GOOGLE WORKSPACE ADMINISTRATOR TEST
8 UPDATED PREP MATERIALS 2026
ANSWERS SUPPLIED
◍ You have noticed an uptick in phishing attacks that use brand
spoofing to trick users into revealing sensitive information. As the
Google Workspace Administrator, you need to scrutinize incoming
emails for common attack patterns. What is the most effective method
for analyzing incoming emails for brand spoofing?
a) Use regular expressions in Gmail content compliance rules to flag
emails that mimic your brand.
b) Manually review emails in the spam folder daily.
c) Ask users to forward suspected spoofing emails to the IT
department.
d) Use Google Vault to retroactively search for brand names.. Answer:
A
Use regular expressions in Gmail content compliance rules to flag
emails that mimic your brand. -> Correct. Regular expressions in
Gmail's content compliance rules can be tailored to identify specific
patterns commonly used in brand spoofing. This proactive approach
helps in flagging suspicious emails as they come in, making it the
most effective method.
Manually review emails in the spam folder daily. -> Incorrect. This
approach is not efficient as it requires significant manual effort and is
,not scalable. Also, it relies on the assumption that all phishing emails
are caught by spam filters and placed in the spam folder, which is not
always the case.
Use Google Vault to retroactively search for brand names. ->
Incorrect. Google Vault is mainly an archiving and eDiscovery tool
and is not designed for real-time protection against phishing or brand
spoofing. While it can search through emails, it is meant for
investigations after the fact, rather than for proactive prevention.
Ask users to forward suspected spoofing emails to the IT department.
-> Incorrect. This relies on user training and awareness and is reactive
rather than proactive. While it's important for users to report phishing
attempts, this should not be the primary method of detection as it is
not reliable and does not prevent phishing emails from reaching the
users in the first place.
◍ You've been asked to assist a team in creating a process where all
shared documents within a department are automatically scanned for
sensitive data (e.g., Social Security Numbers) before being shared
externally. Which feature or tool would best assist in achieving this?
a) Google Workspace Alert Center.
b) Drive Data Loss Prevention (DLP) rules.
c) Google Workspace Migration.
d) Google Vault data search.. Answer: B
,Drive Data Loss Prevention (DLP) rules. -> Correct. DLP rules can
automatically scan and restrict sharing based on sensitive content.
Google Vault data search. -> Incorrect. Vault is mainly for archiving
and eDiscovery purposes.
Google Workspace Migration. -> Incorrect. This tool is designed for
migrating data between platforms.
Google Workspace Alert Center. -> Incorrect. Alert Center provides
notifications about potential issues but doesn't scan for sensitive data.
◍ As part of the security overhaul in your organization, you need to
ensure that only devices with encrypted drives can access Google
Workspace applications. This policy should cover a myriad of
devices, from mobile phones to Chrome OS. Which step is paramount
to enforce this policy?
a) Mandate a complex password policy across all devices.
b) Enable 2-Step Verification for all users.
c) Manually encrypt each devices hard drive.
d) Set up an organizational-wide policy to enforce disk encryption
before granting Google Workspace access.. Answer: D
Set up an organizational-wide policy to enforce disk encryption
before granting Google Workspace access. -> Correct. It directly
, addresses the requirement, ensuring that only encrypted devices
access Google Workspace.
Enable 2-Step Verification for all users. -> Incorrect. While enhancing
security, doesn't deal with device encryption.
Mandate a complex password policy across all devices. -> Incorrect.
It ensures strong passwords but not encryption.
Manually encrypt each devices hard drive. -> Incorrect. It is
impractical for a large organization.
◍ Your organization has specialized project rooms and high-value
equipment that need to be booked in advance. Only certified
employees should be allowed to book these resources. What is the
most efficient way to manage this?
a) Implement Google Vault to keep an archive of who books each
resource and verify afterward if they were certified.
b) Use Google Groups to create a group of certified employees, then
delegate resource booking permissions to this group.
c) Use Google Workspace Admin console to add each room and piece
of equipment as a calendar resource, then restrict booking permissions
to certified employees.
d) Create a shared Google Calendar for each resource and manually
approve or decline booking requests based on employee certification
status.. Answer: C
8 UPDATED PREP MATERIALS 2026
ANSWERS SUPPLIED
◍ You have noticed an uptick in phishing attacks that use brand
spoofing to trick users into revealing sensitive information. As the
Google Workspace Administrator, you need to scrutinize incoming
emails for common attack patterns. What is the most effective method
for analyzing incoming emails for brand spoofing?
a) Use regular expressions in Gmail content compliance rules to flag
emails that mimic your brand.
b) Manually review emails in the spam folder daily.
c) Ask users to forward suspected spoofing emails to the IT
department.
d) Use Google Vault to retroactively search for brand names.. Answer:
A
Use regular expressions in Gmail content compliance rules to flag
emails that mimic your brand. -> Correct. Regular expressions in
Gmail's content compliance rules can be tailored to identify specific
patterns commonly used in brand spoofing. This proactive approach
helps in flagging suspicious emails as they come in, making it the
most effective method.
Manually review emails in the spam folder daily. -> Incorrect. This
approach is not efficient as it requires significant manual effort and is
,not scalable. Also, it relies on the assumption that all phishing emails
are caught by spam filters and placed in the spam folder, which is not
always the case.
Use Google Vault to retroactively search for brand names. ->
Incorrect. Google Vault is mainly an archiving and eDiscovery tool
and is not designed for real-time protection against phishing or brand
spoofing. While it can search through emails, it is meant for
investigations after the fact, rather than for proactive prevention.
Ask users to forward suspected spoofing emails to the IT department.
-> Incorrect. This relies on user training and awareness and is reactive
rather than proactive. While it's important for users to report phishing
attempts, this should not be the primary method of detection as it is
not reliable and does not prevent phishing emails from reaching the
users in the first place.
◍ You've been asked to assist a team in creating a process where all
shared documents within a department are automatically scanned for
sensitive data (e.g., Social Security Numbers) before being shared
externally. Which feature or tool would best assist in achieving this?
a) Google Workspace Alert Center.
b) Drive Data Loss Prevention (DLP) rules.
c) Google Workspace Migration.
d) Google Vault data search.. Answer: B
,Drive Data Loss Prevention (DLP) rules. -> Correct. DLP rules can
automatically scan and restrict sharing based on sensitive content.
Google Vault data search. -> Incorrect. Vault is mainly for archiving
and eDiscovery purposes.
Google Workspace Migration. -> Incorrect. This tool is designed for
migrating data between platforms.
Google Workspace Alert Center. -> Incorrect. Alert Center provides
notifications about potential issues but doesn't scan for sensitive data.
◍ As part of the security overhaul in your organization, you need to
ensure that only devices with encrypted drives can access Google
Workspace applications. This policy should cover a myriad of
devices, from mobile phones to Chrome OS. Which step is paramount
to enforce this policy?
a) Mandate a complex password policy across all devices.
b) Enable 2-Step Verification for all users.
c) Manually encrypt each devices hard drive.
d) Set up an organizational-wide policy to enforce disk encryption
before granting Google Workspace access.. Answer: D
Set up an organizational-wide policy to enforce disk encryption
before granting Google Workspace access. -> Correct. It directly
, addresses the requirement, ensuring that only encrypted devices
access Google Workspace.
Enable 2-Step Verification for all users. -> Incorrect. While enhancing
security, doesn't deal with device encryption.
Mandate a complex password policy across all devices. -> Incorrect.
It ensures strong passwords but not encryption.
Manually encrypt each devices hard drive. -> Incorrect. It is
impractical for a large organization.
◍ Your organization has specialized project rooms and high-value
equipment that need to be booked in advance. Only certified
employees should be allowed to book these resources. What is the
most efficient way to manage this?
a) Implement Google Vault to keep an archive of who books each
resource and verify afterward if they were certified.
b) Use Google Groups to create a group of certified employees, then
delegate resource booking permissions to this group.
c) Use Google Workspace Admin console to add each room and piece
of equipment as a calendar resource, then restrict booking permissions
to certified employees.
d) Create a shared Google Calendar for each resource and manually
approve or decline booking requests based on employee certification
status.. Answer: C
