The latest Google Professional Google Workspace Administrator certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Google Professional Google Workspace Administrator exam and earn Google Professional Google Workspace Administrator certification.
Table of Contents
- Question 81
- Exam Question
- Correct Answer
- Question 82
- Exam Question
- Correct Answer
- Reference
- Question 83
- Exam Question
- Correct Answer
- Question 84
- Exam Question
- Correct Answer
- Explanation
- Question 85
- Exam Question
- Correct Answer
- Reference
- Question 86
- Exam Question
- Correct Answer
- Question 87
- Exam Question
- Correct Answer
- Question 88
- Exam Question
- Correct Answer
- Explanation
- Reference
- Question 89
- Exam Question
- Correct Answer
- Explanation
- Reference
- Question 90
- Exam Question
- Correct Answer
Question 81
Exam Question
Your Security Officer ran the Security Health Check and found the alert that “Installation of mobile applications from unknown sources” was occurring. They have asked you to find a way to prevent that from happening.
Using Mobile Device Management (MDM), you need to configure a policy that will not allow mobile applications to be installed from unknown sources.
What MDM configuration is needed to meet this requirement?
A. In the Application Management menu, configure the whitelist of apps that Android and iOS devices are allowed to install.
B. In the Application Management menu, configure the whitelist of apps that Android, iOS devices, and Active Sync devices are allowed to install.
C. In Android Settings, ensure that “Allow non-Play Store apps from unknown sources installation” is unchecked.
D. In Device Management > Setup > Device Approvals menu, configure the “Requires Admin approval” option.
Correct Answer
C. In Android Settings, ensure that “Allow non-Play Store apps from unknown sources installation” is unchecked.
Question 82
Exam Question
Your company uses a whitelisting approach to manage third-party apps and add-ons. The Senior VP of Sales & Marketing has urgently requested access to a new Marketplace app that has not previously been vetted. The company’s Information Security policy empowers you, as a Google Workspace admin, to grant provisional access immediately if all of the following conditions are met:
- Access to the app is restricted to specific individuals by request only.
- The app does not have the ability to read or manage emails.
- Immediate notice is given to the Infosec team, followed by the submission of a security risk analysis report within 14 days.
Which actions should you take first to ensure that you are compliant with Infosec policy?
A. Add the Marketplace app, then review the authorized scopes in Security > Manage API client access.
B. Confirm that the Senior VP’s OU has the following Gmail setting disabled before whitelisting the app: “Let users delegate access to their mailbox.”
C. Search the Google Workspace support forum for feedback about the app to include in the risk analysis report.
D. Move the Senior VP to a sub-OU before enabling Marketplace Settings > “Allow Users to Install Any App from Google Workspace Marketplace.”
Correct Answer
A. Add the Marketplace app, then review the authorized scopes in Security > Manage API client access.
Reference
Google Workspace Admin Help > Integrate 3rd-party and custom apps > Control external access to Google Workspace data > Control which third-party & internal apps access Google Workspace data
Question 83
Exam Question
Your organization has been on Google Workspace Enterprise for one year. Recently, an admin turned on public link sharing for Drive files without permission from security. Your CTO wants to get better insight into changes that are made to the Google Workspace environment. The chief security officer wants that data brought into your existing SIEM system.
What are two ways you should accomplish this? (Choose two.)
A. Use Apps Script and the Reports API to export admin audit data to your existing SIEM system.
B. Use the BigQuery export to send drive audit data to the existing SIEM system via custom code.
C. Use the Data Export Tool to export admin audit data to your existing SIEM system.
D. Use Apps Script and the Reports API to export drive audit data to the existing SIEM system.
E. Use the BigQuery export to send admin audit data to the existing SIEM system via custom code.
Correct Answer
A. Use Apps Script and the Reports API to export admin audit data to your existing SIEM system.
E. Use the BigQuery export to send admin audit data to the existing SIEM system via custom code.
Question 84
Exam Question
Your company wants to provide secure access for its employees. The Chief Information Security Officer disabled peripheral access to devices, but wants to enable 2-Step verification. You need to provide secure access to the applications using Google Workspace.
What should you do?
A. Enable additional security verification via email.
B. Enable authentication via the Google Authenticator.
C. Deploy browser or device certificates via Google Workspace.
D. Configure USB Yubikeys for all users.
Correct Answer
B. Enable authentication via the Google Authenticator.
Explanation
Enable authentication via the Google Authenticator is the only secure option since USB device aren’t usable. Google Authenticator is the most secure option after physical key.
Question 85
Exam Question
Your organization does not allow users to share externally. The security team has recently approved an exemption for specific members of the marketing team and sales to share documents with external customers, prospects, and partners.
How best would you achieve this?
A. Enable external sharing only to allowlisted domains provided by marketing and sales teams.
B. Create a configuration group with the approved users as members, and enable external sharing for this group.
C. Enable external sharing for the marketing and sales organizational units.
D. Create a configuration group with the approved users as members, and use it to create a target audience.
Correct Answer
B. Create a configuration group with the approved users as members, and enable external sharing for this group.
Reference
Google Workspace Admin Help > Advanced user management > Apply policies to different users > Customize service settings with configuration groups > Using configurations groups for service settings
Question 86
Exam Question
The application development team has come to you requesting that a new, internal, domain-owned Google Workspace app be allowed to access Google Drive APIs. You are currently restricting access to all APIs using approved whitelists, per security policy. You need to grant access for this app.
What should you do?
A. Enable all API access for Google Drive.
B. Enable “trust domain owned apps” setting.
C. Add OAuth Client ID to Google Drive Trusted List.
D. Whitelist the app in the Google Workspace Marketplace.
Correct Answer
C. Add OAuth Client ID to Google Drive Trusted List.
Question 87
Exam Question
What action should be taken to configure alerting related to phishing attacks?
A. Set up an Admin audit log event alert.
B. Set up a Token audit log event alert.
C. Set up an email settings changed alert.
D. Set up a suspicious login event alert.
Correct Answer
D. Set up a suspicious login event alert.
Question 88
Exam Question
Your company recently acquired an organization that was not leveraging Google Workspace. Your company is currently using Google Cloud Directory Sync (GCDS) to sync from an LDAP directory into Google Workspace. You want to deploy a second instance of GCDS and apply the same strategy with the newly acquired organization, which also has its users in an LDAP directory.
How should you change your GCDS instance to ensure that the setup is successful? (Choose two.)
A. Provide your current GCDS instance with admin credentials to the recently acquired organization’s LDAP directory.
B. Add an LDAP sync rule to your current GCDS instance in order to synchronize new users.
C. Set up exclusion rules to ensure that users synced from the acquired organization’s LDAP are not, suspended.
D. Set up an additional instance of GCDS running on another server, and handle the acquired organization’s synchronization.
E. Upgrade to the multiple LDAP version of GCDS.
Correct Answer
C. Set up exclusion rules to ensure that users synced from the acquired organization’s LDAP are not, suspended.
D. Set up an additional instance of GCDS running on another server, and handle the acquired organization’s synchronization.
Explanation
GCDS can only sync from a single LDAP directory. If you have multiple LDAP directories, it is recommended that you consolidate your LDAP server data into a single directory. You need to run 2 separate GCDS instances while creating exclusion rules to prevent suspensions/deletions.
Reference
Google Workspace Admin Help > Google Cloud Directory Sync > GCDS FAQ
Question 89
Exam Question
You are in charge of automating and configuring Google Cloud Directory Sync for your organization. Within the config manager, how can you proactively prevent applying widespread deletions within your Workspace environment if your company’s LDAP undergoes a substantial modification?
A. Configure the tool to delete users only when run from the config manager.
B. Manually run Google Cloud Directory Sync only after performing a simulated sync.
C. Specify the minimum and maximum number of objects to synchronize in each configuration item.
D. Configure limits for the maximum number of deletions on each synchronization.
Correct Answer
D. Configure limits for the maximum number of deletions on each synchronization.
Explanation
You can use limits with Google Cloud Directory Sync (GCDS) to set the maximum number of deletions permitted on each simulation or synchronization. If it reaches this limit, GCDS stops and does not sync any changes.
Reference
Google Workspace Admin Help > Google Cloud Directory Sync > More options… > Use limits with GCDS
Question 90
Exam Question
The CEO of your company has indicated that messages from trusted contacts are being delivered to spam, and it is significantly affecting their work. The messages from these contacts have not always been classified
as spam. Additionally, you recently configured SPF, DKIM, and DMARC for your domain. You have been tasked with troubleshooting the issue.
What two actions should you take? (Choose two.)
A. Obtain the message header and analyze using Google Workspace Toolbox.
B. Review the contents of the messages in Google Vault.
C. Set up a Gmail routing rule to whitelist the sender.
D. Conduct an Email log search to trace the message route.
E. Validate that your domain is not on the Spamhaus blacklist.
Correct Answer
A. Obtain the message header and analyze using Google Workspace Toolbox.
C. Set up a Gmail routing rule to whitelist the sender.