Associate-Google-Workspace-Administrator (77 Questions)

Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0

Vendor: Google

Exam Code: Associate-Google-Workspace-Administrator

Exam Name: Associate Google Workspace Administrator

Innovior ITTech

Q&A

Associate Google Workspace Administrator

Associate-Google-Workspace-Administrator

(77 Questions)

http://www.facebook.com/InnoviorITTech

We Offer Free Update Service

For One Year.
QUESTION 1
Your company is undergoing a regulatory compliance audit. As part of the audit, you are required to
demonstrate that you can preserve all electronic communications related to a specific project for a potential
legal discovery process. You need to configure Google Vault to accomplish this goal.
What should you do?

A. Use the security investigation report to show Vault log events.

B. Use the search and export functionality to identify all relevant communications within the project
timeframe.
C. Create a matter and a hold on all project-related data sources such as Email.
Chat, and Drive within Google Workspace.
D. Create a custom retention policy for the project data. Ensure that the policy covers the required
retention period.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Creating a matter and placing a hold on the relevant data sources ensures that all communications related
to the specific project are preserved, even if users try to delete them. This will help in maintaining
compliance with legal or regulatory requirements for e-discovery, and it ensures that data cannot be
modified or deleted during the audit process.

QUESTION 2
Several employees from your finance department are collaborating on a long-term, multi-phase project.
You need to create a confidential group for this project as quickly as possible. You also want to minimize
management overhead.
What should you do?

A. Create a Google Group by using Google Cloud Directory Sync (GCDS) to automatically sync the
members.
B. Create a dynamic group and define the Department user attribute as a condition for membership with
the value as the finance department.
C. Create a Google Group and update the settings to allow anyone in the organization to join the group.
D. Create a Google Group and appoint a group admin to manage the membership of this group.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

A dynamic group automatically updates membership based on user attributes, such as department,
ensuring that only relevant employees (e.g., those in the finance department) are added to the group. This
minimizes management overhead because the membership is updated automatically, without the need for
manual intervention. It also ensures that the group remains up to date as employees join or leave the
department.

QUESTION 3
Today your company signed up for Google Workspace Business Starter with an existing domain name.
You want to add team members and manage their access to email and other services. However, you are
unable to create new user accounts or change user settings. You need to fix this problem.
What should you do?

A. Run the Transfer tool to bring unmanaged users to your Workspace account.
B. Check domain ownership in the DNS settings.
C. Wait 24 hours after signing up for the features to become active.
D. Upgrade to a Google Workspace Enterprise edition.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

To manage users and settings in Google Workspace, you must verify domain ownership. If the domain is
not verified, you won't be able to create new user accounts or modify user settings. Checking the DNS
settings and completing the domain verification process will resolve the issue and allow you to manage
users and services in Google Workspace.

QUESTION 4
A team of temporary employees left your organization after completing a shared project. Per company
policy, you need to disable their Google Workspace accounts while preserving all project data and related
communications in Google Vault for a minimum of two years. You want to comply with this policy while
minimizing cost.
What should you do?

A. Purchase and assign Archived User licenses to the former employees.

B. Transfer the former employees' files and data to active user accounts. Delete the former employees'
Workspace accounts.
C. Purchase additional user licenses and suspend the former employees' accounts.
D. Move the former employees to their own organizational unit (OU) and disable access to Google
services for that OU.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Google Workspace offers Archived User licenses, which allow you to retain access to the data and
communications of former employees without paying for a full user license. This option ensures
compliance with the policy of retaining project data and communications in Google Vault while minimizing
costs by avoiding unnecessary full user licenses.

QUESTION 5
The legal department at your organization is working on a time-critical merger and acquisition (M&A) deal.
They urgently require access to specific email communications from an employee who is currently on
leave. The organization's current retention policy is set to indefinite. You need to retrieve the required
emails for the legal department in a manner that ensures data privacy.
What should you do?

A. Instruct the IT department to directly access and forward the relevant emails to the legal department.
B. Temporarily grant the legal department access to the employee's email account with a restricted scope
that is limited to the M&A-related emails.
C. Ask a colleague with delegate access to the employee's mailbox to identify and forward the relevant
emails to the legal department.
D. Use Google Vault to create a matter specific to the M&A deal. Search for relevant emails within the
employee's mailbox. Export and share relevant emails with your legal department.

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:

Using Google Vault to create a matter specific to the M&A deal allows for legal, secure, and privacy-
compliant retrieval of emails. You can search for the specific emails related to the merger and acquisition,
export them, and share them with the legal department without granting direct access to the employee's
mailbox. This approach ensures both data privacy and compliance with organizational policies.

QUESTION 6
Your company distributes an internal newsletter that contains sensitive information to all employees by
email. You've noticed unauthorized forwarding of this newsletter to external addresses, potentially leading
to data leaks. To prevent this, you need to implement a solution that automatically detects and blocks such
forwarding while allowing legitimate internal sharing.
What should you do?

A. Add a banner to the newsletter that warns users that external sharing is prohibited.
B. Create a Gmail content compliance rule that targets the internal newsletter, identifying instances of
external forwarding. Configure the rule to reject the message when such forwarding is detected
C. Develop an Apps Script project by using the Gmail API to scan sent emails for the newsletter content
and external recipients. Automatically revoke access for violating users.
D. Create a content compliance rule to modify the newsletter subject line, adding a warning against
external forwarding.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

A Gmail content compliance rule allows you to specifically target the internal newsletter and automatically
detect when it is forwarded to external addresses. By rejecting such messages, you can prevent
unauthorized sharing of sensitive information while still permitting internal sharing. This solution is effective
for enforcing data security policies without manual intervention.

QUESTION 7
Your organization has hired temporary employees to work on a sensitive internal project. You need to
ensure that the sensitive project data in Google Drive is limited to only internal domain sharing. You do not
want to be overly restrictive.
What should you do?

A. Configure the Drive sharing options for the domain to internal only.
B. Restrict the Drive sharing options for the domain to allowlisted domains.
C. Create a Drive DLP rule, and use the sensitive internal Project name as the detector.
D. Turn off the Drive sharing setting from the Team dashboard.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

By configuring the Drive sharing options for your domain to "internal only," you ensure that sensitive project
data is restricted to your organization's internal users. This prevents any external sharing while allowing
your team members to collaborate freely within the organization. It strikes the right balance between
maintaining security and avoiding unnecessary restrictions on collaboration.

QUESTION 8
Several employees at your company received messages with links to malicious websites. The messages
appear to have been sent by your company's human resources department. You need to identify which
users received the emails and prevent a recurrence of similar incidents in the future.
What should you do?

A. Search the sender's email address by using Email Log Search. Identify the users that received the
messages. Instruct them to mark them as spam in Gmail, delete the messages, and empty the trash.
B. Search for the sender's email address by using the security investigation tool.
Mark the messages as phishing. Add the sender's email address to the Blocked senders list in the
Spam, Phishing and Malware setting in Gmail to automatically reject future messages.
C. Collect a list of users who received the messages. Search the recipients' email addresses in Google
Vault. Export and download the malicious emails in PST file format. Add the sender's email address to
a quarantine list setting in Gmail to quarantine any future emails from the sender.
D. Search for the sender's email address by using the security investigation tool.
Delete the messages. Turn on the safety options for spoofing and authentication protection in Gmail
settings.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The security investigation tool in Google Workspace allows you to identify the impacted users and
messages. By marking the messages as phishing, you acknowledge their malicious nature, helping to
protect the users. Adding the sender's email address to the Blocked senders list ensures that future
messages from this sender will be automatically blocked, preventing recurrence of similar incidents.

QUESTION 9
Your organization's users are reporting that a large volume of legitimate emails are being misidentified as
spam in Gmail. You want to troubleshoot this problem while following Google- recommended practices.
What should you do?

A. Adjust the organization's mail content compliance settings in the Admin console.
B. Advise users to individually allowlist senders.
C. Disable spam filtering for all users.
D. Contact Google Workspace support and report a suspected system-wide spam filter malfunction.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

If legitimate emails are being misidentified as spam across the organization, it suggests that there may be
a broader issue with the spam filtering system. Contacting Google Workspace support to investigate and
resolve the problem is the recommended approach. Disabling spam filtering or adjusting individual settings
may not resolve the root cause and could potentially lead to further issues.

QUESTION 10
Your organization's security team has published a list of vetted third-party apps and extensions that can be
used by employees. All other apps are prohibited unless a business case is presented and approved. The
Chrome Web Store policy applied at the top-level organization allows all apps and extensions with an
admin blocklist. You need to disable any unapproved apps that have already been installed and prevent
employees from installing unapproved apps.
What should you do?

A. Change the Chrome Web Store allow/block mode setting to allow all apps, admin manages blocklist, In
the App access control card, block any existing web app that is not on the security team's vetted list.
B. Change the Chrome Web Store allow/block mode setting to block all apps, admin manages allowlist.
 Add the apps on the security team's vetted list to the allowlist.
C. Disable Extensions and Chrome packaged apps as Allowed types of apps and extensions for the top-
level organizational unit. Selectively enable the appropriate extension types for each suborganization
D. Disable the Chrome Web Store service for the top-level organizational unit.
Enable the Chrome Web Store service for organizations that require Chrome apps and extensions.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Changing the Chrome Web Store policy to block all apps and managing an allowlist ensures that only
vetted, approved apps are allowed for installation. This approach enforces the security team's policy by
restricting access to unapproved apps while enabling the installation of only those apps that have been
explicitly approved. This method provides control over what can be installed, aligning with the
organization's security requirements.

QUESTION 11
Your company handles sensitive client data and needs to maintain a high level of security to comply with
strict industry regulations. You need to allow your company's security team to investigate potential security
breaches by using the security investigation tool in the Google Admin console.

What should you do?

A. Create an activity rule that triggers email notifications to the security team whenever a high-risk security
event occurs.
B. Assign the User Management Admin role to the security team.
C. Assign the super admin role to the security team
D. Create an administrator role with Security Center access. Assign the role to the security team.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

To allow the security team to investigate potential security breaches using the security investigation tool,
you should create a custom administrator role with Security Center access. This role will provide the
security team with the necessary permissions to access and use the security investigation tool without
granting them unnecessary permissions, such as those associated with User Management or Super Admin
roles. This approach ensures both security and compliance with industry regulations.

QUESTION 12
Your organization requires enhanced privacy and security when sending messages to banks and other
financial institutions. Your organization uses Gmail, but the banks use various other email providers. You
need to maximize privacy and limit access to messages sent and received between your organization and
the banks.
What should you do?

A. Set up Transport Layer Security (TLS) compliance for inbound and outbound messages with a list of
the banks' email domains. Validate the TLS connections.
B. Configure Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) authentication for
your email domains.
C. Enable Protect against unauthenticated emails in Gmail Safety.
D. Enable confidential mode for Gmail. Instruct employees to use confidential mode when sending
messages to the banks.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Transport Layer Security (TLS) ensures that emails are encrypted in transit between your organization and
the banks, thereby enhancing privacy and security. By setting up TLS compliance and validating TLS
connections for the banks' email domains, you ensure that the communication is secure and protected
from interception, even if the banks use various email providers. This approach provides the highest level
of privacy for sensitive financial communications.

QUESTION 13
An end user has thousands of files stored in Google Drive. Their files are well organized with Drive labels.
You need to advise the end user on how to quickly identify all files that are contracts.
What should you do?

A. Advise the user to use the Google Drive API to search for files with the keyword "contracts'
B. Advise the user to search in Drive for files with the keyword "contracts', and use the "modified by me'
filter.
C. Advise the user to search for files that are labeled as "contracts'.
D. Advise the user to use the Investigation tool to search for files with the keyword "contracts' and updated
by you.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:
Since the files are already organized with labels in Google Drive, the most efficient way for the user to
quickly identify all files that are contracts is to search for files with the "contracts" label. This will filter and
display only the files labeled as contracts, making it the quickest and most straightforward method for
locating the required files.

QUESTION 14
You've received multiple reports about a suspicious email from someone who is pretending to be from your
organization's human resources department. The email is prompting employees to click a link for a
password update. You want to remediate this sender's emails.
What should you do?

A. Use the security investigation tool to search for users who received the suspicious email, and select
Mark message as phishing.
B. Use the security investigation tool to action the suspicious email and select Mark message as spam.
C. Create an activity rule to alert administrators to similar emails from that sender.
D. Notify all employees and request that they report this email as spam.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

The security investigation tool allows you to search for and take action on suspicious emails within your
organization. Marking the email as phishing helps to flag the email as malicious and prevents further
emails from the same sender from being delivered to users' inboxes. This also ensures that the email is
properly categorized for review and investigation by your security team.

QUESTION 15
Your company's security team has requested two requirements to secure employees' mobile devices-
enforcement of a passcode and remote account wipe functionality. The security team does not want an
agent to be installed on the mobile devices or to purchase additional licenses. Employees have a mix of
iOS and Android devices. You need to ensure that these requirements are met.
What should you do?

A. Implement a third-party enterprise mobility management (EMM) provider.

B. Set up advanced mobile management for iOS devices and basic mobile management for Android
devices.
C. Set up basic management for both iOS and Android devices.
D. Set up advanced management for both iOS and Android devices.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Advanced mobile management in Google Workspace provides the necessary features for securing mobile
devices without the need for third-party apps or additional licenses. This includes enforcing passcodes and
enabling remote account wipe functionality for both iOS and Android devices. Advanced management
ensures that both security requirements are met while keeping the setup efficient and within the
organization's existing licenses.

QUESTION 16
Your organization needs an approval application for purchases where a user can enter information on the
purchase required and then submit it for management approval. You need to suggest a solution to create
the application that must be available on both the web and mobile devices. Your organization does not
have software developers or the budget to hire a third party.
What should you do?

A. Suggest that the organization develop an application internally with a database, a backend service for
data retrieval, and a frontend service for the application's user interface.
B. Suggest that the organization continue to approve requests manually until budget is available to use a
third-party application provider.
C. Suggest the organization use AppSheet to create the application.
D. Suggest that the organization use AppScript to create forms linked to a Google Sheet to store the
purchase data.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

AppSheet is a no-code platform that allows users to create custom applications without the need for
software development skills. It is capable of building applications that can be used both on the web and
mobile devices. AppSheet would allow the organization to create the approval application efficiently,
meeting the requirements of the purchase process, and would be a cost-effective solution that does not
require hiring developers or using a third-party application provider.

QUESTION 17
Your organization is concerned about unauthorized access attempts. You want to implement a security
measure that makes users change their password if there are twenty or more failed login attempts within
one hour. You want to use the most effective and efficient approach.
What should you do?

A. Set up a Chrome action rule to restrict users from defined ChromeOS actions after twenty failed
password attempts.
B. Create an activity rule for user log events, define a time period and threshold, and select an Action for
 the rule to force a password change.
C. Create an activity rule for live-state data sources that meets the required time period and threshold to
identify users who need to change their password.
D. Enable email alerts to notify users that they need to change their password.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Creating an activity rule for user log events allows you to monitor failed login attempts within a specific time
period (such as one hour) and set a threshold (like twenty attempts). This rule can automatically trigger an
action, such as forcing a password change, when the defined threshold is met. This is the most effective
and efficient approach to addressing unauthorized access attempts while ensuring that security measures
are enforced without manual intervention.

QUESTION 18
An employee using a Workspace Enterprise Standard license was terminated from your organization. You
need to ensure that the former employee no longer has access to their Workspace account and preserve
access to the former employee's documents for the manager and the team.

You want to minimize license cost.

What should you do?

A. Delete the former employee's Workspace account.

B. Suspend former employee's Workspace account.
C. Reset the password of the former employee and keep their Workspace license active.
D. Switch the license type of the former employee's Workspace account to an Archived User license.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Switching the former employee's account to an Archived User license ensures that their data and
documents are preserved, and access is retained for the manager and team without incurring the full cost
of an active Workspace license. Archived User licenses are a cost-effective way to maintain access to
documents while preventing unauthorized access to the account.

QUESTION 19
Your organization's employees frequently collaborate with external clients and vendors by using Google
Meet. There are active instances of unsupervised meetings within your organization that do not have a
host, and unsupervised meetings that continue after an event has completed. You want to end all meetings
that are being used inappropriately as quickly as possible.
What should you do?

A. End all unsupervised meetings by using the Google Meet APIs.

B. Enable Host Management for Google Meet, and train internal host employees how to end meetings for
everyone.
C. Turn off Google Meet in the Admin console for your organization. Turn Google Meet back on after two
minutes.
D. Identify and end all unsupervised meetings by using the security investigation tool.

Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:

Using the Google Meet APIs allows you to programmatically end all unsupervised meetings quickly. This
approach is the most effective for managing unsupervised meetings in real-time, especially if there are
multiple such meetings happening across the organization. It provides a centralized method to monitor and
take action on these meetings, ensuring security and preventing misuse.

QUESTION 20
Your organization uses live-streaming to host large Google Meet meetings. You need to limit the
participation to affiliated Google Workspace domains by using the Admin console.
What should you do?

A. Add the Trusted Workspace domain names in the Stream dialog box.
B. Turn off live streaming to Youtube.
C. Add participants to an organizational unit (OU). Turn on live streaming.
D. Turn on in-house live streaming. Invite users from affiliated domains.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

By organizing participants into an organizational unit (OU) in the Admin console, you can control access to
live streaming and ensure that only users from affiliated Google Workspace domains are allowed to
participate in the live-streamed meetings. Turning on live streaming within this context will ensure that the
meeting is restricted to the appropriate participants from the specified domains.

QUESTION 21
You are configuring email for your company's Google Workspace account. The company wants to prevent
certain types of files from being sent or received as email attachments in the simplest and most cost-
effective way.
What should you do?

A. Adjust the maximum message size limit to prevent large files from being sent or received.
B. Enable the Security Sandbox in Gmail to automatically quarantine emails with suspicious attachments.
C. Scan all incoming and outgoing emails for malicious attachments by using an industry standard third-
party email security solution.
D. Configure an attachment compliance rule in Gmail settings to block specific file types.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Configuring an attachment compliance rule in Gmail allows you to specifically block certain types of files
from being sent or received as email attachments. This approach is simple and cost-effective because it
leverages Google Workspace's built-in functionality without requiring third-party solutions or advanced
configurations. You can easily specify which file types to block, ensuring that your organization is protected
from undesirable attachments.

QUESTION 22
Your organization has a Shared Drive with 150 users organized as a group. All users of the group need to
be able to add and edit files, but the ability to move, delete, and share content must be limited to a single
user. You need to configure the shared drive to meet these requirements efficiently.