Free Google-Workspace-Administrator Actual Exam Questions
Dumps Box (DumpsBox) offers up-to-date practice exam questions for Workspace Administrator certification exam which are developed and validated by Google subject domain experts certified in Google-Workspace-Administrator . These practice questions are update regularly as we keep an eye on any recent changes in Workspace Administrator syllabus, and when there is update our team quickly adjusts the questions. This commitment to providing the best quality exam prep material to certification aspirants is what makes DumpsBox.com the best certification exam prep website. On top of that, our strong, yet strictly moderated, community based feedback keeps the content clean and current. Each question has helpful community discussion that provides it extra perspective and introduces helpful resources for better exam preparation. This also saves students from other outdated practice questions or illicit exam dumps that can have adverse affects on career. Browse through our Google-Workspace-Administrator exam questions and pass your exam on first try.
need to enable email access and configure the account for multiple administrative assistants What
should you do?
It’s C because delegating access to a group simplifies management and avoids password sharing risks. Plus, multiple assistants can handle the CEO’s emails without needing separate aliases or complicated sender settings.
D is out for sure; sharing passwords is a major security risk.
Workspace Business, or no license, depending on their job duties, and the cost of user licenses is
paid out of each division's budget. In order to effectively manage the license disposition, team
leaders require the ability to look up the type of license that is currently assigned, along with the last
logon date, for their direct reports.
You have been tasked with recommending a solution to the Director of IT, and have gathered the
following requirements:
Team leaders must be able to retrieve this data on their own (i.e., self-service).
Team leaders are not permitted to have any level of administrative access to the Google Workspace
Admin panel.
Team leaders must only be able to look up data for their direct reports.
The data must always be current to within 1 week.
Costs must be mitigated.
What approach should you recommend?
This one feels like C makes the most sense because it’s low-cost and can be tailored with App Script for automation and access controls. D might be overkill since AppMaker is deprecated and adds complexity. With C, you can set up the script to update data weekly and use separate filtered views or protected ranges so leaders only see their reports. The key is automating the sync so it’s hands-off for the team leads while keeping everything secure and within budget.
C, it’s simple and cost-effective with manageable access controls.
just received an alert for a suspicious login attempt. They are trying to determine how frequently
suspicious login attempts occur within the organization. The CISO has asked you to provide details for
each user account that has had a suspicious login attempt in the past year and the number of times it
occurred for each account.
What action should you take to meet these requirements?
Option A feels right since the login audit report specifically tracks suspicious login events, which matches the requirement better than general account activity reports.
It’s D because creating a custom BigQuery query lets you tailor the data exactly by user and time frame, which the standard reports might not break down as precisely for suspicious logins.
practice for users to create consumer Google accounts with their corporate email address (for
example, to monitor Analytics, manage AdSense, and collaborate in Docs with other partners who
were on Google Workspace.) You were able to address active employees’ use of consumer accounts
during the rollout, and you are now concerned about blocking former employees who could
potentially still have access to those services even though they don't have access to their corporate
email account.
What should you do?
D imo, since provisioning those accounts with Cloud Identity and disabling services is a more direct way to block access after employees leave. Relying on the transfer tool (B) assumes former users will cooperate, which might not happen. Also, option A feels off because support usually won’t manage blocking accounts like that. Cleaning up access lists (C) is useful but reactive and won’t stop former users from accessing consumer accounts tied to corporate emails. So D gives you a way to lock down those accounts even if users don’t respond.
Probably B since it actively tries to regain control of those unmanaged accounts.
The HR Director wants to enact a new policy to restrict access to the “Employee Compensation”
subfolder stored on that Team Drive to a small subset of the team.
What should you do?
Maybe C, since Team Drives don’t allow subfolder-level permission changes directly.
C imo, because Team Drives don’t support subfolder-level restrictions, so separate drive makes sense.
asked you to provide a report that shows the number of active and suspended users by organization
unit, which has been set up to match the Regions and Departments within your company. You need
to produce a Google Sheet that shows a count of all active user accounts and suspended user
accounts by Org unit.
What should you do?
I get why B looks appealing for combining data, but it sounds like extra hassle matching OrgIDs with the user list. D feels more straightforward since you get all user info—including status and Org unit—in one export. That means you can quickly pivot or filter in Sheets without additional API steps. So, I’d pick D for simplicity and less chance of messing up data joins.
Maybe D makes the most sense here since it directly gives you all user info including status and Org unit, no need for extra API work or joins. That way you can just filter and count active vs suspended in Sheets without fuss. B sounds more complicated with having to merge data sets and handle OrgIDs separately, which might slow things down. If the goal’s a quick and straightforward report, grabbing all data straight from the Users Menu seems cleaner and less error-prone.
Authentication and forced hardware keys as a best practice to prevent such attacks. The CISO is
curious as to how many such email phishing attempts you've avoided since putting the
2FA+Hardware Keys in place last month.
Where do you find the information your CISO is interested in seeing?
C. The Security Dashboard usually gives a real-time snapshot of blocked threats, including phishing. It feels more reliable for showing what was actually stopped rather than just received emails. Since spam filters catch phishing too, this should give a clearer picture of attempts prevented since 2FA was put in place. Plus, it's likely easier to correlate the timing with the 2FA rollout compared to broader reports.
Probably D since Reporting usually gives detailed, date-filtered data, so you can track phishing attempts after 2FA was put in place, which fits the CISO’s request best.
files to facilitate collaboration with other Google Workspace customers. Recently you have had
several incidents of files and folders being broadly shared with external users and groups. Your chief
security officer needs data on the scope of external sharing and ongoing alerting so that external
access does not have to be disabled.
What two actions should you take to support the chief security officer's request? (Choose two.)
B/D? Alerts from Drive audit reports (B) catch new external shares fast, while a custom dashboard (D) helps track ongoing external sharing more closely. The other options seem more static or restrictive.
Good point about ongoing alerts; B for sure, and D for continuous monitoring.
but received notifications that some employees have issues with consumer Google accounts (conflict
accounts). You want to put a plan in place to address this concern.
What should you do?
D/C? D seems like the best starting point since it helps locate those conflict accounts without messing anything up right away. But if the issue is users not having proper Workspace accounts yet, then C might be necessary to get them properly onboarded. I think handling the detection first with D and then creating new accounts as needed (C) makes sense before jumping to removal or renaming.
A vs D? While D helps identify conflict accounts, A actually solves the problem by removing those conflicts. But I worry about data loss with A if it’s done too quickly. Maybe use D first to check, then A once you’re sure. Just jumping to removal without assessment seems risky.
employee can only be signed in to by that employee and no one else.
What two things should you do? (Choose two.)
A/E? Disabling guest and public sessions cuts off quick access, and restricting sign-in to the employee’s email makes sure no one else can log on. Seems like the cleanest combo to lock down the device.
A and E, Guest Mode off plus restricting sign-in to just that user.
Google Workspace login logs, you have determined that in several cases, the stolen credentials have
been used in countries other than the ones your organization works in. What else can you do to
increase your organization's defense-in-depth strategy?
Maybe A. Blocking known malicious IPs can immediately stop suspicious login attempts, which is quicker to implement compared to changing passwords or device management setups.
A/C? Blocking malicious IPs is a quick way to cut off known bad actors without waiting for users to change passwords, which might not stop current breaches fast enough. Higher complexity helps but won’t stop stolen creds alone.
users are now locked out of their accounts because they did not set up 2-Step Verification by the
enforcement date. What corrective action should you take to allow the users to sign in again?
Temporarily moving users seems best; option B lets them reset 2SV without risking security. B
It’s B because temporarily moving users lets them set up 2SV without risking org-wide security.
applications from unknown sources” was occurring. They have asked you to find a way to prevent
that from happening.
Using Mobile Device Management (MDM), you need to configure a policy that will not allow mobile
applications to be installed from unknown sources.
What MDM configuration is needed to meet this requirement?
D imo, requiring admin approval adds a solid control layer for any app installs, not just Android. It covers more devices and is more reliable if the MDM can’t directly toggle unknown sources settings.
Maybe D could work too since requiring admin approval adds a gate before any app installs, which would naturally stop apps from unknown sources without needing to tweak Android settings directly. It’s broader but still effective in preventing unauthorized app installations. C is very Android-specific, but if the environment manages different device types, D might offer a more universal way to control app installs. Still, for strictly stopping unknown sources on Android, C seems more targeted, but I don’t think D should be dismissed outright as it enforces admin control overall.
Workspace licensing. A third of your employees are located in the United States, another third in
Europe, and the other third geographically dispersed around the world. European employees are
required to have their data stored in Europe. The current OU structure for your organization is
organized by business unit, with no attention to user location. How do you configure Workspace for
the fastest end user experience while also ensuring that European user data is contained in Europe?
D seems solid since config groups can be applied without restructuring OUs, keeping things simple and still ensuring European data stays local. Less hassle than changing OU setups.
B tbh. Adding location-based OUs seems like a clean way to segment data region controls without messing with existing business unit structures too much. It directly ties data storage rules to user location, which matches the requirement well. Plus, it avoids potential confusion from overlapping config groups or needing complex rules. Seems more straightforward for compliance and performance.
and hold all email for two specific users. Additionally, they have been asked to discover and hold any
email referencing “Secret Project 123.”
What steps should you take to satisfy this request?
Option B seems solid since it directly targets the two users and applies the exact project phrase as a search term, keeping things straightforward without unnecessary complexity.
Makes sense to keep it separate like in A since you want all emails from those users plus any mentioning the project, no overlap risks. A’s the safest bet here.