
Google-Workspace-Administrator練習試験テスト最新問題2025年02月
Google-Workspace-Administrator試験を一発合格保証問題集!
質問 # 106
With the help of a partner, you deployed Google Workspace last year and have seen the rapid pace of innovation and development within the platform. Your CIO has requested that you develop a method of staying up-to-date on all things Google Workspace so that you can be prepared to take advantage of new features and ensure that your organization gets the most out of the platform.
What should you do?
- A. Develop a cadence of regular roadmap and business reviews with your partner.
- B. Create a Feature Release alert in the Alert Center to be alerted to new functionality.
- C. Regularly scan the admin console and keep track of any new features you identify.
- D. Put half of your organization on the Rapid Release Schedule to highlight differences.
正解:A
解説:
* Schedule regular meetings with your Google Workspace partner.
* During these meetings, review the Google Workspace roadmap and upcoming features.
* Discuss how new features can be leveraged to benefit your organization.
* Plan business reviews to ensure that you are making the most of the platform's capabilities and staying up-to-date with developments.
Establishing a regular cadence of roadmap and business reviews ensures continuous alignment with the latest Google Workspace innovations and allows your organization to take full advantage of new features.
References:
* Google Workspace Admin Help - Google Workspace Partners
質問 # 107
Your organization is on Google Workspace Enterprise and allows for external sharing of Google Drive files to facilitate collaboration with other Google Workspace customers. Recently you have had several incidents of files and folders being broadly shared with external users and groups. Your chief security officer needs data on the scope of external sharing and ongoing alerting so that external access does not have to be disabled.
What two actions should you take to support the chief security officer's request? (Choose two.)
- A. Review who has viewed files using the Google Drive Activity Dashboard.
- B. Create an alert from Drive Audit reports to notify of external file sharing.
- C. Automatically block external sharing using DLP rules.
- D. Review total external sharing in the Aggregate Reports section.
- E. Create a custom Dashboard for external sharing in the Security Investigation Tool.
正解:B、E
解説:
* Create an Alert for External Sharing:
* Access Google Admin Console: Go to admin.google.com and sign in with your administrator account.
* Navigate to Rules: Go to "Security" > "Alert Center" > "Manage Rules".
* Create a New Rule: Select "Create Rule" and choose "Drive Audit" as the event source.
* Configure Rule Settings: Set the conditions to trigger alerts when files or folders are shared externally.
* Set Notification Preferences: Configure who should receive the alerts and how they should be notified.
* Save the Rule: Save and activate the rule to start receiving alerts on external sharing activities.
* Create a Custom Dashboard for External Sharing:
* Access Security Investigation Tool: In the Admin console, go to "Security" > "Investigation
* Tool".
* Create a New Investigation: Click "Create" and select "Drive" as the data source.
* Set Up Investigation Parameters: Define the parameters to track external sharing activities (e.g., file shared externally, users involved).
* Create Dashboard: Save the investigation as a custom dashboard to continuously monitor external sharing activities.
* Review and Monitor: Regularly review the dashboard and set up automated reports if necessary.
References
* Google Workspace Admin Help - Create and manage alerts
* Google Workspace Admin Help - Use the security investigation tool
質問 # 108
You are configuring a customer relationship management (CRM) solution to integrate with Google Workspace services for the sales department at your organization The CRM solution is in the Google Workspace Marketplace and you deploy the specific CRM solution Employees report that there are no contacts and documents visible in the CRM solution You must identify and fix the problem What should you do?
- A. Revoke all OAuth scopes and reinstall the CRM solution for just the sales department.
- B. Check the OAuth scopes and ensure that Drive and Gmail scopes are granted for the CRM solution
- C. Check if Manage access to apps is set to Allow users to install and run any app from the Marketplace
- D. Check if the App distribution settings are set to ON for everyone in your organization
正解:B
解説:
Access the Admin Console: Sign in to your Google Admin console.
Navigate to Security Settings: Click on "Security" and then "API controls." Manage Third-Party App Access: Click on "Manage third-party app access." Check OAuth Scopes: Locate the CRM solution and ensure that it has the necessary OAuth scopes, particularly for Google Drive and Gmail.
Grant Access: If necessary, adjust the settings to grant the required scopes.
Verify Integration: Confirm that the CRM solution now has access to the necessary data and that employees can see contacts and documents.
Reference:
Google Workspace Admin Help: Manage third-party app access
質問 # 109
You have implemented a data loss prevention (DLP) policy for a specific finance organizational unit. You want to apply the same security policy to a shared drive owned by the finance department in the most efficient manner. What should you do?
- A. In the Admin console sharing settings, select the finance organizational unit and deselect Allow users outside the domain to access files in shared drives
- B. Assign the Shared Drive to the finance organizational unit
- C. Create a new DLP policy for shared drive users
- D. Change the scope of the policy to apply to all in the domain
正解:C
解説:
* Access the Admin Console: Sign in to your Google Admin console.
* Navigate to DLP Settings: Click on "Security" and then "Data protection" to access Data Loss Prevention (DLP) settings.
* Create New DLP Policy: Click on "Create policy" and configure the policy specifically for shared drive data.
* Define Rules: Set up the necessary rules and conditions to match the existing DLP policy for the finance organizational unit.
* Apply to Shared Drive: Apply this new policy to the shared drive used by the finance department.
* Save and Activate: Save the policy and ensure it is active and enforced for the shared drive.
References:
* Google Workspace Admin Help: Set up and manage DLP
質問 # 110
As a Workspace Administrator, you want to keep an inventory of the computers and mobile devices your company owns in order to track details such as device type and who the device is assigned to. How should you add the devices to the company-owned inventory?
- A. Download the company owned inventory template CSV file from the admin panel, enter the Device OS, serial number and upload it back to the company owned inventory in the admin panel.
- B. Download the company owned inventory template CSV file from the admin panel, enter the Device OS, asset tag and upload it back to the company owned inventory in the admin panel.
- C. Download the company owned inventory template CSV file from the admin panel, enter the serial number of the devices, and upload it back to the company owned inventory in the admin panel.
- D. Download the company owned inventory template CSV file from the admin panel, enter the asset tag of the devices, and upload it back to the company owned inventory in the admin panel.
正解:C
解説:
https://support.google.com/a/answer/7129612?hl=en&fl=1
質問 # 111
A user named Alice is leaving your organization You need to transfer all of Alice's data from her Drive to Bob's Drive in the most simple and efficient manner possible What should you do?
- A. Instruct Alice to download all of her files from her Drive and upload them to Bob's Drive
- B. Use the Google Drive API to programmatically transfer the files from Alice's Drive to Bob's Drive
- C. Use the Google Admin console to move the files from Alice's Drive to Bob's Drive
- D. Use the Google Takeout service to export Alice's data to a zip file and instruct Bob to import the zip file into his Drive
正解:C
解説:
To transfer all of Alice's data from her Drive to Bob's Drive in the most simple and efficient manner, follow these steps:
Sign in to the Google Admin console: Use an account with super administrator privileges.
Navigate to the Data Transfer tool:
Go to Apps > Google Workspace > Drive and Docs.
Click on "Transfer ownership."
Initiate the transfer:
Enter Alice's email address as the current owner.
Enter Bob's email address as the new owner.
Select the option to transfer all files and folders from Alice's Drive to Bob's Drive.
Click on "Transfer files" to initiate the process.
Verify the transfer:
Once the transfer is complete, confirm that all files and folders are now owned by Bob and accessible in his Drive.
Reference:
Google Workspace Admin Help - Transfer Drive files
質問 # 112
Your company wants to provide secure access for its employees. The Chief Information Security Officer disabled peripheral access to devices, but wants to enable 2-Step verification. You need to provide secure access to the applications using Google Workspace.
What should you do?
- A. Enable additional security verification via email.
- B. Deploy browser or device certificates via Google Workspace.
- C. Configure USB Yubikeys for all users.
- D. Enable authentication via the Google Authenticator.
正解:D
解説:
* 2-Step Verification (2SV):
* 2-Step Verification adds an extra layer of security by requiring users to verify their identity using a second factor in addition to their password. This helps protect against unauthorized access, even if the password is compromised.
* Google Authenticator:
* Google Authenticator is a mobile app that generates time-based one-time passcodes (TOTP) for
2SV. It works even when the device is offline, providing a secure and reliable second factor for authentication.
* Implementation Steps:
* Enable 2-Step Verification:
* Go to the Google Admin console (admin.google.com).
* Navigate to Security > Authentication > 2-Step Verification.
* Turn on 2-Step Verification for the organization.
* Deploy Google Authenticator:
* Instruct users to download the Google Authenticator app from their respective app stores (iOS or Android).
* Provide guidance on setting up Google Authenticator with their Google Workspace accounts.
* Users will scan a QR code provided during the setup process to link their account with the Authenticator app.
* Advantages of Google Authenticator:
* Security: It provides a highly secure method of 2-step verification as the codes are generated on the user's device and change every 30 seconds.
* Ease of Use: It's easy to set up and use, with a straightforward user interface.
* Offline Functionality: Codes can be generated even without internet access, ensuring consistent
* access to 2SV codes.
Why Other Options Are Less Suitable:
* A. Enable additional security verification via email:
* Email-based verification is less secure than app-based 2SV because email accounts can be more easily compromised.
* C. Deploy browser or device certificates via Google Workspace:
* While device certificates add security, they are typically used for device management and access control rather than for 2-step verification purposes.
* D. Configure USB Yubikeys for all users:
* USB Yubikeys are highly secure and suitable for 2SV, but they require physical distribution and management of hardware tokens, which can be logistically complex and costly. Given the context of disabled peripheral access, this option might contradict the policy of the Chief Information Security Officer.
References:
* Google Workspace Admin Help: Set up 2-Step Verification
* Google Workspace Security: 2-Step Verification
質問 # 113
Your client is a multinational company with a single email domain. The client has compliance requirements and policies that vary by country. You need to configure the environment so that each country has their own administrator and no administrator can manage another country.
What should you do?
- A. Create Admin Alerts, and use the Security Center to audit whether admins manage countries other than their own.
- B. Create a Team Drive per OU, and allow only country-specific administration of each folder.
- C. Create an OU for each country. Create an admin role and assign an admin with that role per OU.
- D. Establish a new Google Workspace tenant with their own admin for each region.
正解:C
解説:
https://support.google.com/a/answer/6129577?hl=en#:~:text=Create%20and%20assign%20the%20role&text=Click%20Assign%20role.,organizational%20unit%20and%20click%20Done.
質問 # 114
A user has traveled overseas for an extended trip to meet with several vendors. The user has reported that important draft emails have not been saved in Gmail, which is affecting their productivity. They have been constantly moving between hotels, vendor offices, and airport lounges.
You have been tasked with troubleshooting the issue remotely. Your first priority is diagnosing and preventing this from happening again, and your second priority is recovering the drafts if possible. Due to time zone differences, and the user's busy meeting schedule, you have only been able to arrange a brief Hangouts Meet with the user to gather any required troubleshooting inputs.
What two actions should be taken on this call with the user? (Choose two.)
- A. Ask the user to send an email to you so you can check the headers.
- B. Take screenshots of the user's screen when composing an email.
- C. Use the Email log search in the Admin panel.
- D. Check the Users > App Users Activity report.
- E. Record a HAR file of the user composing a new email.
正解:B、E
解説:
Recording a HAR file (B):
HAR (HTTP Archive) files contain a detailed log of web browser's interaction with a site. Recording a HAR file while the user is composing a new email will provide detailed information about any network issues, errors, or delays in the communication between the user's browser and Gmail servers. This can help diagnose connectivity issues, session timeouts, or any other underlying problems that may prevent drafts from being saved.
Taking Screenshots (C):
Taking screenshots of the user's screen while composing an email can help visually capture any error messages, unusual behavior, or interface issues that the user might be experiencing. Screenshots provide a clear view of the user's environment, including the browser settings, extensions, and any prompts or notifications that appear during the email composition process.
Detailed Steps:
Recording a HAR File:
Instruct the user on how to open the Developer Tools in their browser (usually by pressing F12 or right-clicking on the page and selecting "Inspect").
Navigate to the Network tab within Developer Tools.
Ensure the "Preserve log" option is checked to retain the recorded log across different pages.
Start recording the HAR file before the user starts composing a new email.
After reproducing the issue, stop the recording and save the HAR file.
Have the user send the HAR file to you for analysis.
Taking Screenshots:
Guide the user on taking screenshots while they are composing a new email.
Ensure they capture key steps, including opening the compose window, typing the email, and any errors or unusual behavior that occurs.
The user can take multiple screenshots if necessary to provide a comprehensive view of the issue.
Ask the user to share these screenshots with you for further investigation.
Why the Other Options Are Less Effective:
A . Ask the user to send an email to you so you can check the headers:
This does not directly help diagnose why drafts are not being saved, as email headers mainly provide information about the routing and delivery of sent emails, not drafts.
D . Use the Email log search in the Admin panel:
Email log search is useful for tracking sent and received emails but does not provide insights into drafts or unsaved work.
E . Check the Users > App Users Activity report:
This report shows user activity but may not give specific details about the draft-saving process or connectivity issues faced during email composition.
Reference
Google Workspace Admin Help: Analyze connectivity issues using HAR files Google Chrome DevTools: Network Analysis Google Workspace Admin Help: User reports in the Admin console
質問 # 115
Your CISO is concerned about third party applications becoming compromised and exposing Google Workspace data you have made available to them. How could you provide granular insight into what data third party applications are accessing?
What should you do?
- A. Create a report using the OAuth Token Audit Activity logs.
- B. Create a report using the Calendar Audit Activity logs.
- C. Create a report using the Drive Audit Activity logs.
- D. Create a reporting using the API Permissions logs for Installed Apps.
正解:A
解説:
https://support.google.com/a/answer/6124308?hl=en
質問 # 116
The compliance team at your organization is conducting a legal investigation into some concerning sales activities of an employee eight months ago The compliance team contacted you for assistance on the situation You set up the default Google Vault retention rules so all data is retained only for one year You must assist the compliance team with the investigation What should you do1?
- A. Suspend the employee and export all data by using Google Takeout
- B. Assign the compliance team a Google Vault administrator role and change the default retention rules to three years.
- C. Assign the compliance team a Google Vault administrator role and create a legal hold for the employee
- D. Do nothing The retention period has already ended and the evidence has already been purged
正解:C
解説:
Assign Vault Administrator Role: In the Google Admin console, assign the compliance team members the Google Vault administrator role to give them the necessary permissions.
Access Google Vault: Have the compliance team access Google Vault.
Create a Matter: In Google Vault, create a new matter for the investigation.
Create a Hold: Within the matter, create a legal hold specifically targeting the employee's email and any other relevant data. This will preserve all the necessary information beyond the default retention period.
Review Data: The compliance team can now review the preserved data as part of their investigation.
Reference:
Google Vault Help: Assign Vault privileges
Google Vault Help: Create and manage holds
質問 # 117
Your company recently migrated to Google Workspace and wants to deploy a commonly used third-party app to all of finance. Your OU structure in Google Workspace is broken down by department. You need to ensure that the correct users get this app.
What should you do?
- A. For the Finance OU, enable the third-party app in SAML apps.
- B. At the root level, disable the third-party app. For the Finance OU, allow users to install any application from the Google Workspace Marketplace.
- C. At the root level, disable the third-party app. For the Finance OU, allow users to install only whitelisted apps from the Google Workspace Marketplace.
- D. For the Finance OU, enable the third-party app in Marketplace Apps.
正解:D
解説:
* For the Finance OU, enable the third-party app in Marketplace Apps:
* To deploy a third-party app specifically to the finance department, you need to enable it within the Google Workspace Marketplace and restrict its availability to the Finance organizational unit (OU).
* In the Admin console, navigate to Apps > Google Workspace Marketplace apps, find the third-party app, and configure its settings to be available only for the Finance OU. This ensures that only users within this OU can access and use the app.
References:
* Google Workspace Admin Help: Manage Google Workspace Marketplace apps
* Google Workspace Admin Help: Organizational Units
質問 # 118
Your CISO is concerned about third party applications becoming compromised and exposing Google Workspace data you have made available to them. How could you provide granular insight into what data third party applications are accessing?
What should you do?
- A. Create a report using the OAuth Token Audit Activity logs.
- B. Create a report using the Calendar Audit Activity logs.
- C. Create a report using the Drive Audit Activity logs.
- D. Create a reporting using the API Permissions logs for Installed Apps.
正解:A
解説:
Access Admin Console: Log into your Google Workspace Admin Console.
Navigate to Reports: Go to the Reports section within the Admin Console.
OAuth Token Audit Log: Access the OAuth Token Audit Activity logs. This log provides detailed information about third-party applications that have been granted access to your Google Workspace data.
Review Data Access: Review the logs to see which applications have accessed what type of data. This includes details on the scopes of access requested by the applications.
Generate Report: Create a report from these logs to provide granular insight into the data accessed by third-party applications. This report can be used to assess and mitigate any potential risks.
Reference
Google Support: Token audit log
質問 # 119
Your company's Google Workspace primary domain is "mycompany.com," and it has acquired a startup that is using another cloud provider with a domain named "mystartup.com." You plan to add all employees from the startup to your Google Workspace domain while preserving their current mail addresses. The startup CEO's email address is [email protected], which also matches your company CEO's email address as [email protected], even though they are different people. Each must keep the usage of their email. In addition, your manager asked to have all existing security policies applied for the new employees without any duplication. What should you do to implement the migration?
- A. Create an alias domain, mystartup.com, in your existing Google Workspace domain, set up necessary DNS records, and create all startup employees with the alias domain as their primary email addresses.
- B. Create a secondary domain, mystartup.com, within your current Google Workspace domain, set up necessary DNS records, and create all startup employees with the secondary domain as their primary email addresses.
- C. Create a new Google Workspace domain with "mystartup.com," and create a trust between both domains for reusing the same security policies and sharing employee information within the companies.
- D. Create the startup employees in the "mycompany.com' domain, and add a number at the end of the user name whenever there is a conflict. In Gmail > Routing, define a specific route for the OU that targets the startup employees, which will modify the email address domain to
"mystartup.com," and remove any numbers previously added. In addition, confirm that the SPF and DKIM records are properly set.
正解:B
質問 # 120
After a recent transition to Google Workspace, helpdesk has received a high volume of password reset requests and cannot respond in a timely manner. Your manager has asked you to determine how to resolve these requests without relying on additional staff.
What should you do?
- A. Create a Google form to submit reset requests.
- B. Create a custom Apps Script to reset passwords.
- C. Use a third-party tool for password recovery.
- D. Enable non-admin password recovery.
正解:D
質問 # 121
Your large organization, 80,000 users, has been on Google for two years. Your CTO wants to create an integrated team experience with Google Groups, Teams Drives, and Calendar. Users will use a Google Form and Apps Script to request a new "G-Team." A "G-Team' is composed of a Google Group and a Team Drive/ Secondary Calendar that is shared using that Google Group.
What two design decisions are required to implement this workflow securely? (Choose two.)
- A. The Google Form will need to enforce Group naming conventions.
- B. The Apps Script will need to run on a timed interval to process new entries.
- C. The Google Form will need to be limited to internal users only.
- D. The Apps Script will need to run as a Google Workspace admin.
- E. You will need a Cloud SQL instance to store "G-Team' data.
正解:C、D
質問 # 122
You work for a midsize organization Your compliance and audit learn sees that users are frequently resetting their passwords You must provide accurate information and ensure that the compliance team is informed every time a user changes their password What should you do?
- A. Check the User's password changed alert in the alert center and include the compliance team in the email notifications
- B. Create a new alert by using user log events and check that event Login type is Google password and include the compliance team in the email notifications
- C. Enable user account recovery and forward any alert to the compliance team through the alert center
- D. Disable user account recovery so users must contact you before a reset
正解:A
解説:
Step by Step Comprehensive Detailed Explanation:
Access the Admin Console: Sign in to your Google Admin console.
Navigate to the Alert Center: Click on "Security" and then "Alert Center." Create New Alert: In the Alert Center, click on "Manage alerts" and then "Add alert rule." Configure Alert Rule: Select "User's password changed" as the event type.
Include Compliance Team: In the alert configuration, add the compliance team's email addresses to the notification recipients.
Save the Alert: Save the configuration to ensure the compliance team is informed every time a user changes their password.
Reference:
Google Workspace Admin Help: Alert Center
質問 # 123
Your organization is expected to start using Google Workspace Enterprise Standard in several countries. During the planning phase, the change management leadership team mandates that meeting rooms near each participant's office location should be suggested when someone creates a Google Calendar event, to simplify the user experience and avoid booking rooms when people would not be able to move easily. What should you do?
- A. Organize users for each location in separate organizational units (OUs). Add room resources to the corresponding OUs so that meeting rooms would be suggested accordingly.
- B. Share each room only with the Dynamic Group defined per each user location so that they can only book the rooms nearby.
- C. Organize users for each location in separate Google Groups. Add room resources to the corresponding groups so that meeting rooms would be suggested accordingly.
- D. Define users' work locations by setting building ID, floor name, and floor section if applicable as the buildings and rooms are defined.
正解:D
解説:
https://support.google.com/a/answer/7540850?hl=es-419
質問 # 124
Your marketing department needs an easy way for users to share items more appropriately. They want to easily link-share Drive files within the marketing department, without sharing them with your entire company. What should you do to fulfil this request? (Choose two.)
- A. Update Drive sharing for the marketing department to restrict to internal.
- B. Create a shared drive for internal marketing use.
- C. Update the link sharing default to the marketing team when creating a document.
- D. Create a shared drive that's shared internally organization-wide.
- E. In the admin panel Drive settings, create a target audience that has all of marketing as members.
正解:B、E
解説:
To enable the marketing department to easily share items within their team without exposing them to the entire company, the following steps should be taken:
Create a Shared Drive for Marketing:
In the Google Admin console, navigate to Apps > Google Workspace > Drive and Docs.
Create a new shared drive specifically for the marketing department.
Add all relevant marketing team members to this shared drive, ensuring that it is used for internal purposes only.
Set Up a Target Audience:
In the Admin console, go to Apps > Google Workspace > Drive and Docs > Sharing settings.
Create a target audience that includes all members of the marketing department.
This allows for easier link sharing within the department by setting the target audience as the default sharing option.
Steps to Configure:
Shared Drive: Ensure that the shared drive permissions are set to limit access to the marketing team.
Target Audience: Configure the target audience so that marketing team members can easily share files internally without defaulting to company-wide sharing.
By setting up a dedicated shared drive and configuring a target audience, you ensure that file sharing is streamlined and restricted to the appropriate team members.
Reference:
Set up target audiences
Create and manage shared drives
質問 # 125
......
Google Workspace Administrator認定は、毎日Google Workspaceで協力しているITプロフェッショナルに最適です。また、クラウドベースのアプリケーションとサービスの管理と管理を担当する個人にも適しています。認定は雇用主によって認識されており、専門家が自分のキャリアを前進させるのに役立ちます。
Workspace Administrator無料認定試験材料はGoShikenが提供された201問題:https://www.goshiken.com/Google/Google-Workspace-Administrator-mondaishu.html
Google-Workspace-Administrator問題集完全版問題試験学習ガイド:https://drive.google.com/open?id=1uZfrK_CA481CND26EGb80DGWM758oXz7