Free GCP-PGWA Sample Questions — Google Cloud Platform - Professional Google Workspace Administrator

Your organization has users in the United States and Europe. For compliance reasons, you want to ensure that user data is always stored in the region where the user is located. What should you do?

• A. Create two Google Groups titled “United States” and “Europe.” Assign users to either group based on location
• B. Specify a data region policy for each Organizational Unit (OU) where users are grouped by location
• C. Populate the Address field on each user record, ensuring the country information is accurate
• D. Do nothing. No extra configuration is needed because user data is always stored in the region the user is located

Your organization has decided to enforce 2-Step Verification for a subset of users. Some of these users are now locked out of their accounts because they did not set up 2-Step Verification by the enforcement date. What corrective action should you take to allow the users to sign in again?

• A. Disable 2-Step Verification per organizational unit so the affected users can sign in
• B. Move the affected users into the exception group temporarily so they can set up 2-Step Verification, and then remove them from the exception group after successful sign-in is confirmed
• C. Disable 2-Step Verification organization-wide so all users can successfully sign in
• D. Move the affected users into the exception group permanently so they do not have to use 2-Step Verification going forward

Your organization is using Password Sync to sync passwords from Active Directory to Google Workspace. A user changed their network password and cannot log in to Google Workspace with the new password. What steps should you take to troubleshoot this issue?

• A. Reinstall Password Sync on all domain controllers
• B. Reauthorize the Password Sync tool in the Google Workspace Admin Console
• C. Confirm that the Password Sync service is running on all domain controllers
• D. Reset the user's password in Active Directory

You have configured SSO using a third-party IDP with your Google Workspace domain. An end user has reported that they cannot sign in to Google Workspace after their username was changed in the third-party SSO product. They can sign in to their other internal applications that use SSO, and no other users are experiencing issues signing in. What could be causing the sign-in issue?

• A. The SAML assertion provided by the third-party IDP is presenting a username that conflicts with the current username configured in Google Workspace
• B. The user's Google password was changed administratively, which is causing a sign-in failure
• C. The issued certificate for that user has been revoked and must be updated before the user can have another successful sign in
• D. The SAML assertion is providing the user's previous password attached to their old username

Your executive team has asked you to export all available data for 1,200 of your 1,500 Google Workspace Domain users. How should you proceed to export the data with the least amount of effort?

• A. Perform a search in Google Vault for the 500 users and export all of the results
• B. Create a shared drive for the exports. Instruct end users to manually use Google Takeout to export the data and place the exported files in the shared drive
• C. Contact Google Cloud support to perform the export for you
• D. Contact Google Cloud Support to enable the Data Export tool for your organization, because you have more than 1,000 users, then use the tool to export data for the domain, and remove any unnecessary user data

Your company is using macOS devices for all employees and has built a process to allow a Google account to be used as credentials for the device. Your company wants to manage newly acquired Windows 10 devices with Google Workspace endpoint management and have employees use their Google Workspace account as login credentials for Windows 10. Which steps should you take to enable this? (Choose two.)

• A. Install and configure Google Credential Provider for Windows (GCPW) on each device
• B. Sync the Google Accounts and password to AD via Google Cloud Directory Sync V1 (GCDS)
• C. Install and configure Password Sync on each Active Directory (AD) domain controller
• D. Configure Chrome policies on Windows to push advanced device management policies
• E. Enable Windows device management in Devices > Mobile & endpoints > Settings > Windows setting

You are the Workspace administrator for an international organization with Enterprise Plus Workspace licensing. A third of your employees are located in the United States, another third in Europe, and the other third geographically dispersed around the world. European employees are required to have their data stored in Europe. The current OU structure for your organization is organized by business unit, with no attention to user location. How do you configure Workspace for the fastest end user experience while also ensuring that European user data is contained in Europe?

• A. Configure a data region at the top level OU of your organization, and set the value to “Europe”
• B. Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each
• C. Configure a configuration group for European users, and set the data region to “Europe”
• D. Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe

Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices?

• A. Navigate to “Data Protection” setting in Google Admin Console's Device management section and disable the “Allow users to copy data to personal apps” checkbox
• B. Disable “Open Docs in Unmanaged Apps” setting in Google Admin Console’s Device management section
• C. Navigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management
• D. Clear the “Allow items created with managed apps to open in unmanaged apps” checkbox

Before leaving your organization, an employee in the finance department created and shared documents from My Drive. Their manager wants to keep all the files, but only some of these documents need to be available in the Shared Drive of the finance department. You need to quickly and efficiently delete the Workspace account for the former employee but also ensure that the finance department can access the required files. What should you do?

• A. Before leaving the organization, instruct the employee to create a folder in My Drive, move the documents that need to be shared, then share that folder with the Finance manager and delete the user
• B. Use Google Takeout to download the Drive data and then upload the data back to the Shared Drive of the finance department
• C. Use Google Vault to set a retention policy for the organizational unit (OU) where the former employee resides
• D. In the User Deletion process, transfer ownership of the documents to the manager. After completion, instruct the manager to move the desired documents into the Shared Drive of the finance department

A retail company has high employee turnover due to the cyclical nature in the consumer space. The increase in leaked confidential content has created the need for a specific administrative role to monitor ongoing employee security investigations. What step should you take to increase the visibility of such investigations?

• A. Assign the ‘Services Admin’ role to an administrator with ‘Super Admin’ privileges
• B. Create a ‘Custom Role’ and add all the Google Vault privileges for a new administrator
• C. Validate that the new administrator has access to Google Vault
• D. Create a ‘Custom Role’ and add the ability to manage Google Vault matters, holds, searches, and exports

A team of field technicians at your organization has been misusing their corporate email account. You need to enforce the corporate policy that prohibits the field technicians from sending emails externally. What should you do?

• A. Place the field technicians in a separate organizational unit (OU) and disable the Gmail mobile app
• B. Disable automatic forwarding for all field technicians
• C. Place the Field Technicians in a Group. Create and apply a domain wide ‘Reject message’ rule to the entire group
• D. Create a routing rule by using the Reject message option for the organization's domain, and apply the rule to the field technician organizational unit (OU)

Your organization has enabled spoofing protection against unauthenticated domains. You are receiving complaints that email from multiple partners is not being received. While investigating this issue, you find that emails are all being sent to quarantine due to the configured safety setting. What should be the next step to allow uses to review these emails and reduce the internal complaints while keeping your environment secure?

• A. Add your partner domains IPs to the Inbound Gateway setting
• B. Change the spoofing protection to deliver the emails to spam instead of quarantining them
• C. Add your partner sending IP addresses to an allowlist
• D. Change the spoofing protection to deliver the emails to inboxes with a custom warning instead of quarantining them

Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.)

• A. Confirm that the user has a Google Workspace Enterprise Plus license
• B. Delete and recreate a new Context-Aware Access device policy
• C. Check whether device policy application is installed on users’ devices
• D. Confirm that the user has at least a Google Workspace Business license
• E. Check whether Endpoint Verification is installed on users’ desktops

You work for an international organization and your CEO frequently travels to other countries. You need to enable email access and configure the account for multiple administrative assistants. What should you do?

• A. Provide the executive administrative assistants with the account password of the CEO
• B. Enable users to specify what sender information is included in delegated messages sent from their account
• C. Create a group of administrative assistants. Enable delegated access to the mailbox of the CEO for that group
• D. Log into the Gmail account of the CEO. Set up and share two separate email aliases

Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams, the security team, requires access to the Security Investigation Tool. What should you do?

• A. Assign the pre-built security admin role to the security team members
• B. Create a Custom Admin Role with the Security Center privileges, and then assign the role to each of the security team members
• C. Assign the Super Admin Role to the security team members
• D. Create a Custom Admin Role with the security settings privilege, and then assign the role to each of the security team members

By using Account Activity reports, you have flagged several users who are uploading large files. You want to ensure you don't run out of pooled storage and you want to stop the abuse. What should you do first?

• A. Email flagged users with a warning of possible abuse
• B. Use the Security Investigation Tool to set alerts on the flagged users
• C. Warn the flagged users, and purchase more pooled storage to avoid hitting storage quotas
• D. Place the flagged users in a configuration group and set storage limits for the group

Your organization has offices in Canada, Italy, and the United States. You want to ensure that employees can access corporate Gmail and Drive from these three geographic locations only. What should you do?

• A. Require the use of corporate devices for any access to corporate Gmail and Drive
• B. Use context-aware access to create access levels based on the geographic location, and assign them to corporate Gmail and Drive
• C. Create address lists to restrict the delivery of incoming and outgoing messages, and to block notifications from Google Doc comments
• D. Create data protection rules in Google Workspace that allow data access from only three geographic locations

As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

• A. In the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.”
• B. Use the Directory API to check and update the group’s membership after the GCDS sync is completed
• C. Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute
• D. In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”

Your team wants to schedule meetings based on your availability. You need to securely and efficiently share your calendar with your team. What should you do?

• A. Share your calendar with your team. Set the sharing permissions for the calendar to show free/busy details
• B. Create a new group calendar and share it with your team members. Set the sharing permissions for the calendar to show free/busy details
• C. Make your calendar public and set the permissions for events to show free/busy details
• D. Export your calendar and then have your team import it into their Calendar environment

A user has reported that they did not receive an email from one of their normal correspondents. What information do you need to collect from the user to investigate the cause of the issue?

• A. The email address of the sender and the subject and date/time of the missing message
• B. The type of device the individual is using, including the OS version, browser, and browser version
• C. The sender's domain so you can review their SPF and DKIM configuration
• D. The sender's IP address, mail client, and mail platform