Visit Official SkillCertPro Website :-
For a full set of 200+ questions. Go to
https://skillcertpro.com/product/professional-google-workspace-administrator-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
Your organization is concerned with the increasing threat of phishing attacks that may impact users. Leadership has declined to force-enable 2-Step verification. You need to apply a security measure to prevent unauthorized access to user accounts. What should you do?
A. Enable Enforce Strong Password policy.
B. Enable Employee ID Login Challenge.
C. Decrease the Maximum User Session Length.
D. Revoke token authorizations to external applications.
Answer: B
Explanation:
You can use employee IDs as a login challenge. Employee IDs are more difficult to guess and phish than other types of identity challenges. To use the employee ID login challenge, you need to make sure that IDs are associated with your users‘accounts.
Reference Links:
https://support.google.com/a/answer/6002699?hl=en
Question 2:
The CEO of your company has indicated that messages from trusted contacts are being delivered to spam, and it is significantly affecting their work. The messages from these contacts have not always been classified as spam. Additionally, you recently configured SPF, DKIM, and DMARC for your domain. You have been tasked with troubleshooting the issue.What two actions should you take? (Choose two.)
A. Obtain the message header and analyze using G Suite Toolbox.
B. Review the contents of the messages in Google Vault.
C. Set up a Gmail routing rule to whitelist the sender.
D. Conduct an Email log search to trace the message route.
E. Validate that your domain is not on the Spamhaus blacklist.
Answer: A, C
Explanation:
A will help to determine why the message is considered as Spam. and maybe C : it will prevent the sender to be considered as Spam again but it is not troubleshooting, it is solving the issue without knowing why it happens. B will allow to access all the email content, not only the header but you are not a human spam detector. D. Email log search will only tell you “Spam detected“, no more information than with A. E is useless since it is an inbound issue.
Question 3:
Your company has acquired a new company in Japan and wants to add all employees of the acquisition to your existing Google Workspace domain. The new company will retain its original domain for email addresses and, due to the very sensitive nature of its work, the new employees should not be visible in the global directory. However, they should be visible within each company‘s separate directory. What should you do to meet these requirements?
A. Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead.
B. Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts.
C. Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU.
D. Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.
Answer: D
Explanation:
Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group. To meet the requirements, you should create one dynamic group for each company based on a custom attribute defining the company, such as the company name. Then, in Directory Settings > Visibility Settings, define custom directories for each company and set up visibility according to the dynamic group. This will allow the new employees to be visible within their respective company‘s directory, but not in the global directory. Additionally, since the new company will retain its original domain for email addresses, you will need to set up domain sharing to allow the new employees to access the existing domain‘s resources.
Question 4:
Your organization has noticed several incidents of accidental oversharing inside the organization. Specifically, several users have shared sensitive Google Drive items with the entire organization by clicking ‘anyone in this group with this link can view’. You have been asked by senior management to help users share more appropriately and also to prevent accidental oversharing to the entire organization. How would you best accomplish this?
A. Create groups, add users accordingly, and educate users on how to share to specific groups of people.
B. Disable sharing to the entire organization so that users must consciously add every person who needs access.
C. Determine sharing boundaries for users that work with sensitive information, and then implement target audiences.
D. Temporarily disable the Google Drive service for individuals who continually overshare.
Answer: A
Explanation:
Option A is CORRECT because Create groups, add users accordingly, and educate users on how to share to specific groups of people is the best approach to help users share more appropriately and prevent accidental oversharing. This approach provides a way to group users based on shared responsibilities, and enables users to share Drive items with specific groups of people instead of sharing with the entire organization. Educating users on how to share to specific groups helps them understand the risks of oversharing and provides guidance on how to share effectively while minimizing the risk of oversharing sensitive information.
Question 5:
Your organization is about to expand by acquiring two companies, both of which are using Google Workspace. The CISO has mandated that strict ‘No external content sharing’ policies must be in place and followed. How should you securely configure sharing policies to satisfy both the CISO’s mandate while allowing external sharing with the newly acquired companies?
A. Allow external sharing of Drive content for the IT group only.
B. Create a Drive DLP policy that will allow sharing to only domains on an allowlist.
C. Use shared drives to store the content, and share only individual files externally.
D. Let users share files between the two companies by using the ‘Trusted Domains’ feature. Create an allowlist of the trusted domains, and choose sharing settings for the users.
Answer: B
Explanation:
For both Rule 1 and Rule 2:
Option B is CORRECT because to satisfy the CISO‘s mandate and still allow external sharing with the newly acquired companies, it is recommended to use a Drive Data Loss Prevention (DLP) policy to enforce strict content sharing policies. The policy should be configured to only allow sharing with domains that are on an allowlist. This will ensure that users can only share content with the acquired companies while restricting any other external sharing. This approach is more secure than allowing external sharing for the IT group only or using the Trusted Domains feature, as it provides a more granular level of control over external sharing. Additionally, using shared drives to store the content and sharing only individual files externally could be a good approach, but it does not address the CISO‘s mandate of strict no external content sharing policies.
For a full set of 200+ questions. Go to
https://skillcertpro.com/product/professional-google-workspace-administrator-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
Your organization recently deployed Google Workspace. Your admin team has been very focused on configuring the core services for your environment, which has left you little time to pay attention to other areas. Your security team has just informed you that many users are leveraging unauthorized add-ons, and they are concerned about data exfiltration. The admin team wants you to cut off all add-ons access to Workspace data immediately and block all future add-ons until further notice. However, they approve of users leveraging their Workspace accounts to sign into third-party sites. What should you do?
A. Modify your Marketplace Settings to block users from installing any app from the Marketplace.
B. Set all API services to “restricted access” and ensure that all connected apps have limited access.
C. Remove all client IDs and scopes from the list of domain-wide delegation API clients.
D. Block each connected app‘s access.
Answer: D
Explanation:
Option D is CORRECT because to cut off all add-on access to Workspace data immediately and block all future add-ons, you should block each connected app‘s access. You can do this by going to the Google Admin console, then to Security > API controls, and select the option to manage third-party app access. Here, you can view and manage the third-party apps that your users have authorized to access their Workspace data. From here, you can revoke access to specific apps or to all apps at once. Once access is revoked, the third-party apps will no longer be able to access your users‘ Workspace data.
Question 7:
You received this email from the head of marketing:Hello Workspace Admin:Next week, a new consultant will be starting on the “massive marketing mailing” project. We want to ensure that they can view contact details of the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that you can help with?What are two of the steps you need to perform to fulfill this request? (Choose two.)
A. Create an isolated OU for the consultants who need the restricted contacts access.
B. Create a group that includes the contacts that the consultant is allowed to view.
C. Apply the role of owner to the consultant in the group settings.
D. Create the consultant inside under the marketing OU.
E. Ensure that you have the Administrator Privilege of Services > Services settings and that Services >Contacts > Contacts Settings Message is set.
Answer: B, C
Explanation:
The two steps that need to be performed to fulfill this request are: B. Create a group that includes the contacts that the consultant is allowed to view: You can create a group with the contacts that the consultant is allowed to view and give the consultant access to this group. C. Apply the role of owner to the consultant in the group settings: Once the group is created, you can assign the role of owner to the consultant in the group settings so that they have the necessary permissions to view the contacts.
Question 8:
Which of the following is a valid way to configure Google Workspace mobile management settings?
A. Use the Admin console to configure mobile management settings for specific organizational units
B. Use the Admin console to configure mobile management settings for specific users
C. Use the Admin console to configure mobile management settings for specific apps
D. Use the Admin console to configure mobile management settings for the entire domain
Answer: A, C
Explanation:
Option A is the correct proposition as it allows the administrator to configure mobile management settings for specific organizational units. This is a more efficient way to manage mobile devices as it allows the administrator to apply different policies and settings to different groups of users based on their roles and responsibilities within the organization. Option B is incorrect as it only allows the administrator to configure mobile management settings for specific users, which can be time-consuming and inefficient for larger organizations. Option C is incorrect as it only allows the administrator to configure mobile management settings for specific apps, which is not a comprehensive solution for managing mobile devices. Option D is incorrect as it only allows the administrator to configure mobile management settings for the entire domain, which may not be suitable for organizations with different departments and user groups that require different policies and settings.
Question 9:
As the Google Workspace administrator for your organization, you want to monitor user activity related to Google Drive to ensure compliance with company policies. Which option in the Admin Console should you use?
A. Access Transparency Logs
B. Login Audit Log
C. Drive Audit
D. Admin Audit Log
Answer: C
Explanation:
A. Access Transparency Logs: This option allows administrators to monitor actions taken by Google staff on their organization‘s data. It does not provide information on user activity related to Google Drive. B. Login Audit Log: This option allows administrators to monitor user sign-in activity, including successful and failed attempts. It does not provide information on user activity related to Google Drive. C. Drive Audit: This option allows administrators to monitor user activity related to Google Drive, including file uploads, downloads, and sharing. It also allows administrators to set up alerts for specific actions and download activity reports. D. Admin Audit Log: This option allows administrators to monitor actions taken by other administrators in the Admin Console, such as user and group management. It does not provide information on user activity related to Google Drive. Therefore, the most suitable option for monitoring user activity related to Google Drive is C. Drive Audit.
Question 10:
Which of the following statements is true about Google Workspace compliance requirements?
A. Compliance requirements can vary depending on the industry of the organization
B. Compliance requirements are the same for all organizations using Google Workspace
C. Compliance requirements can be ignored if the organization is a small business
D. Compliance requirements only apply to certain Google Workspace services
Answer: A
Explanation:
Different industries have different regulations and laws that they must comply with, and this can affect the compliance requirements for using Google Workspace. For example, healthcare organizations have strict regulations around patient data privacy, while financial institutions have regulations around data security and retention. Therefore, it is important for organizations to understand their industry-specific compliance requirements when using Google Workspace. B. Incorrect. Compliance requirements can vary depending on the industry and size of the organization. C. Incorrect. Compliance requirements cannot be ignored, regardless of the size of the organization. D. Incorrect. Compliance requirements apply to all Google Workspace services, not just certain ones.
For a full set of 200+ questions. Go to
https://skillcertpro.com/product/professional-google-workspace-administrator-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.