Free GCP-AGWA Sample Questions — Google Cloud Platform - Associate Google Workspace Administrator

The legal department at your organization is working on a time-critical merger and acquisition (M&A) deal. They urgently require access to specific email communications from an employee who is currently on leave. The organization’s current retention policy is set to indefinite. You need to retrieve the required emails for the legal department in a manner that ensures data privacy. What should you do?

• A. Instruct the IT department to directly access and forward the relevant emails to the legal department
• B. Temporarily grant the legal department access to the employee’s email account with a restricted scope that is limited to the M&A-related emails
• C. Ask a colleague with delegate access to the employee's mailbox to identify and forward the relevant emails to the legal department
• D. Use Google Vault to create a matter specific to the M&A deal. Search for relevant emails within the employee's mailbox. Export and share relevant emails with your legal department

Your company wants to start using Google Workspace for email. Your domain is verified through a third-party provider. You need to route the email to Google Workspace. What should you do?

• A. Change your domain’s A record to point to Google’s mail servers
• B. Configure a forwarding rule in your current email system to redirect all messages to Gmail
• C. Update your domain’s MX records to the Google Workspace MX records provided in the setup instructions
• D. Create a CNAME record that maps your domain to “gmail.com.”

An end user has thousands of files stored in Google Drive. Their files are well organized with Drive labels. You need to advise the end user on how to quickly identify all files that are contracts. What should you do?

• A. Advise the user to use the Google Drive API to search for files with the keyword “contracts”
• B. Advise the user to search in Drive for files with the keyword “contracts”, and use the “modified by me” filter
• C. Advise the user to search for files that are labeled as “contracts”
• D. Advise the user to use the Investigation tool to search for files with the keyword “contracts” and updated by you

Your organization’s security team has published a list of vetted third-party apps and extensions that can be used by employees. All other apps are prohibited unless a business case is presented and approved. The Chrome Web Store policy applied at the top-level organization allows all apps and extensions with an admin blocklist. You need to disable any unapproved apps that have already been installed and prevent employees from installing unapproved apps. What should you do?

• A. Change the Chrome Web Store allow/block mode setting to allow all apps, admin manages blocklist, In the App access control card, block any existing web app that is not on the security team’s vetted list
• B. Change the Chrome Web Store allow/block mode setting to block all apps, admin manages allowlist. Add the apps on the security team’s vetted list to the allowlist
• C. Disable Extensions and Chrome packaged apps as Allowed types of apps and extensions for the top-level organizational unit. Selectively enable the appropriate extension types for each suborganization
• D. Disable the Chrome Web Store service for the top-level organizational unit. Enable the Chrome Web Store service for organizations that require Chrome apps and extensions

Your company is transitioning to Google Workspace from legacy communication and collaboration applications. User accounts are managed in Active Directory and synced to Google Workspace by using Google Cloud Directory Sync (GCDS). Your company is implementing a new security policy for all accounts that requires complex passwords. Passwords must be at least 20 characters long, contain 3 symbols, 4 numbers, and 2 capital letters. You need to enforce the new password policy in Google Workspace. What should you do?

• A. Share the instructions for changing a Google account password with your users. Monitor password strength in the Google Admin console as users change their passwords
• B. Enable strong password enforcement and require a minimum length of 20 characters at the top-level organizational unit
• C. Create a password policy in Active Directory. Install Password Sync on the global catalog servers for Active Directory and require a password change for your users
• D. Create a password policy in Active Directory. Enable password synchronization in GCDS

The human resources department notified you of a legal investigation that was started for an employee in the finance department. You need to ensure that this employee's Google Drive data is preserved for at least one year and does not get deleted by the user or by other means. The Google Vault default retention rules for Drive are set for five years. What should you do?

• A. Create a hold in Vault for the employee's Drive
• B. Place the employee into a separate organizational unit (OU). Create a custom one-year retention rule for this OU
• C. Change the Vault default retention rule to one year instead of five
• D. Confirm that the Vault default retention rule is set for five years

Your organization has detected a significant rise in unauthorized access to applications from personal devices. This poses a critical security risk and could lead to data loss. To mitigate this risk, you must immediately restrict user access to these applications. What should you do?

• A. Enable data loss prevention rules
• B. Limit apps access to company-issued devices by using context-aware access
• C. Configure apps data access to Limited to only allow access to unrestricted services
• D. Enable multi-factor authentication for application access

Your company operates several primary care clinics where employees routinely work with protected health information (PHI). You are in the process of transitioning the organization to Google Workspace from a legacy communication and collaboration system. After you sign the Business Associate Agreement (BAA), you need to ensure that data is handled in compliance with regulations when using Google Workspace. What should you do?

• A. Implement a third-party backup service that is also compliant with Google Workspace core services
• B. Create a label for Google Drive content to help employees identify sensitive data
• C. Instruct the staff to not store any PHI in Google Workspace core services, including Google Drive, Docs, Sheets, and Keep
• D. Disable integrations with third-party apps and turn off non-core Google services

Your organization uses live-streaming to host large Google Meet meetings. You need to limit the participation to affiliated Google Workspace domains by using the Admin console. What should you do?

• A. Add the Trusted Workspace domain names in the Stream dialog box
• B. Turn off live streaming to Youtube
• C. Add participants to an organizational unit (OU). Turn on live streaming
• D. Turn on in-house live streaming. Invite users from affiliated domains

You are investigating a potential data breach. You need to see which devices are accessing corporate data and the applications used. What should you do?

• A. Analyze the audit log in the Admin console for device and application activity
• B. Analyze the security investigation tool to access device log data
• C. Analyze the Google Workspace reporting section of the Admin console
• D. Analyze the User Accounts section in the Google Admin console

Your security team is concerned about disgruntled employees downloading large amounts of intellectual property. You need to create an automatic notification if any user downloads more than 500 files from Google Drive within a one-hour period. What should you do?

• A. Configure a Data Loss Prevention (DLP) rule for Drive
• B. Use the alert center to review Drive audit logs for instances where users download a large number of files
• C. Create an activity rule in the security investigation tool to monitor Drive download events. Set a threshold to trigger an alert
• D. Set up an alert within Google Cloud Monitoring to track the number of Drive API calls and trigger a notification when a user makes an excessive number of download requests

A user in your organization received a spam email that they reported for further investigation. You need to find out more details and the scope of this incident as quickly as possible. What should you do?

• A. Conduct a Vault search to find this email and identify if additional users were affected
• B. Conduct a search to find all emails sent by the sender by using the Gmail API
• C. Conduct an Email reports search to find this email and all of the email’s recipients
• D. Conduct a search in the security investigation tool to find this email, and identify whether additional users were affected

Your company handles sensitive client data and needs to maintain a high level of security to comply with strict industry regulations. You need to allow your company’s security team to investigate potential security breaches by using the security investigation tool in the Google Admin console. What should you do?

• A. Create an activity rule that triggers email notifications to the security team whenever a high-risk security event occurs
• B. Assign the User Management Admin role to the security team
• C. Assign the super admin role to the security team
• D. Create an administrator role with Security Center access. Assign the role to the security team

Your organization has business operations worldwide in the Americas, Europe, and Asia Pacific regions. Your data compliance officer told you that it is preferable that the data is stored in a location within the region where the user resides. You need to configure the Data Regions feature in the Admin console. What should you do?

• A. Create groups for the three regions. Add the users to their respective group. Select ‘United States’ for the Americas group, ‘Europe’ for the Europe group, and ‘Asia Pacific’ for the Asia Pacific group
• B. Select ‘United States’ for the Americas OU, ‘Europe’ for the Europe OU, and ‘No Preference’ for the Asia Pacific OU
• C. Select ‘United States’ for the parent OU
• D. Select ‘United States’ for the Americas OU, ‘Europe’ for the Europe OU, and ‘Asia Pacific’ for the Asia Pacific OU

You’ve noticed an increase in phishing emails that contain links to malicious files hosted on external Google Drives. These files often mimic legitimate documents and trick users into granting access to their accounts. You need to prevent users from accessing these malicious external Drive files, but allow them to access legitimate external files. What should you do? (Choose two.)

• A. Enforce stricter password policies
• B. Conduct regular security awareness training to educate users
• C. Create a Drive trust rule that blocks all external domains except for a pre-approved list of trusted partners
• D. Deploy advanced malware detection software on all user devices to scan and block malicious files
• E. Implement two-factor authentication for all users