• Home
  • Articles
  • Google-Workspace-Administrator PDF Dumps Nov 24, 2024 Exam Questions – Valid Google-Workspace-Administrator Dumps [Q97-Q115]

Google-Workspace-Administrator PDF Dumps Nov 24, 2024 Exam Questions – Valid Google-Workspace-Administrator Dumps [Q97-Q115]

Share

Google-Workspace-Administrator PDF Dumps Nov 24, 2024 Exam Questions – Valid Google-Workspace-Administrator Dumps

Ultimate Google-Workspace-Administrator Guide to Prepare Free Latest Google Practice Tests Dumps

NEW QUESTION # 97
Your business partner requests that a new custom cloud application be set up to log in without having separate credentials.
What is your business partner required to provide in order to proceed?

  • A. Identity Provider URL
  • B. Service provider certificate
  • C. Service provider ACS URL
  • D. Service provider logout URL

Answer: C

Explanation:
In order to set up a new custom cloud application to log in without having separate credentials, you need to configure Single Sign-On (SSO) using SAML (Security Assertion Markup Language). The Assertion Consumer Service (ACS) URL is a critical piece of information required for this configuration. It is the endpoint on the service provider's system that receives the authentication assertions from the identity provider (Google Workspace in this case).
* Service Provider ACS URL: The ACS URL is necessary for the SSO configuration because it is the URL to which the identity provider will send the SAML assertion after authentication. This URL tells
* the identity provider where to send the SAML response after the user has been authenticated.
* Configuration Steps:
* In Google Admin console, navigate to Apps > Web and mobile apps.
* Add a custom SAML app.
* Enter the ACS URL provided by the service provider in the appropriate field.
* Complete the configuration by providing other necessary information such as the Entity ID and Name ID format.
* Importance: Without the ACS URL, the identity provider will not know where to send the authentication tokens, making SSO impossible.
References:
* Google Workspace Admin Help: Set up your own custom SAML app


NEW QUESTION # 98
Your company has decided to change SSO providers. Instead of authenticating into Google Workspace and other cloud services with an external SSO system, you will now be using Google as the Identity Provider (IDP) and SSO provider to your other third-party cloud services.
What two features are essential to reconfigure in Google Workspace? (Choose two.)

  • A. Disable SSO with third party IDP.
  • B. Enable API Permissions for Google Cloud Platform.
  • C. Apps > add SAML apps to your domain.
  • D. Replace the third-party IDP verification certificate.
  • E. Reconfigure user provisioning via Google Cloud Directory Sync.

Answer: A,C

Explanation:
* Apps > add SAML apps to your domain:
* When switching to Google as the Identity Provider (IDP) for Single Sign-On (SSO), you need to configure Google Workspace to act as the SSO provider for third-party applications. This involves adding the necessary SAML (Security Assertion Markup Language) applications to your domain within Google Workspace.
* Navigate to the Admin console, go to Apps > Web and mobile apps, and add SAML apps to your domain. This allows Google to authenticate users for those apps.
* Disable SSO with third party IDP:
* Since you are switching from an external SSO provider to Google Workspace as your IDP, you must disable the current SSO configuration with the third-party provider.
* Go to the Admin console, navigate to Security > Set up single sign-on (SSO) with a third party IdP, and disable the existing SSO setup. This ensures that users will now authenticate directly through Google Workspace instead of the previous SSO provider.
References:
* Google Workspace Admin Help: Set up your own custom SAML app
* Google Workspace Admin Help: Disable SSO with third party IdP


NEW QUESTION # 99
Your company is using Google Workspace Business Standard. The company has five meeting rooms that are all registered as resources in Google Workspace and used on a daily basis by the employees when organizing meetings. The office layout was changed last weekend, and one of the meeting rooms is now a dedicated room for management. The CEO is complaining that anyone can book the room and requested this room to be used only by the management team and their executive assistants (EAs). No one else must be allowed to book it via Google Calendar. What should you do?

  • A. As a super administrator, create a group calendar named "Management Room," and share it only with the management and the EAs.
  • B. As a super administrator, modify the room calendar sharing settings, and limit it to the management and EAs group.
  • C. Delete the room from Google Workspace resources, and suggest using a spreadsheet shared with the management and EAs only for the room schedule.
  • D. Move the room resource to the management and EAs group so that only they can use it.

Answer: B

Explanation:
* Access Room Calendar Settings:
* Navigate to the Google Admin console.
* Go to Buildings and resources > Manage resources.
* Find and select the specific meeting room.
* Modify Sharing Settings:
* Click on the room resource to open its settings.
* Under "Sharing settings," restrict access to the management and EAs group.
* Ensure only these groups have the permission to book the room.
* Save Changes:
* Save the updated settings to apply the new restrictions.
This ensures that only the designated group members can book the management room via Google Calendar.
References
* Google Workspace Admin Help: Control Room Booking


NEW QUESTION # 100
Your CISO is concerned about third party applications becoming compromised and exposing Google Workspace data you have made available to them. How could you provide granular insight into what data third party applications are accessing?
What should you do?

  • A. Create a report using the OAuth Token Audit Activity logs.
  • B. Create a report using the Calendar Audit Activity logs.
  • C. Create a report using the Drive Audit Activity logs.
  • D. Create a reporting using the API Permissions logs for Installed Apps.

Answer: A

Explanation:
* Access Admin Console: Log into your Google Workspace Admin Console.
* Navigate to Reports: Go to the Reports section within the Admin Console.
* OAuth Token Audit Log: Access the OAuth Token Audit Activity logs. This log provides detailed information about third-party applications that have been granted access to your Google Workspace data.
* Review Data Access: Review the logs to see which applications have accessed what type of data. This includes details on the scopes of access requested by the applications.
* Generate Report: Create a report from these logs to provide granular insight into the data accessed by third-party applications. This report can be used to assess and mitigate any potential risks.
References
* Google Support: Token audit log


NEW QUESTION # 101
Your chief compliance officer is concerned about API access to organization data across different cloud vendors. He has tasked you with compiling a list of applications that have API access to Google Workspace data, the data they have access to, and the number of users who are using the applications.
How should you compile the data being requested?

  • A. Create a survey via Google forms, and collect the application data from users.
  • B. Review the authorized applications for each user via the Google Workspace Admin panel.
  • C. Review the token audit log, and compile a list of all the applications and their scopes.
  • D. Review the API permissions installed apps list, and export the list.

Answer: C

Explanation:
* Access Admin Console: Log into your Google Workspace Admin Console.
* Navigate to Reports: Go to the Reports section in the Admin Console.
* Token Audit Log: Within the Reports, access the "Token Audit" log. This log provides details on OAuth tokens issued to applications by your users.
* Review Applications: Review the list of applications that have been granted access to your Google Workspace data. This will include information about the scopes (types of data) that each application can access.
* Compile List: Compile a list of all the applications from the token audit log. Include details about the data they have access to and the number of users using each application.
* Export Data: You can export this data to a spreadsheet for further analysis and reporting to your chief compliance officer.
References
* Google Support: Token audit log


NEW QUESTION # 102
You received this email from the head of marketing:
Hello Workspace Admin:
Next week, a new consultant will be starting on the "massive marketing mailing" project. We want to ensure that they can view contact details of the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that you can help with?
What are two of the steps you need to perform to fulfill this request?
Choose 2 answers

  • A. Create the consultant inside under the marketing OU.
  • B. Create a group that includes the contacts that the consultant is allowed to view.
  • C. Apply the role of owner to the consultant in the group settings.
  • D. Ensure that you are assigned the Administrator Privilege of Services > Services settings, and ensure that Services > Contacts > Contacts Settings Message is set.
  • E. Create an isolated OU for the consultants who need the restricted contacts access.

Answer: B,E


NEW QUESTION # 103
Your organization has just completed migrating users to Workspace. Many employees are concerned about their legacy Microsoft Office documents, including issues of access, editing, and viewing. Which two practices should you use to alleviate user concerns without limiting Workspace collaboration features? (Choose two.)

  • A. Demonstrate and train users to use the Workspace Migrate tool.
  • B. Demonstrate the ability to convert Office documents to native Google file format from Drive.
  • C. Configure Context-Aware Access policies to block access to Microsoft Office applications.
  • D. Continue to use installed Office applications along with Google Drive for Desktop.
  • E. Deliver training sessions that show the methods to access and edit native Office files in Drive, the Workspace file editors, and Drive for Desktop.

Answer: B,E


NEW QUESTION # 104
Your company has been engaged in a lawsuit, and the legal department has been asked to discover and hold all email for two specific users. Additionally, they have been asked to discover and hold any email referencing
"Secret Project 123."
What steps should you take to satisfy this request?

  • A. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and set the usernames to:
    [email protected], user2@your-company. Set the search terms to: (secret project 123). Save.
  • B. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and set the usernames to:
    [email protected], user2@your-company. Set the search terms to secret OR project OR 123.
    Save.
  • C. Create a Matter and a Hold. Set the Hold to Gmail, set it to Accounts, and enter: user1@your- company.com AND [email protected]. Set the search terms to: secret AND project AND 123.
    Save.
  • D. Create a Matter and a Hold. Set the Hold to Gmail, set it to the top level Organization, and set the search terms to "secret project 123." Create a second Hold. Set the second Hold to Gmail, set it to Accounts, and enter: user1 @your-company.com, [email protected]. Save.

Answer: A

Explanation:
* Create a Matter: Access Google Vault and create a new matter for the lawsuit. Matters are used to manage legal holds and searches.
* Create a Hold: Within the matter, create a new hold.
* Set the Hold Scope: Set the hold scope to Gmail, since the requirement is to discover and hold emails.
* Specify Accounts: Set the usernames to [email protected] and [email protected].
This ensures that all emails for these specific users are held.
* Set Search Terms: Use the search terms "secret project 123" to hold any emails that reference this specific term. This is a broad search that captures any email mentioning "Secret Project 123."
* Save the Hold: Save the hold to ensure that it captures all relevant emails for the specified users and the search term.
References
* Google Support: Create or update a hold


NEW QUESTION # 105
Your company is using Google Workspace Enterprise Plus, and the Human Resources (HR) department is asking for access to Work Insights to analyze adoption of Google Workspace for all company employees. You assigned a custom role with the work Insights permission set as "view data for all teams" to the HR group, but it is reporting an error when accessing the application. What should you do?

  • A. Confirm that the Work Insights app is turned ON for all employees.
  • B. Allocate the "view data for all teams" permission to all employees of the company.
  • C. Confirm in Security > API controls > App Access Controls that Work Insights API is set to "unrestricted."
  • D. Confirm in Reports > BigQuery Export that the job is enabled.

Answer: C


NEW QUESTION # 106
A user joined your organization and is reporting that every time they start their computer they are asked to sign in. This behavior differs from what other users within the organization experience. Others are prompted to sign in biweekly. What is the first step you should take to troubleshoot this issue for the individual user?

  • A. Reset the user's sign-in cookies
  • B. Confirm that this user has their employee ID populated as a sign-in challenge.
  • C. Check the session length duration for the organizational unit the user is provisioned in.
  • D. Verify that 2-Step Verification is enforced for this user.

Answer: B


NEW QUESTION # 107
Your company works regularly with a partner. Your employees regularly send emails to your partner's employees. You want to ensure that the Partner contact information available to your employees will allow them to easily select Partner names and reduce sending errors.
What should you do?

  • A. Create shared contacts in the Directory using the Directory API.
  • B. Add a secondary domain for the Partner Company and create user entries for each Partner user.
  • C. Create shared contacts in the Directory using the Domain Shared Contacts API.
  • D. Educate users on creating personal contacts for the Partner Employees.

Answer: C

Explanation:
https://developers.google.com/admin-sdk/domain-shared-contacts


NEW QUESTION # 108
You are the Workspace administrator for an international organization with Enterprise Plus Workspace licensing. A third of your employees are located in the United States, another third in Europe, and the other third geographically dispersed around the world. European employees are required to have their data stored in Europe. The current OU structure for your organization is organized by business unit, with no attention to user location. How do you configure Workspace for the fastest end user experience while also ensuring that European user data is contained in Europe?

  • A. Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe.
  • B. Configure a data region at the top level OU of your organization, and set the value to "Europe".
  • C. Configure a configuration group for European users, and set the data region to "Europe".
  • D. Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each.

Answer: D


NEW QUESTION # 109
Your large organization, 80,000 users, has been on Google for two years. Your CTO wants to create an integrated team experience with Google Groups, Teams Drives, and Calendar. Users will use a Google Form and Apps Script to request a new "G-Team." A "G-Team' is composed of a Google Group and a Team Drive/ Secondary Calendar that is shared using that Google Group.
What two design decisions are required to implement this workflow securely? (Choose two.)

  • A. The Apps Script will need to run as a Google Workspace admin.
  • B. The Apps Script will need to run on a timed interval to process new entries.
  • C. The Google Form will need to enforce Group naming conventions.
  • D. You will need a Cloud SQL instance to store "G-Team' data.
  • E. The Google Form will need to be limited to internal users only.

Answer: A,E


NEW QUESTION # 110
Your sales team, which is organized as its own organizational unit, is prone to receiving malicious attachments. What action should you take, as an administrator, to apply an additional layer of protection in the admin console for your sales team without disrupting business operation?

  • A. Configure an attachment compliance rule to send any emails with attachments received by users within the sales team organizational unit to an administrator quarantine.
  • B. Configure the security sandbox feature on the sales team organizational unit.
  • C. Update the Email Allowlist in the admin console to only include IP addresses of known senders.
  • D. Configure an attachment compliance rule to strip any attachments received by users within the sales team organizational unit.

Answer: B

Explanation:
* Access Admin Console: Log in to the Google Admin console.
* Navigate to Security Settings: Go to Security > Sandbox.
* Configure Security Sandbox: Enable the security sandbox feature and apply it to the sales team's organizational unit.
* Policy Setup: Configure policies to ensure that email attachments received by the sales team are automatically analyzed in the security sandbox.
* Monitor and Review: Regularly monitor the sandbox reports and adjust the settings as needed to maintain protection without disrupting business operations.
References:
* Google Workspace Admin Help - Security Sandbox
* Google Workspace Admin Help - Advanced Phishing and Malware Protection


NEW QUESTION # 111
Your organization wants more visibility into actions taken by Google staff related to your data for audit and security reasons. They are specifically interested in understanding the actions performed by Google support staff with regard to the support cases you have opened with Google. What should you do to gain more visibility?

  • A. From Google Admin Panel, go to Audit, and select Rules Audit Log.
  • B. From Google Admin Panel, go to Audit, and select Access Transparency Logs. Most Voted
  • C. From Google Admin Panel, go to Audit, and select Login Audit Log.
  • D. From Google Admin Panel, go to Audit, and select Admin Audit Log.

Answer: B

Explanation:
Google staff logs related to accessing user content are stored in Access Transparency logs https://support.google.com/a/answer/9230474?hl=en


NEW QUESTION # 112
You are a Workspace Administrator with a mix of Business Starter and Standard Licenses for your users. A Business Starter User in your domain mentions that they are running out of Drive Storage Quota. Without deleting data from Drive, what two actions can you take to alleviate the quota concerns for this user? (Choose two.)

  • A. Add other users as "Editors" on the Drive object, thus spreading the storage quota debt between all of them.
  • B. Manually export and back up the data locally, and delete the affected files from Drive to alleviate the debt.
  • C. Move the affected items to a Shared Drive. Shared Drives transfer ownership of the drive item to the domain itself, which alleviates the quota debt from that user.
  • D. Make another user the "Owner" of the Drive objects, thus transferring the storage quota debt to them.
  • E. Perform an API query for large storage drive objects, and delete them, thus alleviating the quota debt.

Answer: C,D

Explanation:
* Move to Shared Drive:
* Shared Drives in Google Workspace are designed to store files owned by the team or the organization rather than an individual user.
* When files are moved to a Shared Drive, the ownership of those files is transferred to the domain, which means the storage quota for individual users is not affected.
* To move files to a Shared Drive:
* Navigate to Google Drive.
* Select the files or folders to move.
* Right-click and choose "Move to" and select the appropriate Shared Drive.
* Transfer Ownership:
* You can transfer ownership of files from one user to another within the same domain.
* This is helpful if a user is running out of storage quota, as the storage used by the file will count against the new owner's quota.
* To transfer ownership:
* Open the file in Google Drive.
* Click on the Share button.
* Add the new owner and change their role to 'Owner'.
* The new owner must accept the ownership transfer.
References
* Google Workspace Admin Help: Shared Drives
* Google Drive Help: Transfer File Ownership


NEW QUESTION # 113
Your IT team is being asked to fulfill a query by your organization's legal department that requires an MBOX file that will be shared to a third-party partner for eDiscovery. The query must be run on multiple users. Legal has no admin rights to Google Vault. What should you do to fulfil the request?

  • A. Create a Google Vault matter, search for data, and run an export for the legal department.
  • B. Use the Investigation Too! to search for the data requested, and export for the legal department.
  • C. Create a Google Vault matter for each user account, and share the matters to the legal admin.
  • D. Search for the data in Gmail, and export for the legal department.

Answer: A

Explanation:
https://support.google.com/vault/answer/2473458?hl=en


NEW QUESTION # 114
Your company has received help desk calls from users about a new interface in Gmail that they had not seen before. They determined that it was a new feature that Google released recently. In the future, you'll need time to review the new features so you can properly train employees before they see changes.
What action should you take?

  • A. Company Profile > Profile > New User Features > Enable "Rapid Release"
  • B. Device Management > Chrome > Device Settings > Stop auto-updates
  • C. Company Profile > Profile > New User Features > Enable "Scheduled Release"
  • D. Apps > Google Workspace > Gmail > Uncheck "Enable Gmail Labs for my users"

Answer: C

Explanation:
* Access Admin Console:
* Sign in to the Google Admin console.
* Navigate to Company Profile:
* Go to "Company Profile."
* Enable Scheduled Release:
* Click on "Profile."
* Find the "New User Features" section.
* Enable the "Scheduled Release" option to ensure new features are released on a scheduled basis rather than immediately.
* Inform Users:
* Communicate with users about the scheduled release and the timing of new features.
* Prepare training materials and sessions based on the upcoming features.
References:
* Manage New Features
* Google Workspace Release Calendar


NEW QUESTION # 115
......

Passing Key To Getting Google-Workspace-Administrator Certified Exam Engine PDF: https://www.premiumvcedump.com/Google/valid-Google-Workspace-Administrator-premium-vce-exam-dumps.html

Get Top-Rated Google Google-Workspace-Administrator Exam Dumps Now: https://drive.google.com/open?id=1rxaFvkBTUK05c9bDviMxEqbd8WjED3Sx

Related Articles

more
Google Google-Workspace-Administrator Certification Practice Exam