth restrictions. They want to distribute the Chrome device updates over a period of days to avoid traffic spikes that would impact the low bandwidth network. Where should you enable this in the Chrome management settings? 

A. Randomly scatter auto-updates. 
B. Update over cellular. 
C. Disable Auto update. 
D. Throttle the bandwidth. 

Show Answer

Question # 27

Your chief compliance officer is concerned about API access to organization data across different cloud vendors. He has tasked you with compiling a list of applications that have API access to Google Workspace data, the data they have access to, and the number of users who are using the applications. How should you compile the data being requested? 

A. Review the authorized applications for each user via the Google Workspace Admin panel. 
B. Create a survey via Google forms, and collect the application data from users. 
C. Review the token audit log, and compile a list of all the applications and their scopes. 
D. Review the API permissions installed apps list, and export the list. 

Show Answer

Question # 28

Your company has just received a shipment of ten Chromebooks to be deployed across the company, four of which will be used by remote employees. In order to prepare them for use, you need to register them in Google Workspace. What should you do? 

A. Turn on the Chromebook and press Ctrl+Alt+E at the login screen to begin enterprise enrollment.
 B. In Chrome Management | Device Settings, enable Forced Re-enrollment for all devices. 
C. Turn on the chromebook and log in as a Chrome Device admin. Press Ctrl+Alt+E to begin enterprise enrollment. 
D. Instruct the employees to log in to the Chromebook. Upon login, the auto enrollment process will begin. 

Show Answer

Question # 29

You are using Google Cloud Directory Sync to manage users. You performed an initial sync of nearly 1,000 mailing lists to Google Groups with Google Cloud Directory Sync and now are planning to manage groups directly from Google. Over half the groups have been configured with incorrect settings, including who can post, who can join, and which groups can have external members. You need to update groups to be configured correctly. What should you do? 

A. Use the bulk upload with CSV feature in the Google Workspace Admin panel to update all Groups. 
B. Update your configuration file and resync mailing lists with Google Cloud Directory Sync. 
C. Create and assign a custom admin role for all group owners so they can update settings. 
D. Use the Groups Settings API to update Google Groups with desired settings. 

Show Answer

Question # 30

In your organization, users have been provisioned with either Google Workspace Enterprise, Google Workspace Business, or no license, depending on their job duties, and the cost of user licenses is paid out of each division's budget. In order to effectively manage the license disposition, team leaders require the ability to look up the type of license that is currently assigned, along with the last logon date, for their direct reports. You have been tasked with recommending a solution to the Director of IT, and have gathered the following requirements: Team leaders must be able to retrieve this data on their own (i.e., self-service). Team leaders are not permitted to have any level of administrative access to the Google Workspace Admin panel. Team leaders must only be able to look up data for their direct reports. The data must always be current to within 1 week. Costs must be mitigated. What approach should you recommend?

A. Export log data to BigQuery with custom scopes. 
B. Use a third-party tool. 
C. Use App Script and filter views within a Google Sheet. 
D. Create an app using AppMaker and App Script.

Show Answer

Question # 31

After a recent transition to Google Workspace, helpdesk has received a high volume of password reset requests and cannot respond in a timely manner. Your manager has asked you to determine how to resolve these requests without relying on additional staff. What should you do? 

A. Create a custom Apps Script to reset passwords.
 B. Use a third-party tool for password recovery. 
C. Enable non-admin password recovery.
 D. Create a Google form to submit reset requests. 

Show Answer

Question # 32

Your Accounts Payable department is auditing software license contracts companywide and has asked you to provide a report that shows the number of active and suspended users by organization unit, which has been set up to match the Regions and Departments within your company. You need to produce a Google Sheet that shows a count of all active user accounts and suspended user accounts by Org unit. What should you do? 

A. From the Admin Console Billing Menu, turn off auto-assign, and then click into Assigned Users and export the data to Sheets. 
B. From the Admin Console Users Menu, download a list of all Users to Google Sheets, and join that with a list of ORGIDs pulled from the Reports API. 
C. From the Google Workspace Reports Menu, run and download the Accounts Aggregate report, and export the data to Google Sheets. 
D. From the Admin Console Users Menu, download a list of all user info columns and currently selected columns. 

Show Answer

Question # 33

After migrating to Google Workspace, your legal team requests access to search all email and create litigation holds for employees who are involved with active litigation. You need to help the legal team meet this request. What should you do? 

A. Add the legal team to the User Management Admin system role. 
B. Add the legal team to the Google Vault Google Group. 
C. Create a custom role with Google Vault access, and add the legal team. 
D. Create a matter in Google Vault, and share with the legal team.

Show Answer

Question # 34

Your company has been engaged in a lawsuit, and the legal department has been asked to discover and hold all email for two specific users. Additionally, they have been asked to discover and hold any email referencing “Secret Project 123.” What steps should you take to satisfy this request? 

A. Create a Matter and a Hold. Set the Hold to Gmail, set it to the top level Organization, and set the search terms to “secret project 123.” Create a second Hold. Set the second Hold to Gmail, set it to Accounts, and enter: user1 @your-company.com, user2@yourcompany.com. Save. 
B. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and set the usernames to: user1@your-company.com, user2@your-company. Set the search terms to: (secret project 123). Save. 
C. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and enter: user1@your- company.com AND user2@your-company.com. Set the search terms to: secret AND project AND 123. Save. 
D. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and set the usernames to: user1@your-company.com, user2@your-company. Set the search terms to secret OR project OR 123. Save. 

Show Answer

Question # 35

You have configured your Google Workspace account on the scheduled release track to provide additional time to prepare for new product releases and determine how they will impact your users. There are some new features on the latest roadmap that your director needs you to test as soon as they become generally available without changing the release track for the entire organization. What should you do? 

A. Create a new OU and tum on the rapid release track just for this OU.
 B. Create a new Google Group with test users and enable the rapid release track. 
C. Establish a separate Dev environment, and set it to rapid release. 
D. Ask Google for a demo account with beta access to the new features. 

Show Answer

Question # 36

Your company has an OU that contains your sales team and an OU that contains your market research team. The sales team is often a target of mass email from legitimate senders, which is distracting to their job duties. The market research team also receives that email content, but they want it because it often contains interesting market analysis or competitive intelligence. Constant Contact is often used as the source of these messages. Your company also uses Constant Contact for your own mass email marketing. You need to set email controls at the Sales OU without affecting your own outgoing email or the market research OU. What should you do?

A. Create a blocked senders list as the Sales OU that contains the mass email sender addresses, but bypass this setting for Constant Contact emails. 
B. Create a blocked senders list at the root level, and then an approved senders list at the Market Research OU, both containing the mass email sender addresses. 
C. Create a blocked senders list at the Sales OU that contains the mass email sender addresses. 
D. Create an approved senders list at the Market Research OU that contains the mass email sender addresses.

Show Answer

Question # 37

Your company recently migrated to Google Workspace and wants to deploy a commonly used third-party app to all of finance. Your OU structure in Google Workspace is broken down by department. You need to ensure that the correct users get this app. What should you do? 

A. For the Finance OU, enable the third-party app in SAML apps. 
B. For the Finance OU, enable the third-party app in Marketplace Apps. 
C. At the root level, disable the third-party app. For the Finance OU, allow users to install any application from the Google Workspace Marketplace. 
D. At the root level, disable the third-party app. For the Finance OU, allow users to install only whitelisted apps from the Google Workspace Marketplace. 

Show Answer

Question # 38

A company using Google Workspace has reports of cyber criminals trying to steal usernames and passwords to access critical business data. You need to protect the highly sensitive user accounts from unauthorized access. What should you do? 

A. Turn on password expiration. 
B. Enforce 2FA with a physical security key. 
C. Use a third-party identity provider. 
D. Enforce 2FA with Google Authenticator app.

Show Answer

Question # 39

Your organization is part of a highly regulated industry with a very high turnover. In order to recycle licenses for new employees and comply with data retention regulations, it has been determined that certain Google Workspace data should be stored in a separate backup environment. How should you store data for this situation? 

A. Use routing rules to dual-deliver mail to an on-premises SMTP server and Google Workspace. 
B. Write a script and use Google Workspace APIs to access and download user data. 
C. Use a third-party tool to configure secure backup of Google Workspace data.
D. Train users to use Google Takeout and store their archives locally. 

Show Answer