• Home
  • Blogs
  • The Best Google-Workspace-Administrator Exam Study Material Premium Files and Preparation Tool (Mar-2023) [Q16-Q40]

The Best Google-Workspace-Administrator Exam Study Material Premium Files and Preparation Tool (Mar-2023) [Q16-Q40]

Share

The Best Google-Workspace-Administrator Exam Study Material Premium Files and Preparation Tool (Mar-2023)

Get Instant Access to Google-Workspace-Administrator Practice Exam Questions

NEW QUESTION 16
In the years prior to your organization moving to Google Workspace, it was relatively common practice for users to create consumer Google accounts with their corporate email address (for example, to monitor Analytics, manage AdSense, and collaborate in Docs with other partners who were on Google Workspace.) You were able to address active employees' use of consumer accounts during the rollout, and you are now concerned about blocking former employees who could potentially still have access to those services even though they don't have access to their corporate email account.
What should you do?

  • A. Provide a list of all active employees to the managers of your company's Analytics, AdSense, etc. accounts, so they can clean up the respective access control lists.
  • B. Use the Transfer Tool for Unmanaged Accounts to send requests to the former users to transfer their account to your domain as a managed account.
  • C. Provision former user accounts with Cloud Identity licenses, generate a new Google password, and place them in an OU with all Google Workspace and Other Google Services disabled.
  • D. Contact Google Enterprise Support to provide a list of all accounts on your domain(s) that access non-Google Workspace Google services and have them blocked.

Answer: B

Explanation:
https://support.google.com/a/answer/6178640?hl=en

 

NEW QUESTION 17
A disgruntled employee has left your company and deleted all their email messages and files in Google Drive. The security team is aware that some intellectual property may have surfaced on a public social media site. What is the first step to start an investigation into this leak?

  • A. Delete the user's account in the Admin Console.
  • B. Instruct a Google Vault admin to create a matter, and place all the user data on 'hold.'
  • C. Use Google Vault to export all the user data and share among the security team.
  • D. Transfer data between end user Workspace accounts.

Answer: B

 

NEW QUESTION 18
In your organization, users have been provisioned with either Google Workspace Enterprise, Google Workspace Business, or no license, depending on their job duties, and the cost of user licenses is paid out of each division's budget. In order to effectively manage the license disposition, team leaders require the ability to look up the type of license that is currently assigned, along with the last logon date, for their direct reports.
You have been tasked with recommending a solution to the Director of IT, and have gathered the following requirements:
Team leaders must be able to retrieve this data on their own (i.e., self-service).
Team leaders are not permitted to have any level of administrative access to the Google Workspace Admin panel.
Team leaders must only be able to look up data for their direct reports.
The data must always be current to within 1 week.
Costs must be mitigated.
What approach should you recommend?

  • A. Export log data to BigQuery with custom scopes.
  • B. Use a third-party tool.
  • C. Create an app using AppMaker and App Script.
  • D. Use App Script and filter views within a Google Sheet.

Answer: C

Explanation:
https://support.google.com/a/answer/9682494?hl=en

 

NEW QUESTION 19
Your company is deploying Chrome devices. You want to make sure the machine assigned to the employee can only be signed in to by that employee and no one else.
What two things should you do? (Choose two.)

  • A. Enable a Device Policy of Restrict Sign In to List of Users, and add the employee email address.
  • B. Enroll a 2-Factor hardware key on the device using the employee email address.
  • C. Disable Guest Mode and Public Sessions.
  • D. Enable a Device Policy of Sign In Screen and add the employee email address.
  • E. Enable a User Policy of Multiple Sign In Access and add just the employee email address.

Answer: A,C

Explanation:
https://support.google.com/chrome/a/answer/1375678?hl=en

 

NEW QUESTION 20
Your company's compliance officer has requested that you apply a content compliance rule that will reject all external outbound email that has any occurrence of credit card numbers and your company's account number syntax, which is AccNo. You need to configure a content compliance rule to scan email to meet these requirements.
Which combination of attributes will meet this objective?

  • A. Name the rule > select Outbound and Internal Sending > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.
  • B. Name the rule > select Outbound > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers
    > choose Reject
  • C. Name the rule > select Outbound > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.
  • D. Name the rule > select Outbound and Internal Sending > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers > choose Reject.

Answer: C

Explanation:
https://www.shieldq.com/en-gb/Google-apps-content-compliance

 

NEW QUESTION 21
Your company uses a whitelisting approach to manage third-party apps and add-ons. The Senior VP of Sales
& Marketing has urgently requested access to a new Marketplace app that has not previously been vetted. The company's Information Security policy empowers you, as a Google Workspace admin, to grant provisional access immediately if all of the following conditions are met:
Access to the app is restricted to specific individuals by request only.
The app does not have the ability to read or manage emails.
Immediate notice is given to the Infosec team, followed by the submission of a security risk analysis report within 14 days.
Which actions should you take first to ensure that you are compliant with Infosec policy?

  • A. Search the Google Workspace support forum for feedback about the app to include in the risk analysis report.
  • B. Confirm that the Senior VP's OU has the following Gmail setting disabled before whitelisting the app: "Let users delegate access to their mailbox."
  • C. Add the Marketplace app, then review the authorized scopes in Security > Manage API client access.
  • D. Move the Senior VP to a sub-OU before enabling Marketplace Settings > "Allow Users to Install Any App from Google Workspace Marketplace."

Answer: C

Explanation:
https://support.google.com/a/answer/7281227?hl=en

 

NEW QUESTION 22
A user has traveled overseas for an extended trip to meet with several vendors. The user has reported that important draft emails have not been saved in Gmail, which is affecting their productivity. They have been constantly moving between hotels, vendor offices, and airport lounges.
You have been tasked with troubleshooting the issue remotely. Your first priority is diagnosing and preventing this from happening again, and your second priority is recovering the drafts if possible. Due to time zone differences, and the user's busy meeting schedule, you have only been able to arrange a brief Hangouts Meet with the user to gather any required troubleshooting inputs.
What two actions should be taken on this call with the user? (Choose two.)

  • A. Use the Email log search in the Admin panel.
  • B. Record a HAR file of the user composing a new email.
  • C. Take screenshots of the user's screen when composing an email.
  • D. Check the Users > App Users Activity report.
  • E. Ask the user to send an email to you so you can check the headers.

Answer: B,C

 

NEW QUESTION 23
Your company (your-company.com) just acquired a new business (new-company.com) that is running their email on-premises. It is close to their peak season, so any major changes need to be postponed. However, you need to ensure that the users at the new business can receive email addressed to them using your- company.com into their on-premises email server. You need to set up an email routing policy to accomplish this.
What steps should you take?

  • A. Set up an Inbound Mail Gateway to reroute all inbound email to the on-premises server.
  • B. Set up a Default route with split delivery to route email to the on-premises server.
  • C. Set up an Outbound Mail Gateway to route all outbound email to the on-premises server.
  • D. Set up accounts for the new employees, and use mail forwarding rules to send to the on-premises server.

Answer: B

Explanation:
https://support.google.com/a/answer/2685650?hl=en
"...If you're migrating to Gmail from a legacy server, use split delivery to test Gmail with a subset of users. During the testing, the MX records for your domain point to Gmail. Users who have been added in the Admin console get messages in their Gmail inboxes. Set up a catch-all routing rule for unregistered users who need to get messages from the legacy mail server."

 

NEW QUESTION 24
The organization has conducted and completed Security Awareness Training (SAT) for all employees. As part of a new security policy, employees who did not complete the SAT have had their accounts suspended. The CTO has requested to be informed of any accounts that have been re-enabled to ensure no one is in violation of the new security policy.
What should you do?

  • A. Enable "Suspicious login" rule - Other Recipients: CTO
  • B. Enable "Email settings changed" rule - -Other Recipients: CTO
  • C. Enable "Suspended user made active" rule and select "Deliver to" Super Administrator(s)
  • D. Enable "Suspended user made active" rule - Other Recipients: CTO

Answer: D

Explanation:
CTO must be informed when creating the Suspended user made active-A suspended user is made active by an admin Alert. Ref: https://support.google.com/a/answer/3230421?hl=en#zippy=%2Cuser-activity-alerts

 

NEW QUESTION 25
Your large organization, 80,000 users, has been on Google for two years. Your CTO wants to create an integrated team experience with Google Groups, Teams Drives, and Calendar. Users will use a Google Form and Apps Script to request a new "G-Team." A "G-Team' is composed of a Google Group and a Team Drive/ Secondary Calendar that is shared using that Google Group.
What two design decisions are required to implement this workflow securely? (Choose two.)

  • A. The Apps Script will need to run on a timed interval to process new entries.
  • B. The Apps Script will need to run as a Google Workspace admin.
  • C. The Google Form will need to enforce Group naming conventions.
  • D. You will need a Cloud SQL instance to store "G-Team' data.
  • E. The Google Form will need to be limited to internal users only.

Answer: B,E

 

NEW QUESTION 26
Your client is a multinational company with a single email domain. The client has compliance requirements and policies that vary by country. You need to configure the environment so that each country has their own administrator and no administrator can manage another country.
What should you do?

  • A. Create Admin Alerts, and use the Security Center to audit whether admins manage countries other than their own.
  • B. Create an OU for each country. Create an admin role and assign an admin with that role per OU.
  • C. Establish a new Google Workspace tenant with their own admin for each region.
  • D. Create a Team Drive per OU, and allow only country-specific administration of each folder.

Answer: B

Explanation:
https://support.google.com/a/answer/6129577?hl=en#:~:text=Create%20and%20assign%20the%20role&text=Click%20Assign%20role.,organizational%20unit%20and%20click%20Done.

 

NEW QUESTION 27
Your organization recently deployed Google Workspace. Your admin team has been very focused on configuring the core services for your environment, which has left you little time to pay attention to other areas. Your security team has just informed you that many users are leveraging unauthorized add-ons, and they are concerned about data exfiltration. The admin team wants you to cut off all add-ons access to Workspace data immediately and block all future add-ons until further notice. However, they approve of users leveraging their Workspace accounts to sign into third-party sites. What should you do?

  • A. Remove all client IDs and scopes from the list of domain-wide delegation API clients.
  • B. Set all API services to "restricted access" and ensure that all connected apps have limited access.
  • C. Block each connected app's access.
  • D. Modify your Marketplace Settings to block users from installing any app from the Marketplace.

Answer: A

Explanation:
https://support.google.com/a/answer/162106?hl=en#zippy=%2Cview-edit-or-delete-clients-and-scopes:~:text=View%2C%20edit%2C%20or,immediately%20stop%20working.

 

NEW QUESTION 28
Your Accounts Payable department is auditing software license contracts companywide and has asked you to provide a report that shows the number of active and suspended users by organization unit, which has been set up to match the Regions and Departments within your company. You need to produce a Google Sheet that shows a count of all active user accounts and suspended user accounts by Org unit.
What should you do?

  • A. From the Admin Console Users Menu, download a list of all user info columns and currently selected columns.
  • B. From the Admin Console Users Menu, download a list of all Users to Google Sheets, and join that with a list of ORGIDs pulled from the Reports API.
  • C. From the Admin Console Billing Menu, turn off auto-assign, and then click into Assigned Users and export the data to Sheets.
  • D. From the Google Workspace Reports Menu, run and download the Accounts Aggregate report, and export the data to Google Sheets.

Answer: A

Explanation:
https://support.google.com/a/answer/7348070?hl=it

 

NEW QUESTION 29
A user is reporting that after they sign in to Gmail, their labels are not loading and buttons are not responsive. What action should you take to troubleshoot this issue with the user?

  • A. Check whether a ping test to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.
  • B. Check whether traceroute to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.
  • C. Check whether the issue occurs when the user authenticates on a different device or a new incognito window.
  • D. Collect full message headers for examination.

Answer: C

 

NEW QUESTION 30
Your organization is on Google Workspace Enterprise and allows for external sharing of Google Drive files to facilitate collaboration with other Google Workspace customers. Recently you have had several incidents of files and folders being broadly shared with external users and groups. Your chief security officer needs data on the scope of external sharing and ongoing alerting so that external access does not have to be disabled.
What two actions should you take to support the chief security officer's request? (Choose two.)

  • A. Review who has viewed files using the Google Drive Activity Dashboard.
  • B. Create a custom Dashboard for external sharing in the Security Investigation Tool.
  • C. Create an alert from Drive Audit reports to notify of external file sharing.
  • D. Automatically block external sharing using DLP rules.
  • E. Review total external sharing in the Aggregate Reports section.

Answer: B,C

 

NEW QUESTION 31
Your organization has implemented Single Sign-On (SSO) for the multiple cloud-based services it utilizes. During authentication, one service indicates that access to the SSO provider cannot be accessed due to invalid information.
What should you do?

  • A. Verify the NameID Element in the SAML Response matches the Assertion Consumer Service (ACS) URL.
  • B. Verify the Recipient attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL.
  • C. Verify the Subject attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL.
  • D. Verify the Audience Element in the SAML Response matches the Assertion Consumer Service (ACS) URL.

Answer: D

Explanation:
Reference:
https://support.google.com/a/answer/2463723?hl=en

 

NEW QUESTION 32
All Human Resources employees at your company are members of the "HR Department" Team Drive. The HR Director wants to enact a new policy to restrict access to the "Employee Compensation" subfolder stored on that Team Drive to a small subset of the team.
What should you do?

  • A. Use the Drive API to modify the permissions of the Employee Compensation subfolder.
  • B. Use the Drive API to modify the permissions of the individual files contained within the subfolder.
  • C. Move the subfolder to the HR Director's MyDrive and share it with the relevant team members.
  • D. Move the contents of the subfolder to a new Team Drive with only the relevant team members.

Answer: D

Explanation:
"Inherited permissions can't be removed from a file or folder in a shared drive". ref: https://developers.google.com/drive/api/v3/manage-sharing

 

NEW QUESTION 33
Your sales team, which is organized as its own organizational unit, is prone to receiving malicious attachments. What action should you take, as an administrator, to apply an additional layer of protection in the admin console for your sales team without disrupting business operation?

  • A. Update the Email Allowlist in the admin console to only include IP addresses of known senders.
  • B. Configure an attachment compliance rule to send any emails with attachments received by users within the sales team organizational unit to an administrator quarantine.
  • C. Configure the security sandbox feature on the sales team organizational unit.
  • D. Configure an attachment compliance rule to strip any attachments received by users within the sales team organizational unit.

Answer: C

Explanation:
https://support.google.com/a/answer/7676854?hl=en#:~:text=As%20an%20administrator,malicious%20attachments.

 

NEW QUESTION 34
Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)

  • A. Confirm that the user has at least a Google Workspace Business license.
  • B. Check whether device policy application is installed on users' devices.
  • C. Check whether Endpoint Verification is installed on users' desktops.
  • D. Confirm that the user has a Google Workspace Enterprise Plus license.
  • E. Delete and recreate a new Context-Aware Access device policy.

Answer: C,D

Explanation:
https://support.google.com/a/answer/9275380#licenses:~:text=Context%2DAware%20Access-,Control%20access%20to%20apps%20based%20on%20user%20%26%20device%20context,context%2C%20such%20as%20whether%20their%20device%20complies%20with%20your%20IT%20policy.,-Context%2DAware%20Access
https://support.google.com/a/answer/9275380?hl=en&fl=1
https://support.google.com/a/answer/9007320?hl=en&fl=1

 

NEW QUESTION 35
Your organization does not allow users to share externally. The security team has recently approved an exemption for specific members of the marketing team and sales to share documents with external customers, prospects, and partners. How best would you achieve this?

  • A. Create a configuration group with the approved users as members, and use it to create a target audience.
  • B. Enable external sharing for the marketing and sales organizational units.
  • C. Enable external sharing only to allowlisted domains provided by marketing and sales teams.
  • D. Create a configuration group with the approved users as members, and enable external sharing for this group.

Answer: D

Explanation:
https://support.google.com/a/answer/9224126?hl=en#zippy=%2Coptions-for-configurations-groups:~:text=Using%20configurations%20groups,of%20your%20organization.

 

NEW QUESTION 36
Your CISO is concerned about third party applications becoming compromised and exposing Google Workspace data you have made available to them. How could you provide granular insight into what data third party applications are accessing?
What should you do?

  • A. Create a report using the Drive Audit Activity logs.
  • B. Create a report using the OAuth Token Audit Activity logs.
  • C. Create a reporting using the API Permissions logs for Installed Apps.
  • D. Create a report using the Calendar Audit Activity logs.

Answer: B

Explanation:
https://support.google.com/a/answer/6124308?hl=en

 

NEW QUESTION 37
Your company recently migrated to Google Workspace and wants to deploy a commonly used third-party app to all of finance. Your OU structure in Google Workspace is broken down by department. You need to ensure that the correct users get this app.
What should you do?

  • A. At the root level, disable the third-party app. For the Finance OU, allow users to install only whitelisted apps from the Google Workspace Marketplace.
  • B. For the Finance OU, enable the third-party app in SAML apps.
  • C. For the Finance OU, enable the third-party app in Marketplace Apps.
  • D. At the root level, disable the third-party app. For the Finance OU, allow users to install any application from the Google Workspace Marketplace.

Answer: C

 

NEW QUESTION 38
Your-company.com recently started using Google Workspace. The CIO is happy with the deployment, but received notifications that some employees have issues with consumer Google accounts (conflict accounts). You want to put a plan in place to address this concern.
What should you do?

  • A. Use the Transfer tool for unmanaged users to find the conflict accounts.
  • B. Rename the accounts to [email protected], and recreate the accounts.
  • C. Use the conflict account remove tool to remove the accounts from Google Workspace.
  • D. Ask users to request a new Google Workspace account from your local admin.

Answer: A

Explanation:
https://gsuiteupdates.googleblog.com/2017/02/resolve-conflicting-accounts-with-new.html#:~:text=Using%20the%20new%20Transfer%20tool,accounts%20to%20G%20Suite%20accounts. https://support.google.com/a/answer/6178640?hl=en

 

NEW QUESTION 39
A company wants to distribute iOS devices to only the employees in the Sales OU. They want to be able to do the following on these devices:
Control password policies.
Make corporate apps available to the users.
Remotely wipe the device if it's lost or compromised
What two steps are required before configuring the device policies? (Choose two.)

  • A. Deploy Apple Certificate to every device.
  • B. Set up an Apple Push Certificate.
  • C. Turn on Advanced Mobile Management for the domain.
  • D. Turn on Advanced Mobile Management for Sales OU
  • E. Set up Device Approvals.

Answer: B,D

Explanation:
https://support.google.com/a/answer/7396025?hl=en
https://support.google.com/a/answer/6080359?hl=en

 

NEW QUESTION 40
......

Validate your Skills with Updated Google-Workspace-Administrator Exam Questions & Answers and Test Engine: https://www.actual4cert.com/Google-Workspace-Administrator-real-questions.html

Reliable Study Materials & Testing Engine for Google-Workspace-Administrator Exam Success!: https://drive.google.com/open?id=1k685BJVZXoNDUfmPv0GsyVGBlseQJD2P

Related Blogs

more
Google Google-Workspace-Administrator Certification Practice Exam

Copyright © 2026 ACTUAL4CERT.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.