Google Google Workspace Administrator Übungsprüfungen
Zuletzt aktualisiert am 27.04.2025- Prüfungscode: Google Workspace Administrator
- Prüfungsname: Professional Google Workspace Administrator
- Zertifizierungsanbieter: Google
- Zuletzt aktualisiert am: 27.04.2025
Your organization has a group of users who interact with sensitive information and their accounts contain valuable files You need to protect these users from targeted online attacks.
What should you do?
- A . Enable 2-Step Verification for those users and recommend they use Google Authenticator
- B . Enable 2-Step Verification for those users and recommend they use SMS codes
- C . Disable password recovery for end users
- D . Enroll all accounts for those users in the Advanced Protection Program
Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app.
What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices?
- A . Navigate to “Data Protection” setting in Google Admin Console’s Device management section and disable the “Allow users to copy data to personal apps” checkbox.
- B . Disable “Open Docs in Unmanaged Apps” setting in Google Admin Console’s Device management section.
- C . Navigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management.
- D . Clear the “Allow items created with managed apps to open in unmanaged apps” checkbox.
How can you secure highly sensitive data during an engagement using Google Workspace?
- A . Enable external sharing for all domains.
- B . Provision accounts for external users and disable external sharing.
- C . Use Drive DLP rules to prevent external sharing of sensitive data.
- D . Create a Team Drive with restricted memberships and sharing settings.
Your large organization, 80,000 users, has been on Google for two years. Your CTO wants to create an integrated team experience with Google Groups, Teams Drives, and Calendar. Users will use a Google Form and Apps Script to request a new “G-Team.” A “G-Team’ is composed of a Google Group and a Team Drive/ Secondary Calendar that is shared using that Google Group.
What two design decisions are required to implement this workflow securely? (Choose two.)
- A . The Apps Script will need to run as a Google Workspace admin.
- B . You will need a Cloud SQL instance to store “G-Team’ data.
- C . The Google Form will need to be limited to internal users only.
- D . The Apps Script will need to run on a timed interval to process new entries.
- E . The Google Form will need to enforce Group naming conventions.
What causes a sign-in issue when a user’s username changes in a third-party SSO product?
- A . Incorrect Google password.
- B . The SAML assertion presents a conflicting username.
- C . Revoked user certificate.
- D . Outdated password in SAML assertion.
Your organization has a data loss prevention (DLP) rule to detect and warn users about external sharing of sensitive files in Google Drive You also want to prevent external users from downloading files with viewer permissions to their local machines.
What should you do?
- A . Do nothing. View-only Drive files automatically prevent the user from downloading the files
- B . Modify the existing DLP rule to Disable download, print, and copy for commenters and viewers
- C . Create a new DLP rule by using the existing content detector conditions but change the action for the new rule to Disable download. print, and copy for commenters and viewers
- D . Create a new DLP rule and set the scope to the organizational unit or group that you want to restrict
Your organization is migrating to Google Workspace and wants to improve how newly created files are classified You must find a scalable solution to improve security and transparency on how to handle sensitive files.
What should you do?
- A . Set data loss prevention (DLP) policies to label data automatically disable label locking, and educate users
- B . Create classification labels enable automatic classification, and educate users
- C . Migrate data to Google Workspace map classifications and migrate with the Drive Labels API
- D . Integrate with the Cloud DLP API map identifiers and classifications install the Google Drive label client and run the application
Your organization is moving from a legacy mail system to Google Workspace This move will happen in phases During the first phase, some of the users in the domain are set up to use a different identity provider (IdP) for logging in You need to set up multiple idPs for various users.
What should you do?
- A . Enable single sign-on (SSO) with third-party identity providers and exclude the users who are using a different provider
- B . Enable single sign-on (SSO) with Cloud Identity and use Cloud Directory Sync to manage multiple identity providers
- C . Create Security Assertion Markup Language (SAML) based single sign-on (SSO) profiles and assign them to specific organizational units or groups of users.
- D . Nothing Google uses cookies to establish a user’s relationship to a device This will cover multiple identity providers
The helpdesk at your organization reports that many users in multiple locations are not able to access Gmail, but can access other Workspace services. You must troubleshoot the issue.
What should you do first?
- A . Open a ticket with Google Support listing the affected users.
- B . Check the Google Workspace status dashboard to see whether there is a disruption in Gmail service availability
- C . Check the Google Workspace release calendar to ensure there’s not a Gmail upgrade scheduled
- D . Check network connectivity of the affected users
As a Google Workspace administrator for your organization, you are tasked with identifying how users are reporting their messages―whether spam, not spam, or phishing―for a specific time period.
How do you find this information?
- A . Open Admin Console > Security > Dashboard > User Reports.
- B . Open Admin Console > Security > Dashboard > Spam Filter- Phishing.
- C . Use Reports API to query user Gmail activity.
- D . Open Admin Console > Reporting > Email Log Search.