GOOGLE WORKSPACE ADMINISTRATOR TEST
9 ACTUAL EXAMINATION SHEET 2026
ACCURATE ANSWERS GUARANTEED
◍ After adding the malicious senders to the 'Blocked Senders' list,
you notice that some phishing emails are still coming through but
from different domains. You suspect these domains are being
generated algorithmically (Domain Generation Algorithms). What is
the best strategy to mitigate such sophisticated attacks?
a) Completely disable incoming emails from all external domains.
b) Enable 'Advanced Phishing and Malware Protection' and configure
it to flag emails with unauthenticated senders.
c) Implement a DMARC policy with a 'reject' action for
unauthenticated emails.
d) Continue adding each new domain to the 'Blocked Senders' list as
they are discovered.. Answer: B
Enable 'Advanced Phishing and Malware Protection' and configure it
to flag emails with unauthenticated senders. -> Correct. 'Advanced
Phishing and Malware Protection' can be configured to be more
stringent on unauthenticated emails, which is useful in mitigating
more sophisticated attacks where domains are generated
algorithmically.
Continue adding each new domain to the 'Blocked Senders' list as
they are discovered. -> Incorrect. This approach is not sustainable as
,attackers using DGAs can generate domains faster than they can be
manually blocked. It would be a never-ending game of whack-a-mole
and does not address the root of the problem effectively.
Completely disable incoming emails from all external domains. ->
Incorrect. This measure is overly restrictive and impractical as it
would prevent all legitimate external communication, which is not
feasible for most organizations.
Implement a DMARC policy with a 'reject' action for unauthenticated
emails. -> Incorrect. While implementing a DMARC policy is a good
security measure, it is only effective against domain spoofing and not
against emails sent from newly generated domains that the policy
does not cover. Also, DMARC works on the principle of domain
alignment and authentication, which wouldn't necessarily stop emails
from newly generated, yet correctly aligned and authenticated
domains.
◍ Teranova Ltd. allows its field agents to use their personal Android
and iOS devices for work. To safeguard sensitive company data on
these devices, you've been assigned to implement a comprehensive
policy. This policy should enforce password protection, manage app
installations, and provide insights into device compliance. How do
you proceed?
a) Recommend agents to use dedicated devices for work-related tasks
and avoid mixing personal and professional data.
b) Ask agents to install a mobile antivirus and only download apps
from trusted sources.
,c) Establish a company-wide training session to educate agents about
mobile security.
d) Configure Google Workspace's personal device settings to mandate
password protection, control app installations, and glean insights..
Answer: D
Configure Google Workspace's personal device settings to mandate
password protection, control app installations, and glean insights. ->
Correct. It taps directly into Google Workspace's capabilities, offering
a centralized solution for personal device management.
Ask agents to install a mobile antivirus and only download apps from
trusted sources. -> Incorrect. It lacks a direct enforcement mechanism.
Establish a company-wide training session to educate agents about
mobile security. -> Incorrect. While informative, doesn't provide real-
time controls.
Recommend agents to use dedicated devices for work-related tasks
and avoid mixing personal and professional data. -> Incorrect. It isn't
enforcing policies on personal devices but rather suggesting a
workaround.
◍ Due to the popularity of Android and iOS devices among
employees, you've noticed a mix of both operating systems in the
company. For compliance reasons, it's been decided that all Android
and iOS devices accessing company data must have encrypted storage
, and biometric authentication enabled. How do you ensure this
requirement is met?
a) Use Google Workspace's advanced device management for both
Android and iOS to enforce these settings.
b) Use Google Workspace's advanced device management to enforce
these settings for Android and basic device management for iOS.
c) Purchase and distribute only company-approved Android and iOS
devices with these features pre-enabled.
d) Send a monthly reminder email asking users to enable these
features.. Answer: A
Use Google Workspace's advanced device management for both
Android and iOS to enforce these settings. -> Correct. It provides the
comprehensive solution to enforce strict device policies on both
Android and iOS devices.
Send a monthly reminder email asking users to enable these features.
-> Incorrect. It relies on user compliance and doesn't ensure
enforcement.
Use Google Workspace's advanced device management to enforce
these settings for Android and basic device management for iOS. ->
Incorrect. It misrepresents device management capabilities, as
advanced management can be applied to both device types.
9 ACTUAL EXAMINATION SHEET 2026
ACCURATE ANSWERS GUARANTEED
◍ After adding the malicious senders to the 'Blocked Senders' list,
you notice that some phishing emails are still coming through but
from different domains. You suspect these domains are being
generated algorithmically (Domain Generation Algorithms). What is
the best strategy to mitigate such sophisticated attacks?
a) Completely disable incoming emails from all external domains.
b) Enable 'Advanced Phishing and Malware Protection' and configure
it to flag emails with unauthenticated senders.
c) Implement a DMARC policy with a 'reject' action for
unauthenticated emails.
d) Continue adding each new domain to the 'Blocked Senders' list as
they are discovered.. Answer: B
Enable 'Advanced Phishing and Malware Protection' and configure it
to flag emails with unauthenticated senders. -> Correct. 'Advanced
Phishing and Malware Protection' can be configured to be more
stringent on unauthenticated emails, which is useful in mitigating
more sophisticated attacks where domains are generated
algorithmically.
Continue adding each new domain to the 'Blocked Senders' list as
they are discovered. -> Incorrect. This approach is not sustainable as
,attackers using DGAs can generate domains faster than they can be
manually blocked. It would be a never-ending game of whack-a-mole
and does not address the root of the problem effectively.
Completely disable incoming emails from all external domains. ->
Incorrect. This measure is overly restrictive and impractical as it
would prevent all legitimate external communication, which is not
feasible for most organizations.
Implement a DMARC policy with a 'reject' action for unauthenticated
emails. -> Incorrect. While implementing a DMARC policy is a good
security measure, it is only effective against domain spoofing and not
against emails sent from newly generated domains that the policy
does not cover. Also, DMARC works on the principle of domain
alignment and authentication, which wouldn't necessarily stop emails
from newly generated, yet correctly aligned and authenticated
domains.
◍ Teranova Ltd. allows its field agents to use their personal Android
and iOS devices for work. To safeguard sensitive company data on
these devices, you've been assigned to implement a comprehensive
policy. This policy should enforce password protection, manage app
installations, and provide insights into device compliance. How do
you proceed?
a) Recommend agents to use dedicated devices for work-related tasks
and avoid mixing personal and professional data.
b) Ask agents to install a mobile antivirus and only download apps
from trusted sources.
,c) Establish a company-wide training session to educate agents about
mobile security.
d) Configure Google Workspace's personal device settings to mandate
password protection, control app installations, and glean insights..
Answer: D
Configure Google Workspace's personal device settings to mandate
password protection, control app installations, and glean insights. ->
Correct. It taps directly into Google Workspace's capabilities, offering
a centralized solution for personal device management.
Ask agents to install a mobile antivirus and only download apps from
trusted sources. -> Incorrect. It lacks a direct enforcement mechanism.
Establish a company-wide training session to educate agents about
mobile security. -> Incorrect. While informative, doesn't provide real-
time controls.
Recommend agents to use dedicated devices for work-related tasks
and avoid mixing personal and professional data. -> Incorrect. It isn't
enforcing policies on personal devices but rather suggesting a
workaround.
◍ Due to the popularity of Android and iOS devices among
employees, you've noticed a mix of both operating systems in the
company. For compliance reasons, it's been decided that all Android
and iOS devices accessing company data must have encrypted storage
, and biometric authentication enabled. How do you ensure this
requirement is met?
a) Use Google Workspace's advanced device management for both
Android and iOS to enforce these settings.
b) Use Google Workspace's advanced device management to enforce
these settings for Android and basic device management for iOS.
c) Purchase and distribute only company-approved Android and iOS
devices with these features pre-enabled.
d) Send a monthly reminder email asking users to enable these
features.. Answer: A
Use Google Workspace's advanced device management for both
Android and iOS to enforce these settings. -> Correct. It provides the
comprehensive solution to enforce strict device policies on both
Android and iOS devices.
Send a monthly reminder email asking users to enable these features.
-> Incorrect. It relies on user compliance and doesn't ensure
enforcement.
Use Google Workspace's advanced device management to enforce
these settings for Android and basic device management for iOS. ->
Incorrect. It misrepresents device management capabilities, as
advanced management can be applied to both device types.
