Google Cloud Certified - Professional Google Workspace Administrator Questions and Answers
An end user informs you that they are having issues receiving mail from a specific sender that is external to your organization. You believe the issue may be caused by the external entity’s SPF record being incorrectly configured. Which troubleshooting step allows you to examine the full message headers for the offending message to determine why the messages are not being delivered?
Your organization wants to grant Google Vault access to an external regulatory authority. In an effort to comply with an investigation, the external group needs the ability to view reports in Google Vault. What should you do?
HR informs you that a user has been terminated and their account has been suspended. The user is part of a current legal investigation, and HR requires the user's email data to remain on hold. The terminated user's team is actively working on a critical project with files owned by the user. You need to ensure that the terminated user's content is appropriately kept before provisioning their license to a new user.
What two actions should you take? (Choose two.)
You recently started an engagement with an organization that is also using Google Workspace. The engagement will involve highly sensitive data, and the data needs to be protected from being shared with unauthorized parties both internally and externally. You need to ensure that this data is properly secured.
Which configuration should you implement?
All Human Resources employees at your company are members of the “HR Department” Team Drive. The HR Director wants to enact a new policy to restrict access to the “Employee Compensation” subfolder stored on that Team Drive to a small subset of the team.
What should you do?
In your organization, users have been provisioned with either Google Workspace Enterprise, Google Workspace Business, or no license, depending on their job duties, and the cost of user licenses is paid out of each division's budget. In order to effectively manage the license disposition, team leaders require the ability to look up the type of license that is currently assigned, along with the last logon date, for their direct reports.
You have been tasked with recommending a solution to the Director of IT, and have gathered the following requirements:
- Team leaders must be able to retrieve this data on their own (i.e., self-service).
- Team leaders are not permitted to have any level of administrative access to the Google Workspace Admin panel.
- Team leaders must only be able to look up data for their direct reports.
- The data must always be current to within 1 week.
- Costs must be mitigated.
What approach should you recommend?
Your Finance team has to share quarterly financial reports in Sheets with an external auditor. The external company is not a Workspace customer and allows employees to access public sites such as Gmail and Facebook. How can you provide the ability to securely share content to collaborators that do not have a Google Workspace or consumer (Gmail) account?
A subset of users from the finance and human resources (HR) teams need to share documents with an external vendor. However, external content sharing is prohibited for the entire finance team. What would be the most secure method to enable external sharing for this set of users?
Your client is a multinational company with a single email domain. The client has compliance requirements and policies that vary by country. You need to configure the environment so that each country has their own administrator and no administrator can manage another country.
What should you do?
Your company has sales offices in Madrid, Tokyo, London, and New York. The outbound email for those offices needs to include the sales person's signature and a compliance footer. The compliance footer needs to say “Should you no longer wish to receive emails about this offer, please reply with UNSUBSCRIBE.” You are responsible for making sure that users cannot remove the footer.
What should you do?
As the Workspace Administrator, you have been asked to enable the help desk team to share incoming support requests from end users The help desk team has ten users who need to respond to support requests that are sent to a help desk email address. The users must be able to respond by email and assign ownership of tickets. Finally, the help desk team is highly mobile and will need to manage help desk tickets from their mobile devices. How would you provide this functionality for the help desk team?
Your organization is about to expand by acquiring two companies, both of which are using Google Workspace. The CISO has mandated that strict ‘No external content sharing’ policies must be in place and followed. How should you securely configure sharing policies to satisfy both the CISO’s mandate while allowing external sharing with the newly acquired companies?
Your company has numerous locations throughout the world. Each of these locations has multiple office managers that field questions from employees through an email alias. Some questions have not been answered by an office manager How can you create a system to assign conversations to different receptionists using Workspace?
Your corporate LDAP contains the email addresses of several hundred non-employee business partners. You want to sync these contacts to Google Workspace so they appear in Gmail’s address autocomplete for all users in the domain.
What are two options to meet this requirement? (Choose two.)
You are the administrator for a 30.000-user organization. You have multiple Workspace licensing options available to end users in your domain, according to their work responsibilities. A user may be transitioned to a different license type multiple times in a given year. Your organization has a high turnover rate for employees. What is the most efficient way to manage your organization's licensing?
A user reached out to the IT department about a Google Group that they own: info@company.com. The group is receiving mail, and each message is also delivered directly to the user's Gmail inbox. The user wants to be able to reply to messages directly from Gmail and have them sent on behalf of the group, not their individual account. Currently, their replies come from their individual account. What would you instruct the user to do?
Your company has just acquired a new group of users. They have been provisioned into the Google Workspace environment with your primary domain as their primary email address. These new users still need to receive emails from their previous domain. What is the best way to achieve this for these new users, without updating the information of preexisting users?
Your organization is on Google Workspace Enterprise and allows for external sharing of Google Drive files to facilitate collaboration with other Google Workspace customers. Recently you have had several incidents of files and folders being broadly shared with external users and groups. Your chief security officer needs data on the scope of external sharing and ongoing alerting so that external access does not have to be disabled.
What two actions should you take to support the chief security officer's request? (Choose two.)
A user is reporting that external, inbound messages from known senders are repeatedly being incorrectly classified as spam. What steps should the admin take to prevent this behavior in the future?
Your company recently decided to use a cloud-based ticketing system for your customer care needs. You are tasked with rerouting email coming into your customer care address, customercare@your-company.com to the cloud platform’s email address, your-company@cloudprovider.com. As a security measure, you have mail forwarding disabled at the domain level.
What should you do?
You have enabled Automatic Room Replacement for your calendar resources, but it is not working for any instances of a conflict booking. What could be the issue?
A user does not follow their usual sign-in pattern and signs in from an unusual location.
What type of alert is triggered by this event?
The application development team has come to you requesting that a new, internal, domain-owned Google Workspace app be allowed to access Google Drive APIs. You are currently restricting access to all APIs using approved whitelists, per security policy. You need to grant access for this app.
What should you do?
Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)
As the Workspace Administrator, you have been asked to delete a temporary Google Workspace user account in the marketing department. This user has created Drive documents in My Documents that the marketing manager wants to keep after the user is gone and removed from Workspace. The data should be visible only to the marketing manager. As the Workspace Administrator, what should you do to preserve this user's Drive data?
Your company has decided to change SSO providers. Instead of authenticating into Google Workspace and other cloud services with an external SSO system, you will now be using Google as the Identity Provider (IDP) and SSO provider to your other third-party cloud services.
What two features are essential to reconfigure in Google Workspace? (Choose two.)
Your admin quarantine is becoming a burden to manage due to a consistently high influx of messages that match the content compliance rule Your security team will not allow you to remove or relax this rule, and as a result, you need assistance processing the messages in the quarantine. What is the first step you should take to enable others to help manage the quarantine, while maintaining security?
Your organization recently bought 1.000 licenses for Cloud Identity Premium. The company's development team created an application in the enterprise service bus (ESB) that will read user data in the human resources information system (HRIS) and create accounts via the Google Directory REST API.
While doing the original test before production use, the team observes a 503 error coming from Google API response after a few users are created The team believes the ESB is not the cause, because it can perform 100 requests per second without any problems. What advice would you give the development team in order to avoid the issue?
Your company is using Google Workspace Business Plus edition, and the security team has reported several unsuccessful attempts to sign in to your Google Workspace domain from countries where you have no local employees. The affected accounts are from several executives in the main office.
You are asked to take measures to mitigate this security risk. Although budget is not a concern, your company prefers a minimal financial outlay to fix the issue, which you are tasked with managing. Which two solutions would help you mitigate the risk at minimal cost?
Choose 2 answers
Your organization is concerned with the increasing threat of phishing attacks that may impact users.
Leadership has declined to force-enable 2-Step verification. You need to apply a security measure to prevent unauthorized access to user accounts.
What should you do?
A company has thousands of Chrome devices and bandwidth restrictions. They want to distribute the Chrome device updates over a period of days to avoid traffic spikes that would impact the low bandwidth network.
Where should you enable this in the Chrome management settings?
Your company has an OU that contains your sales team and an OU that contains your market research team. The sales team is often a target of mass email from legitimate senders, which is distracting to their job duties. The market research team also receives that email content, but they want it because it often contains interesting market analysis or competitive intelligence. Constant Contact is often used as the source of these messages. Your company also uses Constant Contact for your own mass email marketing. You need to set email controls at the Sales OU without affecting your own outgoing email or the market research OU.
What should you do?
After migrating to Google Workspace, your legal team requests access to search all email and create litigation holds for employees who are involved with active litigation. You need to help the legal team meet this request.
What should you do?
Your company has acquired a new company in Japan and wants to add all employees of the acquisition to your existing Google Workspace domain. The new company will retain its original domain for email addresses and, due to the very sensitive nature of its work, the new employees should not be visible in the global directory. However, they should be visible within each company's separate directory. What should you do to meet these requirements?
When reloading Gmail in Chrome, the web browser returns a 500 Error. As part of the troubleshooting process, Google support asks you to gather logs. How can this be accomplished?
Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams, the security team, requires access to the Security Investigation Tool. What should you do?
As a Google Workspace administrator for your organization, you are tasked with identifying how users are reporting their messages—whether spam, not spam, or phishing—for a specific time period. How do you find this information?
Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices?
Your company has just received a shipment of ten Chromebooks to be deployed across the company, four of which will be used by remote employees. In order to prepare them for use, you need to register them in Google Workspace.
What should you do?
Your company has received help desk calls from users about a new interface in Gmail that they had not seen before. They determined that it was a new feature that Google released recently. In the future, you'll need time to review the new features so you can properly train employees before they see changes.
What action should you take?
After a recent transition to Google Workspace, helpdesk has received a high volume of password reset requests and cannot respond in a timely manner. Your manager has asked you to determine how to resolve these requests without relying on additional staff.
What should you do?
Your company is using Google Workspace Enterprise Standard. They have 200 meeting rooms defined for the main building and used daily by the 12,000 employees. Users are complaining they have difficulties finding a room available when searching within Google Calendar, even if several rooms are available (no one attending meetings in these rooms at that time). You have been asked to find a solution while minimizing the operational effort and avoiding any new expenses due to budget constraints. What should you do?
A user joined your organization and is reporting that every time they start their computer they are asked to sign in. This behavior differs from what other users within the organization experience. Others are prompted to sign in biweekly. What is the first step you should take to troubleshoot this issue for the individual user?
Your company recently migrated to Google Workspace and wants to deploy a commonly used third-party app to all of finance. Your OU structure in Google Workspace is broken down by department. You need to ensure that the correct users get this app.
What should you do?
Your organization's information security team has asked you to determine and remediate if a user (user1@example.com) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately?