(2026) PASS Google-Workspace-Administrator exam with Google Google-Workspace-Administrator Real Exam Questions [Q43-Q61]

Share

(2026) PASS Google-Workspace-Administrator exam with Google Google-Workspace-Administrator Real Exam Questions

Real exam questions are provided for Workspace Administrator tests, which can make sure you 100% pass

NEW QUESTION # 43
Your organization is in the process of deploying Google Drive for desktop so that your users can access Drive files directly from their desktops. For security reasons, you want to restrict Drive for desktop to only company-owned devices. What two steps should you take from the admin panel to restrict Drive for desktop to only company-owned devices?
Choose 2 answers

  • A. Create a company-owned device inventory using serial numbers of devices.
  • B. Create a company-owned device inventory using an asset tag.
  • C. Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices
  • D. Install the Google Endpoint Verification extension on machines using Drive for Desktop.
  • E. Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply

Answer: C,D

Explanation:
To restrict Drive for desktop to only company-owned devices, you should:
Go to Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop and select Only Allow Google Drive for desktop on authorized devices. This setting ensures that only authorized devices can use Drive for desktop.
Install the Google Endpoint Verification extension on machines using Drive for Desktop. This extension helps manage and verify devices, ensuring that only company-owned devices are allowed access.
Reference:
Google Workspace Admin Help - Set up Drive for desktop
Google Workspace Admin Help - Google Endpoint Verification


NEW QUESTION # 44
The security team for your organization is concerned about phishlng attacks against your end user base. What two actions should you take to configure the strongest possible preventative measure against phishing attacks?
Choose 2 answers

  • A. Configure spoofing and authentication controls to warn end users about messages that are perceived as threats.
  • B. Train end users to mark messages as spam when they see something suspicious.
  • C. Force encryption on all inbound and outbound emails from your Workspace domain.
  • D. Configure spoofing and authentication controls to quarantine messages that are perceived as threats
  • E. Enforce confidents mode for all messages sent and received from your Workspace domain

Answer: A,D

Explanation:
Access Admin Console: Go to admin.google.com and sign in with your admin account.
Navigate to Gmail Settings: In the Admin console, go to Apps > Google Workspace > Gmail > Safety.
Configure Spoofing and Authentication Controls:
Set up email authentication policies such as SPF, DKIM, and DMARC to verify incoming emails.
Enable options to quarantine messages that fail authentication checks and are perceived as threats.
Configure warnings for users to alert them about potentially harmful messages.
Create Compliance Rules: Under the Gmail settings, create rules that quarantine suspicious emails and notify users when they receive messages that might be phishing attempts.
Train Users: Educate users on how to recognize phishing attempts and the importance of marking suspicious emails as spam.
By configuring these settings, you enhance the security against phishing attacks by both automatically handling suspected threats and making users aware of potential dangers.
Reference
Protect against spam and phishing with Gmail
Set up email authentication (SPF, DKIM, DMARC)


NEW QUESTION # 45
Your Accounts Payable department is auditing software license contracts companywide and has asked you to provide a report that shows the number of active and suspended users by organization unit, which has been set up to match the Regions and Departments within your company. You need to produce a Google Sheet that shows a count of all active user accounts and suspended user accounts by Org unit.
What should you do?

  • A. From the Admin Console Users Menu, download a list of all user info columns and currently selected columns.
  • B. From the Admin Console Users Menu, download a list of all Users to Google Sheets, and join that with a list of ORGIDs pulled from the Reports API.
  • C. From the Admin Console Billing Menu, turn off auto-assign, and then click into Assigned Users and export the data to Sheets.
  • D. From the Google Workspace Reports Menu, run and download the Accounts Aggregate report, and export the data to Google Sheets.

Answer: A

Explanation:
Reference:
https://support.google.com/a/answer/7348070?hl=it
https://support.google.com/a/answer/7348070?hl=en


NEW QUESTION # 46
Your organization is planning to remove any dependencies on Active Directory (AD) from all Cloud applications they are using. You are currently using Google Cloud Directory Sync (GCDS) with on-premises AD as a source to provision user accounts in Google Workspace. Your organization is also using a software-as-a-service (SaaS) human resources information system (HRIS) that offers integration via CSV export and Open API standard.
Additional requirements for the solution include:
- It should not require a subscription to any additional third-party
service.
- The process must be automated from beginning to end.
You are tasked with the design and implementation of a solution to address user provisioning with these requirements.
What solution should you implement?

  • A. Export HRIS data to a CSV file every day, and build a solution to define the delta with the previous day; import the result as a CSV file via the Admin console.
  • B. Set up Azure AD and federate on-premises AD with it. Provision user accounts from Azure AD with the Google-recommended process.
  • C. Modify the GCDS configuration to use the HRIS application as the data source and complete any necessary adjustments.
  • D. Build an application that will fetch updated data from the HRIS system via Open API, and then update Google Workspace with the Directory API accordingly.

Answer: D


NEW QUESTION # 47
Your company's compliance officer has requested that you apply a content compliance rule that will reject all external outbound email that has any occurrence of credit card numbers and your company's account number syntax, which is AccNo. You need to configure a content compliance rule to scan email to meet these requirements.
Which combination of attributes will meet this objective?

  • A. Name the rule > select Outbound > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.
  • B. Name the rule > select Outbound and Internal Sending > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.
  • C. Name the rule > select Outbound and Internal Sending > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers > choose Reject.
  • D. Name the rule > select Outbound > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers
    > choose Reject

Answer: C

Explanation:
* Admin Console: Log into the Google Admin console at admin.google.com.
* Gmail Settings: Navigate to Apps > Google Workspace > Gmail > Compliance.
* Create Rule:
* Click on "Add another rule" under the "Content compliance" section.
* Name the rule appropriately (e.g., Reject Sensitive Info).
* Conditions:
* Select "Outbound and Internal Sending" to ensure all outgoing and internal emails are scanned.
* In the "If ANY of the following match" section, add two expressions:
* Simple Content Match: Configure to find "AccNo".
* Predefined Content Match: Select "Credit Card Numbers".
* Action:
* Choose "Reject" as the action for emails that match these conditions.
* Save Rule: Save the rule and apply it to ensure it is active.
References
* Google Workspace Admin: Set up Compliance Rules
* Google Workspace Admin: Configure Content Compliance


NEW QUESTION # 48
You are using Google Cloud Directory Sync to manage users. You performed an initial sync of nearly 1,000 mailing lists to Google Groups with Google Cloud Directory Sync and now are planning to manage groups directly from Google. Over half the groups have been configured with incorrect settings, including who can post, who can join, and which groups can have external members. You need to update groups to be configured correctly.
What should you do?

  • A. Create and assign a custom admin role for all group owners so they can update settings.
  • B. Use the bulk upload with CSV feature in the Google Workspace Admin panel to update all Groups.
  • C. Update your configuration file and resync mailing lists with Google Cloud Directory Sync.
  • D. Use the Groups Settings API to update Google Groups with desired settings.

Answer: C


NEW QUESTION # 49
Your organization has users in the United States and Europe For compliance reasons you want to ensure that user data is always stored in the region where the user is located What should you do?

  • A. Create two Google Groups titled "United States' and "Europe " Assign users to either group based on location
  • B. Do nothing No extra configuration is needed because user data is always stored in the region the user is located
  • C. Populate the Address field on each user record ensuring the country information is accurate
  • D. Specify a data region policy for each Organizational Unit (OU) where users are grouped by location

Answer: D

Explanation:
Step by Step Comprehensive Detailed Explanation:
* Access the Admin Console: Sign in to your Google Admin console.
* Navigate to Data Regions: Click on "Account" and then "Data Regions."
* Create Data Region Policy: Create a data region policy specifying where data should be stored.
* Apply to OUs: Apply the data region policy to the organizational units (OUs) based on user location, ensuring data is stored in the respective regions.
* Save Configuration: Save the settings to enforce the data region policies.
References:
* Google Workspace Admin Help: Data Regions


NEW QUESTION # 50
A team of temporary employees left your organization after completing a shared project. Per company policy, you need to disable their Google Workspace accounts while preserving all project data and related communications in Google Vault for a minimum of two years. You want to comply with this policy while minimizing cost. What should you do?

  • A. Purchase and assign Archived User licenses to the former employees.
  • B. Move the former employees to their own organizational unit(OU) and disable access to Google services for that OU.
  • C. Transfer the former employees' files and data to active user accounts. Delete the former employees' Workspace accounts.
  • D. Purchase additional user licenses and suspend the former employees' accounts.

Answer: A

Explanation:
Google Workspace offers Archived User licenses, which allow you to retain access to the data and communications of former employees without paying for a full user license. This option ensures compliance with the policy of retaining project data and communications in Google Vault while minimizing costs by avoiding unnecessary full user licenses.


NEW QUESTION # 51
Users at your organization are reporting issues with Google Voice including disconnected calls and overall connection issues. You want to identify whether these issues affect just your organization or whether it's a global Google issue What should you do?

  • A. Use the Security investigation Tool with User Log Events as the data source field In the search operator fields select Event is and Call failed Analyze the packet loss
  • B. Verify if there is a service outage for Google Voice reported on the Google Workspace Status Dashboard
  • C. Verify if there is a service interruption for Google Voice reported on the Google Workspace Updates Blog website
  • D. Use the Security Investigation Tool with Voice Log Events as the data source field In the search operator fields select Event is and Network Statistics (client) Analyze the packet loss

Answer: B

Explanation:
To identify whether the Google Voice issues are affecting just your organization or if it's a global issue, follow these steps:
* Check the Google Workspace Status Dashboard:
* Go to the Google Workspace Status Dashboard.
* Look for any reported outages or issues specifically for Google Voice.
* The status dashboard provides real-time information on service availability and any ongoing issues affecting Google Workspace services.
References:
* Google Workspace Status Dashboard


NEW QUESTION # 52
You are supporting an investigation that is being conducted by your litigation team. The current default retention policy for mail is 180 days, and there are no custom mail retention policies in place. The litigation team has identified a user who is central to the investigation, and they want to investigate the mail data related to this user without the user's awareness.
What two actions should you take? (Choose two.)

  • A. Copy the user's data to a secondary account.
  • B. Reset the user's password, and share the new password with the litigation team.
  • C. Move the user to their own Organization Unit, and set a custom retention policy
  • D. Create a matter using Google Vault, and share the matter with the litigation team members.
  • E. Create a hold on the user's mailbox in Google Vault

Answer: D,E

Explanation:
Create a Matter in Google Vault:
Log into Google Vault.
Click on "Matters" and then "Create".
Name the matter appropriately (e.g., User Investigation).
Share the matter with the litigation team members by adding their email addresses under the "Sharing" settings.
Create a Hold on the User's Mailbox:
In the created matter, go to the "Holds" tab.
Click on "Create Hold".
Specify the user's email address to place their mailbox under hold.
Set the parameters for the hold to ensure all relevant data is preserved and cannot be tampered with.
Reference
Google Workspace Admin: Create and manage matters in Google Vault
Google Workspace Admin: Create and manage holds in Google Vault


NEW QUESTION # 53
Several customers have reported receiving fake collection notices from your company. The emails were received from [email protected], which is the valid address used by your accounting department for such matters, but the email audit log does not show the emails in question. You need to stop these emails from being sent.
What two actions should you take? (Choose two.)

  • A. Configure Domain Keys Identified Mail (DKIM) to authenticate email.
  • B. Change the password for suspected compromised account [email protected].
  • C. Configure a Sender Policy Framework (SPF) record for your domain.
  • D. Disable "Allow users to automatically forward incoming email to another address."
  • E. Disable mail delegation for the [email protected] account.

Answer: B,C

Explanation:
* Change the password for the suspected compromised account:
* Sign in to the Google Admin console.
* From the Admin console Home page, go to "Users."
* Find and select the account "[email protected]."
* Click on "Security" and then "Password."
* Follow the instructions to change the password.
* Configure a Sender Policy Framework (SPF) record for your domain:
* Log in to your domain host (e.g., GoDaddy, Bluehost).
* Locate the page for updating your domain's DNS records.
* Add a new TXT record for your domain with the SPF rule, typically something like:
v=spf1 include:_spf.google.com ~all
* Save the changes to update the DNS records.
Changing the password helps secure the compromised account, while configuring SPF helps prevent email spoofing, ensuring that fake emails are less likely to be delivered as though they come from your legitimate email address.
References:
* Google Workspace Admin Help - Change or reset a user's password
* Google Workspace Admin Help - Set up SPF records


NEW QUESTION # 54
Your company has just started using Search Ads 360. You need to limit access to Additional Google services for your entire organization by using the Admin console. Only the marketing team and a specific group of users from the web design team should have access. What should you do?

  • A. Enable Search Ads 360 for the marketing organizational unit (OU). Create a sub-OU under the marketing OU. and move the web design team users who need access into this sub-OU.
  • B. Enable Search Ads 360 at the top level of your organizational structure.
  • C. Enable Search Ads 360 for the marketing organizational unit (OU). Create a new group in the Admin console that includes the web design team users who need access. Enable Search Ads 360 for that group.
  • D. Enable Search Ads 360 for both the marketing and web design team organizational units (OUs). Create a group to explicitly deny access to Search Ads 360. Assign the group to the web design users who should not have access.

Answer: C

Explanation:
To limit access to Search Ads 360 to only the marketing team and a specific group of users from the web design team, the most effective and Google-recommended approach is to enable the service for the marketing organizational unit (OU) and then create a separate group containing the specific web design users who need access, enabling the service for that group as well. This allows for granular control and avoids granting access to the entire web design OU.
Here's why option D is the correct solution and why the others are less ideal:
D). Enable Search Ads 360 for the marketing organizational unit (OU). Create a new group in the Admin console that includes the web design team users who need access. Enable Search Ads 360 for that group.
This approach leverages both organizational units and groups for access control. By enabling Search Ads 360 for the marketing OU, you grant access to all users within that department. Then, by creating a separate group containing the specific web design users who require access and enabling Search Ads 360 for that group, you provide them with the necessary permissions without granting access to the entire web design OU. This method allows for targeted access based on both departmental affiliation and specific user needs, aligning with the principle of least privilege.
Associate Google Workspace Administrator topics guides or documents reference: The Google Workspace Admin Help documentation on "Turn services on or off for users" explains how to control access to Google services at both the organizational unit and group levels. It highlights the flexibility of using a combination of OUs and groups to achieve granular access control. Enabling a service for an OU applies it to all members of that OU, while enabling it for a group applies it only to the members of that specific group, regardless of their OU.
A). Enable Search Ads 360 for both the marketing and web design team organizational units (OUs). Create a group to explicitly deny access to Search Ads 360. Assign the group to the web design users who should not have access.
While you can deny service access using groups, it's generally more straightforward and less prone to errors to explicitly grant access only to those who need it. Enabling the service for the entire web design OU and then trying to revoke access for some users within it adds unnecessary complexity and potential for misconfiguration. Deny rules can also sometimes interact in unexpected ways with allow rules.
Associate Google Workspace Administrator topics guides or documents reference: While the Admin console allows for denying service access through groups, the documentation often emphasizes granting access to specific OUs or groups that require it as a more manageable and transparent approach.
B). Enable Search Ads 360 at the top level of your organizational structure.
Enabling Search Ads 360 at the top level would grant access to the service to every user in your organization.
This directly contradicts the requirement to limit access to only the marketing team and a specific group within the web design team. This option provides the least control and violates the principle of least privilege.
Associate Google Workspace Administrator topics guides or documents reference: Google's best practices for service control emphasize granting access only to those who need it, typically by applying settings at the OU or group level, not organization-wide unless the service is intended for everyone.
C). Enable Search Ads 360 for the marketing organizational unit (OU). Create a sub-OU under the marketing OU. and move the web design team users who need access into this sub-OU.
Creating a sub-OU under the marketing OU for users from the web design team who need access is a less logical organizational structure. It mixes users from different departments within the same branch of the OU hierarchy, which can complicate future policy management and reporting. It's generally better to keep users within their respective departmental OUs and use groups for cross-departmental service access.
Associate Google Workspace Administrator topics guides or documents reference: Google's guidance on OU structure recommends organizing users based on their functional role or department within the organization for logical policy management and reporting. Creating sub-OUs based on service access needs rather than organizational structure is not a typical recommendation.
Therefore, the most appropriate and manageable solution is to enable Search Ads 360 for the marketing OU and create a separate group containing the specific web design users who need access, then enable the service for that group as well.


NEW QUESTION # 55
Your organization has a group of users who interact with sensitive information and their accounts contain valuable files You need to protect these users from targeted online attacks What should you do?

  • A. Enroll all accounts for those users in the Advanced Protection Program
  • B. Disable password recovery for end users
  • C. Enable 2-Step Verification for those users and recommend they use Google Authenticator
  • D. Enable 2-Step Verification for those users and recommend they use SMS codes

Answer: A

Explanation:
* Understanding the Requirement:
* The scenario involves a group of users who handle sensitive information and have valuable files in their accounts.
* The goal is to protect these users from targeted online attacks.
* Options Analysis:
* Option A: Enable 2-Step Verification for those users and recommend they use Google Authenticator
* 2-Step Verification (2SV) enhances security by adding an extra layer of authentication.
Google Authenticator is a reliable method, but it may not be sufficient against highly targeted attacks.
* Option B: Enable 2-Step Verification for those users and recommend they use SMS codes
* While SMS codes are a form of 2SV, they are considered less secure than other methods due to potential vulnerabilities like SIM swapping.
* Option C: Disable password recovery for end users
* Disabling password recovery can prevent unauthorized access through recovery options but does not provide active protection against targeted attacks.
* Option D: Enroll all accounts for those users in the Advanced Protection Program
* The Advanced Protection Program (APP) is designed specifically to protect users at high risk of targeted attacks. It includes strong measures such as requiring a physical security key for login, blocking unauthorized access attempts, and restricting access to sensitive data.
* Recommended Solution:
* Enrolling users in the Advanced Protection Program (APP):
* Step 1: Identify High-Risk Users:
* Identify users who handle sensitive information and have valuable files.
* Step 2: Enroll in APP:
* Go to the Google Admin console.
* Navigate to the Security section and find the Advanced Protection Program.
* Enroll the identified high-risk users in APP.
* Step 3: Implement Security Keys:
* Ensure users have security keys (e.g., Titan Security Keys) for login.
* Guide users through the process of setting up and using security keys.
* Step 4: User Education:
* Educate users on the importance of APP and how it protects their accounts.
* Provide training on recognizing phishing attempts and other security best practices.
* Benefits of APP:
* Enhanced Security:
* APP provides the highest level of security for Google accounts, requiring security keys for authentication.
* Protection Against Phishing:
* Security keys are highly resistant to phishing attacks, which are common in targeted online attacks.
* Limited Access:
* APP restricts access to sensitive data, ensuring that only trusted apps and services can interact with the protected accounts.
References:
* Google Workspace Admin Help: Advanced Protection Program
* Google Workspace Security: Advanced Protection Program
* Google Security Blog: Advanced Protection Program


NEW QUESTION # 56
Your company's security team has requested two requirements to secure employees' mobile devices- enforcement of a passcode and remote account wipe functionality. The security team does not want an agent to be installed on the mobile devices or to purchase additional licenses. Employees have a mix of iOS and Android devices. You need to ensure that these requirements are met. What should you do?

  • A. Set up basic management for both iOS and Android devices.
  • B. Set up advanced mobile management for iOS devices and basic mobile management for Android devices.
  • C. Set up advanced management for both iOS and Android devices.
  • D. Implement a third-party enterprise mobility management (EMM) provider.

Answer: C

Explanation:
Advanced mobile management in Google Workspace provides the necessary features for securing mobile devices without the need for third-party apps or additional licenses. This includes enforcing passcodes and enabling remote account wipe functionality for both iOS and Android devices. Advanced management ensures that both security requirements are met while keeping the setup efficient and within the organization's existing licenses.


NEW QUESTION # 57
A user does not follow their usual sign-in pattern and signs in from an unusual location.
What type of alert is triggered by this event?

  • A. User sign-in alert.
  • B. Suspicious login activity alert.
  • C. Suspicious mobile activity alert.
  • D. Leaked password alert.

Answer: B

Explanation:
Identify Suspicious Login Activity:
Google Workspace triggers a suspicious login activity alert when a user signs in from an unusual location or device that is not part of their regular sign-in pattern.
Review Alerts:
Go to the Google Workspace Admin console.
Navigate to "Security" > "Dashboard" > "Suspicious login activity".
Review the details of the alert to determine the nature of the suspicious login.
Take Appropriate Actions:
Investigate the alert to ensure that the login attempt is legitimate.
If the login is deemed suspicious, follow security protocols to secure the user account, such as resetting the password or enabling two-factor authentication.
Reference
Google Workspace Admin Help: Review security alerts


NEW QUESTION # 58
A user does not follow their sign-in pattern and signs in from an unusual location. As an admin, what should you do in response to this alert for this user during this investigation?

  • A. Enhance your security alerts for tracking sign-in patterns
  • B. Investigate the account for unauthorized activity in the Login and Security Audit Log
  • C. First, suspend the account and then investigate
  • D. Add Two Factor Authentication to the Domain

Answer: B


NEW QUESTION # 59
You received this email from the head of marketing:
Hello Workspace Admin:
Next week, a new consultant will be starting on the "massive marketing mailing" project. We want to ensure that they can view contact details of the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that you can help with?
What are two of the steps you need to perform to fulfill this request? (Choose two.)

  • A. Create an isolated OU for the consultants who need the restricted contacts access.
  • B. Create a group that includes the contacts that the consultant is allowed to view.
  • C. Ensure that you have the Administrator Privilege of Services > Services settings and that Services > Contacts > Contacts Settings Message is set.
  • D. Create the consultant inside under the marketing OU.
  • E. Apply the role of owner to the consultant in the group settings.

Answer: A,B


NEW QUESTION # 60
You work at a large global holding firm with multiple companies that are united under one Google Workspace deployment. You must ensure that employees can only access documents at the company in which they are employed What should you do?

  • A. Set up data loss prevention (DLP) rules to prevent specific documents from being shared
  • B. Set up Google Drive trust rules to prevent access to documents from individual companies
  • C. Create a User group for each company and change Google Drive sharing settings to block external sharing
  • D. Create an organizational unit (OU) for each company and disable file sharing.

Answer: B

Explanation:
Access Admin Console: Log in to the Google Admin console using your administrator account.
Navigate to Drive and Docs: Go to Apps > Google Workspace > Drive and Docs.
Set Up Drive Trust Rules: Select Sharing settings > Sharing options.
Configure Trust Rules: Set up trust rules to define which organizational units (OUs) or groups can share documents with each other. Ensure that each company's OU has rules that restrict access to documents only within that company.
Apply and Save Changes: Implement these settings and save. This ensures that employees can only access documents within their respective companies.
Reference:
Google Workspace Admin Help: Drive trust rules
Google Workspace Drive Sharing Settings


NEW QUESTION # 61
......


Google Cloud Certified - Professional Google Workspace Administrator exam is a valuable certification for professionals who manage and administer Google Workspace for their organization. It demonstrates a deep understanding of the platform and can lead to more job opportunities and increased earning potential. With the right preparation and study resources, candidates can successfully pass the exam and achieve this certification.

 

Latest Google-Workspace-Administrator Pass Guaranteed Exam Dumps Certification Sample Questions: https://getfreedumps.passreview.com/Google-Workspace-Administrator-exam-questions.html