Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Google
  5. GOOGLE-WORKSPACE-ADMINISTRATOR

Google GOOGLE-WORKSPACE-ADMINISTRATOR Exam
Professional Google Workspace Administrator (Page 4 )

Updated On: 7-Feb-2026
Page 4 of 41
PDF with 199 Questions

What action should be taken to configure alerting related to phishing attacks?

  1. Set up a Token audit log event alert.
  2. Set up an Admin audit log event alert.
  3. Set up an email settings changed alert.
  4. Set up a suspicious login event alert.

Answer(s): D

Explanation:

Admin Console: Log into the Google Admin console at admin.google.com. Security Settings: Navigate to Security > Investigation Tool.
Create an Alert:
Click on "Create activity rule".
In the conditions section, select "Event is" and choose "Login".
Set the condition to "Suspicious login".

Alert Details: Configure the alert details, such as who will receive the alert and any additional notification settings.
Save and Activate: Save the rule and activate it to start monitoring for suspicious login attempts.
Reference
Google Workspace Admin: Manage Alerts
Google Workspace Security: Investigation Tool



A company using Google Workspace has reports of cyber criminals trying to steal usernames and passwords to access critical business dat

  1. You need to protect the highly sensitive user accounts from unauthorized access.
    What should you do?
  2. Turn on password expiration.
  3. Enforce 2FA with a physical security key.
  4. Use a third-party identity provider.
  5. Enforce 2FA with Google Authenticator app.

Answer(s): B

Explanation:

Admin Console: Log into the Google Admin console at admin.google.com. Security Settings: Navigate to Security > Authentication > 2-step verification.
Enforce 2FA:
Enable "Enforce 2-step verification".
Set the option to require "Security Keys".
Deployment: Ensure all highly sensitive user accounts are equipped with physical security keys (e.g., YubiKey).
Enrollment: Assist users in enrolling their security keys through the Google Account settings under "Security".
Reference
Google Workspace Admin: Enforce 2-Step Verification

Google Workspace Security: Security Keys



After migrating to Google Workspace, your legal team requests access to search all email and create litigation holds for employees who are involved with active litigation. You need to help the legal team meet this request.

What should you do?

  1. Add the legal team to the User Management Admin system role.
  2. Add the legal team to the Google Vault Google Group.
  3. Create a custom role with Google Vault access, and add the legal team.
  4. Create a matter in Google Vault, and share with the legal team.

Answer(s): C

Explanation:

Step by Step Comprehensive Detailed Explanation
Admin Console: Log into the Google Admin console at admin.google.com. Roles and Privileges: Navigate to Admin roles > Create new role.
Create Custom Role:
Name the role (e.g., Legal Team Vault Access).
Assign privileges specific to Google Vault, such as "Manage Holds" and "Manage Searches".
Assign Role:
Add the legal team members to the custom role.
Ensure they have appropriate permissions to access Google Vault.
Google Vault Access:
The legal team can now access Google Vault (vault.google.com) to create and manage searches and holds.
Reference
Google Workspace Admin: Create and Assign Roles
Google Vault Help: Managing Roles



Your company's compliance officer has requested that you apply a content compliance rule that will reject all external outbound email that has any occurrence of credit card numbers and your company's account number syntax, which is AccNo. You need to configure a content compliance rule to scan email to meet these requirements.

Which combination of attributes will meet this objective?

  1. Name the rule > select Outbound and Internal Sending > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers > choose Reject.
  2. Name the rule > select Outbound > select If ANY of the following match > add two expressions:
    one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers
    > choose Reject
  3. Name the rule > select Outbound and Internal Sending > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.
  4. Name the rule > select Outbound > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.

Answer(s): A

Explanation:

Admin Console: Log into the Google Admin console at admin.google.com. Gmail Settings: Navigate to Apps > Google Workspace > Gmail > Compliance.
Create Rule:
Click on "Add another rule" under the "Content compliance" section. Name the rule appropriately (e.g., Reject Sensitive Info).
Conditions:
Select "Outbound and Internal Sending" to ensure all outgoing and internal emails are scanned. In the "If ANY of the following match" section, add two expressions:
Simple Content Match: Configure to find "AccNo".
Predefined Content Match: Select "Credit Card Numbers".
Action:
Choose "Reject" as the action for emails that match these conditions. Save Rule: Save the rule and apply it to ensure it is active.
Reference
Google Workspace Admin: Set up Compliance Rules
Google Workspace Admin: Configure Content Compliance



Your company has decided to change SSO providers. Instead of authenticating into Google Workspace and other cloud services with an external SSO system, you will now be using Google as the Identity Provider (IDP) and SSO provider to your other third-party cloud services.

What two features are essential to reconfigure in Google Workspace? (Choose two.)

  1. Apps > add SAML apps to your domain.
  2. Reconfigure user provisioning via Google Cloud Directory Sync.
  3. Replace the third-party IDP verification certificate.
  4. Disable SSO with third party IDP.
  5. Enable API Permissions for Google Cloud Platform.

Answer(s): A,D

Explanation:

Apps > add SAML apps to your domain:
When switching to Google as the Identity Provider (IDP) for Single Sign-On (SSO), you need to configure Google Workspace to act as the SSO provider for third-party applications. This involves adding the necessary SAML (Security Assertion Markup Language) applications to your domain within Google Workspace.
Navigate to the Admin console, go to Apps > Web and mobile apps, and add SAML apps to your domain. This allows Google to authenticate users for those apps.
Disable SSO with third party IDP:
Since you are switching from an external SSO provider to Google Workspace as your IDP, you must disable the current SSO configuration with the third-party provider. Go to the Admin console, navigate to Security > Set up single sign-on (SSO) with a third party IdP, and disable the existing SSO setup. This ensures that users will now authenticate directly through Google Workspace instead of the previous SSO provider.


Reference:

Google Workspace Admin Help: Set up your own custom SAML app Google Workspace Admin Help: Disable SSO with third party IdP






Post your Comments and Discuss Google GOOGLE-WORKSPACE-ADMINISTRATOR exam prep with other Community members:

Join the GOOGLE-WORKSPACE-ADMINISTRATOR Discussion