December/2022 Latest Braindump2go Google-Workspace-Administrator Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go Google-Workspace-Administrator Real Exam Questions!
As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?
A. In the GCDS configuration manager, update the group deletion policy setting to “don’t delete Google groups not found in LDAP.”
B. Use the Directory API to check and update the group’s membership after the GCDS sync is completed.
C. Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.
D. In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”
Don’t delete Google Groups not found in LDAP If checked, Google Group deletions in your Google domain are disabled, even when the Groups aren’t in your LDAP server.
Your marketing department needs an easy way for users to share items more appropriately. They want to easily link-share Drive files within the marketing department, without sharing them with your entire company. What should you do to fulfil this request? (Choose two.)
A. Create a shared drive that’s shared internally organization-wide.
B. Update Drive sharing for the marketing department to restrict to internal.
C. Create a shared drive for internal marketing use.
D. Update the link sharing default to the marketing team when creating a document.
E. In the admin panel Drive settings, create a target audience that has all of marketing as members.
Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams, the security team, requires access to the Security Investigation Tool. What should you do?
A. Assign the pre-built security admin role to the security team members.
B. Create a Custom Admin Role with the Security Center privileges, and then assign the role to each of the security team members.
C. Assign the Super Admin Role to the security team members.
D. Create a Custom Admin Role with the security settings privilege, and then assign the role to each of the security team members.
Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices?
A. Navigate to “Data Protection” setting in Google Admin Console’s Device management section and disable the “Allow users to copy data to personal apps” checkbox.
B. Disable “Open Docs in Unmanaged Apps” setting in Google Admin Console’s Device management section.
C. Navigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management.
D. Clear the “Allow items created with managed apps to open in unmanaged apps” checkbox.
Allow users to copy Google Workspace items to personal apps
Allows users to copy content from a Google app (such as Gmail, Drive, Docs, Sheets, Slides, Chat, and Meet) to a Google app in their personal account or a third-party app. Also allows users to drag content between Google apps, for any account.
To prevent users from copying or dragging information from their work account, or using the All inboxes feature (which combines messages from multiple Gmail accounts into one inbox), uncheck the box.
Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)
A. Confirm that the user has a Google Workspace Enterprise Plus license.
B. Delete and recreate a new Context-Aware Access device policy.
C. Check whether device policy application is installed on users’ devices.
D. Confirm that the user has at least a Google Workspace Business license.
E. Check whether Endpoint Verification is installed on users’ desktops.
Your organization has enabled spoofing protection against unauthenticated domains. You are receiving complaints that email from multiple partners is not being received. While investigating this issue, you find that emails are all being sent to quarantine due to the configured safety setting. What should be the next step to allow uses to review these emails and reduce the internal complaints while keeping your environment secure?
A. Add your partner domains IPs to the Inbound Gateway setting.
B. Change the spoofing protection to deliver the emails to spam instead of quarantining them.
C. Add your partner sending IP addresses to an allowlist.
D. Change the spoofing protection to deliver the emails to inboxes with a custom warning instead of quarantining them.
As the Workspace Administrator, you have been asked to delete a temporary Google Workspace user account in the marketing department. This user has created Drive documents in My Documents that the marketing manager wants to keep after the user is gone and removed from Workspace. The data should be visible only to the marketing manager. As the Workspace Administrator, what should you do to preserve this user’s Drive data?
A. In the user deletion process, select “Transfer” in the data in other apps section and add the manager’s email address.
B. Use Google Vault to set a retention period on the OU where the users reside.
C. Before deleting the user, add the user to the marketing shared drive as a contributor and move the documents into the new location.
D. Ask the user to create a folder under MyDrive, move the documents to be shared, and then share that folder with the marketing team manager.
As a Google Workspace administrator for your organization, you are tasked with controlling which third-party apps can access Google Workspace data. Before implementing controls, as a first step in this process, you want to review all the third-party apps that have been authorized to access Workspace data. What should you do?
A. Open Admin Console > Security > API Controls > App Access Control > Manage Third Party App Access.
B. Open Admin Console > Security > API Controls > App Access Control > Manage Google Services.
C. Open Admin Console > Security > Less Secure Apps.
D. Open Admin Console > Security > API Controls > App Access Control > Settings.
Your organization wants more visibility into actions taken by Google staff related to your data for audit and security reasons. They are specifically interested in understanding the actions performed by Google support staff with regard to the support cases you have opened with Google. What should you do to gain more visibility?
A. From Google Admin Panel, go to Audit, and select Access Transparency Logs.
B. From Google Admin Panel, go to Audit, and select Login Audit Log.
C. From Google Admin Panel, go to Audit, and select Rules Audit Log.
D. From Google Admin Panel, go to Audit, and select Admin Audit Log.
Google staff logs related to accessing user content are stored in Access Transparency logs.
Your organization recently had a sophisticated malware attack that was propagated through embedded macros in email attachments. As a Workspace administrator, you want to provide an additional layer of anti-malware protection over the conventional malware protection that is built into Gmail. What should you do to protect your users from future unknown malware in email attachments?
A. Run queries in Security Investigation Tool.
B. Turn on advanced phishing and malware protection.
C. Enable Security Sandbox.
D. Enable Gmail confidential mode.
Your organization’s information security team has asked you to determine and remediate if a user ([email protected]) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately?
A. Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is [email protected]
B. Have the super administrator use the Security API to audit Drive access.
C. As a super administrator, change the access on externally shared Drive files manually under [email protected]
D. Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for [email protected]
A user is reporting that external, inbound messages from known senders are repeatedly being incorrectly classified as spam. What steps should the admin take to prevent this behavior in the future?
A. Modify the SPF record for your internal domain to include the IPs of the external user’s mail servers.
B. Update the spam settings in the Admin Console to be less aggressive.
C. Add the sender’s domain to an allowlist via approved senders in the Admin Console.
D. Instruct the user to add the senders to their contacts.
The credentials of several individuals within your organization have recently been stolen. Using the Google Workspace login logs, you have determined that in several cases, the stolen credentials have been used in countries other than the ones your organization works in. What else can you do to increase your organization’s defense-in-depth strategy?
A. Implement an IP block on the malicious user’s IPs under Security Settings in the Admin Console.
B. Use Context-Aware Access to deny access to Google services from geo locations other than the ones your organization operates in.
C. Enforce higher complexity passwords by rolling it out to the affected users.
D. Use Mobile device management geo-fencing to prevent malicious actors from using these stolen credentials.
You are the Workspace administrator for an international organization with Enterprise Plus Workspace licensing. A third of your employees are located in the United States, another third in Europe, and the other third geographically dispersed around the world. European employees are required to have their data stored in Europe. The current OU structure for your organization is organized by business unit, with no attention to user location. How do you configure Workspace for the fastest end user experience while also ensuring that European user data is contained in Europe?
A. Configure a data region at the top level OU of your organization, and set the value to “Europe”.
B. Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each.
C. Configure a configuration group for European users, and set the data region to “Europe”.
D. Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe.
As a team manager, you need to create a vacation calendar that your team members can use to share their time off. You want to use the calendar to visualize online status for team members, especially if multiple individuals are on vacation What should you do to create this calendar?
A. Request the creation of a calendar resource, configure the calendar to “Auto-accept invitations that do not conflict,” and give your team “See all event details” access.
B. Create a secondary calendar under your account, and give your team “Make changes to events” access.
C. Request the creation of a calendar resource, configure the calendar to “Automatically add all invitations to this calendar,” and give your team “See only free/busy” access.
D. Create a secondary calendar under your account, and give your team “See only free/busy” access.
Your Finance team has to share quarterly financial reports in Sheets with an external auditor. The external company is not a Workspace customer and allows employees to access public sites such as Gmail and Facebook. How can you provide the ability to securely share content to collaborators that do not have a Google Workspace or consumer (Gmail) account?
A. Allow external sharing with the auditor using the ‘Trusted Domains’ feature.
B. Enable the ‘Visitor Sharing’ feature, and demonstrate it to the Finance team.
C. Use the ‘Publish’ feature in the Sheets editor to share the contents externally.
D. Attach the Sheet file to an email message, and send to the external auditor.
Your organization has noticed several incidents of accidental oversharing inside the organization. Specifically, several users have shared sensitive Google Drive items with the entire organization by clicking ‘anyone in this group with this link can view’. You have been asked by senior management to help users share more appropriately and also to prevent accidental oversharing to the entire organization. How would you best accomplish this?
A. Create groups, add users accordingly, and educate users on how to share to specific groups of people.
B. Disable sharing to the entire organization so that users must consciously add every person who needs access.
C. Determine sharing boundaries for users that work with sensitive information, and then implement target audiences.
D. Temporarily disable the Google Drive service for individuals who continually overshare.
You are a Workspace Administrator with a mix of Business Starter and Standard Licenses for your users. A Business Starter User in your domain mentions that they are running out of Drive Storage Quota. Without deleting data from Drive, what two actions can you take to alleviate the quota concerns for this user? (Choose two.)
A. Add other users as “Editors” on the Drive object, thus spreading the storage quota debt between all of them.
B. Manually export and back up the data locally, and delete the affected files from Drive to alleviate the debt.
C. Make another user the “Owner” of the Drive objects, thus transferring the storage quota debt to them.
D. Perform an API query for large storage drive objects, and delete them, thus alleviating the quota debt.
E. Move the affected items to a Shared Drive. Shared Drives transfer ownership of the drive item to the domain itself, which alleviates the quota debt from that user.
Your organization is preparing to deploy Workspace and will continue using your company’s existing identity provider for authentication and single sign-on (SSO). In order to migrate data from an external system, you were required to provision each user’s account in advance. Your IT team and select users (~5% of the organization) have been using Workspace for configuration and testing purposes. The remainder of the organization can technically access their accounts now, but the IT team wants to block their access until the migrations are complete. What should your organization do?
A. Remove Google Workspace license to prevent users from accessing their accounts now.
B. Suspend users that the organization does not wish to have access.
C. Add the users to the OU with all services disabled.
D. Use Context-Aware Access to simultaneously block access to all services for all users and allow access to all services for the allowed users.
Your company has acquired a new company in Japan and wants to add all employees of the acquisition to your existing Google Workspace domain. The new company will retain its original domain for email addresses and, due to the very sensitive nature of its work, the new employees should not be visible in the global directory. However, they should be visible within each company’s separate directory. What should you do to meet these requirements?
A. Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead.
B. Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts.
C. Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU.
D. Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.
You are in the middle of migrating email from on-premises Microsoft Exchange to Google Workspace. Users that you have already migrated are complaining of messages from internal users going into spam folders. What should you do to ensure that internal messages do not go into Gmail spam while blocking spoofing attempts?
A. Train users to click on Not Spam button for emails.
B. Add all users of your domain to an approved sender list.
C. Force TLS for your domain.
D. Ensure that your inbound gateway is configured with all of your Exchange server IP addresses.
Approved senders list – Approved senders are trusted users that send email to your organization. Create an address list of approved senders so messages from these users bypass Gmail’s spam filters, and recipients can decide whether they are spam or not. Create the list with individual email addresses, or by adding an entire domain.
A user is reporting that after they sign in to Gmail, their labels are not loading and buttons are not responsive. What action should you take to troubleshoot this issue with the user?
A. Collect full message headers for examination.
B. Check whether the issue occurs when the user authenticates on a different device or a new incognito window.
C. Check whether a ping test to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.
D. Check whether traceroute to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.
A retail company has high employee turnover due to the cyclical nature in the consumer space. The increase in leaked confidential content has created the need for a specific administrative role to monitor ongoing employee security investigations. What step should you take to increase the visibility of such investigations?
A. Assign the ‘Services Admin’ role to an administrator with ‘Super Admin’ privileges.
B. Create a ‘Custom Role’ and add all the Google Vault privileges for a new administrator.
C. Validate that the new administrator has access to Google Vault.
D. Create a ‘Custom Role’ and add the ability to manage Google Vault matters, holds, searches, and exports.
A subset of users from the finance and human resources (HR) teams need to share documents with an external vendor. However, external content sharing is prohibited for the entire finance team. What would be the most secure method to enable external sharing for this set of users?
A. Download and attach the documents to a Gmail message, and send them to the external vendor.
B. Move all users from the finance org unit to the HR org unit.
C. Enable ‘Visitor Sharing’ for the entire finance org unit.
D. Create a group with the finance and HR users who need to share externally.
As the newly hired Admin in charge of Google Workspace, you learn that the organization has been using Google Workspace for months and has configured several security rules for accessing Google Drive. A week after you start your role, users start to complain that they cannot access Google Drive anymore from one satellite office and that they receive an error message that “a company policy is blocking access to this app.” The users have no issue with Gmail or Google Calendar. While investigating, you learn that both this office’s Internet Service Provider (ISP) and the global IP address when accessing the internet were changed over the weekend. What is the most logical reason for this issue?
A. An access level was defined based on the IP range and applied to Google Drive via Context-Aware Access.
B. Under Drive and Docs > Sharing Settings, the “Whitelisted domains” list needs to be updated to add the new ISP domain.
C. The Network Mask defined in Security > Settings > SSO with 3rd Party IdPs should be updated to reflect the new IP range.
D. You need to raise a ticket to Google Cloud Support to have your new IP ranges registered for Drive API access.
An end user informs you that they are having issues receiving mail from a specific sender that is external to your organization. You believe the issue may be caused by the external entity’s SPF record being incorrectly configured. Which troubleshooting step allows you to examine the full message headers for the offending message to determine why the messages are not being delivered?
A. Use the Postmaster Tools API to pull the message headers.
B. Use the Email Log Search to directly review the message headers.
C. Use the Security Investigation Tool to review the message headers.
D. Perform an SPF record check on the domain to determine whether their SPF record is valid.
You have been asked to support an investigation that your litigation team is conducting. The current default retention policy for mail is 180 days, and there are no custom mail retention policies in place. The litigation team has identified a user who is central to the investigation, and they want to investigate the mail data related to this user without the user’s awareness. What two actions should you take? (Choose two.)
A. Move the user to their own Organization Unit, and set a custom retention policy.
B. Create a hold on the user’s mailbox in Google Vault.
C. Reset the user’s password, and share the new password with the litigation team.
D. Copy the user’s data to a secondary account.
E. Create a matter using Google Vault, and share the matter with the litigation team members.
A recent legal investigation requires all emails and Google Drive documents from a specific user to be retrieved. As the administrator, how can you fulfill the legal team’s request?
A. Use Security Investigation Tool to Search Google Drive events for all of the user’s documents, and use Google Admin > Reports > Email Log Search to find their emails.
B. Search Google Drive for all of the user’s documents, and ask them to forward all of their emails.
C. Use the Gmail API and Google Drive API to automatically collect and export data.
D. Utilize Google Vault to hold, search, and export data of interest.
What steps does an administrator need to take to enforce TLS with a particular domain?
A. Enable email safety features with the receiving domain.
B. Set up secure transport compliance with the receiving domain.
C. Configure an alternate secure route with the receiving domain.
D. Set up DKIM authentication with the receiving domain.
1.2022 Latest Braindump2go Google-Workspace-Administrator Exam Dumps (PDF & VCE) Free Share:
2.2022 Latest Braindump2go Google-Workspace-Administrator PDF and VCE Dumps Free Share:
3.2022 Free Braindump2go Google-Workspace-Administrator Exam Questions Download:
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!
|One Time Purchase||✔||✖||✖||✖||✖|
|100% Pass Guarantee||✔||✖||✖||✖||✖|
|100% Money Back||✔||✖||✖||✖||✖|