Google Professional Google Workspace Administrator Exam 1
As the Google Workspace Administrator, you need to ensure that a group of users can collaborate on specific files and folders in Google Drive without granting them access to everything. What should you do? A. Share individual files and folders with each user in the group B. Create a new shared drive and add the users to it C. Use a third-party file sharing service to manage access D. Create a new Team Drive and add the users to it
Create a new shared drive and add the users to it. Explanation: Creating a new shared drive and adding the users to it is the most appropriate solution for ensuring collaboration on specific files and folders in Google Drive without granting access to everything. Here's why: A. Sharing individual files and folders with each user in the group: This approach can become cumbersome and time-consuming, especially if there are numerous files and folders to be shared. It also makes it difficult to manage and control access rights for the group as a whole.
As a Google Workspace administrator, you need to assess and manage user access to Google Drive. Before implementing any changes, you want to review the current access levels of all users. What should you do? A. Open Admin Console > Apps > Google Workspace > Drive and Docs > Sharing settings. B. Open Admin Console > Apps > Google Workspace > Drive and Docs > User settings. C. Open Admin Console > Security > API Controls > App Access Control > Manage Third Party App Access. D. Open Admin Console > Security > API Controls > App Access Control > Settings.
Open Admin Console > Apps > Google Workspace > Drive and Docs > User settings. To review the current access levels of all users in Google Drive, you should follow these steps: B. Open Admin Console > Apps > Google Workspace > Drive and Docs > User settings: This will take you to the user settings specifically for Google Drive and Docs. From there, you can review and manage the access levels of all users in Google Drive. You can see the different access levels, such as full access, edit access, view access, or no access, assigned to each user.
Your organization's information security team has asked you to determine and remediate if a user ([email protected]) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately? A. Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is [email protected] B. Have the super administrator use the Security API to audit Drive access. C. As a super administrator, change the access on externally shared Drive files manually under [email protected] D. Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for [email protected]
The best approach to audit access to documents shared inappropriately by the user [email protected] would be: A. Open Security Investigation Tool -> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is [email protected] Explanation: This approach involves using the Security Investigation Tool within the organization's security controls. The steps are as follows: Open the Security Investigation Tool: Access the Security Investigation Tool, which provides visibility into various security-related events and logs. Navigate to Drive Log Events: Look for the section or option specifically related to Drive log events. This will provide detailed information about file activities, including sharing events. Add conditions: Within the Drive Log Events, set up two conditions to filter the results: Visibility Is External: This condition filters for files that have been shared externally, outside the organization. Actor Is [email protected]: Specify the user [email protected] as the actor to filter for activities performed by that user. By adding these conditions, you will obtain a log of Drive events that match the specified criteria. This will help identify any documents shared externally by the user in question.
Your organization experienced a data breach, and it was discovered that sensitive information was leaked from a specific user account. What additional steps should you take to enhance the organization's security A. Enable multi-factor authentication (MFA) for all user accounts. B. Conduct a comprehensive security audit to identify any vulnerabilities. C. Reset passwords for all user accounts and enforce a password reset policy. D. Implement data loss prevention (DLP) measures to monitor and prevent unauthorized data exfiltration.
The correct additional steps to enhance the organization's security after a data breach are: A. Enable multi-factor authentication (MFA) for all user accounts. By enabling MFA, you add an extra layer of security to user accounts, making it significantly harder for unauthorized individuals to gain access, even if they have the user's password. B. Conduct a comprehensive security audit to identify any vulnerabilities. A security audit helps identify any weaknesses or vulnerabilities in the organization's systems, processes, or policies. It allows you to address those vulnerabilities and strengthen security measures. C. Reset passwords for all user accounts and enforce a password reset policy. Resetting passwords for all user accounts helps ensure that compromised credentials from the data breach no longer pose a risk. Additionally, enforcing a password reset policy that encourages users to regularly update their passwords enhances security. D. Implement data loss prevention (DLP) measures to monitor and prevent unauthorized data exfiltration. DLP measures help detect and prevent the unauthorized transmission or storage of sensitive data. By implementing DLP measures, you can better protect sensitive information from being leaked or exfiltrated. Therefore, the correct options are A, B, C, and D.
Users in your organization are experiencing delays in receiving email messages from external senders. What steps should the admin take to troubleshoot and resolve this issue? A. Check the Message Center in the Admin Console for any reported delays or issues. B. Review the email routing configuration in the Admin Console and ensure proper delivery settings. C. Monitor the email logs in the Admin Console to identify any bottlenecks or delivery failures. D. Contact the Google Workspace Support team to report the issue and seek assistance.
The correct answer is A, B, and C. The steps the admin should take to troubleshoot and resolve the issue of delayed email messages from external senders are as follows: A. Check the Message Center in the Admin Console for any reported delays or issues. The Message Center provides important notifications and alerts regarding any known delays or issues with the Google Workspace services. By checking the Message Center, the admin can determine if there are any reported delays that may be affecting the delivery of email messages. B. Review the email routing configuration in the Admin Console and ensure proper delivery settings. The admin should review the email routing settings to ensure that the configuration is correct and aligns with the organization's requirements. This includes checking the DNS settings, MX records, and any email routing rules or filters that may impact the delivery of email messages. C. Monitor the email logs in the Admin Console to identify any bottlenecks or delivery failures. The admin should regularly monitor the email logs in the Admin Console to track the flow of email messages and identify any potential issues or failures. The logs can provide insights into the delivery status, timestamps, and any errors or delays encountered during the delivery process. Option D, contacting the Google Workspace Support team, is also a valid step if the admin has exhausted their troubleshooting efforts or if the issue persists despite implementing the suggested steps. The Google Workspace Support team can provide further assistance and guidance in resolving the issue. Therefore, the correct options are A, B, and C.
Which of the following is the correct way to set up a Google Workspace domain alias? A. Add the alias as a secondary domain in the Admin console B. Create a new user with the alias as their primary email address C. Add the alias as a nickname for an existing user D. Create a new Google Workspace account with the alias as the primary domain
The correct answer is A. Add the alias as a secondary domain in the Admin console. A domain alias in Google Workspace allows users to receive emails sent to an alternate domain or domain name variation. It provides flexibility in email addresses and ensures that all emails sent to the alias are delivered to the corresponding user's primary email address.
Security and Compliance has identified that data is being leaked through a third-party application connected to G SuiteÑŽ You want to investigate using an audit log.What log should you use? A. Admin audit log B. SAML audit log C. Drive usage audit log D. OAuth Token audit log
The correct answer is A. Admin audit log. To investigate data leakage through a third-party application connected to G Suite, you should use the Admin audit log. The Admin audit log provides a comprehensive record of activities and events performed by administrators and users with administrative privileges in the G Suite environment.
Your company has an OU that contains your sales team and an OU that contains your market research team. The sales team is often a target of mass email from legitimate senders, which is distracting to their job duties. The market research team also receives that email content, but they want it because it often contains interesting market analysis or competitive intelligence. Constant Contact is often used as the source of these messages. Your company also uses ConstantContact for your own mass email marketing. You need to set email controls at the Sales OU without affecting your own outgoing email or the market research OU.What should you do? A. Create a blocked senders list as the Sales OU that contains the mass email sender addresses, but bypass this setting for Constant Contact emails. B. Create a blocked senders list at the root level, and then an approved senders list at the Market Research OU, both containing th
The correct answer is A. Create a blocked senders list at the Sales OU that contains the mass email sender addresses, but bypass this setting for Constant Contact emails. Explanation: By creating a blocked senders list at the Sales OU that contains the mass email sender addresses, you can prevent the sales team from receiving distracting mass emails.
Your organization is concerned with the increasing threat of phishing attacks that may impact users. Leadership has declined to force-enable 2-Step verification.You need to apply a security measure to prevent unauthorized access to user accounts.What should you do? A. Enable Enforce Strong Password policy. B. Enable Employee ID Login Challenge. C. Decrease the Maximum User Session Length. D. Revoke token authorizations to external applications.
The correct answer is A. Enable Enforce Strong Password policy. Enforcing a strong password policy is an effective security measure to prevent unauthorized access to user accounts, especially in the absence of 2-Step verification. By implementing this measure, you can require users to create passwords that are more complex and harder to guess, thereby increasing the security of their accounts.
Your organization wants to have a record of all email messages sent and received by users within Google Workspace. What should you do to gain more visibility into these email activities? A. From Google Admin Panel, go to Reports, and select Gmail Audit Log. B. From Google Admin Panel, go to Reports, and select User Activity. C. From Google Admin Panel, go to Audit, and select Admin Audit Log. D. From Google Admin Panel, go to Audit, and select Rules Audit Log.
The correct answer is A. From Google Admin Panel, go to Reports, and select Gmail Audit Log. To gain more visibility into email activities, including the record of all email messages sent and received by users within Google Workspace, you should follow these steps: A. From Google Admin Panel, go to Reports, and select Gmail Audit Log: This will allow you to access the Gmail Audit Log, which provides detailed information about email activities within Google Workspace.
As a Google Workspace administrator for your organization, you are tasked with controlling which third-party apps can access Google Workspace data. Before implementing controls, as a first step in this process, you want to review all the third-party apps that have been authorized to access Workspace data. What should you do? A. Open Admin Console > Security > API Controls > App Access Control > Manage Third Party App Access. B. Open Admin Console > Security > API Controls > App Access Control > Manage Google Services. C. Open Admin Console > Security > Less Secure Apps. D. Open Admin Console > Security > API Controls > App Access Control > Settings.
The correct answer is A. Open Admin Console > Security > API Controls > App Access Control > Manage Third Party App Access. Explanation: To review all the third-party apps that have been authorized to access Google Workspace data, you should follow these steps: Open the Admin Console. Navigate to the Security section. Select API Controls. Choose App Access Control. Click on Manage Third Party App Access.
Which of the following is the correct way to configure Google Workspace user recovery options? A. Recovery options can be configured in the Admin console for individual users B. Recovery options can be configured in the Admin console for specific organizational units C. Recovery options can be configured in the Admin console for specific apps D. Recovery options cannot be configured in Google Workspace
The correct answer is A. Recovery options can be configured in the Admin console for individual users. In Google Workspace, administrators have the ability to configure user recovery options through the Admin console. This allows them to set up various methods for users to recover their accounts in case they forget their passwords or are locked out.
Your organization needs to allow external contractors to collaborate on specific Google Docs files without granting them access to other files in your domain. What should you do? A. Share individual Google Docs files with each contractor B. Create a new shared drive and add the Google Docs files to it C. Use a third-party collaboration tool to manage access D. Use the Admin console to set up folder-level sharing for the Google Docs files
The correct answer is A. Share individual Google Docs files with each contractor. By sharing individual Google Docs files with each contractor, you can provide them with access to specific files without granting them access to other files in your domain. This allows you to maintain control over the access permissions for each contractor and ensure that they only have access to the files they need. Creating a new shared drive (option B) would provide access to all the files within that shared drive, which is not ideal if you want to restrict access to specific files. Using a third-party collaboration tool (option C) can be an alternative, but it may involve additional costs and integration efforts. If you already have Google Docs as your primary collaboration tool, it's generally more efficient to utilize its built-in sharing capabilities.
You are the Google Workspace Administrator and you need to enable automatic mobile device management (MDM) enrollment for new mobile devices. Which of the following steps should you take? A. Use the Admin console to configure automatic enrollment for all devices B. Require users to manually enroll their devices in MDM C. Allow users to choose whether to enroll their devices in MDM D. Use a third-party MDM solution to manage device enrollment
The correct answer is A. Use the Admin console to configure automatic enrollment for all devices. Explanation: To enable automatic mobile device management (MDM) enrollment for new mobile devices in Google Workspace, you should use the Admin console to configure automatic enrollment for all devices. This allows you to streamline the process and ensure that all new devices are automatically enrolled in MDM without requiring manual intervention from users. Enabling automatic enrollment through the Admin console provides a centralized and efficient way to manage device security and settings across your organization. It allows you to enforce policies, remotely manage devices, and protect corporate data on mobile devices.
Which of the following is a valid way to configure Google Workspace resource calendars? A. Use the Admin console to configure resource calendars for specific organizational units B. Use the Admin console to configure resource calendars for specific users C. Use the Admin console to configure resource calendars for specific apps D. Use the Admin console to configure resource calendars for the entire domain
The correct answer is A. Use the Admin console to configure resource calendars for specific organizational units. Explanation: Resource calendars in Google Workspace are used to manage and schedule shared resources, such as meeting rooms, equipment, or other assets. Administrators can configure resource calendars to control access, permissions, and availability. Option A is correct because administrators can use the Admin console to configure resource calendars for specific organizational units. This allows them to define and manage resource calendars for specific groups or departments within the organization. They can set up and customize resource calendars based on the needs and requirements of each organizational unit.
The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time. YourCOO has found this useful in the past but when they went to find an email from last year to prove details of a contract in dispute, they were unable to find it. It is no longer in the Trash. They have requested that you recover it.What should you do? A. Using Vault, perform a search for the email and export the content to a standard format to provide for investigation. B. Using the Gmail Audit log, perform a search for the email, export the results, then import with G Suite Migration for Microsoft Outlook. C. Using the Message ID, contact Google G Suite support to recover the email, then import with G Suite Migration for Microsoft Outlook. D. Using the Vault Audit log, perform a search for the email, export the results. then import with G Suite Migration for Mic
The correct answer is A. Using Vault, perform a search for the email and export the content to a standard format to provide for investigation. Explanation: To recover the email that the COO is unable to find, the best course of action is to use Vault, a Google Workspace tool specifically designed for email and data retention, search, and export. Option B, using the Gmail Audit log to perform a search and then exporting the results for import with G Suite Migration for Microsoft Outlook, is not the recommended solution in this case. The Gmail Audit log is primarily used for tracking and auditing activities related to user accounts, rather than email recovery.
Which of the following statements is true about Google Workspace Vault? A. Vault can be used to search for data across all Google Workspace apps B. Vault can be used to backup data from Google Workspace apps to a third-party service C. Vault can be used to manage access to Google Workspace apps for users D. Vault can be used to monitor user activity in Google Workspace apps in real-time
The correct answer is A. Vault can be used to search for data across all Google Workspace apps. Explanation: Google Workspace Vault is an add-on service that provides eDiscovery and archiving capabilities for Google Workspace. It is designed to help organizations manage and preserve their data for compliance, legal, and regulatory purposes. Option A is the correct statement. Google Workspace Vault allows users to search for data across various Google Workspace apps, including Gmail, Google Drive, Google Meet, and Google Chat. This enables organizations to find and retrieve specific information and files within their Google Workspace environment.
A user is reporting that after they sign in to Gmail, their labels are not loading and buttons are not responsive. What action should you take to troubleshoot this issue with the user? A. Collect full message headers for examination. B. Check whether the issue occurs when the user authenticates on a different device or a new incognito window. C. Check whether a ping test to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful. D. Check whether traceroute to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.
The correct answer is B. Check whether the issue occurs when the user authenticates on a different device or a new incognito window. Explanation: When troubleshooting the reported issue of labels not loading and buttons being unresponsive after the user signs in to Gmail, the most appropriate action is to check whether the issue occurs when the user authenticates on a different device or a new incognito window.
Which of the following is the correct way to configure Google Workspace OAuth 2.0 client IDs? A. Client IDs can be created in the Admin console and assigned to specific organizational units B. Client IDs can be created in the Google Cloud Console and assigned to specific organizational units C. Client IDs can only be created by Google support D. Client IDs are automatically created for all Google Workspace users
The correct answer is B. Client IDs can be created in the Google Cloud Console and assigned to specific organizational units. OAuth 2.0 client IDs are used to authenticate and authorize applications that interact with Google Workspace services. When configuring OAuth 2.0 client IDs for Google Workspace, the process typically involves creating the client IDs in the Google Cloud Console. The Google Cloud Console is the platform where developers can manage their applications and services within the Google Cloud environment. It provides the necessary tools and settings to create and configure OAuth 2.0 client IDs. Assigning client IDs to specific organizational units (OUs) allows you to control which units within your Google Workspace domain have access to specific applications or services.
Your organization has an IT operations team responsible for managing and troubleshooting network infrastructure. They require access to specific network-related tools and features in the Google Admin Console. What should you do to grant the IT operations team appropriate access? A. Assign the Super Admin Role to each IT operations team member. B. Create a Custom Admin Role with the necessary network management and troubleshooting privileges, and then assign the role to each IT operations team member. C. Assign the pre-built network admin role to each IT operations team member. D. Create a Custom Admin Role with the email settings privilege, and then assign the role to each IT operations team member.
The correct answer is B. Create a Custom Admin Role with the necessary network management and troubleshooting privileges, and then assign the role to each IT operations team member. To grant the IT operations team appropriate access to specific network-related tools and features in the Google Admin Console, you should: B. Create a Custom Admin Role with the necessary network management and troubleshooting privileges
After making a recent migration to G Suite, you updated your Google Cloud Directory Sync configuration to synchronize the global address list. Users are now seeing duplicate contacts in their global directory in G Suite. You need to resolve this issue.What should you do? A. Train users to use G Suite's merge contacts feature. B. Enable directory contact deduplication in the G Suite Admin panel. C. Update shared contact search rules to exclude internal users. D. Create a new global directory, and delete the original.
The correct answer is B. Enable directory contact deduplication in the G Suite Admin panel. Explanation: Enabling directory contact deduplication in the G Suite Admin panel is the most appropriate solution to resolve the issue of duplicate contacts in the global directory. This feature automatically identifies and merges duplicate contacts within the directory, ensuring a cleaner and more organized global address list. Here's why the other options are not the correct choices: A. Training users to use G Suite's merge contacts feature may help in resolving duplicates on an individual user's level, but it is not a scalable solution. It requires each user to manually merge contacts, which can be time-consuming and inefficient.
Your organization recently had a sophisticated malware attack that was propagated through embedded macros in email attachments. As a Workspace administrator, you want to provide an additional layer of anti-malware protection over the conventional malware protection that is built into Gmail. What should you do to protect your users from future unknown malware in email attachments? A. Run queries in Security Investigation Tool. B. Turn on advanced phishing and malware protection. C. Enable Security Sandbox. D. Enable Gmail confidential mode.
The correct answer is B. Turn on advanced phishing and malware protection. Explanation: Enabling advanced phishing and malware protection in Gmail provides an additional layer of security against unknown malware in email attachments. This feature uses advanced machine learning algorithms and threat intelligence to identify and block suspicious attachments that may contain malware or phishing attempts. It helps protect users from opening or downloading malicious files, reducing the risk of malware infections.
Your organization deployed G Suite Enterprise within the last year, with the support of a partner. The deployment was conducted in three stages: Core IT, GoogleGuides, and full organization. You have been tasked with developing a targeted ongoing adoption plan for your G Suite organization.What should you do? A. Use Google Guides to deliver ad-hoc training to all of their co-workers and reports. B. Use Work Insights to gather adoption metrics and target your training exercises. C. Use Reports APIs to gather adoption metrics and Gmail APIs to deliver training content directly. D. Use a script to monitor Email attachment types and target users that aren't using Drive sharing.
The correct answer is B. Use Work Insights to gather adoption metrics and target your training exercises. Explanation: Option B is the most appropriate choice for developing a targeted ongoing adoption plan for G Suite. Work Insights is a tool provided by G Suite that offers valuable insights into how your organization is adopting and utilizing G Suite services. It provides metrics and analytics on user adoption, collaboration patterns, and usage trends.
As a Google Workspace administrator, you need to ensure that only trusted third-party apps can access user data in your organization. What should you do? A. Use Google Cloud Console to review and manage third-party app access. B. Use the Admin Console to review and manage third-party app access. C. Set up 2-step verification for all users in the organization. D. Use the Security Dashboard in the Admin Console to review and manage third-party app access.
The correct answer is B. Use the Admin Console to review and manage third-party app access. Explanation: As a Google Workspace administrator, you can use the Admin Console to review and manage third-party app access. The Admin Console provides a central location where you can control various aspects of your organization's Google Workspace settings, including managing third-party app access. By accessing the Admin Console, you can review the permissions granted to third-party apps and decide which apps are trusted and allowed to access user data within your organization.
Which of the following is NOT a valid use case for Google Groups? A. Creating discussion forums B. Managing access to Google Drive files C. Assigning tasks and to-dos D. Managing access to Google Sites
The correct answer is C. Assigning tasks and to-dos. Google Groups is a platform that allows users to create and participate in online discussions and forums, manage access to Google Drive files, and manage access to Google Sites. However, it does not have built-in features specifically designed for assigning tasks and to-dos. For task management, Google offers other tools such as Google Tasks and Google Keep.
Your company moved to G Suite last month and wants to install Hangouts Meet Hardware in all of their conference rooms. This will allow employees to walk into a room and use the in-room hardware to easily join their scheduled meeting. A distributed training session is coming up, and the facilitator wants to make remote room joining even easier. Participants in remote rooms should walk into their room and begin receiving the training without having to take any actions to join the session.How should you accomplish this? A. In the Admin Console, select the devices in Meeting Room Hardware, select Call, and Enter the meeting code. B. Room participants will need to start the meeting from the remote in the room. C. By adding the rooms to the Calendar invite, they will all auto-join at the scheduled time. D. Select Add Live Stream to the Calendar invite; all rooms added to the event will auto-join at the scheduled time.
The correct answer is C. By adding the rooms to the Calendar invite, they will all auto-join at the scheduled time. By adding the rooms to the Calendar invite, you can ensure that participants in remote rooms can walk into their respective rooms and begin receiving the training without having to take any actions to join the session.
The Director of your Finance department has asked to be alerted if two financial auditors share any files outside the domain. You need to set an Admin Alert onDrive Sharing.What should you do? A. Create a Google Group that has the two auditors as members, and then create a Drive DLP Rule that is assigned to that Group. B. Create a Content Compliance rule that looks for outbound share notifications from those two users, and Bcc the Director on those emails. C. Create two Drive Audit Alerts, one for each user, where the Visibility is "Shared Externally," and email them to the Director. D. Check the Admin Console Dashboard Insights page periodically for external shares, and notify the Director of any changes.
The correct answer is C. Create two Drive Audit Alerts, one for each user, where the Visibility is "Shared Externally," and email them to the Director. Explanation: To set an admin alert on Drive sharing and notify the Director of the Finance department if two financial auditors share any files outside the domain, the following steps should be taken: C. Create two Drive Audit Alerts, one for each user, where the Visibility is "Shared Externally," and email them to the Director. Explanation: This option correctly addresses the requirement by creating separate Drive Audit Alerts for each user. The alerts are configured to trigger when files are shared externally, which aligns with the requirement of monitoring for sharing outside the domain.
Which of the following is the correct way to configure Google Workspace access transparency logs? A. Access transparency logs are enabled by default and cannot be configured B. Access transparency logs can be enabled in the Admin console for specific apps C. Access transparency logs can be enabled in the Admin console for specific organizational units D. Access transparency logs can be enabled in the Admin console for the entire domain
The correct answer is D. Access transparency logs can be enabled in the Admin console for the entire domain. Access transparency logs in Google Workspace provide detailed visibility into actions taken by Google staff or systems when they access your organization's data. These logs can help you monitor and audit data access activities for security and compliance purposes.
Your organization needs to comply with specific regulatory requirements and is required to have comprehensive logging and auditing capabilities. Which option in the Admin Console allows you to view and export logs related to user activity, system events, and administrator actions? A. Access Transparency Logs B. Login Audit Log C. Drive Audit D. Admin Audit Log
The correct answer is D. Admin Audit Log. The Admin Audit Log option in the Admin Console allows you to view and export logs related to user activity, system events, and administrator actions. This log provides detailed information about administrative actions taken within your organization's Google Workspace environment, such as changes made to user accounts, groups, organizational units, and security settings.
Your CISO is concerned about third party applications becoming compromised and exposing G Suite data you have made available to them. How could you provide granular insight into what data third party applications are accessing?What should you do? A. Create a report using the OAuth Token Audit Activity logs. B. Create a report using the Calendar Audit Activity logs. C. Create a report using the Drive Audit Activity logs. D. Create a reporting using the API Permissions logs for Installed Apps.
The correct answer is D. Create a report using the API Permissions logs for Installed Apps. To provide granular insight into what data third-party applications are accessing in G Suite, you should create a report using the API Permissions logs for Installed Apps. When third-party applications request access to G Suite data, they must go through an authorization process using OAuth tokens. The API Permissions logs for Installed Apps provide detailed information about the permissions granted to third-party applications and the data they can access. By analyzing the API Permissions logs, you can track which third-party applications have access to specific G Suite data and understand the extent of their permissions.
As the Google Workspace Administrator, you have implemented Google Drive data loss prevention (DLP) policies to protect sensitive information within your organization. However, there are certain shared drives that contain sensitive data and should not be subject to DLP scans and enforcement. How can you prevent DLP policies from being applied to these specific shared drives? A. In the Google Workspace Admin Console, create a custom organizational unit for the shared drives and exclude it from DLP policies. B. Use the Drive API to retrieve the shared drives and disable DLP scanning for each drive after the policies are applied. C. Ensure that the shared drives' names match a specific naming convention to exclude them from DLP policies. D. In the DLP policy settings of the Google Workspace Admin Console, specify the shared drive IDs to be exempted from scanning and enforcement.
The correct answer is D. In the DLP policy settings of the Google Workspace Admin Console, specify the shared drive IDs to be exempted from scanning and enforcement. To prevent DLP policies from being applied to specific shared drives that contain sensitive data, you can specify the shared drive IDs to be exempted from scanning and enforcement in the DLP policy settings of the Google Workspace Admin Console.
As the Google Workspace Administrator, you are setting up Google Calendar synchronization with an external calendar service using the Google Calendar API. However, you want to ensure that certain calendars created by users on the Google Workspace side are not deleted during the synchronization process. What should you do to prevent these calendars from being deleted? A. In the Google Workspace Admin Console, enable the "Do not delete calendars not found in the external service" option. B. Use the Calendar API to retrieve and update the calendar properties after the synchronization is completed. C. Verify that the calendar owners' email addresses in the external service match the user email addresses in Google Workspace. D. In the synchronization settings of the Google Calendar API, configure a filter to exclude specific calendars from deletion.
The correct answer is D. In the synchronization settings of the Google Calendar API, configure a filter to exclude specific calendars from deletion. To prevent certain calendars from being deleted during the synchronization process with an external calendar service using the Google Calendar API, you should configure a filter in the synchronization settings to exclude those specific calendars from deletion. This way, the API will ignore those calendars and not delete them during the synchronization process.
The company's ten most senior executives are to have their offices outfitted with dedicated, standardized video conference cameras, microphones, and screens.The goal is to reduce the amount of technical support they require due to frequent, habitual switching between various mobile and PC devices throughout their busy days. You must ensure that it is easier for the executives to join Meet video conferences with the dedicated equipment instead of whatever device they happen to have available.What should you do? A. Set up unmanaged Chromeboxes and set the executives' homepage to meet.google.com via Chrome settings. B. Set up the executive offices as reservable Calendar Resources, deploy Hangouts Meet Hardware Kits, and associate the Meet hardware with the room calendars. C. Deploy Hangouts Meet Hardware Kits to each executive office, and associate the Meet hardware with the executives' calendars. D. Provision managed C
The correct answer is option C: Deploy Hangouts Meet Hardware Kits to each executive office, and associate the Meet hardware with the executives' calendars. Option C is the best choice because it provides dedicated video conference equipment for each executive's office and integrates it with their calendars. This ensures a streamlined and consistent experience for the executives when joining Meet video conferences. By deploying Hangouts Meet Hardware Kits to each office, the executives will have dedicated video conference cameras, microphones, and screens. These kits are specifically designed for high-quality video conferencing and provide a reliable and user-friendly experience. Associating the Meet hardware with the executives' calendars allows for seamless integration. This means that when the executives have a scheduled video conference, they can simply join the meeting using the dedicated equipment in their office, without having to rely on various mobile or PC devices.
Your Chief Information Security Officer is concerned about phishing. You implemented 2 Factor Authentication and forced hardware keys as a best practice to prevent such attacks. The CISO is curious as to how many such email phishing attempts you've avoided since putting the 2FA+Hardware Keys in place last month.Where do you find the information your CISO is interested in seeing? A. Security > Advanced Security Settings > Phishing Attempts B. Apps > G Suite > Gmail > Phishing Attempts C. Security > Dashboard > Spam Filter: Phishing D. Reporting > Reports > Phishing
The correct answer is option D. Reporting > Reports > Phishing. To find the information about phishing attempts and their prevention since implementing 2FA+Hardware Keys, you would navigate to the reporting section of your system. In this case, you would go to "Reporting," then select "Reports," and finally look for the specific report related to phishing attempts.
Your company has just received a shipment of ten Chromebooks to be deployed across the company, four of which will be used by remote employees. In order to prepare them for use, you need to register them in G Suite.What should you do? A. Turn on the Chromebook and press Ctrl+Alt+E at the login screen to begin enterprise enrollment. B. In Chrome Management | Device Settings, enable Forced Re-enrollment for all devices. C. Turn on the chromebook and log in as a Chrome Device admin. Press Ctrl+Alt+E to begin enterprise enrollment. D. Instruct the employees to log in to the Chromebook. Upon login, the auto enrollment process will begin.
The correct answer is: A. Turn on the Chromebook and press Ctrl+Alt+E at the login screen to begin enterprise enrollment. Explanation: To register the Chromebooks in G Suite, you need to perform enterprise enrollment. The enterprise enrollment process allows you to manage the Chromebooks centrally and apply policies and settings across them.
Your company is implementing a new HR system, and you need to ensure that employee data is kept secure and confidential. What should you do? A. Grant all employees access to the HR system. B. Assign HR staff with the appropriate permissions to manage employee data. C. Allow employees to access their own data in the HR system. D. Create a public directory of employee data accessible by all employees.
The correct answer is: B. Assign HR staff with the appropriate permissions to manage employee data. Explanation: To ensure that employee data is kept secure and confidential, it is important to implement proper access controls and limit access to authorized personnel. By assigning HR staff with the appropriate permissions, you can ensure that only authorized individuals have access to employee data in the HR system.
Your company is implementing a new customer relationship management (CRM) system, and you need to ensure that customer data is kept secure and confidential. What should you do? A. Allow all employees access to the CRM system. B. Create a separate user account for each employee to access the CRM system. C. Assign permissions to specific customer data on a per-employee basis. D. Provide all customers with access to their own data in the CRM system.
The correct answer is: B. Create a separate user account for each employee to access the CRM system. Explanation: To ensure that customer data is kept secure and confidential, it is important to implement proper access controls. Creating a separate user account for each employee to access the CRM system is a fundamental step in achieving this goal. With individual user accounts, each employee will have a unique set of credentials to access the CRM system, allowing for accountability and traceability of actions.
How can you monitor increases in user reported Spam as identified by Google? A. Review post-delivery activity in the Email logs. B. Review user-reported spam in the Investigation Tool. C. Review spike in user-reported spam in the Alert center. D. Review post-delivery activity in the BigQuery Export.
The correct answer is: C. Review spike in user-reported spam in the Alert center. Explanation: To monitor increases in user-reported spam as identified by Google, you should review the spike in user-reported spam in the Alert center. The Alert center is a centralized location in the Google Workspace Admin console where you can view and investigate security and compliance alerts. It provides information about various security-related events, including user-reported spam.
Your-company.com finance departments want to create an internal application that needs to read data from spreadsheets. As the collaboration engineer, you suggest using App Maker. The Finance team is concerned about data security when creating applications with App Maker.What security measures should you implement to secure data? A. Use Roles, Script, and Owner access permissions for operations on records and data relations. B. Enable App Maker access only for the Finance department Organization Unit. C. Use a service account with limited permissions to access each data source. D. Change owner access permissions to allow internal usage only.
The correct answer is: C. Use a service account with limited permissions to access each data source. Explanation: To secure data when creating applications with App Maker, using a service account with limited permissions to access each data source is a recommended security measure. By using a service account, you can ensure that the application only has access to the specific data it needs, reducing the risk of unauthorized access or data breaches.
Your organization needs to ensure that only approved apps can access corporate data on mobile devices. What should you do to achieve this? A. Enable Basic Mobile Management in the admin console. B. Set up an app configuration policy in the admin console. C. Configure app permissions for each app in the admin console. D. Use an MDM solution to enforce app blacklisting and whitelisting.
The correct answer is: D. Use an MDM solution to enforce app blacklisting and whitelisting. Explanation: To ensure that only approved apps can access corporate data on mobile devices, using an MDM (Mobile Device Management) solution is the most effective approach. An MDM solution provides the capability to enforce app blacklisting and whitelisting policies on managed devices.
A former employee is suspected of sharing confidential information via Gmail. How can you search for and export all of their Gmail messages? A. Use Security Investigation Tool to search Gmail events for all of the user's messages, and use Google Admin > Reports > Email Log Search to export them. B. Ask the former employee to provide you with a list of all the messages they sent and received, and export them manually. C. Use the Gmail API to search for and export all of the user's messages. D. Utilize Google Vault to hold, search, and export the former employee's Gmail messages.
The correct answer is: D. Utilize Google Vault to hold, search, and export the former employee's Gmail messages. Explanation: To search for and export all of a former employee's Gmail messages, you can utilize Google Vault. Google Vault is a service provided by Google that allows organizations to hold, search, and export data for legal and compliance purposes. Google Vault provides advanced search capabilities specifically designed for Gmail messages. You can search for messages based on various criteria such as sender, recipient, date, keywords, and more.
Your large organization, 80,000 users, has been on Google for two years. Your CTO wants to create an integrated team experience with Google Groups, TeamsDrives, and Calendar. Users will use a Google Form and Apps Script to request a new "G-Team." A "G-Team' is composed of a Google Group and a Team Drive/Secondary Calendar that is shared using that Google Group.What two design decisions are required to implement this workflow securely? (Choose two.) A. The Apps Script will need to run as a G Suite admin. B. You will need a Cloud SQL instance to store "G-Team' data. C. The Google Form will need to be limited to internal users only. D. The Apps Script will need to run on a timed interval to process new entries. E. The Google Form will need to enforce Group naming conventions.
The correct answers are: A. The Apps Script will need to run as a G Suite admin. Running the Apps Script as a G Suite admin will provide the necessary permissions to create and manage Google Groups and Team Drives. It ensures that the script can perform the required administrative tasks securely. C. The Google Form will need to be limited to internal users only. Limiting the Google Form to internal users only helps ensure that only authorized users within the organization can request a new "G-Team." This restriction helps maintain the security and confidentiality of the team environment.
You recently started an engagement with an organization that is also using G Suite. The engagement will involve highly sensitive data, and the data needs to be protected from being shared with unauthorized parties both internally and externally. You need to ensure that this data is properly secured.Which configuration should you implement? A. Turn on external sharing with whitelisted domains, and add the external organization to the whitelist. B. Provision accounts within your domain for the external users, and turn off external sharing for that Org. C. Configure the Drive DLP rules to prevent the sharing of PII and PHI outside of your domain. D. Create a Team Drive for this engagement, and limit the memberships and sharing settings.
The recommended configuration to implement for proper data security is: D. Create a Team Drive for this engagement and limit the memberships and sharing settings. Explanation: To ensure the proper security and protection of highly sensitive data, creating a Team Drive and applying appropriate membership and sharing settings is the most suitable option. Here's why: Create a Team Drive: By creating a Team Drive specifically for this engagement, you can have a dedicated space to store and manage the highly sensitive data. Team Drives offer centralized storage and collaboration features, making it easier to control access and monitor activity related to the data.
The CEO of your company has indicated that messages from trusted contacts are being delivered to spam, and it is significantly affecting their work. The messages from these contacts have not always been classified as spam. Additionally, you recently configured SPF, DKIM, and DMARC for your domain. You have been tasked with troubleshooting the issue.What two actions should you take? (Choose two.) A. Obtain the message header and analyze using G Suite Toolbox. B. Review the contents of the messages in Google Vault. C. Set up a Gmail routing rule to whitelist the sender. D. Conduct an Email log search to trace the message route. E. Validate that your domain is not on the Spamhaus blacklist.
The two actions you should take to troubleshoot the issue of messages from trusted contacts being delivered to spam are: A. Obtain the message header and analyze using G Suite Toolbox: Analyzing the message header can provide valuable information about the message's path and any potential issues that may have caused it to be marked as spam. The G Suite Toolbox offers various diagnostic tools, including message header analysis, which can help identify the problem. D. Conduct an Email log search to trace the message route: Checking the email logs can provide insights into how the messages are being processed and if there are any issues or misconfigurations in the email routing. By tracing the message route, you can identify any potential problems that could be causing the messages to be marked as spam.
Your organization recently implemented multi-factor authentication (MFA) for all employees to access corporate systems. However, some employees are able to bypass MFA and access systems without additional verification. What preliminary checks should you perform to find out why MFA is not working as intended? (Choose two.) A. Confirm that the affected employees have valid login credentials. B. Check whether the MFA policy is correctly configured for the affected systems. C. Delete and recreate a new MFA policy for the affected systems. D. Confirm that the affected employees have completed MFA setup. E. Check whether the affected systems have the latest security patches installed.
The two preliminary checks that should be performed to find out why the multi-factor authentication (MFA) is not working as intended are: A. Confirm that the affected employees have valid login credentials. This check is important to ensure that the affected employees' login credentials, such as usernames and passwords, are valid and active. If the credentials are incorrect or expired, it can cause MFA to fail or be bypassed. B. Check whether the MFA policy is correctly configured for the affected systems. It is crucial to verify that the MFA policy has been correctly set up and configured for the systems that employees are accessing. This includes checking if the correct MFA methods (e.g., SMS, authenticator app, hardware token) are enabled, and if the policy is properly applied to the affected systems. Misconfigurations or oversights in the MFA policy can lead to bypassing or ineffective MFA implementation. The other options listed do not directly relate to the issue of MFA not working as intended: C. Deleting and recreating a new MFA policy for the affected systems is not necessary at this stage. It would be more appropriate to investigate the existing policy and its configuration before resorting to recreating it. D. Confirming whether the affected employees have completed MFA setup is important, but it does not directly address the issue of MFA being bypassed. If employees have not completed the MFA setup, they should not be able to access systems without additional verification. E. Checking whether the affected systems have the latest security patches installed is important for overall system security but does not directly impact the functioning of MFA. MFA is focused on verifying user identity rather than system vulnerabilities.
A user in your Workspace domain is approaching their email storage limit. What two actions can you take to alleviate their concerns? (Choose two.) A. Add another user as an owner of the user's mailbox, thus transferring the storage quota debt to them. B. Manually export and back up the user's email locally, and delete the affected messages from the mailbox to alleviate the debt. (Correct) C. Increase the user's storage quota limit in the Admin Console. (Correct) D. Perform an API query for large email messages, and delete them, thus alleviating the quota debt. E. Move the user's email to a Shared Mailbox. Shared Mailboxes transfer ownership of the mailbox item to the domain itself, which alleviates the quota debt from that user.
To alleviate a user's concerns about reaching their email storage limit in Google Workspace, you can take the following two actions: B. Manually export and back up the user's email locally, and delete the affected messages from the mailbox to alleviate the debt. Explanation: By manually exporting and backing up the user's email messages locally and then deleting those messages from the mailbox, you can free up storage space and alleviate the storage quota concerns. This action allows the user to remove unnecessary email messages and manage their storage more effectively. C. Increase the user's storage quota limit in the Admin Console. Explanation: Increasing the user's storage quota limit in the Admin Console allows the user to have more available storage space for their email. This action can be taken if the user genuinely requires more storage space and has a legitimate need for it. The other options mentioned are not valid actions for alleviating concerns related to the user's email storage limit: A. Adding another user as an owner of the user's mailbox does not transfer the storage quota debt to them. Ownership of the mailbox does not affect the user's individual storage quota.
You are the Workspace administrator for a multinational organization with users located in multiple countries. The company recently implemented a new security policy requiring that all sensitive data stored in Google Drive must be encrypted at rest. How can you ensure compliance with this policy while minimizing the impact on user productivity? A. Enable Google Drive encryption at rest globally for all users in the Admin Console. B. Create a new configuration group for users handling sensitive data and enable Google Drive encryption at rest for that group only. C. Implement a data loss prevention (DLP) policy to automatically encrypt sensitive files in Google Drive based on predefined rules. D. Notify all users about the new security policy and provide them with instructions on how to manually encrypt their sensitive files in Google Drive.
To ensure compliance with the new security policy requiring encryption at rest for sensitive data stored in Google Drive while minimizing the impact on user productivity, you can take the following steps: B. Create a new configuration group for users handling sensitive data and enable Google Drive encryption at rest for that group only. By creating a separate configuration group for users who handle sensitive data, you can apply specific security settings, such as enabling encryption at rest, only to this group. This approach allows you to target the policy to the users who need it without affecting the entire organization. It provides a more granular and focused approach to compliance while minimizing the impact on user productivity.
Your company is receiving an increasing number of phishing emails, and you want to ensure that your users are not falling victim to them. What should you do? A. Train users to report phishing emails when they receive them. B. Add all external senders to a trusted senders list. C. Enable the "Report as not spam" feature for users. D. Adjust the spam filter settings to give more weight to phishing detection.
To ensure that your users are not falling victim to phishing emails, you should: A. Train users to report phishing emails when they receive them. Explanation: Phishing emails are a common method used by attackers to trick users into revealing sensitive information or taking malicious actions. Training users to recognize and report phishing emails is an effective way to enhance their awareness and reduce the risk of falling victim to such attacks.
You are the Workspace administrator for a company that is experiencing issues with legitimate emails being marked as spam. What should you do to prevent this from happening? A. Train users to mark legitimate emails as not spam. B. Add all external senders to a trusted senders list. C. Enable the "Report as not spam" feature for users. D. Adjust the spam filter settings to reduce the false positive rate.
To prevent legitimate emails from being marked as spam in Google Workspace, as the administrator, you should: D. Adjust the spam filter settings to reduce the false positive rate. Explanation: Adjusting the spam filter settings is the most effective way to prevent legitimate emails from being marked as spam. By fine-tuning the settings, you can customize the level of sensitivity and adjust the threshold for classifying emails as spam. This helps reduce the occurrence of false positives and improves the accuracy of spam detection. In Google Workspace, you can access the spam filter settings through the Google Workspace Admin Console.
Your company has recently migrated to Google Workspace and some of your users are experiencing issues with emails from external senders being flagged as spam. What should you do to resolve this? A. Train users to mark legitimate emails as not spam. B. Add all external senders to a trusted senders list. C. Enable the "Report as not spam" feature for users. D. Adjust the spam filter settings to reduce the false positive rate.
To resolve the issue of emails from external senders being flagged as spam in Google Workspace, you should: D. Adjust the spam filter settings to reduce the false positive rate. Explanation: When emails from external senders are incorrectly flagged as spam, it indicates that the spam filter may be too aggressive and causing false positives. To address this, adjusting the spam filter settings can help reduce the false positive rate and improve the accuracy of spam detection.