Google Professional Google Workspace Administrator Exam Practice Questions (P. 1)
- Full Access (151 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?
- AIn the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.”Most Voted
- BUse the Directory API to check and update the group’s membership after the GCDS sync is completed.
- CConfirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.
- DIn the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”
Correct Answer:
A
A

Absolutely, the key to handling this GCDS scenario lies in adjusting the group deletion policy settings. By setting it to “don't delete Google groups not found in LDAP”, you safeguard those manually managed groups from being unintentionally deleted during the sync process. This setting ensures that only the groups found in LDAP are synced and managed, while those not found are left untouched, preserving any manual configurations.
send
light_mode
delete
Question #2
Your marketing department needs an easy way for users to share items more appropriately. They want to easily link-share Drive files within the marketing department, without sharing them with your entire company. What should you do to fulfil this request? (Choose two.)
- ACreate a shared drive that's shared internally organization-wide.
- BUpdate Drive sharing for the marketing department to restrict to internal.
- CCreate a shared drive for internal marketing use.Most Voted
- DUpdate the link sharing default to the marketing team when creating a document.
- EIn the admin panel Drive settings, create a target audience that has all of marketing as members.Most Voted
Correct Answer:
BE
BE

Adjusting the Drive sharing settings to restrict sharing within the marketing department streamlines the process to prevent unwanted external access. This internal restriction ensures that sensitive material is kept within a controlled group. Additionally, setting up a specific target audience comprising solely of marketing personnel on the Google admin panel further refines this control mechanism by prompting users automatically to select the appropriate audience when sharing files, thus reducing mishaps in file distribution. These tweaks provide a tailored solution that aligns with the marketing department's requirements for secure and efficient file sharing.
send
light_mode
delete
Question #3
Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams, the security team, requires access to the Security Investigation Tool. What should you do?
- AAssign the pre-built security admin role to the security team members.
- BCreate a Custom Admin Role with the Security Center privileges, and then assign the role to each of the security team members.Most Voted
- CAssign the Super Admin Role to the security team members.
- DCreate a Custom Admin Role with the security settings privilege, and then assign the role to each of the security team members.
Correct Answer:
B
B

When providing the security team access specifically to the Security Investigation Tool, it's best to tailor their permissions closely to their roles to enhance security and operational effectiveness. Option B achieves this by allowing for the creation of a custom role that includes specific privileges for the Security Center, focusing particularly on the Investigation Tool. This approach minimizes broader access to other functions that aren't necessary for the team's responsibilities, upholding security integrity while effectively meeting the team's needs.
send
light_mode
delete
Question #4
Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices?
- ANavigate to “Data Protection” setting in Google Admin Console's Device management section and disable the “Allow users to copy data to personal apps” checkbox.Most Voted
- BDisable “Open Docs in Unmanaged Apps” setting in Google Admin Console’s Device management section.
- CNavigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management.
- DClear the “Allow items created with managed apps to open in unmanaged apps” checkbox.
Correct Answer:
A
A

To effectively prevent data exfiltration on iOS devices within your organization, go to the Google Admin Console and navigate to Devices > Mobile and endpoints > iOS settings > Data sharing. Here, make sure to disable the "Allow users to copy data to personal apps" checkbox. This setting directly controls whether users can move content from Google Workspace apps in their work account to their personal account or third-party apps, ensuring that work data remains secure and contained within the designated work environment.
send
light_mode
delete
Question #5
Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)
- AConfirm that the user has a Google Workspace Enterprise Plus license.Most Voted
- BDelete and recreate a new Context-Aware Access device policy.
- CCheck whether device policy application is installed on users’ devices.
- DConfirm that the user has at least a Google Workspace Business license.
- ECheck whether Endpoint Verification is installed on users’ desktops.Most Voted
Correct Answer:
CE
CE

To effectively enforce context-aware access policies in Google Workspace, start by ensuring that Endpoint Verification is correctly installed and operational on each user's desktop. This tool is crucial as it identifies and verifies managed devices, thereby restricting access to approved hardware only. Additionally, having the appropriate Google Workspace license—Enterprise Plus—is essential as it enables advanced security features, including context-aware access control. Ensuring these elements are in place first will help identify why the access policies may not be functioning as expected.
send
light_mode
delete
All Pages